Essential details and our identity
Information we gather regarding you
Personal data refers to any information that can identify an individual, excluding anonymous data. We collect and process various categories of personal data, including:
Identity Data: First name, last name, username, and title. Contact Data: Billing and delivery addresses, email address, and telephone numbers. Financial Data: Bank account and payment card details. Transaction Data: Details of purchases, payments, and related product/service information. Technical Data: IP address, login details, browser type/version, time zone, device information. Profile Data: Usernames, passwords, purchase/order history, preferences, feedback, and survey responses. Usage Data: Information about website, product, and service usage. Marketing and Communications Data: Preferences for receiving marketing communications and communication preferences.
We do not collect any Special Categories of Personal Data, such as race, ethnicity, religious beliefs, sexual orientation, or health information. Additionally, we do not gather information about criminal convictions or offenses.
Failure to provide personal data
In situations where it is required by law or under a contractual agreement we have with you, if you fail to provide the requested personal data, we may be unable to fulfill the contract or agreement we have with you. For example, this may result in the inability to provide products or services to you. In such cases, we will notify you if cancellation or discontinuation of a product or service is necessary.
How we collect your personal data
We collect your data through various methods, including:
Direct interactions: When you fill in forms or correspond with us through post, phone, email, or other means, providing Identity, Contact, and Financial Data. This includes when you:
Third parties: We receive Technical Data about you from analytics providers like Google, based outside Portugal.
How we utilize your personal data
We will only use your personal data when permitted by law. In most cases, we use your personal data in the following circumstances:
Purposes for which we will use your personal data
We have outlined below a description of how we intend to use your personal data and the legal bases we rely on for each purpose. We have also indicated our legitimate interests where applicable.Please note that depending on the specific purpose, we may process your personal data based on more than one lawful ground. If you require details about the specific legal basis we rely on for processing your personal data, please contact us.
Purpose/Activity, Type of data, Lawful basis for processing including basis of legitimate interest
- Registering you as a new customer: Identity, Contact; Performance of a contract with you.
- Processing and delivering your order, including payment management and debt collection: Identity, Contact, Financial, Transaction, Marketing and Communications; Performance of a contract with you; Necessary for our legitimate interests (debt recovery).
- Managing our relationship with you, including notifications about changes, reviews, and surveys: Identity, Contact, Profile, Marketing and Communications; Performance of a contract with you; Necessary to comply with a legal obligation; Necessary for our legitimate interests (customer relationship management).
- Administering and protecting our business and website, troubleshooting, data analysis, and system maintenance: Identity, Contact, Technical; Necessary for our legitimate interests (business administration, IT security, fraud prevention, restructuring); Necessary to comply with a legal obligation.
- Delivering relevant website content: Identity, Contact, Profile, Usage, Marketing and Communications, Technical; Performance of a contract with you.
- Using data analytics to improve our website, products/services, marketing, customer relationships, and experiences: Technical, Usage; Necessary for our legitimate interests (defining customer types, website improvement, business development, marketing strategy).
- Making suggestions and recommendations about products or services of interest: Identity, Contact, Technical, Usage, Profile, Marketing and Communications; Necessary for our legitimate interests (product development, business growth).
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.
Third-party marketing We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out You can ask us or third parties to stop sending you marketing messages at any time by logging into your account on the website and checking or unchecking the relevant boxes to adjust your marketing preferences.Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.
Change of purpose We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.”
Sharing your personal data
We may disclose your personal data to the following parties for the purposes outlined in the table in section 4 above:
We require all third parties to respect the security of your personal data and to handle it in compliance with the law. We do not permit our third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.
International data transfers
We may share your personal data within the company (Blue Monkey), which does not involve transferring your data outside of the EU. Some of our external third parties may be located outside of the EU, and their processing of your personal data may involve the transfer of data outside of the EU.
When transferring your personal data outside of the EU, we ensure a comparable level of protection by implementing at least one of the following safeguards:
We only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For certain service providers, we may use specific contracts approved for use in the EU, which afford personal data the same level of protection as it has in the EU. For further information on the specific mechanism used by us to transfer your personal data out of the UK and EU, please contact us.
