Information we collect
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.
How we use your information
We use the information we collect in various ways, including to:
Provide, operate, and maintain our webste
Improve, personalize, and expand our webste
Understand and analyze how you use our webste
Develop new products, services, features, and functionality
Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the webste, and for marketing and promotional purposes
Send you emails
Find and prevent fraud
Mirad Group follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.
Cookies and Web Beacons
Advertising Partners Privacy Policies
Third Party Privacy Policies
GDPR Data Protection Rights
INTERNAL DATA PROTECTION REGULATIONS
This Regulation aims to establish the internal rules and procedures for the application of the GDPR, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to respect to the processing of personal data and the free movement of such data, repealing Directive 95/46 / EC (General Regulation on Data Protection).
DEFINITIONS, RIGHTS AND OBLIGATIONS
For the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, paragraph 1, article 4, namely the General Regulation on Data Protection, personal data is “information relating to to an identified or identifiable natural person (‘data subject’); an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, identifiers electronically or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ”.
In accordance with Article 1 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Regulation on Data Protection applies only to data on individuals, not on companies.
The responsible for data processing in the company are: the manager, subcontractors and employees.
Data subjects have the following rights: a) Right of access; b) Right of rectification; c) Right of erasure; d) Right to limit treatment; e) Data portability right; f) Right of opposition and automated individual decisions.
When the data subject intends to exercise any of these rights, the controller must try to respond as soon as possible, having a maximum of 30 days to do so and must respond in a clear, concise and sufficient manner, in accordance with article 12, n 3 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
The controller must provide rules to facilitate the exercise by the data subject of his rights.
In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, when data are collected, data subjects must be informed of the following: a) The identity and contact details of the controller; b) The purposes of the processing of personal data; c) Your destination; d) The legal basis for the treatment; e) The recipients or categories of recipients of personal data, if any; f) The conservation period; g) Transfer to third countries, if applicable; h) The existence of the right to access, rectify, and erase and limit treatment; i) The existence of the right to object to the treatment; j) Information that you can withdraw your consent at any time; k) The existence of the right not to be subject to automated decisions including the definition of profiles; l) The right to data portability; m) The right to know about the existence of a data breach; n) The right to complain to a supervisory authority.
Personal data must be processed lawfully, fairly and transparently in relation to the data subject, pursuant to Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Individuals must be able to understand how the personal data relating to them are collected, used, consulted or subjected to any other type of treatment and the extent to which personal data are or will be processed.
The procedures must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated. Personal data can only be processed when the purpose of the processing cannot be achieved by other means.
Procedures must be accurate and updated whenever necessary.
All appropriate measures must be taken to ensure that inaccurate data, having regard to the purposes for which it is processed, is erased without delay.
The data must be kept in a way that allows the identification of the data subjects only for the period necessary for the purposes for which they are processed.
The data controller must implement a policy for maintaining, archiving and deleting the data in order to ensure that it is not kept for a period longer than the period strictly necessary.
The data must be treated in a way that guarantees its security, including protection against its unauthorized or illicit treatment and against its accidental loss, destruction or damage, adopting the appropriate technical or organizational measures.
The controller must be able to demonstrate that the holder of the personal data has consented freely and in an informed manner. A consent given orally or even through tacit or other consent does not offer these guarantees, as it does not allow proof of having been obtained in a free, specific, informed, explicit way and through the unambiguous act.
The controller of personal data must ensure, in accordance with Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016: a) That the personal data you have are legitimate and are limited to what is necessary; b) That the data are up-to-date, secure and confidential; c) That it has policies, procedures, codes of conduct, internal instructions formalized and capable of being made available to the supervisory entities;
d) That it has systems in place to monitor whether the policies and procedures being followed; e) Implement the permanent and dynamic mechanism for verifying compliance with the General Data Protection Regulation; f) Proving evidence of compliance with the General Regulation on Data Protection; g) Promote audits within the scope of a continuous control to verify the effectiveness of the implemented measures and, eventually, modify them;
The data controller is obliged to notify the control entity, which in Portugal is the National Data Protection Commission, of all data breaches with risk to the data subject, and this communication must be made within 72 hours, in pursuant to Article 33 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
APPLICATION OF THE REGULATION
The personal data that is collected in the company are: a) Name, address, telephone number, e-mail address of buyers and sellers; b) Name, tax number, identification document number, marital status and address of employees and collaborators.
The data is obtained in several ways: a) Through a contract signed with the seller, collaborator and employee; b) By contacting customers by e-mail, or visiting our website where interested parties enter their personal data; c) By calling the company and vice versa; d) By physical visit of the store; e) By personal contact, through verbal consent.
When collecting data through contracts or data collection with direct contact with the person, the person is informed of his rights and asked for his consent to the processing of data.
In the case of telephone contact, the employee who collects the data, informs the person concerned that he / she will then send an email with the person’s data,
asking you to respond by giving your express consent to the processing of data.
All data collected, CRM (Customer Relationship Management) and archived company documents are introduced.
The data is encrypted.
The manager, subcontractors and employees, responsible for data processing, are the only ones with access to them.
All data contained in physical documents, whether they are customer visit forms, mediation contracts, copies of purchase and sale lease agreements, or others, are kept in the company’s file.
Eventually, it should improve the application of the regulation.
The personal data of each user will be maintained as long as the user’s subscription and / or requests are active, with the aim of improving the services offered, so that after their expiry, they will be depersonalized and not identifiable.
Providers of personal data are allowed to question the data and may request the deletion of the data, rectification, updating or completing the same. These requests should be sent to [email protected].
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. Mirad Group does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.