Privacy Policy
June 6, 2021
1. Scope and data controller
This privacy policy applies to all personal data collected through the website https:// you-x .eu or the AR You-X application of Xperialab Lda.
The entity responsible for processing this data is: Xperialab Lda (hereinafter referred to as “XPERIALAB”), with the legal person number 516 159 259, headquartered at AV. da Peregrinação, nº 9, 1 Dto, may request the holder of personal data ("User") to provide personal data, that is, information provided by the User that allows XPERIALAB to identify and/or contact him ("Personal Data" ”). For the purposes of this Privacy Policy, XPERIALAB is responsible for the processing of personal data.
This Privacy Policy seeks to provide all users with detailed information about the nature of the data collected and the purposes of the data processing carried out and, in this way, comply with the right to information and reinforce the transparency of our activities.
2. Definitions
In order to allow a better understanding of this Privacy Policy, the terms used are defined:
- “Online Services” – web pages, applications, channels and other online initiatives of XPERIALAB.
- “Personal Data” – any and all information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, electronic identifiers, email, mobile phone number, or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Processing ” – operation or set of operations carried out on personal data, whether through automated or non-automated procedures, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, broadcast or any other form of making available, comparison or interconnection, limitation, erasure or destruction.
- "Personal Data Subject" or "User" - refers to the natural person who browses the website or to whom personal data are processed,
- “Controller” – the natural or legal person, public authority, agency or body that individually or jointly with other entities determines the purposes and means of processing personal data.
- “Subcontractor” – natural or legal person, public authority, agency or other body that processes personal data in accordance with the instructions and on behalf of the data controller.
- “Recipient” – natural or legal person, public authority, agency or other body that receives communications of personal data.
3. General Principles Applicable to the Processing of Personal Data
In compliance with the general principles of the processing of Personal Data, XPERIALAB ensures that the User's personal data processed by it are:
- Object of lawful and transparent treatment towards the User.
- Collected and processed for a specific, explicit and legitimate purpose.
- Appropriate and limited to what is necessary for the purposes for which they are treated.
- Updated and corrected whenever necessary, all measures being taken so that incorrect data is eliminated or rectified as soon as possible.
- Maintained in order to allow the identification of the User only during the period strictly necessary for the purposes for which they are treated.
- Treated in such a way that their safety is guaranteed, namely the protection against their unauthorized treatment or their accidental loss or destruction. In this regard, the necessary technical and organizational measures will be taken.
The processing of personal data by XPERIALAB is lawful when at least one of the following conditions is met:
- The User has given explicit consent to the processing of their personal data for one or more specific purposes.
- The processing of data is necessary for pre-contractual steps at the User's request.
- The treatment is necessary for a legal obligation to which XPERIALAB is subject.
- The processing is necessary for the pursuit of the legitimate interests of XPERIALAB or third parties, without prejudice to the prevailing interests and rights of Users who require the protection of Personal Data.
XPERIALAB undertakes to ensure that the processing of User data is only carried out under the conditions and in compliance with the principles set out above.
When the processing of the User's data is carried out with the User's consent, the User may at any time withdraw their consent, which does not compromise the lawfulness of the processing carried out by XPERIALAB based on the consent previously given by the User.
The data, whenever there is no specific legal requirement, will be kept for the minimum period necessary for the purposes that led to its collection and processing. After that period they will be eliminated.
4. Personal data processing activities
4.1 Categories of personal data
XPERIALAB collects and processes data from visitors to its websites according to the purposes for which they are collected. The following data is thus collected:
- Identification data such as name;
- Contact details such as email, telephone number and others;
- Location data such as address;
- Tax identification data;
- Cookies are also collected, the detailed information of which can be consulted in the Cookies Policy .
4.2 Purposes, legal bases and conservation terms
Goal | Description | Legal basis | Conservation Term |
Submission of Budget | Management of the budget request process in the context of the process of responding to requests for commercial proposals by potential customers. | Pre-contractual execution | 2 years |
Collection of CV | Management of the CV reception process for potential candidates to work at the company. It covers CV's sent on the initiative of potential candidates and those resulting from announcements by XPERIALAB. | Consent | 2 years |
Visit Tracking | Improving the usability of websites, producing content adapted to the type of User, obtaining aggregated statistical information about the User's profile. | Consent and/or legitimate interest | Up to 2 years (see Cookies Policy ) |
Contact Management | Data processing necessary to respond to requests sent via the forms available on the websites. | Consent | 3 months after completion of the order process. |
5. Communication of personal data
XPERIALAB will not share users' personal data except in the following situations:
- Processing of personal data to the extent necessary to provide XPERIALAB contents and services.
