Privacy AND COOKIES Policy
1. INTRODUCTION
The aforementioned Privacy Policy provides you with an overview of how the The Fladgate Partnership Group process your personal data and your entitlements in this regard, pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the European Council – General Data Protection Regulation (“GDPR”) and other applicable legislation on data protection and privacy. All specific personal data that will be collected and the manner in which they are to be handled depend to a large extent on the services you have previously requested and agreed upon.
This Privacy Policy is applicable to the personal data of our Website Users, Customers, Suppliers, Applicants and Staff, whenever these are individuals and not companies.
Each time you use the Website, you are subject to the application of the Privacy and Cookies Policy in force, so we suggest that you carefully read all of the Policies in order to check if you agree with their respective terms.
Periodically, we may change this Privacy and Cookies Policy. If you wish to keep up to date, visit this webpage, as all amendments will be posted herein.
For the purposes of the applicable legislation on data protection, the entity responsible for collecting and handling your personal data may be any of the companies within the TFP group.
TFP’s websites may occasionally include links, banners or other hypertext links to websites and services of other companies, which have their own privacy policies, and /or third party services installed on your device that may allow access to information contained therein. Therefore we recommend our website users to carefully read the privacy policies of such third parties before submitting any personal data to these websites. TFP does not have any control over the content of these websites and is not responsible for the content of those third parties’ privacy policies or for the collection and handling of your personal data therein.
2. GLOSSARY
General Data Protection Regulation (GDPR) – a legal instrument of the European Union aimed at harmonising European data protection laws. It came into force on the 25th May 2018 and any references thereto must be interpreted accordingly to include any legislation that changes, materialises or aims at its implementation.
Personal Data – any information regarding an individual that can directly identify such person or that can make such person identifiable, directly or indirectly, in particular by reference to an identifier.
Data Processing – covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Costumers – costumers and others to whom TFP provides services or supplies goods in the course of its business activity.
Suppliers – refers to partners, consultants, traders (including individual traders) and independent self-employed workers or any other entity that provides goods and services to TFP. In some circumstances, TFP will subcontract third party providers to deliver services to Customers on behalf of TFP, which are also covered by this definition and this Privacy Policy.
Staff – includes dependent worker as well as trainees directly involved in TFP’s business activity.
Applicants – includes applicants for all publicised job offers promoted by TFP, including permanent, part-time and temporary employments and job functions as independent self-employed workers for TPF’s Costumers; as well as people who have submitted a spontaneous resumé to TFP not related to a specific job offer. All individual contractors, self-employed and supplier collaborators or other third parties who apply for jobs within TFP are considered to be applicants for the purposes of this Privacy Policy.
TFP – whenever TFP is mentioned we mean both the entity responsible for processing the personal data of our website Users (The Fladgate Partnership – Vinhos, S.A.) but also the other entities of this Business Group, responsible for the processing of personal data of Customers, Suppliers and Applicants. In this case, the party associated with the relevant agreement to the policy may be any of the Group’s entities, as indicated below:
− The Fladgate Partnership – Vinhos, S.A.; Companies Registration No. 503 818 127; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Quinta and Vineyard Bottlers – Vinhos S.A.; Companies Registration No. 503 885 428; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Heritage Wines – Distribuição de Bebidas, Lda.; Companies Registration No. 506 312 542; Headquarters: Rua do Choupelo, n.º 250, 4400-088 Vila Nova de Gaia, Portugal
− Grossão – Comércio de Bebidas S.A.; Companies Registration No. 503 087 300; Headquarters: Av. D. João II – Quinta dos Barões, 4430-022 Vila Nova de Gaia, Portugal
− Grapes – Great Restaurant, Accommodation and Personalised Event Solutions, Lda.; Companies Registration No. 509 335 721; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Sociedade Agrícola de Nogueira, Lda.; Companies Registration No. 501 746 803; Headquarters: Quinta da Roêda, 5085-036 Pinhão, Portugal
− Três Séculos – Realizações Hoteleiras, Lda.; Companies Registration No. 502 034 378; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− The Yeatman Hotel, Lda.; Companies Registration No. 508 396 557; Rua do Choupelo, nº 345, 4400-088 Vila Nova de Gaia, Portugal
− Fladgate Partnership Land Holdings, S.A.; Companies Registration No. 500 301 905; Headquarters: Rua do Choupelo, n.º 250, 4400-088 Vila Nova de Gaia, Portugal
− HILODI – Historic Lodges & Discoveries, S.A.; Companies Registration No. 513 165 096; Headquarters: Rua do Choupelo, n.º 250, 4400-088 Vila Nova de Gaia, Portugal
