Privacy Policy

Introduction

The Privacy Policy was developed to support Yours Market, a legal entity with tax number 517330490, headquartered at Rua Prof. Dr. António Joaquim Ferreira da Silva 1705, 3720-767 Vila de Cucujães – henceforth Yours Market, in adapting its activities to the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (“GDPR”).

This policy is complemented by others on security, which are relevant to the company’s business, together describing Yours Market’s approach to information security and privacy.

This policy applies to all Professionals and Partners of Yours Market and, when identified, to third parties accessing the company’s assets.

The terms ‘Privacy’, ‘Data Privacy’, and ‘Data Protection’ may be used interchangeably, as they are associated with a complex set of legal requirements that apply to Personal Data, extending beyond data security and confidentiality. For example, it includes requirements on data use transparency and retention.

Compliance with this policy is mandatory, hence all Professionals and Partners have the individual responsibility to ensure compliance and should seek clarifications from their team leaders if necessary.

It is the responsibility of Yours Market to define appropriate mechanisms for compliance with this policy, with operational implementation responsibility lying with the teams, supported by the Privacy Officer.

Compliance with this policy can be monitored through inspections, audits, and/or written compliance confirmations, with all areas responsible for regularly assessing their compliance within their area of responsibility.

Consequently, any employee who has violated this policy is subject to disciplinary action.

This policy is based on the principles established in the GDPR. However, there are national differences in the applicability of data protection and privacy at Yours Market, when processing personal data outside the EU, receiving personal data from outside the EU, or processing personal data of non-EU citizens.

In case of doubt, contact Yours Market through the provided contacts.

Data Protection Principles

In our activities, we process Personal Data: whether when receiving personal data during our business opportunities, commitments with clients, marketing activities, or a range of other related and supportive activities. Data may be received directly from a Data Subject (e.g., in person, by mail, email, phone, or other sources), including our clients, partners, subcontractors, joint controllers for Processing, support service providers, and credit reference agencies.

All professionals and partners should only request personal data from a Data Subject that is relevant and necessary to fulfill a specific purpose and business task.

Yours Market commits to comply with the personal data protection principles defined by the GDPR, namely:

Legality, fairness, and transparency: this means we must have a legitimate reason for processing Personal Data, e.g., Data Subject’s consent, compliance with a legal obligation. It also means we must inform the Data Subject clearly about the processing;
Purpose Limitation: we should only request Personal Data for specific, explicit, and legitimate purposes, and not process them beyond the purpose for which they were requested;
Data Minimization: the Personal Data being processed should be adequate, relevant, and limited to what is necessary;
Accuracy: we are obliged to ensure that Personal Data is accurate and updated as necessary;
Retention Limitation: we should not retain Personal Data longer than necessary for the purposes for which they are processed, although some may be retained for historical and statistical purposes;
Integrity and Confidentiality: we must have adequate security controls to protect data against unauthorized and illegal processing, loss, destruction, or damage, including technical and organizational measures such as defined processes, training, and awareness;
Legal transfer outside the European Economic Area: we only transfer Personal Data outside the EEA provided there are adequate safeguards, such as a contractual basis;
Data Subject’s Rights: Data Subjects have various rights that we must respect (e.g., the right to access a copy of the data we store and the right to withdraw consent for direct marketing purposes).

Legality and Fairness in Processing

Whenever we collect, process, or use personal data, we must have a legal basis for it. This means we must accordingly indicate the basis we are using for personal data processing.

Similarly, when collecting Personal Data directly from the Data Subject (e.g., during a business relationship, in writing, via email, or on our website), we must clearly provide the necessary information about our identity and contact, processing purposes, category of Personal Data processed, retention periods, and other necessary information.

Processing Purposes

Personal Data can only be collected for specific, explicit, and legitimate purposes and cannot be processed subsequently in a manner incompatible with those purposes. Such purposes may include executing a contract with the Data Subject, fulfilling legal obligations we are subject to, our legitimate interest, or the explicit consent of the Data Subject, among others.

