Privacy Policy

PRIVACY POLICY

COMMITMENT

FRANKA LDA., sociedade comercial por quotas, with registered office at Rua Silva Carvalho, no. 148, parish of Campo de Ourique, municipality of Lisbon, registered at the Commercial Registry Office under the sole registration and taxpayer number 517 653 877, with share capital of four thousand and five hundred euros (hereinafter, “FRANKA”) is a company that prioritises transparency and security in the processing of personal data. This commitment is reflected in our day-to-day relationships with our investors, partners, clients, and suppliers. The privacy and security of the data you entrust to us is a priority for us.

This policy establishes the main guidelines considered in the Processing of Personal Data for which FRANKA is responsible.

FRANKA complies strictly with the terms of this policy, with Regulation (EU) 2016/679 (General Data Protection Regulation) and with the applicable data protection legislation, in all the Personal Data Processing activities for which it is responsible.

The Data Protection Policy is part of FRANKA's body of regulations on the protection of Personal Data and is complemented by the other documents that form part of this body of regulations, which include rules and procedures for managing the security and privacy of personal data. 

The Data Protection Policy is respected and applied by all FRANKA employees, service providers and subcontractors in activities that may directly or indirectly affect the processing of personal data.

RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA

FRANKA LDA., sociedade comercial por quotas, with registered office at Rua Silva Carvalho, no. 148, parish of Campo de Ourique, municipality of Lisbon, registered at the Commercial Registry Office under the sole registration and taxpayer number 517 653 877, with share capital of four thousand and five hundred euros, is responsible for the Processing of your Personal Data under the terms of the GDPR and the complementary legislation on the protection of Personal Data in force in the countries in which it operates.

PERSONAL DATA THAT WE MAY COLLECT

FRANKA may collect the following categories of personal data:

1. Customers First and last name;
2. Delivery address;
3. Billing address;
4. Telephone or mobile number;
5. Email address;
6. Tax identification number.

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

FRANKA processes its Customers' Personal Data in accordance with the following principles:

FRANKA only use the Personal Data of data subjects for which there is a specific lawful basis. The lawful bases that support FRANKA's Processing activities are the following:

• The data subject has given Consent to the processing of his or her Personal Data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which FRANKA is subject;
• Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in FRANKA;
• Processing is necessary for the purposes of the legitimate interests pursued by FRANKA or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

The Processing of Personal Data, namely its collection, is limited to legitimate, explicit and specific Processing purposes.

FRANKA does not use Personal Data for purposes for which there is no identified and appropriate basis of lawfulness.

During Personal Data Processing activities, namely when collecting Personal Data, the principle of data minimisation is followed, which means that FRANKA process and collect only the Personal Data that is strictly necessary to carry out the purpose in question.

The principle of minimisation also applies to the sharing and other processing activities of Personal Data, namely internal or external transfers, ensuring that only Personal Data that is strictly necessary is processed, without compromising the proper execution of the activity.

FRANKA guarantees that the Personal Data processed is accurate and up-to-date. To this end, appropriate and reasonable processes are in place to ensure the accuracy, Integrity, completeness and adequacy of the Personal Data for the purposes, when it is necessary to do so.

5. Storage Limitation

FRANKA stores Personal Data for the period strictly necessary for each purpose for which it is processed.

When the maximum storage period has been reached, your Personal Data will be anonymised or securely erased.

FRANKA has implemented appropriate security measures, in accordance with national and international best practices, in order to protect the Personal Data under its responsibility, including the implementation of technological controls, administrative, technical and physical measures and procedures that guarantee the protection of Personal Data, preventing its unauthorised use, unauthorised access and disclosure, loss, improper or inadvertent alteration or unauthorised destruction.

RIGHTS OF THE DATA SUBJECT

FRANKA provides the data subjects for whom it is responsible with the procedures that enable them to exercise, in a timely manner, the rights recognised to them under Regulation (EU) 2016/679, namely:

FRANKA informs data subjects of the data that is collected, the purposes for which it will be processed and the respective legal basis, as well as the storage periods or the criteria used to define them, the categories of Personal Data being Processed, the Recipients or categories of Recipients of the Personal Data, the rights enjoyed and the existence or not of automated decisions.

FRANKA has implemented appropriate measures to provide the data subject with the information provided for in the GDPR, providing it in a concise, transparent, intelligible and easily accessible manner, using clear and simple language. 

The information must be provided in writing or by other means and, if the data subject requests it, the information may be provided orally.

Data subjects have the right to lodge a complaint with the Supervisory Authority whenever they consider that the Processing of Personal Data concerning them violates the GDPR.

FRANKA provides appropriate means to allow the data subject to access the Personal Data that is stored concerning them, the purposes of Processing and special categories of related Personal Data, the entities with which the data is shared and the storage periods.

