Privacy Policy

PERSONAL DATA PROTECTION AND PRIVACY POLICY

  1. Data Protection and Privacy Commitment

AllAroundShoes is committed to complying with all applicable community and national legal standards in the field of data protection and information security.

AllAroundShoes has implemented a Personal Data Protection System and an Information Security System to ensure regulatory compliance and demonstrate institutional responsibility in the field of data protection and information security. We have implemented all necessary technical and organizational measures deemed appropriate for compliance with the legal framework of the General Data Protection Regulation (EU Regulation 2016/679 of April 27, hereinafter referred to as GDPR), the legal framework of the GDPR Enforcement Law (Law No. 58/2019 of August 8, hereinafter referred to as LERGPD), and other applicable complementary legislation.

For any clarification or additional information or to exercise rights in this regard, please contact the Data Protection Officer of AllAroundShoes via email at dataprotection@allaround.shoes.

 

  1. Definitions

"Personal Data"

"Personal data" refers to information related to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier. Personal identifiers may include a name, identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing of Personal Data"

"Processing" means any operation or set of operations performed on personal data or sets of personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, comparison, or interconnection, restriction, erasure, or destruction.

"Cookies" (Connection Witnesses)

"Cookies," referred to as "Testemunhos de Conexão" in Portuguese, are small text files containing relevant information that devices used for access (computers, mobile phones, or portable mobile devices) load through the internet browser when a website is visited by a user.

 

  1. Data Controller

AllAroundShoes, Lda., with VAT number 515362620, hereinafter referred to as AllAroundShoes, is the entity responsible for the forms, online sites, systems, or computer applications, hereinafter referred to as channels or applications, through which Users, Service Recipients, or Users have remote access to the services presented or provided by AllAroundShoes, at any time, through them. The entity is considered responsible for processing personal data.

The use of channels, systems, or applications by any User, Service Recipient, or User may involve processing of personal data, the protection, privacy, and security of which by AllAroundShoes, as the entity responsible for such processing, is ensured in accordance with the terms of this Data Protection and Privacy Policy.

 

  1. Institutional Contacts of the Data Controller

For contacting the Data Protection Officer of AllAroundShoes, please send an email to dataprotection@allaround.shoes or use the specific addresses identified in forms, online sites, or applications, describing the subject of the request, and providing an email address, a telephone contact, or a mailing address for a response.

For any other purpose, you can use the following general contacts of AllAroundShoes as the Data Controller of personal data:

– Postal Address: Rua Jaime Afreixo, No. 310, 3700-141, São João da Madeira, Portugal;

– General Email: store@allaround.shoes;

– General Phone: +351 256137900;

– Website: www.allaround.shoes.

 

  1. Collection and Processing of Personal Data

AllAroundShoes processes personal data strictly necessary for providing information and operating its channels in accordance with the uses made by Users, Service Recipients, or Users, whether provided for the purpose of registering requests or obtaining information, for the purpose of joining those channels, or resulting from the use of services provided by AllAroundShoes through them, such as access, consultations, instructions, requests, transactions, and other records related to their use.

In particular, the use or activation of certain channel functionalities may involve processing various direct or indirect personal identifiers, such as name, home address, personal contacts, device addresses, or geographic location, whenever the express consent of the specific User, Service Recipient, or User is required, whenever necessary for the management of the contractual relationship or pursuit of legitimate interests, or finally, for compliance with legal obligations.

In all cases, Users, Service Recipients, or Users will always be informed of the need to access such data for the use of the relevant channel functionalities, as well as the specific legal basis for processing this data.

Personal data collected by AllAroundShoes are processed manually or, in certain cases, automatically or electronically, including file processing or profile setting, within the scope of pre-contractual, contractual, or post-contractual relationship management with Users, Service Recipients, or Users, in accordance with current national and community regulations.

 

  1. Categories of Personal Data Processed and Data Subjects

The categories or types of personal data subject to processing generally include:

– Identification data;

– Contact data;

– Professional data;

– Billing data;

– Traffic and access control data

In different establishments of the Data Controller, biometric data may also be processed through video surveillance systems or other biometric systems that may be installed.

