2. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA In terms of general principles relating to the processing of personal data, Black Oak Company, Lda undertakes to ensure that the User Data processed by it are: Subject to lawful, fair and transparent treatment in relation to the User; Collected for specific, explicit and legitimate purposes, not subsequently being treated in a manner incompatible with those purposes; Adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated; Accurate and updated whenever necessary, taking all appropriate measures so that the inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay; Kept in a way that allows the identification of the User only for the period necessary for the purposes for which the data are processed; Treated in a way that guarantees their safety, including protection against their unauthorized or illicit treatment and against their loss, destruction or accidental damage, taking appropriate technical or organizational measures. Data processing by Black Oak Company, Lda is lawful when at least one of the following situations occurs: The User has given his explicit consent to the processing of User Data for one or more specific purposes; Processing is necessary for the performance of a contract to which the User is a party, or for pre-contractual steps at the request of the User; Treatment is necessary to fulfill a legal obligation to which Black Oak Company, Lda is subject; The treatment is necessary to defend the vital interests of the User or another natural person; Treatment is necessary for the purpose of the legitimate interests pursued by Black Oak Company, Lda or by third parties (except if the fundamental interests or rights and freedoms of the User that require the protection of personal data prevail). Black Oak Company, Lda undertakes to ensure that the processing of User Data is only carried out under the conditions listed above and with respect for the principles mentioned above. When the processing of User Data is carried out by Black Oak Company, Lda based on the User's consent, the User has the right to withdraw his consent at any time. The withdrawal of consent, however, does not compromise the lawfulness of the treatment carried out by Black Oak Company, Lda based on the consent previously given by the User.
4. IMPLEMENTED TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES To ensure the security of User Data and maximum confidentiality, we treat the information you have provided to us in an absolutely confidential manner, in accordance with our internal security and confidentiality policies and procedures, which are updated periodically according to needs, as well as in accordance with the legally provided terms and conditions. Depending on the nature, scope, context and purposes of processing the data, as well as the risks arising from the treatment for the rights and freedoms of the User, Black Oak Company, Lda undertakes to apply, both at the moment of definition of the means of treatment as at the time of the treatment itself, the technical and organizational measures necessary and appropriate for the protection of User Data and for compliance with legal requirements. It also undertakes to ensure that, by default, only the data that is necessary for each specific purpose of treatment are processed and that this data is not made available without human intervention to an undetermined number of people. In terms of general measures, Black Oak Company, Lda adopts the following: Awareness and training of personnel involved in data processing operations; Mechanisms capable of ensuring the confidentiality, availability and permanent resilience of information systems; Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident;
5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION In certain types of treatment, personal data collected by Black Oak Company, Lda may be made available to third parties, which may involve their transfer outside the European Union. In such a case, Black Oak Company, Lda undertakes to ensure that the transfer complies with the applicable legal provisions, namely regarding the determination of the suitability of such country with regard to data protection and the requirements applicable to such transfers.
B. RIGHTS OF USERS (DATA HOLDERS) Under applicable legal terms, the User has the following rights: 8. RIGHT TO INFORMATION 8.1. Information provided to the User by Black Oak Company, Lda (when data is collected directly from the User): The identity and contacts of Black Oak Company, Lda, and, if applicable, its representative; The purposes of the processing for which the personal data are intended, as well as, if applicable, the legal basis for the processing; If the processing of data is based on legitimate interests of Black Oak Company, Lda or a third party, an indication of such interests; If applicable, the recipients or categories of recipients of personal data; If applicable, an indication that personal data will be transferred to a third country or an international organization, and whether or not an adequacy decision has been taken by the Commission or reference to appropriate or appropriate transfer guarantees; The right to ask Black Oak Company, Lda for access to personal data, as well as its rectification, erasure or limitation, the right to object to the treatment and the right to data portability; If the processing of the data is based on the User's consent, the right to withdraw the consent at any time, without compromising the lawfulness of the treatment carried out based on the consent previously given; The right to file a complaint with the CNPD or another supervisory authority; Indication whether the communication of personal data constitutes a legal or contractual obligation or a necessary requirement to conclude a contract, as well as whether the data subject is obliged to provide personal data and the possible consequences of not providing such data; If applicable, the existence of automated decisions, including profiling, and information regarding the underlying logic, as well as the importance and expected consequences of such processing for the data subject. If the User Data is not collected directly by the Black Oak Company, Lda from the User, in addition to the information referred to above, the User is additionally informed about the categories of personal data being processed and, as well, about the origin of the data. data and eventually come from publicly accessible sources. If Black Oak Company, Lda intends to proceed with the further processing of User Data for a purpose other than that for which the data was collected, before such treatment Black Oak Company, Lda will provide the User with information about that purpose and any other pertinent information, as referred to above. 8.2. Procedures and measures implemented to fulfill the right to information. The information referred to in 8.1. is provided in writing (including by electronic means) by Black Oak Company, Lda to the User prior to the processing of the personal data in question. Under the terms of the applicable law, Black Oak Company, Lda has no obligation to provide the User with the information mentioned in 8.1 when and to the extent that the User is already aware of it. The information is provided by Black Oak Company, Lda free of charge.
