top of page
LOGO - PNG.png

Privacy Policy

In compliance with the General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter “GDPR”, on the protection of individuals with regard to the processing of personal data and the free movement of such data, and Law No. 58/2019 of 8 August, which ensures the implementation of the GDPR in the national legal system, this Privacy Policy aims to inform data subjects who interact in any way with VSG - Fashion Confeção e Comércio de Têxteis, Unip. Lda, hereinafter VSG - Fashion, of the most relevant information regarding the protection of their personal data, including their rights and how these rights may be exercised. The expressions “Personal Data”, “Processing”, “Controller”, “Subcontractor”, “Data Protection Officer” are used in accordance with the definitions provided for in the GDPR.

 

Data Controller – Identity and Mission

 

VSG - Fashion is the Data Controller for the Processing of Personal Data and can be contacted at the following email address: geral@vsgfashion.com. VSG - Fashion is a duly registered legal entity. Through this Privacy and Data Protection Policy, VSG - Fashion declares that it recognizes the need for security of the personal data it processes, ensuring the protection of the privacy of the respective holders, adopting all technical and organizational measures necessary for the processing to comply with the principles and rules of the GDPR.

 

Data Protection Officer

 

VSG - Fashion has appointed a Personal Data Protection Officer who can be contacted in writing via the email address geral@vsgfashion.com, or by letter addressed to the Data Protection Officer at the address of the VSG Fashion headquarters: Rua do Pinheiro Manso no. 990 4820-763 Arões (São Romão).

 

Who are the data subjects and what data is processed?

Any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person is considered personal data. An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers or to one or more specific elements of their physical, physiological, genetic, mental, economic, cultural or social identity. A data subject is any natural person to whom personal data relates and who in any way interacts with VSG Fashion, such as its corporate bodies, employees or other service providers, users of the website.

In general, the processing of personal data carried out by VSG Fashion is based on the management of the relationship with its customers and the proposal to provide services that are suited to their needs and interests. The user of the website is solely responsible for the personal information that he/she provides, and VSG Fashion only collects information that is voluntarily provided by users. As part of the management of its activity, VSG Fashion processes the strictly necessary, appropriate and relevant personal data, which includes the presentation of proposals for the provision of services and insurance.

 

VSG Fashion, as Data Controller, ensures that the personal data it accesses are: ​

 

i) Subject to lawful, fair and transparent processing in relation to the data subject; ii) Collected only for the specified, explicit and legitimate purposes, and not subsequently processed for purposes incompatible with those initially defined; iii) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; iv) Accurate and up-to-date, whenever necessary, adopting all appropriate measures to ensure that inaccurate data, taking into account the purposes for which they are processed, are erased or rectified in a timely manner; v) Retained only for the period necessary for the purposes for which they are processed; vi) Processed in a manner that ensures their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by adopting appropriate technical or organizational measures.

 

Rights of personal data holders

 

The data subject has the right to: ​ (i) Request access to, rectification, erasure, opposition or restriction of processing of his/her personal data from the Data Controller; (ii) Receive the personal data concerning him/her that he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and request data portability to another Data Controller, if feasible and technically possible; (iii) Withdraw the consent given, at any time, when the processing is based solely on this legal basis. To this end, the data subject must send his/her request in writing to the Data Protection Officer via the email address geral@vsgfashion.pt, or to the address of the headquarters of VSG Fashion. The data subject may also request more detailed information from the Data Protection Officer about the processing of personal data, as well as submit complaints about the way in which their personal data is processed, without prejudice to the right to also file a complaint with the CNPD, if they consider that the processing carried out by the OCC violates their rights and guarantees, as set out in the GDPR.

 

Security of personal data.

 

AVSG Fashion adopts the appropriate and necessary security techniques and measures to protect the data subject's personal data, protecting them against misuse or unauthorized access. VSG Fashion treats the personal data it accesses in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically according to needs.

Personal data breach

 

In the event of a data breach and to the extent that such breach is likely to entail a high risk to the rights and freedoms of data subjects, VSG Fashion undertakes to communicate the personal data breach to the data subjects and to the National Data Protection Commission within 72 hours of becoming aware of the incident. According to the law, communication is not required in the following cases:

- If appropriate technical and organisational protection measures have been applied and these measures have been applied to the personal data affected by the personal data breach, in particular measures that make the personal data incomprehensible to any person not authorised to access such data, such as encryption;

- If subsequent measures have been taken to ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;

- If communication to data subjects involves a disproportionate effort and a public communication is therefore made.

 

Changes to the Privacy Policy

 

This privacy policy may be changed at any time, without prior notice, by publishing a new version on the website, with express reference to the date of the last update. Applicable law and jurisdiction Any disputes arising from the validity, interpretation or execution of the privacy policy, or that are related to the collection, processing or transmission of the personal data of its holder, must be submitted exclusively to the jurisdiction of the judicial courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules.

bottom of page