We only collect Personal Data that is strictly necessary for the predefined purposes. When a specific purpose cannot be achieved only with anonymized data or using non-sensitive Personal Data, sensitive personal data can only be used if the Data Subject has given explicit consent for this purpose or if processing is necessary for the protection of vital interests of the Data Subject.

All departments processing Personal Data must verify and document the legal basis underlying the processing. Personal Data should only be processed when there is a valid and legitimate purpose to do so.

The collection of personal data related to our employees occurs through various channels and formats, such as: registration forms; electronic web forms (e.g., during the recruitment process); data records; CCTV images; team photos, including ID cards; data from other sources (e.g., previous employers); credit and security checks, among others.

The storage of Personal Data related to our employees occurs through various channels and formats, such as: pay slips; appraisal records; employment contracts; emails; sickness records, among others.

Data Subject’s Consent

When we request Personal Data for a specific purpose, and there is no other legal basis for processing, explicit consent from the Data Subject is required. This implies that the Data Subject must be clearly and concisely informed of our intentions and, when requested, must express their consent through an affirmative action (e.g., selecting a checkbox on a website).

People have the right to withdraw their consent at any time. However, this does not affect the lawfulness of processing based on consent before its withdrawal. If a Data Subject withdraws their consent, they may not be able to use certain services or features, and this action may affect our ability to support them in the future.

However, there are some circumstances where the Data Subject’s consent is not necessary, for example, if processing is necessary to execute a contract with the Data Subject, to comply with a legal obligation we are subject to, or to protect the vital interests of the Data Subject.

Necessary Processing

Under the GDPR, there is a set of processes that are necessary for fulfilling legal obligations we are subject to or necessary for executing a contract with the Data Subject, or to protect the vital interests of the Data Subject.

This means that Personal Data can be processed without the need to obtain consent from the Data Subject. These processes can only be carried out within the purposes for which the Personal Data was collected.

International Transfers of Personal Data

The Personal Data we hold may be transferred and processed in countries outside the European Economic Area (EEA). Transfers of Personal Data outside the EEA may be necessary for executing a contract with the Data Subject, or protecting the vital interests of the Data Subject, among other reasons.

When we make international transfers of Personal Data, we ensure that at least one of the following conditions applies:

a) The country to which the Personal Data is transferred provides an adequate level of protection for the rights and freedoms of the Data Subject, by decision of the EU Commission;
b) Appropriate safeguards are provided (e.g., standard data protection clauses);
c) The Data Subject has explicitly consented to the transfer after being informed of the possible risks;
d) The transfer is necessary for one of the reasons established in the GDPR, including executing a contract between Yours Market and the Data Subject, or protecting the vital interests of the Data Subject;
e) The transfer is legally required for important reasons of public interest or for the proposal of legal actions or defense in the same.

Log Information, Cookies, and Web Beacons

Yours Market’s website uses cookies to distinguish its users. Yours Market collects standard Internet log information, including the user’s IP address, browser type and language, access times, and referring website addresses.

To ensure that the website is well managed and to facilitate navigation, Yours Market or its service providers may also use cookies (small text files stored in the user’s browser) or web beacons (electronic images that allow our website to count visitors who access a site and certain cookies) to collect aggregated data.

Collection and Retention

Yours Market, as an employer, collects, processes, and retains personal data of workers, contractors, consultants, and applicants. The Human Resources Department and other departments processing Personal Data of professionals should verify and document the legal basis inherent to the processing they perform. Personal Data of professionals should only be processed when there is a valid and legitimate objective for it.

The collection of personal data related to employees occurs through various channels and formats, such as: registration forms; electronic web forms, (e.g., during the recruitment process); data records; CCTV images; team photos, including ID cards; data from other sources (e.g., previous employers); credit and security checks; etc.

The creation and storage of personal data related to our professionals occur through various channels and formats, such as: pay slips; appraisal records; Employment contracts; emails; sickness records; etc.

Training and Awareness

We are committed to providing adequate training on personal data protection to all professionals. If necessary, we will provide customized training and awareness for people considering their functions.