− The Vintage House Hotel, S.A.; Companies Registration No. 503 974 242; Headquarters: Lugar da Ponte, 5085-034 Pinhão, Portugal
− Y Not Chocolate, S.A.; Companies Registration No. 514 990 848; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Onwine, Lda.; Companies Registration No. 516 026 011; Headquarters: Av. D. João II, nº 1288, 4430-415 Vila Nova de Gaia, Portugal
− Quinta and Vineyard Bottlers – Lan Holdings, S.A.; Companies Registration No. 500 227 969; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Fontenova Hotel, Lda.; Companies Registration No. 515 666 386; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− QVB SAN, Lda.; Companies Registration No. 515 202 711; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Sociedade Quinta do Portal, S.A.; Companies Registration No. 501 695 060; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Fundação The Porto Protocol; Companies Registration No. 515 488 011; Headquarters: Rua do Choupelo, nº 250, 4404-509 Vila Nova de Gaia, Portugal
Website Users – any person accessing any of the TFP websites or trademarks marketed by TFP:
www.fladgatepartnership.com, managed by The Fladgate Partnership – Vinhos, S.A;
www.climatechange-porto.com, managed by The Fladgate Partnership – Vinhos, S.A;
www.the-yeatman-hotel.com, managed by The Yeatman Hotel, Lda;
www.vintagehousehotel.com, managed by The Vintage House Hotel, S.A.;
www.quintadoportal.com, managed by Sociedade Quinta do Portal, S.A.;
www.grapeshospitality.com, managed by Grapes – Great Restaurant, Accommodation and Personalised Event Solutions, Lda.;
www.baraofladgate.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.tresseculos.pt, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.dourorivertaxi.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
clerigostastingroom.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.barons-hall.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.hoteldaestrela.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.chafarizdelrei.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.onwine.pt, managed by Onwine, Lda.;
www.directwine.pt, managed by Grossão – Comércio de Bebidas, S.A.;
www.Taylor.pt, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Fonseca.pt, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Croftport.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Krohn.pt, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Croftpink.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Bin27port.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.portandtonic.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.heritagewines.pt, managed by Heritage Wines – Distribuição de Bebidas, Lda.;
www.wow.pt, managed by HILODI – Historic Lodges & Discoveries, S.A.;
www.vintevintechocolate.pt, managed by Y Not Chocolate, S. A.;
www.museudovitral.pt, managed by Três Séculos – Realizações hoteleiras, Lda.
atkinsonmuseum.com, managed by Hilodi – historic Lodges & Discoveries, S.A.;
www.portoprotocol.com, managed by Fundação The Porto Protocol
3. WHAT TYPE OF INFORMATION DO WE COLLECT?
TFP collects various types of personal data for different purposes, as set out below.
CUSTOMER DATA: We only collect the necessary data for the conclusion, compliance and performance of any agreement entered into between the Customer and TFP, as well as to reply to any subsequent claims regarding such agreements. Normally, we just need to have your contact information data (such as full name, phone number, email, address and postcode) to enable us to ensure that our relationship runs efficiently. We also keep information related to your online involvement, which we use to ensure that the marketing communications we direct to you are relevant and appropriate. We may also have CCTV footage, if you visit our facilities and information that you have decided to share with us directly or through your company (evaluation of our services and products, allergies, health conditions and food restrictions). You will be informed if, for any reason, we require any additional personal data.
SUPPLIER DATA: We only collect the necessary data for the conclusion, compliance and performance of any agreement entered into between the Supplier and TFP, as well as to reply and manage any subsequent claims regarding such agreements. We will collect personal contact data, including your company data, such as names, phone numbers, and emails. We will also collect bank details so that we can issue payments to you. We may also keep information that you have decided to share with us directly or through your company, and CCTV footage if you visit our facilities.
WEBSITE USERS: We only collect the necessary data to guarantee a first class experience when visiting our Website, in order to allow you to enjoy all the potential options and discretions provided therein, as well as to assist us when managing our provision of services. This includes information such as how you use our website, how often you access it, your browser type, your IP address, the location from where you visit our website, the language you choose and the time when our website is most often visited, as well as other information better described in our aforementioned cookie policy. If you contact our Website using, for instance, the chat function, we will collect any information provided to us, such as your name and contact data.
APPLICANT DATA: Depending on the relevant circumstances and local legislation applicable, we may collect all or part of the information listed below:
– Identity data, such as name, contact details (phone and email), immigration status (in case you need a work permit for your visa), and your photo.