9. RIGHT OF ACCESS TO PERSONAL DATA Black Oak Company, Lda guarantees the means that allow the User to access his Personal Data. The User has the right to obtain from Black Oak Company, Ldat the confirmation that the personal data concerning him are or are not subject to treatment and, if applicable, the right to access his personal data and the following information: The purposes of data processing; The categories of personal data in question; The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or belonging to international organizations; Right to request Black Oak Company, Lda to rectify, erase or limit the processing of personal data, or the right to object to such treatment; Right to file a complaint with the CNPD or other supervisory authority; If the data has not been collected from the User, the information available on the source of that data; The existence of automated decisions, including the definition of profiles, and information related to the underlying logic, as well as the importance and expected consequences of such treatment for the data subject; Right to be informed about adequate guarantees associated with the transfer of data to third countries or international organizations. Upon request, Black Oak Company, Lda will provide the User, free of charge, with a copy of the User Data that is being processed. The supply of other copies requested by the User may incur administrative costs.
10. RIGHT TO RECTIFY PERSONAL DATA The User has the right to request, at any time, the rectification of his Personal Data and, as well, the right to have his incomplete personal data completed, including by means of an additional declaration. In case of rectification of the data, Black Oak Company, Lda communicates to each recipient to whom the data have been transmitted the respective rectification, unless such communication proves impossible or implies a disproportionate effort for Black Oak Company, Lda. If the If requested, Black Oak Company, Lda provides information about the referred recipients.
11. RIGHT TO DELETE PERSONAL DATA (“RIGHT TO BE FORGOTTEN”) The User has the right to obtain, on the part of Black Oak Company, Lda, the deletion of his data when one of the following reasons applies: User Data is no longer necessary for the purpose that motivated its collection or treatment; The User withdraws the consent on which the data processing is based and there is no other legal basis for said processing; The User opposes the treatment under the right of opposition and there are no prevailing legitimate interests that justify the treatment; If the User Data is processed illegally; If the User Data has to be erased in order to comply with a legal obligation to which Black Oak Company, Lda is subject; If User Data has been collected in the context of an information society service offering to children. Under applicable legal terms, Black Oak Company, Lda has no obligation to delete User Data to the extent that the treatment proves necessary to fulfill a legal obligation to which Black Oak Company, Lda is subject or for the purposes of declaration, exercise or defense of a right of Black Oak Company, Lda in a judicial process. In case of data deletion, Black Oak Company, Lda communicates to each recipient / entity to whom the data has been transmitted the respective deletion, unless such communication proves impossible or implies a disproportionate effort for Black Oak Company, Lda. If the User requests it, Black Oak Company, Lda provides information about the referred recipients. When Black Oak Company, Lda has made User Data public and is obliged to delete it under the right to erase, Black Oak Company, Lda undertakes to ensure reasonable measures, including technical, taking into account the available technology and the costs of its application, to inform those responsible for the effective treatment of personal data that the User has requested that they delete the links to such personal data, as well as copies or reproductions thereof.
