Privacy policy

AIRFREE- PRODUTOS ELETRÓNICOS, LDA. is a legal entity no. 507174240, with head offices at Rua Julieta Ferrão, no. 12 - Piso 2, salas 201 e 202, 1600-131 Lisbon.

 1. DATA OFFICER IDENTIFICATION

AIRFREE – Produtos Eletrónicos, Lda

Tel: 21 315 6222 E-mail: info@airfree.com

 

2. INFORMATION AND CONSENT

Under the General Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, hereafter "GDPR"), personal data is defined as any “information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Article 4(1) of the GDPR).

Under the GDPR, only the consent of the data subject is valid, which translates into a “free, specific, informed and explicit expression of will by which the data subject accepts, by unequivocal statement or positive act, that personal data concerning him will be processed”. (Article 4(11) of the GDPR).

In cases where processing requires the consent of the data subject, AIRFREE should be able to demonstrate that such consent has indeed been given.

As data subject, you may contact AIRFREE and withdraw your consent at any time. Once you have withdrawn your consent, AIRFREE can no longer use your personal data.

Personal data provided through the AIRFREE website may be included in a file under the responsibility of AIRFREE, the processing of which complies with appropriate technical and organizational security measures.

Under the GDPR (Recital 43), consent is presumed not to be given voluntarily if consent cannot be given separately for different personal data processing operations, even if it is appropriate in the specific case, or if the execution of a contract, including the provision of a service, depends on consent even though consent is not necessary for the same execution.

Therefore, since consent should be given for each specific purpose, and the data officer should also ensure that any withdrawal of such consent by the data subject is possible, AIRFREE makes available at all times the modalities of opt-in, depending on the different purposes of the data processing, and of opt-out, in the event that the data subject wishes to withdraw their consent.

It should be clarified that AIRFREE does not require the consent of the data subject when, according to the GDPR (Article 6):

The processing is necessary for the execution of a contract to which the data subject is party or for pre-contractual inquiries at the request of the data subject.

The processing is necessary for the fulfilment of a legal obligation to which the data officer is subject.

The processing is necessary for the purposes of the legitimate interests pursued by the data officer or by third parties, except where the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail, especially when the data subject is a child.

AIRFREE maintains a database with the registration information of its clients, which integrates exclusively the personal data provided by the respective holder at the time of registration, which is automatically collected and processed by AIRFREE, the data officer.

 

3. SUBCONTRACTORS

3.1. Under what circumstances is your personal data communicated to other entities, subcontractors or third parties?

Your personal data may be transferred to subcontractors for processing in the name and on behalf of AIRFREE, in accordance with its instructions in its capacity as data officer. In effect, in the pursuit of its activity, AIRFREE may resort to third parties – subcontractors–for the provision of certain services, which may imply access by these third parties to their personal data, under the circumstances outlined in this Privacy Policy and with the limitations defined by the GDPR.

AIRFREE shall ensure that in such circumstances appropriate technical and organizational measures are taken to ensure that subcontractors comply with applicable legal requirements and provide appropriate data protection safeguards.

AIRFREE shall also take the legally required and necessary contractual measures to ensure that the processors respect and protect their personal data.

3.2. Under what circumstances does AIRFREE transfer its data to a third-party country in the European Economic Area?

AIRFREE guarantees the modalities of opt-in at all times through the offering of consent or withdrawal thereof by the data subject, in cases where consent is the only basis for the lawfulness of processing the personal data.

AIRFREE shares its data with the following companies, whose guarantees for the protection data subjects’ rights are considered adequate and fully in line with to the requirements of the GDPR.

Data Type

First Name

Last Name

E-mail

Address

County

District

Country

Postal Code

Phone

Number of acquired units

Purchase date

Invoice number

Device model

 

Purposes of Data Processing

Communication and Information

Information request processing

Claims Processing

Activities of a statistical nature

Promotions and Direct Marketing

Suggestions

 

1. The Rocket Science Group LLC d/b/a MailChimp)

SWISS-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG

Original Certification Date: 7/21/2017

Next Certification Due Date: 12/16/2019

Data Collected: NON-HR

EU-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 11/21/2016

Next Certification Due Date: 12/16/2019

Data Collected: NON-HR

 

2. ZENDESK

 

SWISS-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

 https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active

Original Certification Date: 11/9/2017

Next Certification Due Date: 11/21/2019

Data Collected: HR, NON-HR 

EU-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 12/6/2016

Next Certification Due Date: 11/21/2019

Data Collected: HR, NON-HR

 

ZENDESK also has Binding Corporate Rules in accordance with Article 47 of the GDPR. These rules are approved by the EU supervisory authorities, legally binding and applicable to all the entities concerned within the enterprise group or group of enterprises involved in joint economic activity, including their employees, which should ensure compliance.

