Privacy and security                                                                          31 | 08 | 2019

1. Data Protection Officer and Data Protection Officer

The company CAMINHO DAS WORDS, LDA., Collective Person No. 508712971, registered at the Commercial Registry Office of Évora under the same number 508712971 (“Caminho das Palavras", “Nós”) is responsible for the processing of your Personal Data, under the terms of conditions described in this policy.

Caminho das Palavras has a “Privacy” unit that can be contacted by e-mail at the following address: or by post to Praça Marcolino de Sousa, 8, 1.Esq., 7000-757 Évora, Portugal.

We are a family owned and operated business.

2. What data do we collect and when?

When you use our Site and our services, we may collect the following Data concerning you:

- first name, surname;

- Postal code;

- telephone contact;

- E-mail address;

- IP adress;

- password;

- order history and transaction numbers;

- history of your visits and navigation on the Site;

- bank card number (through our service providers in charge of managing payments and under the conditions set out in clause 8 below).

If you access our Site through Facebook or Google+ authentication, we will also have access to your public profile information and, according to the choices you made through the same networks, to the email address you provided on Facebook or Google+.

In addition, other Data may be automatically collected during your navigation on the Site. The list of data categories in question can be found in clause 10 on Cookies.

The above data can be collected at different times:

- when you create your account on the Site or when you authenticate through Facebook or Google+;

- when placing your orders;

- when you browse the Site;

- when participating in a game / contest that we organize;

- when you contact our customer service,

We are a family owned and operated business.

3. For what purpose and on what legal basis is your Data used?

Your Data is processed for the following purposes:

- ensure the management of your orders (for example: delivery, claims management, after-sales service, litigation management), under the sales contract you enter into with us when you purchase a product on our Site;

- to send you our commercial proposals based on the legitimate interest that we have to ensure that you benefit from the most appropriate experience on our Site;

- personalize the communications we send you and the offers we propose to you, depending on your navigation on our Site and your previous purchases, based on your prior consent;

- send you our partners' proposals based on your prior consent;

- preparing business statistics and analyzing our marketing tools (for example: counting the number of display and activation of our sales spaces, preparing statistics on visits to the Site), based on the legitimate interest that we have to be able to understand and improve performance of our Site;

- fight against fraud (for example: implementation of security measures, namely dealing with the fight against bank card fraud), based on the legitimate interest that we have to guarantee the security of transactions carried out on our Site, under the conditions provided for in clause 8.2 below.

We are a family owned and operated business.

4. How long do we keep your data?

Subject to the specific provisions regarding bank card numbers and the fight against fraud, set out in clause 8 below, your Personal Data is kept in our active database for a maximum period of 3 years from your last activity, ie leave:

- your last purchase;

- from your last visit to our Site, provided you have accessed your account and browsed our pages;

- your last contact with our customer service department;

- the opening of a link in a newsletter or other commercial email we send you (if you have consented to such sending).

A few weeks before that period expires, we will contact you to let you know if you want to keep your account. Otherwise or in the absence of a response from you, we will close your account and delete your Data from our active database. From that moment, you will no longer be able to access your account with your old credentials and should therefore create a new one again.

The elimination of your Data from our active base will be followed by an intermediate storage period in order to be able to comply with our legal, accounting and tax obligations as well as to be able to manage any claims, within the limit of the applicable prescription periods. In the event that your Data will be stored for a longer period, it will automatically be irreversibly anonymized.

In any case, and in accordance with clause 7 below, you can, at any time, request the elimination of all or part of your Data, object to its treatment or request its limitation.

We are a family owned and operated business.

5. Recipients of your Personal Data

Outside Showroomprivé.pt, your data can be communicated to the following recipients:

• To our service providers, who assist us to provide you with our services, assuming, under our control, all or part of the processing operations of your Data which are:

- Our hosting provider, who we need to store all your data;

- Our service providers responsible for ensuring the management and security of the payments you make on our Site;

- Our service providers to whom we entrust the services of preparation and delivery of our products;

- Our service providers responsible for ensuring that advertising, marketing and commercial campaigns are carried out;

- Certain entities of the SRP group, in order to comply with our legal obligations, prevent fraud and protect our tools.

• Our business partners in the event that the service you subscribed to was implemented jointly by us and one of our partners. Each of us processes your Data.

We may also share all or part of your Data with a third party when:

• has given us your prior agreement;

• We are required, under the law, to make an imperative request from a public authority or in the context of judicial proceedings;

• We assign or transfer all or part of our company or assets, for example in the context of a merger or a sale. Operations of this nature may legitimately imply prior audits by professionals and through the implementation of appropriate guarantees and security measures in order to ensure the confidentiality of the data they access. In the case of an effective transmission operation or assignment of our assets containing your Data, we will implement information procedures that will guarantee the exercise of the rights that assist you over your Data.

We are a family owned and operated business.

6. Transfer of your Data outside the European Union

It may happen that your Data transits or is hosted on servers that belong to us or that belong to our partners. For example, Data collected in connection with our customer service can be transferred to our providers located outside the European Union. These servers can be located around the world, in countries where the laws can ensure a different level of protection than ours. Notwithstanding this, we are committed to taking the necessary measures to maintain an appropriate level of confidentiality and security. We may require, for example, that our subcontractors and partners implement any measure to guarantee the same level of protection as that required by the applicable regulations on personal data.

