Data Protection and Privacy Policy
LAST UPDATE: 20.04.2023
Data controller: The entity responsible for the treatment of the data is Doinn, SA, headquartered at Av. Tenente Valadim, 17, 2o, 2560-275 Torres Vedras, in Portugal, with the number of NIPC and TIN: PT5135333354, and anyone interested can contact it through the following email address: [email protected]
Scope: This policy is applicable to all the personal data collected by Doinn or on its behalf, in the context of various interactions with data subjects, in person or via digital means.
1. Collection and registration and use of Personal Data:
Doinn online intermediation platform is destined to be used by business users – regardless them being service providers or service buyers such as property managers – acting for purposes within their businesses. Data being collected and processed by the Doinn online mediation platform are mostly non-personal data such as legal persons name, tax number and contact data or features and address of properties – business units managed by these legal persons. However, Doinn may collect and process personal data as well, such as name and contact data of natural persons.
The data will be collected and recorded accordingly, lawfully and for the purposes described below:
-
-
- Cookies and tracking – The cookies used by DOINN S.A can be consulted in the Cookie Policy and in no case are personal data collected.
- Data for service provision: The personal data collected by DOINN S.A are automatically processed and are intended for the management of USER’s service orders, execution of the services and requests for support. The collection and processing of personal data is also intended for its use for contacts by DOINN S.A for the purposes of:
- Ensuring the normal operation of the contracted service, namely by providing data for its management, payment and billing;
- Communicating scheduled interventions, report problems and / or other situations of relevance and / or impact on their services or support routes;
- Promoting the communication required by contract, using the way, for this purpose, stipulated (General Conditions of service provision);
- Sending quality questionnaires whose completion the user can freely decline.
For the purposes listed in this point data is processed for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract
- USER SUPPORT – Any personal data that is discretionarily sent to us by email, phone or live chat will be treated with viable security and appropriate to the medium in which it is transmitted to us, however, and in order to guarantee the privacy of personal data, we urge it to be avoided sending personal data through these channels. If the supply of personal data appears to be insurmountable, you should be warned that, in these waysof contact, there is always greater exposure to risk. For the purposes outlined in this point data is processed based on the legitimate interests pursued by the controller.
- Response to commercial contacts – Upon request of the data owner, a commercial proposal can be prepared using the data provided and collected for that purpose, in these cases the commercial proposal will be stored in a proper place protected with firewall, antivirus & antimalware, enabling secure access by SSL certificate, VPN authentication and other appropriate technical measures, as well as restricted and scaled access privileges. For the purpose outlined in this point data is processed for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract.
- Contact data management for commercial purposes: Data, including personal data such as name, position, email address used for professional activities or phone number used for professional activities, of potential Doinn users are collected through publicly available data basis, data basis purchased in commercial transactions from legal persons subject to the application of GDPR or as a result of the exchange of contact data in the form of business card of similar in the context of business events. For the purpose outlined in this point data is processed based on the legitimate interests pursued by the controller or, in the case of the exchange of contact data, the consent of the data subject.
- Verification of Legitimacy and Fraud – For the purpose of verifying legitimate ownership, alteration of authorized email, confirmation of tax data or fraud investigation, the USER may be requested by DOINN SA to provide additional elements about his identity, such as proof of address, number identification or other. In these cases DOINN S.A undertakes to collect the minimum necessary to:
- Ensure that it is the legitimate holder of the services that is claimed under the service provision contract to which he was obliged when subscribing for services;
- Ensure fiscal accuracy as required by tax law –
- To rule out the possibility of fraudulent underwriting or underwriting in view of the practice of illicit in order to safeguard the rights of DOINN S.A and third parties.
These data will be collected through normal support routes. For the purposes listed in this point, data is processed bases on the need for compliance with legal obligation and/or legitimate interests pursued by the controller
- Contact forms – All contact forms on the DOINN S.A web pages will collect the necessary contact details so that we can respond to you, as well as all those who are discretionary together in the body of the email / form. This form will be integrated into our email server with secure access by SSL certificate and other appropriate technical measures, as well as restricted and staggered access privileges. To ensure the privacy of personal data, we urge you to avoid sending personal data through these channels. If the supply of personal data appears to be insurmountable, you should be warned that, in these ways of contact, there is always greater exposure to risk. For the purpose outlined in this point data is processed in order to take steps at the request of the data subject prior to entering into a contract.
