gracia-sofia-logo-white
gracia-logo

Privacy Policy

Privacy Policy
This Privacy Policy governs the processing of personal data provided by users
of the website https://graciasofia.com/ to GRÁCIA SOFIA, UNIPESSOAL
LDA, the entity responsible for its collection and processing. By providing their
personal data, the user expressly declares their acceptance of the terms of this
Privacy Policy, which is supplemented by the Terms and Conditions of Use
available for consultation. In accordance with the General Data Protection
Regulation (Regulation (EU) 2016/679), hereinafter referred to as GDPR, and
other applicable legislation, this Privacy Policy additionally establishes the rights
of the holders of the personal data provided, as follows:

  1. Who are we?
    The Grácia Sofia entity is an online page and physical establishment operated
    by Grácia Sofia Pereira de Meneses Barbosa, with professional domicile at Rua
    dos Barbosas, nº 231, 2º Direito, Braga (São José de São Lázaro e São João
    do Souto) 4715 – 267 Braga, with tax identification number 513041001.
    Grácia Sofia prioritizes the protection of the privacy and personal data of the
    Clients of the services it provides and, similarly, the personal data of their
    respective holders in all situations where their personal data is processed.
  2. Why this Privacy Policy?
    Transparency. With this privacy policy, we aim to inform Customers about the
    general rules of personal data processing, which are collected and processed in
    strict compliance with the legislation on personal data protection in force at any
    given time, namely the Regulation (EU) 2016/679 of the European Parliament
    and of the Council of 27 April 2016 (hereinafter “GDPR”), as well as any other
    applicable legislation on this matter that may come into effect.
    The Grácia Sofia entity is committed to the protection and confidentiality of
    personal data, having adopted measures it deems appropriate to ensure the
    accuracy, integrity, and confidentiality of personal data, as well as all other rights
    that assist the respective holders of these personal data.
    The Grácia Sofia entity complies with the best practices in the field of security
    and protection of personal data and has adopted the technical and
    organizational measures necessary to comply with the GDPR and ensure that
    the processing of personal data is carried out lawfully, fairly, transparently, and
    limited to the authorized purposes under the GDPR and other applicable
    legislation.

Thus, this Privacy and Data Protection Policy also aims to reinforce the
provisions, in matters of protection and processing of personal data, provided
for in the contracts that Customers/Users have established or will establish with
the Grácia Sofia entity, as well as the rules provided in the terms and conditions
that regulate the offer of the various services and that are duly publicized on our
online site.

  1. Personal Data Security Measures
    The guarantee of the protection and security of the personal data provided to it
    is a priority for the Grácia Sofia establishment. Thus, the Grácia Sofia
    establishment has implemented an internal security policy, and compliance with
    these rules constitutes an obligation for all those who legally access them,
    namely its employees.
    These rules and security measures are of a technical and organizational nature
    and aim to protect personal data against its dissemination, loss, misuse,
    alteration, processing, or unauthorized access, as well as against any other
    form of unlawful processing.
    Furthermore, third-party entities that, within the scope of service provision,
    process the Client’s personal data on behalf of the Grácia Sofia establishment
    are obliged, in writing, to implement adequate technical and security measures
    that, at all times, satisfy the requirements provided for in the GDPR and other
    legislation that may be applicable and aim to safeguard the rights of the data
    holder.
    Within the scope of the internal security policy of the Grácia Sofia entity, all
    forms of online personal data collection are encrypted and stored securely, and
    physical and logistical security measures have also been implemented.
    However, such action by the Grácia Sofia entity does not exempt Customers
    from adopting security measures, especially regarding the use of personal
    online defense systems (firewall, antivirus, anti-spyware, tools for verifying
    website reliability, etc.).
  2. What is “Personal Data”?
    In accordance with the provisions of number 1 of article 4 of the GDPR,
    “«Personal data» means any information relating to an identified or identifiable
    natural person («data subject»); an identifiable natural person is one who can
    be identified, directly or indirectly, in particular by reference to an identifier, such
    as a name, an identification number, location data, electronic identifiers or one
    or more specific elements of the physical, physiological, genetic, mental,
    economic, cultural, or social identity of that natural person.”
  3. Processing of Personal Data
    In accordance with the provisions of number 2 of article 4 of the GDPR,
    “«Processing» means any operation or set of operations which is performed on
    personal data or on sets of personal data, whether or not by automated means,

such as collection, recording, organization, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination
or otherwise making available, alignment or combination, restriction, erasure or
destruction.”
The personal data collected is processed in strict compliance with all the
provisions of the applicable legislation. This means that all data will be stored in
accordance with their respective purposes and respecting the applicable legal
deadlines.
Thus, and whenever there is no specific legal requirement, the data will be
stored and kept only for the appropriate period and to the extent necessary for
the scope of the purposes for which they were collected, unless the right to
object, the right to erasure, or if the consent is withdrawn.

