DATA PROTECTION / PRIVACY / INFORMATION SECURITY COMMITMENT
Made to Last, complies with all national, community and legal regulations regarding data protection, privacy and information security. Within the Personal Data Protection and Information Security System, Made to Last seeks to ensure regulatory compliance and corporate responsibility disclosure or evincement in data protection and information security, implementing all technical and organizational measures needed to comply with the Data Protection legal system in force.
Within this framework, Made to Last also commits to keeping the personal data it is responsible for processing confidential and secret, in accordance with this privacy and data protection policy. Made to Last thus guarantees compliance with all applicable norms regarding confidentiality and secrecy. It will demand the same from all staff members and suppliers, as well as the adoption of behaviours and the implementation of the necessary measures to the same degree of conformity, ensuring that the persons authorized to process personal data comply with the confidentiality measures or are subject to adequate confidentiality legal obligations.
Definitions “Personal data” “Personal data”, information regarding an identified or identifiable individual person (“data subject”); an individual person is considered identifiable if they can be directly or indirectly identified, particularly by reference of an identifier. Are examples of personal identifiers a name, an identification number, location data, electronic identifiers or identifiers of one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual person. “Processing of Personal Data” “Processing”, an operation or set of operations carried out on the personal data or sets of personal data, by automated or non-automated means, such as the collecting, registering, sorting, structuring, keeping, adapting or amending, recovering, referring, using, disclosing by transmission, distributing or any other form of providing, comparing or interconnecting, limiting, deleting or disposing.
“Cookies” “Cookies” are small text files with information considered relevant that the devices used for access (computers, mobile phones or portable mobile devices) carry through the Internet browser when an online site is visited by the Client or User. Processing Controller Made to Last, Lda., with headquarters in Travessa do Calvário, nº 215 Zona Industrial das Arroteias 4595-106 Frazão, Paços de Ferreira, registered in Braga Commercial Register under a sole registration number of legal person 510.210.864, a share capital of 52,000,00 Euros, herein referred to as Made to Last, is the controller of the online site www.madetolast.pt, www.primedesign.com.pt and www.stylishclub.pt and the IT applications, hereinafter referred to as channels or applications, through which the Users, Service Recipients or Clients remotely access Made to Last services and products presented, traded or provided, at any time, through these.
The use of the channels or applications by any User, Service Recipient or Client may imply the execution of data processing operations, the protection, privacy and security of which is ensured by Made to Last as the Processing Controller, in accordance with the terms of this Privacy and Data Protection Policy. Data Protection Officer If you wish to contact the Data Protection Officer at Made to Last, please send an email to firstname.lastname@example.org describing the issue of the request and indicating an email address, a telephone contact or a mail address. Collecting and Processing Personal Data Made to Last processes personal data where strictly necessary to provide information and to improve the channels’ performance, in accordance with the User, Service Recipient or Client’s use. As such, Made to Last collects personal data: – directly from the Users or Recipients who provide them in their request registration or request for information; – directly from the Clients when they join those channels or when they use the services provided by Made ti Last, such as accesses, enquiries, instructions, transactions and other registrations related to its use. In particular, the use or activation of certain features in these channels might imply processing various direct or indirect personal identifiers, such as name, home address, contacts, device addresses or geographical location, whenever explicit consent is given from the User, Service Recipient or Client.
The personal data collected by Made to Last is processed by computer, in certain cases in an automated manner, including processing files or the defining profiles in the management of pre-contractual, contractual or post-contractual relationships with the User, Service Recipient or Client, under the terms of the community and national regulations in force. Categories of the Processed Personal Data The categories or types of processed personal data can be, among others that might be necessary and might be legally collected, as follows: full name, tax number, civil identification number, marital status, sex, date of birth, place of birth, address(es), location(s), postal code(s), country, country code, telephone contacts, emails, name of the company where they work, etc. In all cases, the User, Service Recipient or Client is always informed of the need to collect such data in order to access the features of the channels in question. Legal Principles All data processing procedures comply with the fundamental legal principles regarding data protection and privacy, namely circulation, legality, loyalty, transparency, purpose, minimization, maintenance, accuracy, integrity and confidentiality, and Made to Last is available to show their responsibility before the data subject or any other third party which has a legitimate interest in this matter.
Legitimacy Grounds All data processing operations carried out by Made to Last have legitimate grounds, namely the subject’s consent, the need to carry out a control or precontractual actions with the data subject, as well as the need to comply with a legal obligation or the legitimate interests of Made to Last or third parties. Processing Purpose All personal data processed in the context of Made to Last channels is exclusively aimed at providing Users with information, managing the Service Recipients’ personal information considered necessary to manage the relationship or communication with them, as well as providing services requested by the Clients and, in general, managing the pre-contractual, contractual and post-contractual relationship with the Users or Clients. The personal data collected can, still and eventually, be processed for statistical purposes, for information broadcasting or promotional measures, namely to promote new features or new products and services using direct communication, either by mail, e-mail, text messages or telephone calls or any other communication service.
Data Recipients Except when complying with legal obligations, in no instance will the personal data of a User, Service Recipient or Client be communicated to a third party that is not outsourced by Made to Last or a legitimate recipient. No communication will be carried out other than for the purposes indicated above. International Data Transfers Any personal data transfer to a third country or an international organization will only be carried out in the compliance of legal obligations or in the cases where compliance with the national and community legal regulations in this matter is guaranteed. Security Measures Considering the most advanced techniques, the application cost and the nature, scope, context and purpose of the data processing, as well as the variable gravity and probability risks to the User, Service Recipient or Client, Made to Last and all the outsourced entities apply adequate technical and organizational techniques in order to ensure a level of security suitable to the risk. To that effect, various security measures are adopted in order to protect the personal data against disclosure, loss, misuse, amendment, unauthorised processing or access, as well as any other form of unlawful processing. It is the User, Service Recipient or Client’s sole responsibility to keep the access codes safe and not share them with third parties. In the specific case of IT applications used to access the channels, they must also keep and maintain the devices in good security condition, as well as follow the security practices advised by the manufacturers and/or providers, namely with regards to installing and updating the security application required, such as, among others, antivirus applications. In case of outsoursing Made to Last Sservices to third parties that might have access to the User, Service Recipient or Client’s personal data, Made to Last outsourced entities will be required to adopt security measures and protocols to the same level as the organization, as well as technical measures to protect the confidentiality and safety of personal data and prevent unauthorized access, loss or destruction of personal data. Exercising the Rights of the Data Subject Made to Last Users, Service Recipients and Clients can, as data subjects, exercise at any time their right to data protection and privacy, namely the right to access, amend, delete, move, limit or object to processing, within the terms and limitations set out in the applicable regulations.
Any request to exercise data protection and privacy rights must be in writing and addressed by the subject to the Data Protection Officer, in accordance with the procedure and contact indicated below. Complaints or Suggestions and Incident Report Made to Last Users, Service Recipients and Clients have the right to complain, both via an entry in the Complaints Book and by logging a complaint with the regulatory entities, as well as give suggestions by e-mail to the Data Protection Officer. Incident Report Made to Last has implemented an incident management system for privacy, data protection and information security. If a User, Service Recipient or Client wishes to report any breach of personal data, which accidentally or unlawfully provokes the unauthorized destruction, loss, alteration, dissemination or access to the personal data provided, stored or subject to any other type of processing, they may contact the Data Protection Officer.
AROUND THE WORLD
Explore the projects of some
of our partners around the world
celebrating the elegance