– Professional status and activity, such as data on education, employment history, current salary, pensions and benefits-related provisions, if such information is necessary for the vacancy to which you wish to apply
– Additional information you choose to share with us, in particular in your CV or in job interviews;
– Additional information that our Customers may share about themselves or that we find out from other third-party sources;
– IP address; dates, timings and frequency with which you access our services; and
– CCTV footage, if you visit our facilities.
Please note that the above list of categories of personal data that we may collect is not exhaustive.
In addition to the above mentioned, registration through social networks (involves using your credentials from social networks such as your login information as a Facebook and Google+ User in order to open and log in to your own TFP account) also allows us to collect personal data: when you use the login option through social networks, TFP will only use the public profile information that is necessary for the opening of your TFP account. TFP will not use any information received from social networks as long as such information is irrelevant for the referred purpose. Once the account is open, the user will have the opportunity to complete it with any information that the said data subject wishes to share with us and that will allow us to improve the expected interaction with our services. Any additional information provided will only be used for the purposes stated in this privacy policy.
4. DO I HAVE AN OBLIGATION TO PROVIDE MY PERSONAL DATA?
In the scope of our commercial or professional relationship, you will have to provide the necessary personal data to start and create such a relationship in order to comply with the existing pre-contractual and contractual duties and diligences and that data that we and compulsory have to collect. Without such data, we will generally have to refuse to conclude or perform such an agreement or we will not be able to maintain the agreement and therefore will have to terminate it.
If you do not provide us with the necessary information and documentation, we will not be able to start or continue the commercial or professional relationship intended by you, or even follow up on requests you may send us.
5. HOW DO WE COLLECT YOUR PERSONAL DATA?
We may collect personal data in several ways:
a) Personal data that we receive directly from you, if you contact us deliberately, usually by phone or email; and/or if we contact you by phone or email or through business development activities in a more general manner.
There are several ways in which you can share your information with us. It all depends which suits you better. These may include:
– Enter your data on TFP Website by filling out the form as part of the registration procedure; or
– Send your CV/ résumé by email or leave a hard copy of your CV;
– Participate in a contest through a social network channel such as Facebook, Twitter, Instagram, Pinterest or other;
– Sign up for our newsletter or any of our events;
– Through the chat function on our Website.
b) Personal data we receive from other sources, usually through due diligence or other market information, including lists of applicants in relevant events. We also receive personal information from other sources, for instance if you introduce “Like” on our Facebook page or choose to “Follow” on Twitter or Instagram, we will receive personal information from these websites;
To the extent that you access our Website, read or click on an email from us, when appropriate and in accordance with local legal requirements and legislation, we may also automatically collect your data. When you visit our Website there is certain information that we may collect automatically, whether or not you decide to use our services. This includes your IP address, the date, times and frequency of access to our site and the way in which you browse its content, all as provided in the cookies policy below. We will also collect your data when you contact us through our Website using, for example, the chat function.
We collect your data automatically through cookies, in accordance with your browser’s cookie settings. If you are also a TFP Applicant or Customer, we may use data from your usage of our websites in order to improve other aspects of our communications with you or the services we provide to you.
6. WHY DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS?
PROVISION OF PRODUCTS AND SERVICES
TFP may process your personal data, when necessary to perform the agreement between you and TFP, as well as to be able to identify you. We may also use your Personal Data to prevent and research possible misuse of the said Personal Data.
MARKETING ACTIVITIES
Occasionally, we may send you information that we consider to be of interest to you. In particular and when appropriate, we may use your data for the purposes listed below:
– to enable us to develop commercial or marketing initiatives, namely to promote actions to publicise new options or new products and services;
– to send you reports, promotions, offers, events and contacts;
– to provide you with information about specific promotional discounts and offers to which you are entitled to because of your relationship with TFP;
– to allow us to send newsletters, which may contain information on promotional campaigns, on events, discounts, promotions and offers, invitations, activities publicising new features, new products or services and for sending information on participation in contests and prizes, in accordance with the thematic preferences that you have indicated by email;
– allow us to send you reminders about your bookings, order status changes, “abandoned card” reminders and stock notification information;
– management of membership programmes, such as, but not limited to, the “Cartão WOW”/ ”WOW Card” program;
-to provide you with information about personalised and exclusive offers of products and services identified based on your personal preferences and behaviour pattern, as well as from the use of products, services and browsing on the websites.
When you have provided us with your email contact details in connection with the sale of a product or service, we may use them for the purposes of marketing of our own products and services. You may, however, freely and if you do not agree with our marketing approach, refuse/cancel such communications either at the time of the collection or at the time each message arrives. Regarding the sending of any other type of e-communication, we will firstly request your prior and express consent. We need your consent for some aspects of these activities that are not covered by our legitimate interests (in particular the collection of data through cookies and the provision of marketing directly to you through digital channels).