We are a family owned and operated business.

7. What are your rights and how do you exercise them?

In accordance with the applicable regulations on personal data, you can exercise the following rights with Caminho das Palavras:

- Access your Data, request its rectification, elimination or portability;

- Withdraw your consent for the future regarding all or part of the treatments in question;

- Oppose the processing of your Data or request its limitation;

You can exercise these rights by filling out our contact form, or by sending us an email to or by mail to the following address: Praça Marcolino de Sousa, 8, 1.Esq., 7000-757 Évora, Portugal , providing us with a document proving their identity and explaining:

- Your surnames, first name, email address;

- The object of your order;

- The address to which to send the reply;

We will respond within a maximum period of 1 month from the receipt by our services of your request.

You also have the right to file a complaint with a supervisory authority.

We are a family owned and operated business.

8. Security and confidentiality of payments

For us it is extremely important that if your purchases are made in the best possible security conditions. For this purpose, your transactions are confidential, encrypted and protected thanks to the SSL (Secure Sockets Layer) protocol. When paying for your order via bank card, the transaction is made between you and the Wix and ADYEN group, recognized for their reliability in terms of Internet transactions.

We use several mechanisms in the fight against fraud:

- When you click on the "Validate" button at the time you place your order, our bank checks the validity of the bank card number and makes sure of its compliance;

- We also use a program called «3D Secure» that aims to fight against fraud. At the time of online payment, you may also be required to identify yourself before the transaction is completed (by forwarding to your bank's website, by receiving an SMS or by personal questions such as date of birth, postal code , etc.);

- Finally, we implemented an automated treatment to combat bank card fraud. Thus, we can carry out controls that aim to certify the veracity of your identity and domiciliation. In this context, we can carry out checks regarding the information you provide us (such as: first name, surname, e-mail address, delivery address, etc.) as well as regarding the IP address used, a history of your orders and transactions , the characteristics of the order in question and, finally, in relation to the bank card used (type, country of issue and partial numbers communicated by the banking and payment institutions, composed only of the first four numbers and the last two, as well as its date expiration). If applicable, we can ask you to send us, by email, a double-sided copy of your citizen card / identity card as well as a proof of address with a date of less than three (3) months. These documents are not kept beyond the time required for verification and are not passed on to third parties. We reserve the right to cancel the order in question and block the account. In the event that we do not receive the supporting documents requested within the established deadline, we will cancel the order but will not block your account. You will be informed of the above by email.

As part of this treatment, we recall that you have the set of rights listed above 1-6.

We do not keep your bank details on our servers. You should therefore, at the time of each order, re-enter them in the fields provided for that purpose when purchasing your order. However, and only if you have given your consent, your bank details can be kept securely by the service providers in charge of managing the payments selected by so that they can be used in future payments on the Site. For this purpose, just check the box “Remember my information” at the time of payment.

You can, at any time, request the elimination of the registered bank card:

- Go to the section "My personal data" after "My registered cards" and clicking on the small cross; or

- By writing to the following email address:

We are a family owned and operated business.

9. Social networks

Like most people, we are present on various social networks like Facebook or Instagram. You can find them on our website on several occasions:

- When you access our website through your Facebook account. As indicated in clause 2 above, we will then have access to your public profile information and, according to the choices you made through Facebook, the email address you provided on Facebook. However, we will never post anything on your Facebook profile;

- When you share our sales on social networks.

Each social network has its own privacy policy which we recommend you consult.

We are a family owned and operated business.

10. Cookies

The term “Cookie (s)” refers to a small file stored and read when consulting a website or reading an email, installing or using a computer program or an application mobile, and this regardless of the type of Terminal used.

Cookies implemented on the Site are of different types and serve different purposes. To set up cookies, go to your account.

You can accept or refuse the installation of Cookies according to the modalities explained here below. Please note that the settings will be changed within 24 hours of your request. Your Cookies have an expiration date of 13 months.

You can, at any time, manage the ways of storing and using the Data collected through Cookies.

How to manage the use of Cookies through your browser?

Below, you can find the different ways of managing your Cookies according to your navigation software. The configuration of each browser is described in the help menu of your browser. Some examples:

• For Internet Explorer ™:

In the Internet Explorer menu, go to "Internet Options";

On the "Privacy" tab, click the "Advanced" button;

Check the box “Ignore automatic cookie management”;

Then select: "Accept" for internal cookies and "Decline" for third party cookies;

Save your changes by clicking "OK".

• For Safari ™:

From the Safari menu, select "Preferences";

Go to the "Security" tab;

In the option "Accept cookies", select "Only from the sites I visit".

• For Chrome ™:

In the Chrome menu, select "Settings";

Click on "Show advanced settings";

Go to the "Privacy" paragraph;

Click on the "Content Settings" tab;

In the paragraph "Cookies" (first paragraph), select the box "Block cookies and data from the third site";

Save your changes by clicking "OK".

• For Firefox ™:

On the Firefox home page, click on the "Settings" tab;

Select the "Privacy" box;

In the "History" area, for the "Conservation rules" option, select "Use custom settings for history";

In the “Accept third party cookies” drop-down bar, select “Never”;

Save your changes by clicking "OK".

For other browsers and mobile devices, we recommend that you go to the official website of the browser or device manufacturer and consult the documentation provided