  1. Who is responsible for the processing?
    The Grácia Sofia entity, through its legitimate owner, is responsible for the
    processing of personal data in accordance with the purposes and means of
    processing them at each moment.
    For the purposes established in this policy or within the scope of the GDPR, if
    the holder of personal data needs to contact the Grácia Sofia entity, they can do
    so through the email address graciasofia@graciasofia.com, or by written
    communication addressed to our professional address: Rua dos Barbosas, nº
    231, 2º Direito, Braga (São José de São Lázaro e São João do Souto) 4715 –
    267 Braga.
  2. Is there a Data Protection Officer?
    The Grácia Sofia entity has designated a Data Protection Officer who can be
    contacted via the email address: graciasofia@graciasofia.com.
  3. Types of data that can be processed
    Taking into account the activities carried out by the Grácia Sofia entity, it
    processes the personal data necessary for the provision of services, supply of
    goods, or in its social responsibility activities, processing personal data such as
    the name, address, telephone number, and email address.
    The information collected may be greater or lesser depending on the
    information provided by the Customer. With the exception of obligations arising
    from compliance with legal obligations, all data will be exclusively processed by
    the Grácia Sofia entity strictly to the extent that they are necessary for the
    development of its activity, also allowing the Customer to have access, for
    example, to specific functionalities of the services.
    If there is prior consent from the Customer, it may be withdrawn at any time,
    without, however, affecting the lawfulness of the processing carried out on the
    basis of the previously given consent. To withdraw consent, you can use the
    email address graciasofia@graciasofia.com.
  4. Purposes and legal grounds for the collection and processing of data

The Grácia Sofia entity may process personal data for the following purposes:
a) Provision of commercial services (opening customer files, registering
proposals and orders, communications with customers and filing); The legal
ground, in this case, is the execution of the contract, namely the interest of the
Grácia Sofia entity in processing information from its customers in an effective
and efficient manner, ensuring the quality of its services.
b) For statistical analysis purposes in Google Analytics, without collecting any
specific personal data (such as names, addresses, IPs);
c) For invoicing and accounting management; – Maintain efficient management
control, keeping invoicing up-to-date and ensuring compliance with applicable
legal obligations;
d) For collection and legal and extrajudicial claims, which includes collecting
and recovering amounts owed by customers; The legal ground is the legitimate
and legal interest of the Grácia Sofia entity in satisfying its credits and
defending its rights.

  1. Circumstances of processing by subcontractors
    Within the scope of the activities carried out, the Grácia Sofia entity uses third
    parties for the provision of certain types of services that may imply access, by
    these entities, to Customers’ personal data. When this happens, the Grácia
    Sofia entity ensures that subcontractors comply with the GDPR and other
    applicable legislation, as well as compliance with certain standards similar to
    our internal security policy.
    In the case of communication of personal data to other subcontracted entities,
    the Grácia Sofia entity remains responsible for these personal data.
  2. Destination of personal data
    Personal data are intended only for the Grácia Sofia entity and may only be
    used by third parties for the purpose of complying with legal obligations.
  3. Collection of personal data
    The Grácia Sofia entity only collects personal data by telephone, contractually,
    through its website and always ensuring the prior consent of the data holders.
    It is important to emphasize that some personal data is indispensable for the
    execution of the contracts and, in case of lack or insufficiency thereof, they may
    jeopardize the provision of services by the Grácia Sofia entity. To the holders of
    personal data who are not Customers of the Grácia Sofia entity, the rules of this
    policy apply.
  4. Conservation of personal data

The conservation and storage of personal data is necessarily related to the
purpose for which the information was collected and is processed.
Except in cases where there may be a legal obligation for the maintenance of
personal data, such personal data will only remain stored and conserved for the
minimum period necessary for the purpose for which they were collected.

  1. Transfer of personal data
    The Grácia Sofia entity does not transfer personal data and, should this
    eventually happen, it will do so in accordance with the GDPR and any other
    eventually applicable legislation. This, however, does not prejudice the exercise
    of the right to portability by the data holder.
  2. Your rights and how to exercise them
    As a holder of personal data, the Grácia Sofia entity guarantees you, at any
    moment, the right to access, rectification, updating, limitation, and erasure of
    your personal data (except for the data that is indispensable to the provision of
    the services or to the supply of goods in which the contractual relation is still
    ongoing), the right to object to the use of the same for commercial purposes by
    the Grácia Sofia entity, and to the withdrawal of consent, as well as the right to
    portability of the data.
    For the exercise of these rights, you may contact us through the e-mail address
    graciasofia@graciasofia.com, or by written communication addressed to our
    professional domicile: Rua dos Barbosas, nº 231, 2º Direito, Braga (São José
    de São Lázaro e São João do Souto) 4715 – 267 Braga.
  3. Claim
    Even though you may directly present any claims with the Grácia Sofia entity in
    the terms above referred to, you may present a claim directly with the Contract
    Authority which, in Portugal, is the National Commission of Protection of Data
    (CNPD), through the email address geral@cnpd.pt, or to the postal address:
    Rua de São Bento, nº 148, 3, 1200 – 821 Lisboa.
  4. Alteration to the policy of privacy and protection of personal data
    The Grácia Sofia entity reserves the right, at any moment and whenever
    necessary, to proceed with alterations that are necessary, with such alterations
    being publicized through the channels used by the Grácia Sofia entity.