- Recruitment – If you send a spontaneous application for the email address [email protected] or [email protected], or respond to a job offer, know that all CVs and personal data collected through this route will be integrated and stored on our email server with secure access by SSL certificate and other appropriate technical measures, as well as privileges restricted and staggered access. Regarding spontaneous applications, personal data is processed based on the consent of the data subject. All applications that are not of interest are eliminated after evaluation within the period of up to 12 months after being received by the controller. Regarding ongoing recruitment processes, personal data is processed in order to take steps at the request of the data subject prior to entering into a contract or based on legitimate interests pursued by the controller (e.g. when accessing personal data displayed on Linkedin) and stored for the duration of the recruitment process only. All applications that are not of interest are eliminated after evaluation.
- Social Networks – All interactions that take place on the DOINN SA social networks as well as the sharing on social networks of content disseminated through DOINN SA websites and blogs are governed by the privacy policy of the company that provides the resource used for sharing or interaction.
- Commercial communication – Direct marketing emails can be sent to data subjects, based on the legitimate interests pursued by the controller (when data subjects are registered users of the Doinn platform) or data subject’s consent (including contact data exchanged on fairs and events). Data subject has the right to opt out of direct marketing and can do it easily by clicking on the “unsubscribe” button at the bottom of the email received.
- IP addresses: The IP address when its use or isolated identification does not allow its holder to be identified or the place where a certain action is carried out cannot be considered private data.
-
2. Database Compliance:
The data provided can be integrated into a database, and its processing is automated, organized and maintained directly by DOINN S.A in accordance with data protection laws.
3. Rectification, portability and deletion of the data provided
-
-
- Data access and rectification – Under the terms of the applicable legislation, the user has the right to access and rectify their data, so DOINN S.A therefore offers the USER permanent access to their data, thus enabling their rectification at all times. The accessibility of the USER to his data is guaranteed through a reserved area, duly protected, first by mandatory authentication and then by an SSL certificate, other appropriate technical measures, in order, thus, to guarantee that the USER’s personal data are safe from unauthorized access by third parties. TIn this reserved area, the USER will be able to update his / her personal data, except for the general email and the Tax number, the first because it is the only authenticator that legitimately entitles its user as owner of the services and the second to guarantee fiscal veracity.
- Data maintenance time and Deletion – DOINN SA is committed to keeping your data properly protected with firewall, antivirus & antimalware, enabling them to have secure access by SSL certificate, in some cases authentication by VPN and other appropriate technical measures, as well as restricted and staggered access privileges. In case of active services, forgetting will only be carried out when the contractual obligations of DOINN S.A to you are extinguished, therefore, DOINN S.A will continue to provide the service until its termination. DOINN SA has no direct relationship with individuals whose personal data is provided, processed or obtained by Suppliers of DOINN SA. Individuals who seek to access, correct, alter or delete inaccurate data should direct their consultation to the Supplier’s data controller.
- Forgetting and Backups – After the service is finished, your forgetting request will be answered, however, backup contents will persist for the time defined in the backup policy. These data are, for security and privacy, stored, not processed, with restricted and justified access and will only be used in case there is an insurmountable need to replace a backup that includes your data.
- Forgetting and elimination – In the exercise of reasonableness, evaluating the meager data we collect in view of contractual obligations and the defense of its legitimate interests, as well as compliance with the law, namely the tax law, DOINN SA avoids the deletion or alteration of data, providing, in turn, the restriction of its access and / or processing in order to preserve it as evidence in its legitimate interest. These data are, however, stored, not processed, and only with restricted and justified access. Thus, whenever there is a legitimate interest in safeguarding your rights or that of third parties, DOINN S.A, will carry out the forgetfulness action before elimination. Forgetting means moving all data to a reserved access archive, unauthorized except for justified reasons and to be recorded. In order to comply with the law, namely the tax law, forgetting may last up to a maximum of 10 years, after which your data will be deleted. Your data will be kept out of oblivion for a maximum period of eight years after total inactivity, however, it can be moved at any time as long as you exercise the right to be forgotten. For all personal data arising from communications, the data subject must exercise their right by indicating it via email to [email protected] indicating a code or ID / date / time / medium / email so that they can be identified and forgotten.