We have implemented adequate security measures to prevent the accidental loss, unauthorized use, access, alteration, or disclosure of your personal data. Furthermore, we restrict access to your personal data to authorized individuals such as employees, agents, contractors, and other third parties who require access for legitimate business purposes. These individuals will only process your personal data based on our instructions and are bound by confidentiality obligations.
We have established procedures to address any suspected breaches of personal data, and we will promptly notify you and relevant regulatory authorities in accordance with our legal obligations if a breach occurs.
How long will we keep your personal data?
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including meeting any legal, regulatory, tax, accounting, or reporting requirements. In certain circumstances, we may retain your personal data for a longer period if there is a complaint or a reasonable prospect of litigation related to our relationship with you.
To determine the appropriate retention period for personal data, we consider factors such as the amount, nature, and sensitivity of the data, the potential risk of unauthorized use or disclosure, the purposes for which we process the data, the availability of alternative means to achieve those purposes, and applicable legal, regulatory, tax, accounting, or other requirements.
In certain cases, we may anonymize your personal data for research or statistical purposes, rendering it no longer associated with you. In such instances, we may use this anonymized information indefinitely without further notice.
Your legal rights
To exercise any of these rights, please contact us.
No Payment Required You will not be charged a fee to access your personal data or exercise your rights. However, if your request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to comply with your request.
Information Verification To confirm your identity and ensure your right to access your personal data or exercise your rights, we may need to request specific information from you. This is a security measure to prevent unauthorized disclosure of personal data. We may contact you for further details to expedite our response.
Response Timeframe We aim to respond to all legitimate requests within one month. If your request is particularly complex or if you have made multiple requests, it may take longer to provide a response. In such cases, we will notify you and keep you informed of the progress.
You have the following rights under data protection laws: 1. Right to Request Access: You can request access to the personal data we hold about you, commonly known as a “data subject access request.” This allows you to receive a copy of your personal data and verify its lawfulness. 2. Right to Request Correction: You have the right to request the correction of any incomplete or inaccurate personal data we hold about you. We may need to verify the accuracy of the updated information you provide. 3. Right to Request Erasure: You can ask us to delete or remove your personal data where there is no valid reason for us to continue processing it. This right also applies if you have successfully exercised your right to object to processing, if we have processed your data unlawfully, or if erasure is required to comply with local laws. Please note that specific legal reasons may prevent us from fulfilling your request for erasure, and we will inform you accordingly if applicable.
4. Right to Object to Processing: If we rely on legitimate interests (or those of a third party) to process your personal data, and you believe this processing infringes upon your rights and freedoms, you have the right to object. You also have the right to object to the processing of your personal data for direct marketing purposes. However, we may demonstrate compelling legitimate grounds that override your rights and freedoms.
5. Right to Request Restriction of Processing: You can ask us to suspend the processing of your personal data in the following situations:
- When you contest the accuracy of the data, we need time to verify it. - If the processing is unlawful, but you prefer us to retain the data rather than delete it. - When you need us to retain the data, even if we no longer require it, as you need it to establish, exercise, or defend legal claims. - When you have objected to our use of your data, and we need to verify whether we have overriding legitimate grounds to continue processing it.
6. Right to Data Portability: You have the right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format. This right applies only to automated information based on your initial consent or when we used the information to perform a contract with you.
7. Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. However, withdrawing consent does not affect the lawfulness of processing conducted before the withdrawal. In some cases, withdrawing consent may limit our ability to provide certain products or services, and we will inform you of any implications at the time of withdrawal.
Please note that there may be circumstances where we need to verify your identity or request additional information to process your rights. This is a security measure to ensure that personal data is not disclosed to unauthorized individuals. We may also contact you to gather further information to expedite our response.
We strive to respond to all legitimate requests within one month. If your request is particularly complex or if you have multiple requests, it may take longer to provide a response. In such cases, we will notify you and keep you informed of the progress.