The purpose of this Privacy Policy is to clarify and inform the data subject about how their personal data is collected, used, processed and disclosed on the www.vizta.pt website, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 (General Data Protection Regulation, hereinafter the "GDPR") and Law no. 58/2019 of August 8th, which ensures the implementation of the GDPR in the national legal order, as well as, in a transparent and intelligible manner, informing the holders of personal data of their rights and how they can exercise them.
In order to better understand the terms used in this Privacy Policy, we present the most relevant definitions:
Consent - a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she agrees, by means of a statement or an unambiguous positive act, to the processing of personal data relating to him or her.
Personal data - information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling - any form of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to their professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel;
Recipient - a natural or legal person, public authority, agency or other body that receives communications of personal data, regardless of whether or not it is a third party.
Data Controller - natural or legal person, public authority, agency or other body that determines the purposes and means of processing personal data.
Data processing - an operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The entity responsible for processing the personal data processed in connection with the use of the website www.vizta.pt (hereinafter referred to as the "Website") is Hydra Real Estate Management, Sociedade Unipessoal, Lda, with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, with a share capital of € 5,000.00, an entity with documents fully deposited in electronic format registered at the Commercial Registry Office under the unique registration and legal person number 514895900, e-mail: privacidade@vizta.pt (hereinafter the "Data Controller").
The Data Controller has a Data Protection Officer who can be contacted at the following e-mail address: privacidade@vizta.pt.
The entities that, together with the Data Controller, are responsible for processing personal data in connection with the use of the website www.vizta.pt (hereinafter referred to as the "Website"). The following entities are jointly responsible for data processing:
Category of data subjects | Personal data collected | The purpose |
Potential Customers | Name, surname, e-mail address, telephone number | To answer to requests for information / requests for contact / scheduling visits / meetings |
Marketing (sending unsolicited communications/newsletters) | ||
Complaints processing | ||
All the above categories | All data collected through the Website | Compliance with the duty to co-operate with the competent authorities |
Defence of the interests of the Data Controller in legal or other proceedings and proof of compliance with contractual obligations |
The personal data provided by the data subject in connection with the use of the Website is only strictly necessary for the purposes described below, with full transparency and guarantees of security and confidentiality in the processing.
Purpose | Legal grounds | Conservation period |
To respond to requests for information / requests for contact / scheduling visits / meetings | Execution of contracts and/or pre-contractual steps. | For as long as the contract remains in force or up to 3 years after the last contact, whichever comes first. Different time limits may be determined on the basis of legitimate interests or to comply with legal deadlines. |
Marketing (sending unsolicited communications/newsletters) | Consent | As long as the consent collected is not withdrawn |
Complaints processing | Execution of contract and/or pre-contractual steps or legitimate interests of the Data Controller (improvement of the service provided to the client) | Until the claim is settled or for as long as it takes to defend a lawsuit. |
Allow property reservations to be made | Execution of contracts and/or pre-contractual steps. | Until cancellation of booking or signing of CPCV |
Compliance with legal obligations of the Data Controller with regard to money laundering and terrorist financing | Fulfilment of a legal obligation of the controller | 7 years after the identification of the potential client or, in the case of a business relationship, after the end of the relationship |
Defence of the interests of the Data Controller in legal or other proceedings and proof of compliance with contractual obligations | Legitimate interests of the Controller (guaranteeing defence in legal or other proceedings and proof of compliance with contractual obligations) | 3 years after the data subject's last interaction with the Data Controller |
Compliance with the duty to co-operate with the competent authorities | Fulfilment of a legal obligation of the controller | Until the end of the longest retention period provided for above for each category of Personal Data Subjects |
Data subjects have the right to withdraw their consent at any time. Withdrawal of consent does not jeopardise the lawfulness of the processing carried out on the basis of the consent previously given.
For the purposes indicated above, the Data Controller will transfer the personal data of the data subjects to the following categories of recipients:
Personal data will not be transferred to a third country or an international organisation.
Data subjects can exercise the following rights:
VIZTA complies with the principles of data protection, namely
We are constantly implementing and updating technical, physical and administrative security measures to help us protect your personal data against unauthorised access, loss, destruction or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption and information access controls. The Data Controller maintains a system for responding to incidents of personal data breaches, taking the necessary measures to mitigate any damage to the freedoms and guarantees of data subjects.
The Data Controller may modify this Privacy Policy at any time, and such modification will be posted on the Website, with a record of the last modification.
Last update 11 of June of 2024
*Hydra Real Estate Management, Sociedade Unipessoal, Lda., with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with share capital of € 5,000.00, registered at the Commercial Registry Office under the single registration and legal person number 514895900.