- Situations where, for legal reasons, it is necessary to share personal data.
5.1 Subcontractors
When processing personal data, XPERIALAB does not use third parties.
5.2 Recipients
XPERIALAB may transmit personal data to other entities not classified as subcontractors in situations where it is essential:
- Public Entities, namely Tax Authority, Police Bodies and Courts.
- Private entities, such as printing companies, transport companies, among others.
6. Technical, organizational and security measures implemented
XPERIALAB, depending on the nature, scope and purposes of data processing, undertakes to adopt the technical and organizational measures necessary to protect the User's data and comply with legal provisions. XPERIALAB also undertakes to ensure that only the data necessary for the specific needs of the processing will be processed and to limit access to this data to professionals whose intervention in the processing is strictly necessary.
XPERIALAB adopts the following measures:
- Training of its staff involved in data processing.
- Adopting security measures on their websites.
- Mechanisms that allow information systems and access to personal data to be restored in the event of a technical incident.
- Encryption of personal data.
- Regular audits that ensure compliance with the aforementioned technical and organizational measures.
7. International transfers
XPERIALAB does not transfer data outside the European Economic Area.
8. Minors
XPERIALAB does not process personal data of minors.
9. Use of Cookies
XPERIALAB uses cookies on its websites. If you want to manage the cookies collected and stored during your visits, you can access the cookie configuration in the item available in the upper left corner of your monitor or consult the Cookies Policy .
10. User Rights
User rights:
- Right of access – right if personal data concerning the User are processed and, if so, the right to access their personal data.
- Right of rectification – right to rectify the User's personal data that is incorrect or incomplete.
- Right of erasure – right to obtain the erasure of your personal data in the shortest possible time. Exceptions are made to situations in which the data cannot be deleted for legal reasons.
- Right to limitation of treatment - in accordance with article 18 of the GDPR, the User has the right to request the limitation of the processing of their personal data, either in the form of suspension or limitation of the processing of certain categories of data, or in terms of the purposes of the treatment.
- Right of portability – the User has the right to receive personal data concerning him/her and which he/she has provided through a structured format and the right to have such data transmitted to another person responsible for the treatment.
- Right of opposition – the User has the right to object at any time to the processing of data concerning him. Exceptions are made to situations where there are legitimate reasons that prevail over this right as legal reasons.
The revocation of consent by the User does not invalidate the processing of data while the consent was in force.
The User may exercise their rights by contacting XPERIALAB through the following channels:
- Send a registered letter to the address Av. da Peregrinação, 9, 1 dto, 1990-425 Lisboa, in care of the Privacy Ombudsman.
- Email Privacy@xperialab.eu.
The communication must include the following elements:
- Name and email.
- Right you intend to exercise. In the case of the right to limit processing, the reasons that lead the User to believe that their data is being unduly processed.
- Address for notification purposes, in cases where the request is made by letter.
XPERIALAB undertakes to respond to the User through the channel used by the User within a maximum period of 15 days after the date of receipt. In cases of particular complexity, this deadline may be extended, with XPERIALAB being responsible for presenting a new deadline and the reasons for its postponement.
The User may also, if he considers that XPERIALAB has not complied with the requirements of the RGPD or other national legislation applicable to data protection, exercise the right to complain to the National Data Protection Commission using this body website
11. Personal data breaches
In the event of a data breach and whenever there is a risk to the User's rights and freedoms, XPERIALAB will report the breach of personal data to the National Data Protection Commission within 72 hours of becoming aware of the incident.
In the case of high risk, XPERIALAB will communicate with Users as quickly as possible to adopt mitigation measures.
12. Changes to the Privacy Policy
XPERIALAB may change this Privacy Policy. In this case, the date shown in the title of this page will be updated and, if the changes are substantial, notices will be placed on the websites.
13. Applicable law and forum
Any dispute arising from the validity, interpretation or execution of the Privacy Policy or which is related to the collection, processing or transmission of User data must be submitted exclusively to the jurisdiction of the judicial courts of the district of Lisbon, without prejudice to the applicable mandatory legal standards .