Privacy and Cookie Policy

This privacy policy defines the way in which Exolaire – Comércio de Mobiliário, Lda., uses and protects the data you provide when you use the https://alaire.pt/website.

  1. IDENTIFICATION OF THE DATA CONTROLLER

  • Entity: Exolaire – Comércio de Mobiliário, Lda. (hereinafter, “ALAIRE”)
  • Registered Offices : Rua do Cruzeiro 27, 2710-306 Linhó, Sintra
  • Legal Person Identification Number: 507 662 628
  • Telephone number: +351 214 846 092
  • E-mail: info@alaire.pt
  •  
  1. INFORMATION AND CONSENT

The Law on Personal Data Protection (hereinafter referred to as “LPDP”) and the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter referred to as “GDPR”) ensure the protection of individuals with regard to the processing of personal data and the free movement of such data.


As established by law, personal data is considered any “information relating to an identified or identifiable natural person (‘the data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers, or one or more specific elements of said natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.”

 

By accepting this Privacy Policy, the user is deemed to be informed, for all purposes, by way of the https://alaire.pt website, that they will be included in a file under the responsibility of ALAIRE, whose processing, in accordance with the legislation on personal data protection, complies with appropriate technical and organizational security measures.


ALAIRE maintains a customer database consisting only of the personal data provided by the data subject at the time of registration, which is collected and processed automatically by ALAIRE, the personal data controller entity.


Under no circumstances will personal data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, political opinions, trade union membership, health or sex life, genetic data, biometric data, or data concerning sex life or sexual orientation be requested.


ALAIRE will not use the personal data provided through this website to perform any of the following activities, without the data subject’s express prior consent:

  • Assignment to other persons or entities;
  • Transfer outside the European Economic Area (EEA).
  •  
  1. PURPOSES OF THE PROCESSING OF PERSONAL DATA

The personal data processed through this website will only be used for the following purposes, with the following legal bases, and within the following periods:


PURPOSE

LEGAL BASIS

DATA COLLECTED

STORAGE

PERIOD

Processing of complaints;

Compliance with legal obligations.

Identifying data,

Data relating to the complaint.

For the period required by law.

Following-up of your online purchase

Pre-contractual steps and performance of the agreement.

E-mail, Name, Full Invoicing and/or Delivery Address, Payment Data, Taxpayer Number.

For the period required for the performance of the agreement and legal obligations.

Creating the customer’s private area

Pre-contractual steps and performance of the agreement.

E-mail and password.

Up to 1 year from the last access

Subscribing to the ALAIRE Newsletter

Consent for that specific purpose.

E-mail.

2 years from the user’s inactivity.

ALAIRE website management operations.

Consent for that specific purpose (cookies);

Legitimate interests (in maintaining the website’s regular operation) pursued by ALAIRE.

Cookie data,

IP address.

Cookie storage period.

 

Commercial purposes, such as data analysis, audits.

Consent for that specific purpose (cookies).

Cookie data,

IP address.

Cookie storage period.

Fraud prevention and IT systems security.

Legitimate interests pursued by ALAIRE.

Cookie data,

IP address.

Cookie storage period.

Locating ALAIRE via GPS.

Consent for that specific purpose.

IP address.

During the session, after consent has been obtained.


ALAIRE ensures the confidentiality of all the data provided. However, despite the fact that ALAIRE collects and processes the data in a secure manner that prevents its loss or manipulation, by recourse to the most suitable techniques to that effect, it is important to note that the collection of data over open networks enables a movement of personal data without security conditions and that there is a risk of said data being viewed and used by unauthorized third parties.


The data subject’s request cannot be addressed unless they provide the data identified as mandatory.

  1. SECURITY MEASURES

ALAIRE declares that it has implemented and will continue to implement the necessary technical and organizational security measures to ensure the security of the personal data provided, aiming to prevent its variation, loss, unauthorized processing and/or access, taking into account the current state of the art, the nature of the stored data, and the risks to which it is exposed.


ALAIRE ensures the confidentiality of the data provided through this website. The data is collected and processed in a secure manner that prevents its loss or manipulation. All the data is inserted in a Secure Server (128-bit SSL) which encrypts/codifies it (transforms it into a code) and its password is stored using a unidirectional hash, i.e. it cannot be recovered (or disclosed) by any person, including ALAIRE and can only be redefined. You can verify that your browser is secure if the padlock symbol appears or if the address starts with https instead of http. 


