This Privacy Policy establishes COMA OU LEVE’s commitment to the Users of the website in the protection of their personal data, with the intention of helping to strengthen and consolidate the relationship of trust and proximity it has with them, through clear and transparent communication of what it does with this data and what rights it recognizes for the respective holders, as well as how to exercise them.
COMA OU LEVE acts in strict compliance with the principles described in this policy, Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and applicable data protection legislation, in all the personal data processing activities for which it is responsible. The Privacy Policy is part of COMA OU LEVE’s body of personal data protection legislation, which includes rules and procedures for managing the security and privacy of personal data.
COMA OU LEVE, with registered offices at Largo Frei Heitor Pinto, Nº 3-B 1700-204 Lisboa (the “Controller”), is responsible for processing the personal data collected and processed within the scope of the website, in accordance with the General Regulation on the Protection of Personal Data and complementary national legislation on the protection of personal data (the “Regulation”).
The Responsible Person’s contact details are: e-mail: encomendas@comaouleve.pt / tel.: +351 218 404 385.
Personal data is any information relating to a natural person and which identifies them or makes them identifiable.
The Data Controller will collect your personal data by filling in the forms on the website, but also through the normal operation of the website and the communication it makes with your equipment, namely through your browser, the use of cookies, pixel tags and/or other similar technologies.
Cookies are small information files that help identify your browser and can store information such as user settings and preferences.
The Controller will store cookies on your device to personalize and facilitate browsing as much as possible, but also for troubleshooting, statistics, quality assurance, and to monitor system security.
With the exception of cookies specifically necessary for the performance of the website, the storage of other cookies will always depend on the User’s acceptance and consent, which may be withdrawn at any time through specific browser tools.
To find out more about the cookies we use, please consult our Cookie Policy.
The personal data that the Data Controller collects and processes has specific grounds, depending on the purposes for which it is intended.
In the following table you can see the reasons and objectives pursued:
| Purpose | Basis |
| To analyze and respond to your messages, customer support and requests for information. | Consent for that specific purpose. |
| To keep track of your contact details. | Consent for that specific purpose. |
| For WEBSITE management operations. | Consent for this specific purpose (cookies); Legitimate interests pursued by Responsible. |
| For commercial purposes, such as data analysis, audits. | Legitimate interests pursued by the person responsible. |
| For fraud prevention and information systems security. | Consent for that specific purpose. |
| To adapt, improve and modify the services, in particular by identifying usage trends, or to determine the effectiveness of promotional campaigns. | Consent for this specific purpose (cookies); Legitimate interests pursued by Responsible. |
The personal data that the Data Controller collects and processes is only that which is necessary and appropriate for the purposes indicated above.
The Data Controller will collect and process the following personal data:
| Purpose | Data collected |
| To analyze and respond to your messages, customer support and requests for information. | Name, e-mail, contact (telephone). |
| To keep track of your contact details. | Name, e-mail, contact (telephone). |
| For WEBSITE management operations. | Cookies, IP address. |
| For commercial purposes, such as data analysis, audits. | Cookies, IP address. |
| For fraud prevention and information systems security. | Cookies, IP address. |
| To adapt, improve and modify the services, in particular by identifying usage trends, or to determine the effectiveness of promotional campaigns. | Cookies, IP address. |
Your personal data will be kept for as long as necessary for the purposes for which they are intended, as listed in this Privacy Policy. Thus:
| Purpose | Conservation Period |
| To analyze and respond to your messages, customer support and requests for information. | 1 year |
| To keep track of your contact details. | 1 year |
| For WEBSITE management operations. | 2 years |
| For commercial purposes, such as data analysis, audits. | 2 years |
| For fraud prevention and information systems security. | 2 years |
| To adapt, improve and modify services, in particular by identifying usage trends, or to determine the effectiveness of promotional campaigns. | 2 years |
If a specific or mandatory period is required by law, this will be the period for which the data is kept. In all other cases, personal data will be kept for no longer than the periods indicated above, which the Data Controller considers to be sufficient to fulfill the purposes.
At the end of the retention period, all personal data collected will be deleted.
– The Controller may use third parties to provide certain services, such as website maintenance, database hosting, technical support, marketing, and they may have access to some of the personal data, namely the data necessary for the contracted purposes.
– The third parties that process the User’s personal data are subcontractors hired by the Responsible Entity. The services of the subcontractors are essential for the normal operation of the website.
– For example, for the purposes of providing website analysis services, the Data Controller has Google Analytics as a subcontractor.
– The Controller ensures that the entities that have access to the data are credible and offer guarantees of protection, and that no data is transmitted to them beyond what is necessary to provide the contracted service, although the Controller remains responsible for the personal data made available.
In the event that data is transferred to third countries outside the European Union, the Controller will comply with the legal rules, in particular with regard to the suitability of the country of destination for the protection of personal data and the requirements applicable to such transfers, and personal data will not be transferred to jurisdictions that do not offer guarantees of security and protection.
The website is not aimed at minors under the age of 16, so we ask that minors do not provide us with personal data through it.
What are your rights and how can you exercise them?
Before we explain how you can exercise your rights, you should know what they are. The law gives you the right to ask us to exercise the following rights:
– Access: the right to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, the right to access your personal data and request additional information on how we process your personal data;
– Rectification: the right to have inaccurate or outdated personal data concerning you rectified and to have incomplete personal data completed;
– Erasure: the right to obtain the erasure of your personal data when one of the reasons listed in the legislation applies, namely when: the data is no longer necessary, the data subject withdraws consent, the data subject objects to the processing, the data is processed unlawfully, the erasure derives from the need to comply with a legal obligation or when the data has been collected in the context of offering information society services;
– Restriction of processing: the right to obtain restriction of processing, if one of the situations listed in the legislation applies, namely, contesting the accuracy of the data, when the processing is unlawful but the data subject opposes erasure and requests restriction of use, when the controller no longer needs the data but they are required by the data subject for the establishment, exercise or defense of rights in legal proceedings or if the data subject has opposed the processing;
– Objection: the right to object at any time to the processing of personal data concerning you;
– Portability: the right to receive personal data concerning you in a structured, commonly used and machine-readable format.
You also have the right to withdraw or change, at any time, the consent you have given us to process your personal data, in cases where such consent has been requested.
If you ask us to delete some or all of your personal data, some of the services you have requested may not be provided to you and the Data Controller will only keep the personal data necessary to comply with the legal obligations to which it is bound.
To exercise your personal data protection rights or to ask a question about the processing of your personal data, please contact the Data Controller at encomendas@comaouleve.pt.
If you are dissatisfied with the way we use your personal data or with our response to your request to exercise your rights, you can submit a complaint to the National Data Protection Commission (CNPD) – https://www.cnpd.pt.
Your personal data is kept secure through the adoption of various technical and organizational security measures deemed necessary and appropriate for the protection of personal data.
The Manager has taken technical precautions to protect the spaces where data is stored, in particular by protecting access to the computer with a password, using anti-virus software and carrying out regular maintenance on the computer. In addition, the person in charge ensures that only those employees who must access personal data have access to it, in accordance with the rules created for this purpose. Likewise, when you browse the website, we protect your data with encryption, such as Transport Layer Security (TLS, a security protocol that protects telecommunications via the internet).
Although we take the care and precautions we deem appropriate to protect the personal data you provide and we collect, you should be aware that no security system is impenetrable.
The Manager reserves the right to adjust or change this Privacy Policy at any time, and such changes will be publicized.
Date last updated: January 10, 2024