Privacy Policy

Purpose of this privacy policy
‍
The purpose of this privacy policy is to provide you with information about how Blue Monkey gathers and handles your personal data when you use our website. This includes any data you provide when making a purchase, subscribing to our newsletter, or using our services. We want to emphasize that our website is not intended for children, and we do not knowingly collect data from children.It is crucial that you carefully read this privacy policy along with any other privacy policy or fair processing policy we may provide on specific occasions when collecting or processing your personal data. This will ensure that you have a comprehensive understanding of how and why we use your data. This privacy policy complements other notices and privacy policies and is not intended to override them.
‍
Contact details
‍
If you have any inquiries regarding this privacy policy or how we handle your privacy, please reach out to us using the following contact methods:
Company name: Blue Monkey
VAT Number: PT163677565
Email address: hello@bluemonkeyprints.com
Postal address: Avenida Visconde de Valmor 75, 1E. 1050-239 Lisboa
Telephone number: +351 912925822
‍
Updates to the privacy policy and your responsibility to notify us of changes
‍
We consistently review and update our privacy policy. This version was last revised in July 2023.
Maintaining accurate and up-to-date personal data is crucial. Therefore, we kindly request that you notify us of any changes to your personal information throughout our relationship. This will help ensure that the data we hold about you remains accurate and current.
‍
Third-party links
‍
This website may contain links to external websites, plug-ins, and applications operated by third parties. By clicking on these links or enabling such connections, you may allow third parties to gather or share data about you. It is important to note that we do not have control over these third-party websites and we are not accountable for their privacy policies. We strongly advise that you carefully read the privacy policy of each website you visit when you leave our site.

Personal data refers to any information that can identify an individual, excluding anonymous data. We collect and process various categories of personal data, including:

Identity Data: First name, last name, username, and title.
Contact Data: Billing and delivery addresses, email address, and telephone numbers.
Financial Data: Bank account and payment card details.
Transaction Data: Details of purchases, payments, and related product/service information.
Technical Data: IP address, login details, browser type/version, time zone, device information.
Profile Data: Usernames, passwords, purchase/order history, preferences, feedback, and survey responses.
Usage Data: Information about website, product, and service usage.
Marketing and Communications Data: Preferences for receiving marketing communications and communication preferences.

We may also collect, use, and share Aggregated Data, which is statistical or demographic data that does not directly or indirectly reveal personal identity. However, if Aggregated Data is combined or linked with personal data in a way that identifies an individual, it is treated as personal data and handled according to this privacy policy.

We do not collect any Special Categories of Personal Data, such as race, ethnicity, religious beliefs, sexual orientation, or health information. Additionally, we do not gather information about criminal convictions or offenses.

Failure to provide personal data

In situations where it is required by law or under a contractual agreement we have with you, if you fail to provide the requested personal data, we may be unable to fulfill the contract or agreement we have with you. For example, this may result in the inability to provide products or services to you. In such cases, we will notify you if cancellation or discontinuation of a product or service is necessary.

We collect your data through various methods, including:

Direct interactions: When you fill in forms or correspond with us through post, phone, email, or other means, providing Identity, Contact, and Financial Data. This includes when you:

- Apply for our products or services
- Create an account on our website
- Subscribe to our publications
- Request marketing materials
- Provide feedback or contact us
- Automated technologies or interactions: As you interact with our website, we automatically collect Technical Data about your device, browsing actions, and patterns using cookies, server logs, and similar technologies. For more details, please refer to our cookie policy.

Third parties: We receive Technical Data about you from analytics providers like Google, based outside Portugal.

We will only use your personal data when permitted by law. In most cases, we use your personal data in the following circumstances:

- Performance of a contract: We use your personal data when it is necessary to fulfill or prepare to enter into a contract with you.
- Legitimate interests: We may use your personal data when it is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not outweigh those interests.
- Legal obligation: We use your personal data when we need to comply with a legal obligation.
‍
Please refer to the Glossary section at the end of this privacy policy to learn more about the specific lawful bases we rely on to process your personal data.
While we generally do not rely on consent as a legal basis for processing your personal data, we will seek your consent before sending you third-party direct marketing communications via email or text message. You have the right to withdraw your consent for marketing at any time by contacting us.

Purposes for which we will use your personal data

We have outlined below a description of how we intend to use your personal data and the legal bases we rely on for each purpose. We have also indicated our legitimate interests where applicable.Please note that depending on the specific purpose, we may process your personal data based on more than one lawful ground. If you require details about the specific legal basis we rely on for processing your personal data, please contact us.

Purpose/Activity, Type of data, Lawful basis for processing including basis of legitimate interest

- Registering you as a new customer: Identity, Contact; Performance of a contract with you.

- Processing and delivering your order, including payment management and debt collection: Identity, Contact, Financial, Transaction, Marketing and Communications; Performance of a contract with you; Necessary for our legitimate interests (debt recovery).

- Managing our relationship with you, including notifications about changes, reviews, and surveys: Identity, Contact, Profile, Marketing and Communications; Performance of a contract with you; Necessary to comply with a legal obligation; Necessary for our legitimate interests (customer relationship management).

- Administering and protecting our business and website, troubleshooting, data analysis, and system maintenance: Identity, Contact, Technical; Necessary for our legitimate interests (business administration, IT security, fraud prevention, restructuring); Necessary to comply with a legal obligation.

- Delivering relevant website content: Identity, Contact, Profile, Usage, Marketing and Communications, Technical; Performance of a contract with you.

- Using data analytics to improve our website, products/services, marketing, customer relationships, and experiences: Technical, Usage; Necessary for our legitimate interests (defining customer types, website improvement, business development, marketing strategy).