If you do not agree with our marketing approach, you are entitled to withdraw your consent at any time. We may use your data to show you TFP adverts and other content displayed on other websites such as, for example, on Facebook. If you do not wish us to use your data in this way, turn off the option “Advertisement Cookies” (please check our Cookies Policy).
OTHER PURPOSES
– To store (and update as necessary) your information in our database, so that we can contact you regarding the agreements you have entered into or wish to enter into with us;
– To offer you services or to obtain assistance and services from you;
– To fulfil specific legal duties;
– To help us direct appropriate marketing campaigns, in which TFP may adopt automated decisions, including profile definition;
– Where necessary to assist us in the declaration, exercise or defence of a right and
– To defend the vital interests of the data subject.
We may also use your personal data for these purposes if we consider it necessary to do so in order to defend our legitimate interests.
DEVELOPMENT ON PRODUCTS AND SERVICES
TFP may use your personal data for the development of your products and services. However, we will predominantly use combined data and statistical information for that purpose. TFP keeps track of the pages our customers visit within the website to determine which services/products are most requested.
In this case, we collect information concerning the computer or device (including mobile devices) that you use to access the website, namely your IP address, the website you used to access us, the type and language of your browser, operation system, cookies, the country from where you are accessing, reference and exit pages, URL, platform, number of clicks you have made, domain names, searched and visited pages, and the order in which you have visited them, the time spent on a particular page, the date and time you have accessed our website, access errors and other similar information that your browser may sends us.
COMMUNICATION
TFP may use your personal data to communicate with you, namely, to send you news related to TFP’s products and services, or to assist you in matters relaters to customer support, in particular to respond and manage users requests through customer service channels, as well as to monitor the quality of our service.
TFP’s newsletter subscription may involve the use of personal data in order to carry out personalised advertising of our products and services, which are available to users through email, push notifications by any other electronic means or through third parties.
You can freely unsubscribe from receiving our Newsletter at any time, simply by following the information we provide in each communication.
TFP may use data that has been identified based on your personal and behaviour pattern preferences. In order to send you customised offers, TFP will collect the said data from your interactions with us, whether through our website, or through an app, support line, or even from the use of products.
The management of data for the purpose of profiling and market researching is also based on TFP’s legitimate interest. >To such end, TFP considers the interests and rights of those concerned and the measures taken by the person responsible to fulfil general duties in terms of proportionality and transparency, having surmised that:
a) the impact on individual fundamental human rights, freedoms and guarantees is reduced;
b) the said management may be reasonably foreseen by the person concerned;
c) the data handling for the referred purpose does not lead to exclusion, discrimination, defamation or endanger of the holder’s reputation and/or his/her negotiation power.
If you consider that the referred data management may lead to any kind of emotional repercussion, you may exercise your right of access and/or right to object, as well as voluntarily exclude yourself without any need for justification of your decision.
We inform you that you can limit this by exercising the right to object by writing an email to any of the contacts listed in “How to contact us”.
IMPROVING THE SERVICE PROVIDED TO THE USER
Your Personal Data related to your physical or online purchases, tastes and preferences can be used for analysis, user profiling, market research, quality surveys and improvement of our Customer interaction.
RECRUITMENT ACTIVITIES
In order to fill job vacancies, we can internally develop recruitment activities. We have listed below several ways in which we may use and process your personal data for this purpose:
– Collect your data through you and other sources, such as LinkedIn;
– Store your data in our database (and update them when necessary), so that we can contact you regarding recruitment;
– Assess data concerning yourself in relation to the vacancies that we believe are appropriate for you;
– Allow you to send your CV, apply online for employment offers or subscribe alerts on job offers that we believe will be of your interest;
– Comply with our obligation arising from any agreement entered into between you and TFP;
– Comply with our obligations arising from any agreements entered into between third parties and TFP, regarding your recruitment;
– Streamline our payment and invoicing procedures;
-Check the data provided by you, using third party resources (such as psychometric assessments or skills tests) or to request information (such as employment recommendations or references, as appropriate under applicable law, that you have provided contact data of, and as long as you have gathered previous consent authorising us to contact these entities); and
– Comply with our legal obligations, including, for instance, crime detection or tax and fiscal duties collection.
We handle your abovementioned personal data pursuant to the provisions in the GDPR and other applicable legislation, and we base this data management essentially on pre-contractual procedures and contract performance, on the fulfilment of a legal obligation or to satisfy legitimate interests pursued by TFP or on the protection of the imperative interests of the data subject.