FRANKA provides adequate means for the data subject to rectify any incorrect data, as well as to update the Personal Data provided.

FRANKA provides adequate means for the data subject to request and carry out the erasure of Personal Data, with the exception of cases in which the storage of Personal Data is justified by legal or contractual requirements. 

FRANKA provides appropriate means of transferring the data in a structured, commonly used and automatically readable format to the data subject or the new Controller, provided that this is technically feasible and the costs are not unreasonable.

FRANKA provides adequate means for the data subject to restrict the processing of Personal Data when disputing the accuracy of the data or when the processing is unauthorised and the data subject does not wish to have their data erased, but instead requests the restriction of its use.

FRANKA provides adequate means for the data subject to object to Processing for the purposes of direct marketing and/or for purposes other than those for which they were collected, with the exception of Processing based on compelling legitimate grounds or for the purposes of legal proceedings.

FRANKA provides adequate means for the data subject to be protected from decisions based solely on automated processing, including profiling, except in cases where the basis for lawfulness is Consent or the conclusion/performance of a contract.

EXERCISE OF DATA PROTECTION RIGHTS

To exercise your Personal Data protection rights or if you have any questions regarding our use of your personal data, please contact us via the following contacts:

• Adress: Rua Silva Carvalho, n.º 148, 1250-257 Lisboa
• Email: info@franka.pt

If you do not agree with the Processing of your Personal Data or with our response to your request to exercise your rights, you may lodge a complaint with the National Data Protection Commission (CNPD) at the following address AV. D. Carlos I, 134, 1º, 1200-651 Lisboa - Telephone: +351213928400 - Fax: 351213976832 - E-mail: geral@cnpd.pt.

PERSONAL DATA PROTECTION MECHANISMS

1. Records of Processing Activities

FRANKA maintains a record of all the Personal Data Processing activities for which it is responsible. 

FRANKA maintains restricted access to your Personal Data only by those who need it to carry out the activity for which they were collected.

FRANKA applies, throughout the life cycle of the Personal Data under its responsibility and in the processes of protection and Processing of personal data, from conception and by default, the technical and organisational measures that ensure a level of security appropriate to the risk.

FRANKA applies secure mechanisms for the erasure or destruction of unnecessary Personal Data, the Processing of which is incompatible with the specified, explicit and legitimate purposes. 

FRANKA has implemented a periodic process for reviewing and erasing Personal Data under its responsibility.

In order to control exposure to risk in the protection and processing of Personal Data by subcontractors, FRANKA has implemented active mechanisms for monitoring and reviewing the services provided, in particular by setting security conditions and terms in contracts or other regulatory acts.

To outsource the processing and protection of Personal Data, FRANKA preferentially uses subcontractors who offer sufficient guarantees, for example by complying with codes of conduct and/or demonstrating certifications approved by the competent data protection supervisory authority, to guarantee that the data processing they carry out is subject to appropriate technical and organisational measures, in such a way that the provision of Personal Data processing services meets and complies with the requirements set out in the GDPR, particularly with regard to the security of the processing and the exercise of the rights of the data subject.

The Personal Data for which FRANKA is responsible may be disclosed to third parties when justified by legal provisions.

In the context of managing Personal Data breaches, Personal Data monitoring mechanisms have been implemented to minimise the vulnerability of Personal Data in processes and information systems.

When the Personal Data Breach is deemed to entail a high risk to the rights of the data subjects, the Controller notifies the data subject without unreasonable delay, in accordance with the Personal Data Breach procedures defined by FRANKA.

The Controller communicates data breaches to the competent supervisory authority, as long as they are likely to result in a risk to the rights of data subjects, within 72 hours of becoming aware of them. 

DEFINITIONS

Confidentiality	means the protection that guarantees that information is not available or disclosed to unauthorised individuals, entities or processes;
Consent	means a free, specific, informed and explicit expression of will by which the data subject accepts, by means of a declaration or an unequivocal positive act, that Personal Data concerning him or her will be processed;
Controller	means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Data Breach	means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
GDPR	means the General Data Protection Regulation (“Regulamento Geral sobre a Proteção de Dados”);
Integrity	means the protection that makes it possible to confirm/ensure the accuracy and completeness of personal data;
Personal Data	means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing	means any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Subcontractor	means a natural or legal person, public authority, agency or other entity that processes Personal Data on behalf of the Controller;
Supervisory Authority	means an independent public authority, set up by a Member State, responsible for monitoring the application of the GDPR in order to defend the fundamental rights of natural persons with regard to Processing and to facilitate the unrestricted movement of such data within the Union, namely the National Data Protection Commission (CNPD).