The categories or types of data subjects subject to processing generally include Users, Service Recipients, or Users, and may also include members of their respective households or visitors to the Data Controller's facilities in special processing situations. A detailed list of categories of personal data and categories of data subjects can be found in the Data Processing Information Sheets for each specific processing activity.

 

  1. Legal Principles

All data processing operations comply with fundamental legal principles in the field of data protection and privacy, including principles related to circulation, lawfulness, loyalty, transparency, purpose limitation, storage, accuracy, integrity, and confidentiality. AllAroundShoes is available to demonstrate its responsibility to data subjects, authorities, or any other third party with a legitimate interest in this matter.

 

  1. Legitimacy Grounds

All data processing operations carried out by AllAroundShoes have a legitimacy basis, namely, the data subject's consent to the processing of their personal data for one or more specific purposes, the processing being necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures at the data subject's request, the processing being necessary for compliance with a legal obligation to which the Data Controller is subject, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or the processing being necessary for the purposes of legitimate interests pursued by AllAroundShoes or third parties, with the specific basis referenced in the specific data processing activities.

 

  1. Purpose of Data Processing

All personal data processed within the scope of AllAroundShoes' channels are exclusively intended for providing information to Users, managing personal information of Service Recipients, considered necessary for the purpose of managing the relationship or communication, as well as providing services to Users and, in general, managing the pre contractual, contractual, or post-contractual relationship with Users, Service Recipients, or Users.

The collected personal data may also, eventually, be subject to processing for statistical purposes, for the dissemination of information or promotional actions, and for communication actions, including promoting the disclosure of new features or new services, through direct communication, whether by mail, email, messages, phone calls, or any other electronic communication service.

With prior information always ensured, and express authorization collected for these latter purposes, Users, Service Recipients, or Users can, at any time, exercise their right to withdraw consent or their right to object to or limit the use of their personal data for purposes beyond the management of the relationship with the Data Controller. This includes, for example, purposes related to the pursuit of legitimate interests, sending informational communications, or inclusion in lists or informational services. To do so, they should send a written request addressed to AllAroundShoes' Data Protection Officer, following the procedures outlined below.

 

  1. Information Data Sheet for Data Processing on Electronic Sites

In accordance with the principles of loyalty and transparency, and to ensure compliance with the duty of information, AllAroundShoes directly provides or publicly makes available to all data subjects, depending on the method of data collection, information data sheets about the data processing activities conducted. These data sheets are accessible for consultation at any public service unit or by requesting them from the Data Protection Officer.

Regarding Electronic Sites ("Websites") and Online Services ("On-line"), please refer to the Information Data Sheet for Data Processing on Electronic Sites, accessible at www.protecaodedados.com/allaroundshoes/informacao.

 

  1. Data Retention Period

Personal data will only be retained for the period necessary for the purposes that motivated their collection or subsequent processing, ensuring compliance with all applicable legal regulations regarding archiving. The specific retention period is specified in each of the Information Data Sheets for Data Processing.

 

  1. Use of Cookies (Connection Witnesses)

Regarding the use of Cookies or Connection Witnesses by AllAroundShoes, please refer to the Cookie Policy at www.protecaodedados.com/allaroundshoes/politicas.

 

  1. Data Communication to Other Entities

The provision of information or the provision of services by AllAroundShoes to its Users, Service Recipients, or Users through channels may occasionally involve the use of services provided by third-party subcontracted entities, Joint Controllers, or other autonomous Data Controllers. This includes entities located outside the European Union for the provision of certain services, and such a situation may involve these entities having access to this personal data.

In these circumstances, and whenever necessary, AllAroundShoes will only resort to entities that provide sufficient guarantees for implementing adequate technical and organizational measures to ensure that the processing complies with the requirements of the applicable standards. Such guarantees are formalized in a contract signed between AllAroundShoes and each of these third-party entities.