That is, we use and process your personal data for the management and performance of agreements or other procedures requested by the data subject (Article 6, paragraph 1 b) of the GDPR); in the context of a legitimate interest (Article 6 paragraph 1 f) of the GDPR); based on the consent of the data subject (Article 6 paragraph 1 a) of the GDPR) and by legal imperative or in the public interest (Article 6 paragraph 1 c) of the GDPR).
7. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Where appropriate and in accordance with legal requirements and local legislation, we may share your personal data for various reasons and in several ways with the following categories of entities:
– Any of the entities of our Business Group, identified in the Glossary herein.
– In the pending of an investigation, claim or lawsuit filed within the Tax, Audit, Administration or Public Authorities, Courts, Foreigners and Borders Service (“SEF”) and Portuguese Security Forces, which are responsible for the matter and, internally, the areas or departments of the TFP Group that collaborate in collecting information and reporting facts to the competent authority;
– Third party service providers who perform tasks on your behalf (including external consultants, business partners and professional consultants such as lawyers, auditors and accountants, recruitment companies, technical support and IT consultants conducting who carry out testing and development work on the technology systems of our Business Group entities;
– Third party IT service and outsourced documents storage providers, in cases where we have an appropriate management agreement (or similar protections);
– With the company “UNLOCK THOUGHTS, LDA, Tax and Companies Registration number 513923195, with registered headquarters in Rua do Bom Sucesso nº 372, 5, civil parish of Lordelo do Ouro and Massarelos, municipality of Oporto, as partner entity of our Hotel da Estrela and our Hotel Palacete Chafariz d’El Rei, for the same legal effects and purposes foreseen in this Policy;
– Platforms and suppliers of marketing technology;
– In the event of acquisition or selling of businesses or assets, we may share your personal data with potential purchasers of these businesses or assets;
– In the event of payments, the credit institutions and other payment service providers, as well as the technology service providers related to payment services to whom the transaction data is passed on, and which may be bound by legislation of the State in where they perform, or by agreements concluded by the latter to provide information on transactions to official authorities of other countries, both inside and outside the European Union, in the battle against financing terrorism, serious forms of organised crime and money laundering prevention.
Our website and our application will allow you, in some circumstances, social plug-ins from various social networks. If you decide to interact with a social network such as Facebook, Twitter, Google + (for instance, through account registration), your activity on our website or in our app will also be available in your social network. If you are connected to one of these social networks during your visit to our website or app, or if you interact through one of the said social plug-ins, the social network may include this information to your profile on the said social network, in accordance with your privacy setting. If you wish to avoid this data transfer, please close your account session on the social network before entering our website or app or change your privacy settings whenever possible. We recommend you read the privacy policies of the social networks you use in order to obtain detailed information about the collection and transfer of personal information, and also to get to know your rights and which privacy settings are appropriate and you should select for your profile.
8. HOW DO WE SAVE YOUR PERSONAL DATA?
We are committed to take all reasonable and appropriate steps to protect the personal information we have from misuses, accidental or unlawful amendments, loss and disclosure or unauthorised access. For this purpose, TFP uses security systems, rules and other procedures to ensure the protection of your personal data, as well as to prevent unauthorised access, improper use, disclosure, loss or even destruction of your personal data.
If you suspect misuse, loss or unauthorised access to your personal information, please let us know immediately.
If you suspect misuse, loss or unauthorised access to your personal information, please let us know immediately.
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We only store your personal data for the time necessary to achieve the purpose that justifies these data collection, and also to respond to your needs or to the requests you may address to us, or to comply with our contractual and legal obligations.
In order to determine the time period to store your data, we use the criteria listed below. If several criteria are applied simultaneously, we will keep your personal data in accordance with the criterion that entails the keeping of your personal data for the longest period of time:
a) When purchasing product and services, we will keep your personal data for the duration of our business relationship, including any complaints that may arise, as well as for a period of ten [10] years after the termination of such relationship, notwithstanding the compliance of legal obligations of the data controller;
b) When you contact us to ask questions, requesting information and clarifications, we will keep your personal data for the period of time necessary to resolve your question or to provide you with the information and/or queries requested;
c) When opening a customer account, that is, when registering on our website, we will keep your data until you ask us to delete them or after a period of inactivity of two [2] years;
d) When you have consented to the sending of direct marketing, we will keep your personal data while maintaining the final purpose of the data collection or until you cancel the subscription or request us to delete the data;
e) Regarding the footage captured on video surveillance system (CCTV), during the maximum period of thirty [30] days;
f) Concerning data collected during a recruitment procedure, for a maximum period of five [5] years after the closure of the recruitment procedure;
g) Regarding the use of cookies, we will keep them as long as it is necessary to achieve the purposes inherent thereto, as detailed in our Cookies Policy;
h) The period of time provided for in applicable legislation; or
i) Until the specific purpose applicable to the personal data ceases to exist.
