Privacy Policy

The purpose of this Privacy Policy is to clarify and inform the data subject about how their personal data is collected, used, processed and disclosed on the www.vizta.pt website, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 (General Data Protection Regulation, hereinafter the "GDPR") and Law no. 58/2019 of August 8th, which ensures the implementation of the GDPR in the national legal order, as well as, in a transparent and intelligible manner, informing the holders of personal data of their rights and how they can exercise them.

CONTENTS

  1. Definitions
  2. Responsible for treatment
  3. Co-responsible for Treatment
  4. What personal data is collected?
  5. Purposes, legal grounds and retention period
  6. Recipients of personal data
  7. Rights of personal data subjects
  8. Principles of personal data processing
  9. Security
  10. Changes to this privacy policy

 

1. Definitions

In order to better understand the terms used in this Privacy Policy, we present the most relevant definitions:

Consent - a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she agrees, by means of a statement or an unambiguous positive act, to the processing of personal data relating to him or her.

Personal data - information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling - any form of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to their professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel;

Recipient - a natural or legal person, public authority, agency or other body that receives communications of personal data, regardless of whether or not it is a third party.

Data Controller - natural or legal person, public authority, agency or other body that determines the purposes and means of processing personal data.

Data processing - an operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Responsible for Treatment

The entity responsible for processing the personal data processed in connection with the use of the website www.vizta.pt (hereinafter referred to as the "Website") is Hydra Real Estate Management, Sociedade Unipessoal, Lda, with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, with a share capital of € 5,000.00, an entity with documents fully deposited in electronic format registered at the Commercial Registry Office under the unique registration and legal person number 514895900, e-mail: privacidade@vizta.pt (hereinafter the "Data Controller").

The Data Controller has a Data Protection Officer who can be contacted at the following e-mail address: privacidade@vizta.pt.

3. Co-responsible for Treatment

The entities that, together with the Data Controller, are responsible for processing personal data in connection with the use of the website www.vizta.pt (hereinafter referred to as the "Website"). The following entities are jointly responsible for data processing:

  • TURQUESA DAFUNDO - SIC IMOBILIÁRIA FECHADA, S.A., with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with a share capital of 5,000.00 Euros, registered with the Commercial Registry under the single registration number and NIPC 515211370;
  • FLOWER TOWER MAGNOLIA - SIC IMOBILIÁRIA FECHADA, S.A., with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with a share capital of 1,500.00 Euros, registered with the Commercial Registry under the single registration number and NIPC 514923245;
  • HYDRA PROPERTIES ALTA DE LISBOA, LDA., with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with a share capital of 5,000.00 Euros, registered at the Commercial Registry Office under the single registration number and NIPC 515339725;
  • NEXAE VILAMOURA, S.A., with registered offices at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with a share capital of 50,000.00 Euros, registered with the Commercial Registry under the single registration and legal person number 516083260;
  • LEÇA P6, SOCIEDADE UNIPESSOAL LDA., with registered offices at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with a share capital of 1,500.00 Euros, registered with the Commercial Registry under the single registration number and NIPC 516891898;
  • LP1, LDA., with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with a share capital of 1,500.00 Euros, registered at the Commercial Registry Office under the single registration number and NIPC 516885278.
  • AREEIRO VISTOSO PROPCO, S.A. with registered office at Avenida Miguel Bombarda, nr 80, 6th floor, 1050-166 Lisboa, parish of Avenidas Novas, municipality of Lisbon, with a share capital of 50,000.00 Euros, registered at the Commercial Registry Office under the single registration number and NIPC 516709470.

4. What personal data is collected?

Category of data subjects Personal data collected The purpose
Potential Customers Name, surname, e-mail address, telephone number To answer to requests for information / requests for contact / scheduling visits / meetings
Marketing (sending unsolicited communications/newsletters)
Complaints processing
All the above categories All data collected through the Website Compliance with the duty to co-operate with the competent authorities
Defence of the interests of the Data Controller in legal or other proceedings and proof of compliance with contractual obligations

5. Purposes, legal grounds and retention period

The personal data provided by the data subject in connection with the use of the Website is only strictly necessary for the purposes described below, with full transparency and guarantees of security and confidentiality in the processing.