Process Design and Change

For all proposed new systems and business procedures involving Personal Data, we should consider whether a privacy and information security impact assessment is required to identify risks and controls.

Updated on September 9, 2022

Cookie Policy

This website uses cookies to provide a better experience for its visitors, as well as to ensure that it is fully operational. This Cookie Policy is part of our Privacy Policy, which should be consulted for more information about us and how we protect user information. To provide a personalized and efficient service to our users, it becomes necessary to remember and store information about how this Website should be used. For this, we use reduced text files called cookies that contain small amounts of information downloaded to our users’ computers or other devices through a server. Their internet browser subsequently sends these cookies back to the Website on each subsequent visit, allowing the recognition and memorization of the identity of our visitors, namely the usage preferences of our users. More detailed information about cookies and their operation can be found here (aboutcookies.org). Navigation on this Website allows the collection of information using cookies and other technologies. By using this site, you accept the use of cookies as described in this Cookie Notice.

What types of cookies are used and why?

Some of the cookies we use are necessary to enable navigation on this website as well as to take advantage of its features such as accessing secure areas and exclusive content for registered users. Our website also uses functional cookies to record information about our users’ choices and to adapt our website to their needs; for example, remembering the language of origin or region or that a user has already completed filling out a survey. The recorded information is anonymous and is intended only for the purpose indicated above. We may use, directly or indirectly, web analytics services to measure the effectiveness of our content and the preferences of our users which allow us to contribute to the optimization of this website’s functioning. Additionally, we use web beacons or tracking pixels to count the number of visitors and performance cookies to monitor how users individually access our website and how often. This information is used only for statistical purposes without identifying any particular user. However, for registered users who are connected to the website, we may combine this information with data collected via web analytics services and cookies to analyze how visitors use this website in more detail. This website does not use targeting cookies to promote targeted advertising to our visitors. Whenever you want detailed information about the cookies used on our website, we appreciate your contact via email.

How to control cookies?

Website users accept the introduction of cookies on their computers or devices under the terms indicated above, notwithstanding the control and management available. We inform users that the removal or blocking of cookies may affect their user experience and may limit access to some areas of the website.

Browser Controls

Most browsers allow our users to view the hosted cookies and delete them individually or alternatively block cookies on a particular website or all in general. We remind you that the preferences set, including self-exclusion, are lost whenever cookies are deleted. For further clarification, they should consult the websites or cookiecentral.com.

Management of analytics cookies

Our users may choose to exclude their anonymity in their browsing activity within websites monitored by analytics cookies. We use the following service providers where you can obtain more information about their privacy policies and how to delete their cookies by clicking on the following links:

Google Analytics: google.com/analytics/learn/privacy.html
Facebook Pixel: facebook.com/business/help/742478679120153

Management of local shared objects or flash cookies

A local shared object or flash cookie is similar to other browser cookies, differing in that they can store more types of information.

These cookies cannot be controlled through the mechanisms identified above. Some areas of our website use this type of cookies to store user preferences for media player features and without them, the content of some videos may not be viewed properly. These cookies can be controlled manually by visiting the Adobe website.

Social buttons

We use social buttons to allow our users to share or add pages to favorites. These buttons are related to social networks which may obtain information about our visitors’ activities on the Internet, including on our website. Understanding how the information is used and how it can be excluded from its collection should be obtained by reviewing the respective Terms of Use and Privacy Policies of these websites.

Email Communications

To gauge the relevance of our communications, we may use monitoring technologies to determine whether our visitors have read, clicked on links, or forwarded certain email communications sent by Yours Market. In case of disagreement with this mode of operation, our users should revert their subscription (unsubscribe), as it is not possible to send these emails without these monitoring mechanisms active. Registered subscribers can update their communication preferences at any time by contacting us via email, or they can cancel their subscription, following the instructions in the Yours Market communication email sent to their electronic address.

This Cookie Policy may be reviewed at any time, at our discretion. When such changes are made, the revision date at the top of the page will be changed. The altered Cookie Policy will take effect from the revision date. We recommend that users of our website periodically review the Cookie Policies, in order to stay informed about our cookie management.