We may also retain some of your personal data to the extent necessary to comply with our legal obligations, as well as to exercise or enforce our rights, including to appeal to courts and administrative entities.
In any of these situations, if there legal judicial or administrative proceedings are pending, the data will be kept for the duration of the proceedings and up to six [6] months after a final res judicata judgment is rendered.
After the above mentioned periods of data storage, the personal information will be deleted and /or cleared with efficient safety.
10. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
One of the main targets of the GDPR is to protect and clarify the rights of EU citizens and individuals in the EU with regard to data privacy. This means that you have several rights to your data, even when you have previously provided such data to us. These entitlements are better described below.
We will try to process your request without undue delay and, in any case, within one [1] month (subject to any extensions permitted by law). Please note that we may keep a record of your communications to help us resolve any matters raised and brought by you.
RIGHT TO OBJECT: this right allows you to oppose the handling of your personal data, for the reasons related to your particular situation when your personal data are managed for one of the following purposes: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials, including profile definition; and (iv) scientific, historical, research or statistical purposes.
If you exercise the right to Object, we will terminate the processing of the data that you have objected to, unless:
– we can present evidence that we have legitimate compulsory grounds for the data management that overlap with your interests; or
– we are processing your data in order to declare, exercise or defence a right.
RIGHT TO WITHDRAW CONSENT: If we have obtained your consent to handle your personal data for some activities (for example, for marketing purposes), you may withdraw this consent at any time and we will no longer perform the specific activity you have previously consented upon, unless we consider that there is an alternative reason on our behalf to justify the continuing data management, in which case we will inform you about such condition.
RIGHT OF ACCESS BY THE DATA SUBJECT: You may request us, at any time, to confirm the information we have about you, as well as additional information about the purposes of our data management, the period of time which we keep your data, the existence of automated decisions, the recipients to whom the data are disclosed, among any other information provided for in article 15 of GDPR. We may ask you to verify your identity and more information about your request. If we grant you access to the information we keep about you, we will not charge for access unless your request is “manifestly excessive or groundless”. If you request us any additional copies of this information, we may charge you a reasonable administrative cost, and where this is legally permitted. In cases where we it is legally permitted, we may deny your request. If we refuse your request, you will always be informed of our reasons and grounds.
RIGHT TO ERASURE: In some circumstances, you are entitled to request us to delete your personal data. Usually, the exercise of this right must meet one of the following criteria:
– the data is no longer necessary for the purpose for which we originally collected and/or processed;
– when you have withdrawn your consent to process your data and there is no other valid reason why we should continue to keep and process them;
– if you object to processing and there are no legitimate interests that justify the said data processing;
– the data have been unlawfully processed (for instance, in a way that does not comply with the GDPR); or
– the data needs to be deleted in order to comply with our legal obligations as data controller.
Nevertheless, this right does not apply, and therefore TFP may continue to process your data in a legitimate manner, when the following proves necessary:
– to exercise the right to information and freedom of speech;
– to comply with legal obligations, to perform a task of public interest or to perform official authority;
– for reasons of public health in the public interest;
– for record, research or statistical purposes; or
– to exercise or protect a right.
When presented with a valid request to erase data, we will take all the reasonable and practical steps to delete the said data.
RIGHT TO RESTRICTION OF PROCESSING DATA: In some circumstances, you have the right to restrict the processing of your personal data. This means that we can only carry on storing your data and we will not be able to carry out any further processing of your data until: (i) one of the circumstances listed below is resolved; (ii) we have obtained your consent; or (iii) additional processing is required in order to declare, exercise or defend a right, the protection of the rights of another person or on grounds of important public interest of the EU or of a Member State.
The circumstances in which you have the right to request the restriction of the processing of your personal data are:
– in the event of answering the accuracy of the personal data we deal with. In this case, the processing of your personal data will be restricted for the period during which the accuracy of the data is being checked;
– if you object to the processing of your personal data based on our legitimate interests. In this situation, you may request that your data will be restricted while we confirm our grounds for your personal data processing;
– if the processing of your data is unlawful, but you would rather restrict our data processing instead of their erasure; and
– if we no longer need to process your personal data, but we need the data to establish, exercise or defend a right.