Personal data is treated with the level of protection required by law to ensure that it is secure and to prevent it from being altered, lost or processed or accessed without consent, taking into account the current state of the art and the user is aware of and accepts the fact that Internet security measures are not impregnable.


Although we take the care and precautions that we consider appropriate to protect the personal data you provide and we collect, it is important to be aware that no security system is impenetrable.

Therefore, you must take certain precautions, such as keeping your password secret and not disclosing it to anyone else. If you believe your password has been misused, you must notify us immediately. You should also take care to log in and log out whenever you close your browser.

 

Each time ALAIRE accesses personal data, it undertakes to:

  • Store it through the legally required technical and organizational security measures that ensure its safety, thereby preventing it from being altered, lost or processed or accessed without consent, in accordance with the state of the art at any given time, the nature of the data and the risks to which they may potentially be exposed;

  • Use the date solely for the previously defined purposes.
  •  

Certify that the data is solely processed by the staff members whose action is required to fulfil the data subject’s request, who are bound by a duty of secrecy and confidentiality. In the event that a disclosure of the data to third parties for the stated purposes is allowed, said third parties shall be required to maintain its confidentiality as per the provisions established herein.

  1. WHEN DO WE DISCLOSE DATA TO THIRD PARTIES?

ALAIRE may engage third parties to provide certain services, such as maintenance, technical support, marketing, invoicing, or payment management, and these third parties may have access to some of the personal data, including the data required for the contracted purposes.

  1. THIRD-PARTY WEBSITES

The website may contain links to other websites which may collect and process your personal data. The owners of those websites shall be entirely responsible for said processing and ALAIRE shall in no way be liable for their policies and/or practices.

Examples of said third-party websites are Facebook, Youtube, Instagram, accessible via the buttons present on the WEBSITE.

  1. COMMERCIAL AND PROMOTIONAL COMMUNICATIONS

One of the purposes for which personal data provided by users is processed is the sending of electronic communications with commercial and promotional information.


All communications of this kind will be directed exclusively to users who have given their prior and express consent, and who are over 18 years of age.


If the user wishes to stop receiving commercial or promotional communications from ALAIRE, they may express their objection at any time by sending a request to the following email address: info@alaire.pt.

 

  1. EXERCISING OF RIGHTS AND DEFINITIONS

Before we explain how you can exercise your rights, you should know what they are. The law gives you the right to ask us to exercise the following rights:

(a) Access: the right to obtain confirmation that the personal data concerning you is or is not being processed and, where applicable, to right to access your personal data;

(b) Rectification: the right to obtain the rectification of inaccurate personal data concerning you and to the completion of any incomplete personal data concerning you;

(c) Erasure: the right to obtain the erasure of your personal data where one of the grounds established by law applies;

(d) Restriction of processing: the right to obtain a restriction of the processing where one of the cases stipulated by law applies;

(e) Objection: the right to object to the processing of your personal data at any given moment;

(f) Portability: the right to receive your personal data in a structured, commonly used and machine-readable format.

In this regard, the user may at any given moment exercise their information, access, rectification, erasure, restriction, portability and objection rights by submitting a written request to ALAIRE using the following means:

  • Letter by postal mail sent to the following postal address: Rua do Cruzeiro 27, 2710-306 Linhó, Sintra
  • E-mail sent to the following e-mail address: info@alaire.pt
  1. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

In the event of data transfers to third countries outside the European Union, ALAIRE will comply with the legal rules, in particular with regard to the country of destination’s suitability concerning the protection of personal data and the requirements applicable to such transfers, and personal data will not be transferred to jurisdictions that do not offer guarantees of security and protection.

  1. SUPERVISORY AUTHORITY

As determined by law, the data subject is entitled to lodge a complaint concerning personal data protection with the competent supervisory authority, the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD) www.cnpd.pt .

  1. CHANGES TO THE PRIVACY POLICY

ALAIRE reserves the right to readjust or change this Privacy Policy at any given moment and any such amendments shall be publicly disclosed.

(24 May 2023 version, Sintra)