The Portuguese Data Protection Law, “Lei da Proteção de Dados Pessoais” Law no 58/2019, 8th of august, hereinafter, “LPDP”) and the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th of April 2016, hereinafter “GDPR”) shall ensure the protection of natural persons with regard to the processing of personal data and the free movement of such data.
According to the Law, personal data refers to any “information relating to an identified or identifiable natural person, “the data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.”
MEXTO maintains two databases: one with the registration of its customers composed only by the personal data provided by the data subject itself at the time of registration /contact request, and another with the registration of the subscribers to the newsletter "MEXTO Property Investment" composed by the personal data provided by the data subject itself at the time of subscription to the newsletter, being these data, in both cases, collected and processed automatically and manually by MEXTO, the entity responsible for the processing of personal data.
3. PURPOSES OF THE PROCESSING OF PERSONAL DATA
The personal data processed through this page will only be used for the following purposes:
Processing of Information requests;
Communications with the client and scheduling of specific on-site services, when applicable;
Verify, maintenance and development of systems and analytic statistics;
Sending promotional, commercial and informative newsletters;
Leads capture and management.
MEXTO guarantees the confidentiality of all data provided. Although MEXTO collects and processes data in a secure manner and prevents its loss or manipulation using the most appropriate techniques, it should be borne in mind that the collection of data in open networks allows personal data to be circulated without safety conditions, with the risk of being seen and used by unauthorized third parties. Failure to respond to data marked as mandatory, implies the inability to respond to the request of the data subject.
4. LAWFULNESS OF PROCESSING
MEXTO processes Users' data:
when it is necessary for the performance of a contract to which the data user is a party, or for pre-contractual steps at the request of the user;
when processing is necessary for compliance with a legal obligation to which MEXTO is subject;
when processing is necessary for the purposes of the legitimate interests pursued by MEXTO or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
when they express their express and free consent to the processing of their personal data for certain purposes.
5. NEWSLETTERS AND LEADS CAPTURE
After the free and optional consent of the User, some personal data (name, e-mail) may be processed by MEXTO for the purpose of sending commercial and informative newsletters (project status, commercial information and news that MEXTO has to present), or for MEXTO to receive qualified leads that may be approached for campaigns and/or commercial contacts.
Consent to the processing of personal data for such purpose is free and optional. Even if consent is given for this purpose, the User may revoke it at any time. The User may object to the subsequent sending of promotional communications by email by clicking on the link dedicated to said revocation, which is found in any communication for the identified purpose.
6. DATA RETENTION
MEXTO only keeps and processes your personal data for the period that is necessary or obligatory for the fulfilment of the purposes described above, applying information conservation criteria appropriate to each treatment and in line with applicable legal and regulatory obligations.
7. SECURITY MEASURES
MEXTO states that it has implemented and will continue to implement the security measures of a technical and organizational nature necessary to guarantee the security of the personal data provided to it, in order to prevent its alteration, loss, unauthorized treatment and/or access, taking into account the current state of the technology, the nature of the data stored and the risks to which it is exposed.
MEXTO guarantees the confidentiality of the data provided through this website. The collection and processing of data takes place safely and prevents its loss or manipulation. All data is inserted on a secure server (256-bit SSL) that encrypts/encodes (transforms into a code). You can verify that your browser is safe if the padlock symbol appears or if the address starts with HTTPS instead of HTTP.
The personal data is treated with the level of protection legally required to guarantee the security of the same, as well as prevent unauthorized alteration, loss, unauthorized processing, considering the state of the technology, being the user aware and accepting that the security measures of Internet are not impregnable.
Whenever MEXTO accesses personal data, it undertakes to:
Store the data by means of legally enforceable security measures of a technical and organizational nature that guarantee their security, thus avoiding unauthorized alteration, loss, processing or access, according to the current state of technology, the nature of the data and the possible risks to which they are exposed;
Use the data exclusively for the purposes which were previously defined;
Make sure that the data is handled only by the employees whose intervention is necessary to satisfy the request of the data subject, being the same obliged to the duty of secrecy and confidentiality. Should the information be disclosed to third parties for said purposes, they should be required to keep the confidentiality in accordance with what is envisioned in this document.
8. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
The personal data collected will be processed within the European Economic Area and there will be no international data transfers to third countries or international organisations.
If personal data is processed outside the European Economic Area, it will be processed only with adequate safeguards and at the required level of protection in accordance with the legislation on personal data protection.
9. EXERCISE OF THE RIGHTS OF THE DATA SUBJECT
In accordance with the provisions of the LPDP and the RGPD, the user may exercise at any time his/her right to information, access, rectification, erasure, limitation, portability and opposition by means of a written request addressed to MEXTO, through the following means:
Through mail to the following address: Avenida António Augusto Aguiar, n.º 27, 1.ºD, 1050-012 Lisboa
Through e-mail to the following address:
10. SUPERVISORY AUTHORITY
In accordance with the law, the data subject has the right to submit a complaint regarding the protection of personal data to the competent supervisory authority, the National Data Protection Commission “Comissão Nacional de Proteção de Dados” (CNPD) www.cnpd.pt.