If we have shared your personal data with third parties, they will also be notified of the restriction to processing, unless this notification is impossible to make or involves a disproportionate effort. We will, for sure, notify you before lifting any restriction on the processing of your personal data.
RIGHT TO RECTIFICATION: You have the right to request us to rectify any inaccurate or incomplete personal data we keep regarding you. If we have shared such personal data with third parties, they will be notified of the rectification, unless this notification is impossible to make or involves a disproportionate effort. Where appropriate, we will also inform you to which third parties we have disclosed inaccurate or incomplete personal information. When we consider that it is reasonable not to comply with your request, we will explain the reasons for our decision. It is important that the personal information we keep regarding you is accurate and updated. Please let us know if there are any changes to your personal information during the period in which we keep your data.
RIGHT TO DATA PORTABILITY: If you wish so, you are entitled to transfer your personal data between data controllers. This means that you can transfer data from your TFP account to another online platform. To enable you to do it, we will supply you with your data in a automated read-only format, protected by password, so that you can transfer the data to another online platform. Alternatively, we can directly transfer the data for you. This right to data portability is applicable to: (i) personal data that we process automatically (i e, without human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or to fulfil an agreement.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY: You also have the right to file a complaint to your local supervisory authority, which in Portugal is the Comissão Nacional de Proteção de Dados (www.cnpd.pt).
Please contact us if you intend to exercise any of these rights or withdraw your consent for the processing of your personal data (if your consent is our legal basis for processing your personal data). Please note that we may keep a record of your communications to help us resolve any issues you raise.
11. HOW CAN YOU EXERCICE YOUR RIGHTS / HOW YOU CAN CONTACT US?
If you wish to exercise any of the above rights, or you suspect of misuse, loss or unauthorised access or have any comments or suggestions to this Privacy policy, you may contact us at the following addresses:
– The Fladgate Partnership – Vinhos, S.A., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400 – 088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Quinta and Vineyard Bottlers – Vinhos S.A., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia,Portugal
Alternatively, you can email us at dpo@qavb.com
– Heritage Wines – Distribuição de Bebidas, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@heritagewines.pt
– Grossão – Comércio de Bebidas S.A., A/c. Encarregado de Proteção de Dados, Avenida D. João II – Quinta dos Barões, 4430-022 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@grossao.com
– Grapes – Great Restaurant, Accomodation and Personalised Event Solutions, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@grapeshospitality.com
– Sociedade Agrícola de Nogueira, Lda., A/c. Encarregado de Proteção de Dados, Quinta da Roêda, 5085-036 Pinhão, Portugal
Alternatively, you can email us at dpo@san.pt
– Três Séculos – Realizações Hoteleiras, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@tresseculos.pt
– The Yeatman Hotel, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 345, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@theyeatman.com
– Fladgate Partnership Land Holdings, S.A., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– HILODI – Historic Lodges & Discoveries, S.A., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@wow.pt
– The Vintage House Hotel, S.A., A/c. Encarregado de Proteção de Dados, Lugar da Ponte, 5085-034 Pinhão, Portugal
Alternatively, you can email us at dpo@vintagehousehotel.com
– Y Not Chocolate, S.A., A/c. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@vintevintechocolate.pt
– On Wine, Lda., A/C. Encarregado de Proteção de Dados, Avenida D. João II, nº 1288 (Rotunda Gil Eanes), 4430-415 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@onwine.pt
– Quinta and Vineyard Bottlers – Land Holdings, S.A., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Fontenova Hotel, Lda., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– QVB SAN, Lda., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Sociedade Quinta do Portal, S.A., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Fundação The Porto Procotol., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4404-509 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
12. HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?
Data transfer to other countries (countries outside the European Union) only occurs if it is necessary for the execution of orders or upon your requests (for example, payment orders or shipment of products), by legal requirement or if you have given us an express authorisation to do so. If requesting service providers of third countries is required, they will be obliged to comply with the written instructions in this regard by signing an agreement with the standard contractual clauses of the European Union, in order to comply with the level of data protection applicable in the European Union. You will receive detailed information from us separately as required by law. We want to ensure that your data is stored and transferred in a safe way. Therefore, we will only transfer data outside the European Economic Area or EEA (i e, the State Members of European Union together with Norway, Iceland and Liechtenstein) where this is in line with the data protection legislation and the means of transfer provide adequate guarantees in relation to your data, namely:
– through a data transfer agreement incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to controllers and subcontractors in jurisdictions lacking adequate data protection legislation; or
– transferring your data to a country where the European Commission has noted an adequate level of data protection; or
– if you have consented to the transfer of data.