12. RIGHT TO LIMIT THE PROCESSING OF PERSONAL DATA The User has the right to obtain, on the part of Black Oak COmpany, Lda, the limitation of the treatment of the User Data, if one of the following situations applies (the limitation is to insert a mark in the personal data kept with the aim of limiting treatment in the future): If you challenge the accuracy of personal data, for a period that allows Black Oak Company, Lda to verify its accuracy; If the treatment is illegal and the User opposes the deletion of the data, requesting, in return, the limitation of its use; If Black Oak Company, Lda no longer needs User Data for processing purposes, but such data is required by the User for the purposes of declaring, exercising or defending a right in a judicial process; If the User has opposed the treatment, until it is found that the legitimate reasons of Black Oak Company, Lda prevail over those of the User. When User Data is subject to limitation, it may only, with the exception of retention, be treated with the User's consent or for the purpose of declaring, exercising or defending a right in a judicial proceeding, defending the rights of another natural person or collective action, or for reasons of public interest provided for by law. The User who has obtained a limitation in the treatment of his data in the cases referred to above will be informed by Black Oak Company, Lda before the limitation to treatment is lifted. In case of limitation in the processing of data, Black Oak Company, Lda will communicate to each recipient to whom the data has been transmitted the respective limitation, unless such communication proves impossible or implies a disproportionate effort for Black Oak Company, Lda. If the User requests it, Black Oak Company, Lda provides information about the referred recipients.
13. RIGHT TO PORTABILITY OF PERSONAL DATA The User has the right to receive the personal data that concerns him and that he has provided to Black Oak Company, Lda, in a structured format, in common use and automatic reading, and the right to transmit that data to another responsible for the processing, if: Treatment is based on consent or a contract to which the User is a party; and The treatment is carried out by automated means. The portability right does not include inferred data or derived data, i.e., personal data that is generated by Black Oak Company, Lda as a consequence or result of the analysis of the data being processed. The User has the right to have personal data transmitted directly between controllers, whenever technically possible. The exercise of the data portability right applies without prejudice to the right to erase the data.
14. RIGHT OF OPPOSITION TO TREATMENT The User has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him based on the exercise of legitimate interests pursued by Black Oak Company, Lda or when the treatment is carried out for purposes other than those for which personal data were collected, including the definition of profiles, or when personal data are processed for statistical purposes. Black Oak Company, Lda will cease the processing of User Data, unless it presents imperative and legitimate reasons for such treatment that prevail over the interests, rights and freedoms of the User, or for the purposes of declaring, exercising or defending a right of Black Oak Company, Lda in a lawsuit. When User Data is processed for the purposes of direct marketing (marketing), the User has the right to object at any time to the processing of data concerning him for the purposes of said marketing, which covers the definition of profiles in insofar as it relates to direct marketing. If the User opposes the processing of his data for the purpose of direct marketing, Black Oak Company, Lda ceases processing the data for that purpose. The User also has the right not to be subject to any decision taken exclusively on the basis of automated treatment, including the definition of profiles, which has effects in its legal sphere or which significantly affects him in a similar way, unless the decision: It is necessary for the conclusion or execution of a contract between the User and Black Oak Company, Lda; It is authorized by legislation to which Black Oak Comapny, Lda is subject; or It is based on the User's explicit consent.
15. PROCEDURES WITH A VIEW TO THE EXERCISE OF RIGHTS BY THE USER The right of access, the right to rectification, the right to erase, the right to limitation, the right to portability and the right to object can be exercised by the User by contacting Black Oak Company, Lda, through the e-mail boc @ boc-pt.com. Black Oak Company, Lda will respond in writing (including by electronic means) to the User's request within a maximum period of one month from receipt of the request, except in cases of special complexity, in which this period may be extended up to two months . If the requests submitted by the User are manifestly unfounded or excessive, namely due to their repetitive nature, Black Oak Company, Lda reserves the right to charge administrative costs or refuse to proceed with the request.ido.
16. PERSONAL DATA BREACHES In the event of a data breach and to the extent that such breach is likely to imply a high risk to the User's rights and freedoms, Black Oak Company, Lda undertakes to report the breach of personal data to the User concerned within the period 48 hours from the moment the incident is identified. Under legal terms, communication to the User is not required in the following cases: If Black Oak Company, Lda has applied appropriate protection measures, both technical and organizational, and these measures have been applied to the personal data affected by the breach of personal data, especially measures that make the personal data incomprehensible to any unauthorized person to access to such data, such as encryption; In the event that Black Oak Company, Lda has taken subsequent measures to ensure that the high risk to the User's rights and freedoms is no longer likely to materialize; or If the communication to the User implies a disproportionate effort for Black Oak Company, Lda. In that case, Black Oak Company, Lda will make a public communication or take a similar measure through which the User will be informed.