- Portability: DOINN S.A allows you to export all your personal data, and you can request it by email addressed to [email protected]
-
4. Security and use of your information
Security in storage and access: The personal data that DOINN SA collects is properly protected with firewall, antivirus & antimalware, enabling them to have secure access by SSL certificate, in some cases VPN authentication and other appropriate technical measures, as well as restricted access privileges and staggered, among other appropriate technical measures.
5. Sending or transferring information:
-
-
- Commitment: DOINN S.A undertakes not to sell or rent any personal data sent by users of our website to third parties, without prejudice to doing so with the user’s authorization or when legally obliged.
- Legal Obligations: DOINN S.A may access, preserve and share USER information with companies, organizations, governmental entities or individuals external to DOINN S.A, for being in good faith believing that the law so requires. To provide specific services that depend on third parties: DOINN S.A may have to send confidentially the personal data it collects to external service providers, namely to enable the provision of certain services. Since these partners are based in the EU and, therefore, in compliance with the privacy laws in force, or when they are from outside the EU they also declare their compliance.
- Business management, taxation and statistics: In addition to sharing information with service providers confidentially, as described above, DOINN SA can share with third parties, in a contractually stipulated way as confidential, various identification information aggregated in categories, with isolated personal data and non-targetable, obtained through surveys with customers, considering: statistical purposes, analysis of marketing campaigns, response to requirements for the provision of subcontracted services, financial and tax audits, of quality, security, etc.
-
6. Profile and automated decisions:
At DOINN S.A there is no automated treatment, including the definition of profiles that produce decisions.
7. Privacy by design and by default:
DOINN S.A ensures that, as far as is required and feasible, appropriate technical measures have been adopted and organized to protect personal data against accidental or unlawful destruction, alteration and / or dissemination.
Any violation of the privacy of personal data will be assessed and reported within 72 hours to the competent CNPD entity, as well as to the data holder (s) according to the established security and privacy incident management process.
If you find any risk or inconsistency in the management of DOINN S.A’s personal data, you should alert us to [email protected] and you can always submit a complaint to CNPD – National Data Protection Commission in Portugal.
8. Payments:
DOINN S.A takes all necessary precautions to guarantee the protection of the information collected from the USER and guarantees that all payment data entered is automatically encrypted using SSL-Secure Sockets Layer technology, in order to guarantee total security in the payments made. In order to verify that the information is being transmitted securely, note that a closed padlock / padlock image will appear next to the URL, which indicates that the connection is secure.
DOINN S.A does not store payment details. The data provided by the USER to make payments, namely those relating to credit cards, are never stored by DOINN SA, they are only used when the transaction is processed, and this is carried out from a secure bank page and with appropriate technologies to ensure that there is no risk. Thus, not only can we guarantee that the CONTRACTING PARTY’s data is not exposed to any intrusion attempts, namely, by not storing payment data, we can guarantee that, in extremis, if there was an illegitimate access this would never jeopardize access to payment data.
9. Applicability limits:
This Privacy Policy does not apply to personal data or information that may be submitted to or collected by third party websites hosted on DOINN S.A.’s infrastructure.
With regard to this data, DOINN S.A will only be a processor and will respond only as such and therefore reminds you that the privacy policies of such third party sites must be evaluated by the user / USER before sending his personal data.
It should also be noted that our responsibility, as processors, ends with the security of the infrastructure, so any security and privacy incident that originates from USER code vulnerabilities, plugins, compromised email accounts, mails or other infected files, and any content of the USER, it will be the responsibility of the content manager who should monitor them to act preventively to a possible vulnerability or act in reaction to the incident under the terms recommended by the applicable legislation in the matter of privacy and treatment of personal data.
10.Of law:
This privacy policy respects the provisions of the applicable legislation in the matter of privacy and treatment of personal data. In this sense, it may be revised at all times due to changes in the legal regulations that support it, as well as the recommendations of the entities, national and international, competent in the matter.
When there are changes to this privacy policy that change its version, the USER will be notified via general email.