To ensure that your personal data receives an adequate level of protection, we have applied appropriate procedures with third parties with whom we share your personal data to guarantee that your personal information is handled by such third parties in compliance with data protection law.
13. GUARANTEES AND WARNINGS
User guarantees that the personal data provided to TFP are correct and accurate and will notify any change or amendment to them assuming sole responsibility for losses and damage caused by erroneous, inexact or incomplete communication of these data. User is explicitly warned that when disclosing personal data in public TFP media such as Facebook, Google +, Twitter and Instagram, this information may be seen and used by third parties. TFP does not read any personal communication published or posted on our costumers’ own web pages.
14. BROWSERS RECOMMENDED
TFP website is optimised for viewing on Google Chrome, Safari, Mozilla Firefox, Microsoft Edge.
15. COOKIES POLICY
WHAT IS A COOKIE?
A “cookie” is an information file that is stored on your computer’s hard drive and that records your browsing on a website so that when you revisit that website you can be presented with customised options based on the information stored on your last visit. We may also use cookies on our website to analyse traffic and for advertising and marketing purposes, which do not harm your system.
If you wish to check or change the type of cookies you accept, you can do so in your browser settings.
HOW DO WE USE COOKIES?
We use cookies basically to do two things: to track your use of our website, allowing us to understand how you use the site and to track any patterns that may arise individually or from larger groups, which will help us to develop and improve our site and services in response to what visitors want and need.
Cookies can be:
– Session Cookies: these are only stored on your computer during your web session and are automatically deleted when you close the browser – they usually store an anonymous ID session allowing you to browse a site without having to log in to each page, but do not collect any information from your computer; or
– Persistent Cookies: these are stored as a file on your computer and are maintained when you close your web browser. The cookie can be read by the site that created it when you return to that site. We use persistent cookies such as Google Analytics, Facebook and Mailchimp.
– Strictly necessary Cookies: They are essential to enable you to use the site effectively and they cannot be deactivated. Without these cookies, the services that are available to you on the website could not be provided. These cookies do not collect information about you that can be used for marketing purposes.
– Performance Cookies: These cookies allow us to monitor and improve the performance of our site. For example, they allow us to track visits, identify traffic sources, and to check which parts of the site are most popular.
– Functionality Cookies: These cookies allow our website to remember the choices you have made (such as your username, language and region where you are) and provide improved functional options. For example, we may provide you with important news or updates on our website. These cookies can also be used to remind you of changes you made: from the size of text, type of font, and other parts of web pages that you can customise. They can also be used to provide services you have requested, such as viewing a video. The information that these cookies collect are usually anonymous.
– Customized Cookies: These cookies are persistent (while you are registered with us) and mean that when you sign in or return to a web page you may see similar adverts to those you have browsed previously.
CONSENT
Pursuant to Law no. 41/2004, of 18 August, the storage of information and the possibility to access information stored in a user’s IT device (in particular thorough cookies) will only be carried out by TFP if the user has given prior and explicit consent to the use of cookies on his/her device. Therefore, we request you to accept this Privacy and Cookies Policy, before you start browsing our websites.
HOW CAN I AVOID COOKIES ON YOUR WEBSITES?
All Costumers are entitled to withdraw consent to the use of cookies by TFP, eliminating cookies stored on their computer through settings options of their internet browsers.
Finally, if you wish to have greater control over the use of cookies, you can download programs or add-ons to your browser, known as “do not track”, which will allow you to choose the cookies that you want to allow.
If you block or do no authorise the use of cookies, no cookie will be stored in your device, but this will not guarantee the proper functioning of our websites. Therefore the costumer cannot take maximum advantage of the contents available on our websites, and in each new access to the website, you will always be asked for permission to use cookies.
16. ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS
Occasionally, it may be necessary to process personal data and, where appropriate and in accordance with local requirements and legislation, to process sensitive personal data regarding the exercise and defence of legal claims. On this perspective, article 9 paragraph 2 f) of GDPR such processing when it “is necessary for the establishment, exercise and defence of legal claims in a judicial proceeding or whenever courts act in the exercise of their judicial function.”
This may arise, for instance, in circumstances where we need to obtain legal advice in relation to legal proceedings or if we are required by law to retain or disclose specific information as actors in legal proceedings.
17. CHANGES TO OUR PRIVACY POLICY
TFP reserves the right to change this Privacy and Cookies Policy at any time, and any changes will be duly posted on the TFP’s websites.
Last update: 2nd May 2024