These rules legitimize, within a corporate group, the transfer of personal data of European employees and customers within the EEA to other members of the worldwide corporate group.

The binding rules applicable to ZENDESK when acting as a subcontractor are as follows:

https://d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK%20-%20BCR%20Processor%20Policy.pdf

 

3. SALESFORCE

EU-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK

Original Certification Date: 8/12/2016

Next Certification Due Date: 1/7/2020

Data Collected: NON-HR

SWISS-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

 Original Certification Date: 4/28/2017

Next Certification Due Date: 1/7/2020

Data Collected: NON-HR

 SALESFORCE also has Binding Corporate Rules as a subcontractor:

https://c1.sfdcstatic.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-

BCR.pdf

 

4. PURPOSES OF PERSONAL DATA PROCESSING

Personal data provided through this site will be used exclusively by AIRFREE for the following purposes:

Communication and Information

Information request processing;

Claims Processing

Activities of a statistical nature

Promotions and Direct Marketing

Suggestions

AIRFREE guarantees the confidentiality of all personal data subject to its processing, which shall be subject to appropriate security measures in order to prevent the loss, manipulation or deterioration thereof.

 5. PERSONAL DATA SECURITY

AIRFREE hereby informs that it has adopted the security measures, technical and organizational, necessary to ensure the security of personal data provided to it through this site, in order to prevent the alteration, loss, processing and unauthorized access thereof, taking into account the current state of technology, the nature of the data subject to processing and the risks to which the data is exposed. AIRFREE also confirms that it will continue to implement these measures.

AIRFREE guarantees the confidentiality of the data provided through this website.

All data will be entered into a Secure Server (SSL 128 bytes) that encrypts/encodes it. You can confirm that your browser is secure if the lock symbol appears or if the address starts with https instead of http.

For each personal data processing operation, AIRFREE undertakes to, in addition to the above:

Store them in accordance with security measures appropriate to data integrity.

Ensure that data is processed exclusively by employees whose intervention is effectively necessary to satisfy the request of the data owner, which is subject to secrecy and confidentiality obligations.

Ensure that the subcontractors, on their behalf and for their account, also provide sufficient guarantees that appropriate technical and organizational measures are taken to ensure that the processing operations comply with applicable legal and regulatory requirements in order to process the personal data collected.


6. COMMERCIAL COMMUNICATIONS AND PROMOTIONS

One of the purposes of the processing by AIRFREE of personal data provided by users is to send information of a commercial and promotional nature. These messages will be addressed exclusively to users who have given their consent, as described.

If you wish to stop receiving these communications from AIRFREE, you may express your opposition at any time by sending a simple email to the following address:

contacto@airfree.com

7. EXERCISE OF RIGHTS

The holder of personal data may exercise the following rights at any time:

Request access to personal information provided to AIRFREE, in order to obtain confirmation as to whether or not the data in question is being processed and, if so, access such data and the information provided by law.

Request the rectification of the information if it is inaccurate or incomplete and obtain from AIRFREE, without undue delay, the rectification of inaccurate or incomplete personal data relating thereto.

Request the limitation of the processing of personal data provided to AIRFREE in cases where one of the following situations occurs: (i) where the accuracy of the personal data is contested, for a period allowing verification of the accuracy thereof; (ii) where the processing of the data is lawful and the data subject opposes the erasure of the personal data and requests, in return, limitation of the use thereof; (iii) where AIRFREE no longer requires the personal data for the purposes of processing but such data is required by the data subject for the purposes of a declaration, exercise or defense of a right in legal proceedings; (iv) where the data subject has opposed the processing until it is established that the legitimate reasons of the data officer prevail over those of the data subject.

The data subject also has the right to portability of his data, which can be exercised in accordance with the GDPR and Law 58/2019 of August 8.

Users of the AIRFREE site may at any time exercise their rights to information, access, rectification, erasure, limitation, portability and opposition by means of a written request:

By post to the address: Rua Julieta Ferrão 10, 9A, 1600-131 Lisbon

Email to the email address: contacto@airfree.com

 

8. CONTROL AUTHORITY

In legal terms, any user who is the holder of personal data on the AIRFREE website has the right to submit a complaint or claim, if he considers that there has been a violation of his personal data, to the competent control authority: www.cnpd.pt