 

  1. Recipients of Data

Except in the context of complying with legal obligations, executing contracts, or pursuing legitimate interests, under no circumstances will personal data of Users, Service Recipients, or Users be disclosed to third-party entities that are not subcontracted entities or legitimate recipients. Furthermore, no other communication will be made for purposes other than those mentioned above, without obtaining the prior express consent of the data subject.

 

  1. International Data Transfers

Any transfer of personal data to a third country or international organization will only be carried out in compliance with legal obligations or ensuring compliance with the applicable community and national legal standards in this matter.

 

  1. Security Measures

Taking into account the most advanced techniques, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks for Users, Service Recipients, or Users, AllAroundShoes, and all subcontracted entities apply appropriate technical and organizational measures to ensure a level of security adequate to the risk.

Various security measures are taken to protect personal data against unauthorized dissemination, loss, misuse, alteration, unauthorized processing, or access, as well as against any other form of unlawful processing.

It is the sole responsibility of Users, Service Recipients, or Users to keep their access codes secret, not sharing them with third parties. They should also, in the case of computer applications used to access the channels, maintain and store access devices securely and follow the security practices recommended by manufacturers and/or operators. This includes installing and updating the necessary security applications, such as antivirus applications, among others.

In cases where it is necessary to subcontract services to third-party entities that may have access to the personal data of Users, Service Recipients, or Users, AllAroundShoes' subcontractors will be required to adopt organization-level security measures and technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss, or destruction of personal data.

 

  1. Exercise of Data Subject Rights

Users, Service Recipients, or Users of AllAroundShoes can, as data subjects, at any time, exercise their data protection and privacy rights. This includes the right to withdraw consent, access, rectification, erasure, portability, restriction, or objection to processing, in accordance with the terms and limitations set forth in applicable regulations.

Any request to exercise data protection and privacy rights must be made in writing by the respective data subject to the Data Protection Officer, following the procedure and contact information described below.

A Form for Exercising Data Subject Rights is available at www.protecaodedados.com/allaroundshoes/formularios or at any AllAroundShoes service point. It can also be requested to be sent via email by contacting the Data Protection Officer at dataprotection@allaround.shoes.

 

  1. Complaints or Suggestions

Users, Service Recipients, or Users have the right to file complaints, either by registering them in the Complaints Book or by submitting them to regulatory authorities. In the latter case, complaints can be submitted directly to the National Data Protection Commission through the contacts available at www.allaround.shoes.

Users, Service Recipients, or Users can also provide suggestions via email sent to the Data Protection Officer at dataprotection@allaround.shoes.

 

  1. Personal Data Breach Reporting

AllAroundShoes has implemented an incident management system in the realm of data protection and information security.

If any User, Service Recipient, or Customer wishes to report any occurrence of a personal data breach, whether accidental or unlawful, resulting in the unauthorized destruction, loss, alteration, disclosure, or access to personal data transmitted, stored, or subject to any other form of processing, they can contact the Data Protection Officer of AllAroundShoes or use the general contact information for AllAroundShoes.

A Personal Data Breach Reporting Form is available at www.dataprotection.com/allaroundshoes/forms or at any AllAroundShoes service point. You can also request its delivery via email by contacting the Data Protection Officer at dataprotection@allaround.shoes.

 

  1. Permanent Security Contact Point

AllAroundShoes has established a Permanent Security Contact Point for the management of information security and cyberspace security incidents.

If any User, Service Recipient, or Customer wishes to report an information security incident or a cyberspace security incident, they can get in touch with the Permanent Security Contact

Point at AllAroundShoes through the communication channels available at www.dataprotection.com/allaroundshoes/security.

A Security Incident Reporting Form for Information Security or Cyberspace Security Incidents is accessible at www.dataprotection.com/allaroundshoes/forms or at any AllAroundShoes service point. You can also request its delivery via email by contacting the Permanent Security Contact Point.