Purpose Legal grounds Conservation period
To respond to requests for information / requests for contact / scheduling visits / meetings Execution of contracts and/or pre-contractual steps. For as long as the contract remains in force or up to 3 years after the last contact, whichever comes first. Different time limits may be determined on the basis of legitimate interests or to comply with legal deadlines.
Marketing (sending unsolicited communications/newsletters) Consent As long as the consent collected is not withdrawn
Complaints processing Execution of contract and/or pre-contractual steps or legitimate interests of the Data Controller (improvement of the service provided to the client) Until the claim is settled or for as long as it takes to defend a lawsuit.
Allow property reservations to be made Execution of contracts and/or pre-contractual steps. Until cancellation of booking or signing of CPCV
Compliance with legal obligations of the Data Controller with regard to money laundering and terrorist financing Fulfilment of a legal obligation of the controller 7 years after the identification of the potential client or, in the case of a business relationship, after the end of the relationship
Defence of the interests of the Data Controller in legal or other proceedings and proof of compliance with contractual obligations Legitimate interests of the Controller (guaranteeing defence in legal or other proceedings and proof of compliance with contractual obligations) 3 years after the data subject's last interaction with the Data Controller
Compliance with the duty to co-operate with the competent authorities Fulfilment of a legal obligation of the controller Until the end of the longest retention period provided for above for each category of Personal Data Subjects

Data subjects have the right to withdraw their consent at any time. Withdrawal of consent does not jeopardise the lawfulness of the processing carried out on the basis of the consent previously given.

6. Recipients of personal Data

For the purposes indicated above, the Data Controller will transfer the personal data of the data subjects to the following categories of recipients:

  • Communications agencies and marketing consultants;
  • Consultancy service providers;
  • IT service providers;
  • Subcontractors involved in the provision of our services;
  • Jointly responsible for treatment;
  • Judicial and administrative, supervisory or regulatory authorities.

Personal data will not be transferred to a third country or an international organisation.

7. Rights of personal data subjects

Data subjects can exercise the following rights:

  • Access (Article 15 of the GDPR): obtain confirmation from the controller as to whether or not personal data concerning you is being processed and, if so, the right to access your personal data and the information listed in Article 15 of the GDPR;
  • Rectification (Article 16 of the GDPR): obtaining, without undue delay, from the controller the rectification of your inaccurate or incomplete personal data
  • Erasure (Article 17 of the GDPR): obtain from the controller the erasure of your personal data without undue delay under the terms and for the purposes of Article 17 of the GDPR.
  • Restriction of processing (Article 18 of the GDPR): obtain from the controller the restriction of processing, after which personal data may, with the exception of storage, only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims, for the defence of the rights of another natural or legal person, or for reasons of overriding public interest of the Union or a Member State;
  • Portability (Article 20 of the GDPR): The data subject has the right to receive the personal data concerning him or her that he or she has provided to the controller, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller without the controller being able to prevent it, if the processing is based on consent or a contract and the processing is carried out by automated means;
  • Objection (Article 21 of the GDPR): The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on the legitimate interests of the Controller or compatible purposes, and the Controller shall cease processing the personal data unless it provides compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims;
  • Withdrawing consent: data subjects have the right to withdraw their consent at any time. Withdrawal of consent does not jeopardise the lawfulness of the processing carried out on the basis of the consent previously given.
  • You can request the exercise of the aforementioned rights by emailing: privacidade@vizta.pt.
  • If you believe that your personal data has been processed unlawfully, that this Privacy Policy or the legislation on personal data protection has been violated, you can lodge a complaint with the National Data Protection Commission (CNPD): https://www.cnpd.pt/.

8. Principles of personal data processing

VIZTA complies with the principles of data protection, namely

  • Principle of fairness, lawfulness and transparency - We process our customers' data in a clear and objective manner, supported by appropriate legal grounds;
  • Purpose limitation principle - We use personal data only for the purposes determined at the time the personal data was collected;
  • Data minimisation principle - We collect and keep the personal data that is strictly necessary to fulfil the specified purposes;
  • Principle of accuracy - We take all measures to ensure that personal data is accurate and up-to-date, with the possibility of rectification;
  • Principle of storage limitation - Personal data will be kept for as long as the purpose for which it was collected is maintained, or for the periods stipulated by law;
  • Principle of integrity and confidentiality - VIZTA adopts technical and organisation measures to guarantee data security, including protection against unauthorised or unlawful processing and against loss or destruction.

9. Security

We are constantly implementing and updating technical, physical and administrative security measures to help us protect your personal data against unauthorised access, loss, destruction or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption and information access controls. The Data Controller maintains a system for responding to incidents of personal data breaches, taking the necessary measures to mitigate any damage to the freedoms and guarantees of data subjects.

10. Changes to this privacy policy

The Data Controller may modify this Privacy Policy at any time, and such modification will be posted on the Website, with a record of the last modification.

Last update 11 of June of 2024

 

 

 

*Hydra Real Estate Management, Sociedade Unipessoal, Lda., with registered office at Rua Professor Carlos Alberto da Mota Pinto, nr 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisboa, parish of Campo de Ourique, municipality of Lisbon, with share capital of € 5,000.00, registered at the Commercial Registry Office under the single registration and legal person number 514895900.