- Making suggestions and recommendations about products or services of interest: Identity, Contact, Technical, Usage, Profile, Marketing and Communications; Necessary for our legitimate interests (product development, business growth).

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.

Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out
You can ask us or third parties to stop sending you marketing messages at any time by logging into your account on the website and checking or unchecking the relevant boxes to adjust your marketing preferences.Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.

Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.”

We may disclose your personal data to the following parties for the purposes outlined in the table in section 4 above:

- Internal Third Parties, as defined in the Glossary provided at the end of this privacy policy.
- External Third Parties, as defined in the Glossary provided at the end of this privacy policy.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If there are any changes to our business, the new owners may utilize your personal data in accordance with this privacy policy.

We require all third parties to respect the security of your personal data and to handle it in compliance with the law. We do not permit our third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data within the company (Blue Monkey), which does not involve transferring your data outside of the EU.
Some of our external third parties may be located outside of the EU, and their processing of your personal data may involve the transfer of data outside of the EU.

When transferring your personal data outside of the EU, we ensure a comparable level of protection by implementing at least one of the following safeguards:

We only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
For certain service providers, we may use specific contracts approved for use in the EU, which afford personal data the same level of protection as it has in the EU.
For further information on the specific mechanism used by us to transfer your personal data out of the UK and EU, please contact us.

We have implemented adequate security measures to prevent the accidental loss, unauthorized use, access, alteration, or disclosure of your personal data. Furthermore, we restrict access to your personal data to authorized individuals such as employees, agents, contractors, and other third parties who require access for legitimate business purposes. These individuals will only process your personal data based on our instructions and are bound by confidentiality obligations.

We have established procedures to address any suspected breaches of personal data, and we will promptly notify you and relevant regulatory authorities in accordance with our legal obligations if a breach occurs.

How long will we keep your personal data?

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including meeting any legal, regulatory, tax, accounting, or reporting requirements. In certain circumstances, we may retain your personal data for a longer period if there is a complaint or a reasonable prospect of litigation related to our relationship with you.

To determine the appropriate retention period for personal data, we consider factors such as the amount, nature, and sensitivity of the data, the potential risk of unauthorized use or disclosure, the purposes for which we process the data, the availability of alternative means to achieve those purposes, and applicable legal, regulatory, tax, accounting, or other requirements.

In some situations, you have the right to request the deletion of your data. Please refer to the “Your Legal Rights” section of the Glossary at the end of this privacy policy for further details.

In certain cases, we may anonymize your personal data for research or statistical purposes, rendering it no longer associated with you. In such instances, we may use this anonymized information indefinitely without further notice.

You have certain rights concerning your personal data under data protection laws. You can access, correct, and delete your personal information by accessing the “account details” link in your account. For more detailed information about these rights, please refer to the “Your Legal Rights” section in the Glossary at the end of this privacy policy.

To exercise any of these rights, please contact us.

No Payment Required
You will not be charged a fee to access your personal data or exercise your rights. However, if your request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to comply with your request.

Information Verification
To confirm your identity and ensure your right to access your personal data or exercise your rights, we may need to request specific information from you. This is a security measure to prevent unauthorized disclosure of personal data. We may contact you for further details to expedite our response.

Response Timeframe
We aim to respond to all legitimate requests within one month. If your request is particularly complex or if you have made multiple requests, it may take longer to provide a response. In such cases, we will notify you and keep you informed of the progress.

You have the following rights under data protection laws:
1. Right to Request Access: You can request access to the personal data we hold about you, commonly known as a “data subject access request.” This allows you to receive a copy of your personal data and verify its lawfulness.
‍
2. Right to Request Correction: You have the right to request the correction of any incomplete or inaccurate personal data we hold about you. We may need to verify the accuracy of the updated information you provide.
‍
3. Right to Request Erasure: You can ask us to delete or remove your personal data where there is no valid reason for us to continue processing it. This right also applies if you have successfully exercised your right to object to processing, if we have processed your data unlawfully, or if erasure is required to comply with local laws. Please note that specific legal reasons may prevent us from fulfilling your request for erasure, and we will inform you accordingly if applicable.

4. Right to Object to Processing: If we rely on legitimate interests (or those of a third party) to process your personal data, and you believe this processing infringes upon your rights and freedoms, you have the right to object. You also have the right to object to the processing of your personal data for direct marketing purposes. However, we may demonstrate compelling legitimate grounds that override your rights and freedoms.

5. Right to Request Restriction of Processing: You can ask us to suspend the processing of your personal data in the following situations:

- When you contest the accuracy of the data, we need time to verify it.
- If the processing is unlawful, but you prefer us to retain the data rather than delete it.
- When you need us to retain the data, even if we no longer require it, as you need it to establish, exercise, or defend legal claims.
- When you have objected to our use of your data, and we need to verify whether we have overriding legitimate grounds to continue processing it.

6. Right to Data Portability: You have the right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format. This right applies only to automated information based on your initial consent or when we used the information to perform a contract with you.

7. Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. However, withdrawing consent does not affect the lawfulness of processing conducted before the withdrawal. In some cases, withdrawing consent may limit our ability to provide certain products or services, and we will inform you of any implications at the time of withdrawal.

Please note that there may be circumstances where we need to verify your identity or request additional information to process your rights. This is a security measure to ensure that personal data is not disclosed to unauthorized individuals. We may also contact you to gather further information to expedite our response.

We strive to respond to all legitimate requests within one month. If your request is particularly complex or if you have multiple requests, it may take longer to provide a response. In such cases, we will notify you and keep you informed of the progress.