 

  1. Whistleblower Protection

AllAroundShoes has implemented a Whistleblower Channel in compliance with current legal standards, ensuring the protection of personal data of data subjects, as per the Whistleblower Protection Policy accessible at https://allaroundshoes.mkdprojects.com/.

The Whistleblower Officer at AllAroundShoes can be contacted using the contact details available at www.dataprotection.com/allaroundshoes/whistleblower.

The Whistleblower Platform of AllAroundShoes is accessible through the hyperlink available at www.dataprotection.com/allaroundshoes/whistleblower.

A Whistleblower Reporting Form is accessible at www.dataprotection.com/allaroundshoes/forms or at any AllAroundShoes service point. You can also request its delivery via email by contacting the Whistleblower Officer.

 

  1. Corruption Prevention

AllAroundShoes has implemented a Compliance Program in the context of Corruption Prevention in compliance with current legal standards, ensuring the protection of personal data of data subjects, as per the Corruption Prevention Policy available at www.dataprotection.com/allaroundshoes/corruption.

For the purpose of submitting reports under the corruption prevention regime, any interested party can use:

  • The Whistleblower Platform of AllAroundShoes, accessible through the hyperlink available at www.dataprotection.com/allaroundshoes/whistleblower, or
  • The Corruption Reporting Form, accessible at www.dataprotection.com/allaroundshoes/forms or at any AllAroundShoes service point.

 

  1. Data Protection Policies and Special Information Sheets

With a commitment to transparency and information and to ensure the adequacy of the Data Protection and Privacy Policy to different data processing operations carried out, especially for different categories of data subjects, AllAroundShoes may develop Data Protection Policies of a special nature, such as:

  • Data Protection and Privacy Policy in a Workplace Context,
  • Data Protection and Privacy Policy in Application Management,
  • Data Protection and Privacy Policy for Supplier Employees, or
  • Cookie Policy or Connection Testimonies.

These special policies are provided directly to the respective categories of data subjects or in the context of related data processing activities and are available for consultation upon request to the Data Protection Officer via email at dataprotection@allaround.shoes.

The Data Protection Policies are also supplemented with Information Sheets on Data Processing to enhance transparency and information about specific data processing activities at AllAroundShoes. These sheets are made available at the time of data collection, at any service point, or through contact with the Data Protection Officer.

 

  1. Information Sheet on Data Processing in the User Relationship

The Information Sheet on Data Processing in the User Relationship, for Service Recipients or Users, is accessible at www.dataprotection.com/allaroundshoes/information.

 

  1. Data Protection Officer

For any information, complaints, incident reporting, or exercise of any type of data protection and privacy rights, or for any matter related to data protection and information security, Users, Service Recipients, and Customers interacting with AllAroundShoes can:

  • Directly contact the Data Protection Officer via email at dataprotection@allaround.shoes, describing the subject of the request and providing an email address, telephone contact, or mailing address for a response, or, if preferred,
  • Contact any unit or service point of AllAroundShoes, requesting communication with the Data Protection Officer.

 

  1. Explicit Consent and Acceptance

The terms of the Data Protection and Privacy Policy are supplementary to the terms and provisions regarding personal data in the Specific Terms of Use of each of the communication channels of AllAroundShoes.

The voluntary, specific, and informed provision of personal data by the respective data subject implies acknowledgment and acceptance of the conditions outlined in this Policy. By using the channels or by providing their personal data, Users, Service Recipients, and Customers expressly authorize their processing in accordance with the rules defined in each of the applicable channels or data collection instruments.

 

  1. Amendment of the Data Protection and Privacy Policy

To ensure its update, development, and continuous improvement, AllAroundShoes may, at any time, make changes that are deemed appropriate or necessary to this Data Protection and Privacy Policy, with its publication guaranteed through various channels to ensure transparency and information to Users, Service Recipients, and Customers.

 

  1. Data Protection and Privacy Policy Versions

Version of this Policy: 202309.

Date: 20230918.

To access previous versions of the Data Protection and Privacy Policy, please send a request via email to dataprotection@allarond.shoes.