Privacy Policy

    June 6, 2021

1. Scope and data controller

This privacy policy applies to all personal data collected through the website https://you-x.eu or the AR-You-X application by Xperialab Lda.

The entity responsible for processing this data is: Xperialab Lda (hereinafter referred to as “XPERIALAB”), with the legal person number 516 159 259, headquartered at AV. da Peregrinação, nº 9, 1 Dto, may request the holder of personal data ("User") to provide personal data, that is, information provided by the User that allows XPERIALAB to identify and/or contact him ("Personal Data" ”). For the purposes of this Privacy Policy, XPERIALAB is responsible for the processing of personal data.

This Privacy Policy seeks to provide all users with detailed information about the nature of the data collected and the purposes of the data processing carried out and, in this way, comply with the right to information and reinforce the transparency of our activities.

2. Definitions

In order to allow a better understanding of this Privacy Policy, the terms used are defined:

  • “Online services” – web pages, applications, channels and other online initiatives of XPERIALAB.
  • "Personal Data" - any and all information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, electronic identifiers, email, mobile phone number, or to one or more specific elements of that individual's physical, physiological, genetic, mental, economic, cultural or social identity.
  • "Processing " - operation or set of operations carried out on personal data,  whether through automated or non-automated procedures, such as collection, registration, organization, structuring, conservation, adaptation or alteration, recovery, consultation, use, disclosure by transmission, broadcast or any other form of availability, comparison or interconnection, limitation, deletion or destruction.
  • "Personal data holder" or "User" - refers to the natural person who browses the website or to whom personal data is processed,
  • “Data controller” – the natural or legal person, public authority, agency or body that individually or together with other entities determines the purposes and means of processing personal data. 
  • “Subcontractor” – natural or legal person, public authority, agency or other body that processes personal data  in accordance with the instructions and on behalf of the data controller.
  • “Recipient” – natural or legal person, public authority, agency or other body that receives communications of personal data. 

3. General Principles Applicable to the Processing of Personal Data

In compliance with the general principles of the processing of Personal Data, XPERIALAB ensures that the User's personal data processed by it are:

  • Object of lawful and transparent treatment towards the User.
  • Collected and processed for a specific, explicit and legitimate purpose.
  • Appropriate and limited to what is necessary for the purposes for which they are treated.
  • Updated and corrected whenever necessary, all measures being taken so that incorrect data is eliminated or rectified as soon as possible.
  • Maintained in order to allow the identification of the User only during the period strictly necessary for the purposes for which they are treated.
  • Treated in such a way that their safety is guaranteed, namely the protection against their unauthorized treatment or their accidental loss or destruction. In this regard, the necessary technical and organizational measures will be taken.

The processing of personal data by XPERIALAB is lawful when at least one of the following conditions is met:

  • The User has given explicit consent to the processing of their personal data for one or more specific purposes.
  • The processing of data is necessary for pre-contractual steps at the User's request.
  • The treatment is necessary for a legal obligation to which XPERIALAB is subject.
  • The processing is necessary for the pursuit of the legitimate interests of XPERIALAB or third parties, without prejudice to the prevailing interests and rights of Users who require the protection of Personal Data.

XPERIALAB undertakes to ensure that the processing of User data is only carried out under the conditions and in compliance with the principles set out above.

When the processing of the User's data is carried out with the User's consent, the User may at any time withdraw their consent, which does not compromise the lawfulness of the processing carried out by XPERIALAB based on the consent previously given by the User.

The data, whenever there is no specific legal requirement, will be kept for the minimum period necessary for the purposes that led to its collection and processing. After that period they will be eliminated.

4. Personal data processing activities

4.1 Categories of personal data

XPERIALAB collects and processes data from visitors to its websites according to the purposes for which they are collected. The following data is thus collected:

    • Identification data such as name;
    • Contact details such as email, telephone number and others;
    • Location data such as address;
    • Tax identification data;
    • Cookies are also collected, whose detailed information can be found in the Cookies Policy .

4.2 Purposes, legal bases and conservation terms

5. Communication of personal data

XPERIALAB will not share users' personal data except in the following situations:

  • Processing of personal data to the extent necessary to provide XPERIALAB contents and services.
  • Situations where for legal reasons it is necessary to share personal data.


5.1 Subcontractors

In the scope of the processing of personal data XPERIALAB does not resort to third parties.

5.2 Recipients

XPERIALAB may transmit personal data to other entities not classified as subcontractors in situations where it is essential:

    • Public Entities, namely Tax Authority, Police Bodies and Courts.
    • Private entities such as printers, transport companies, among others.

 

6. Technical, organizational and security measures implemented

XPERIALAB, depending on the nature, scope and purposes of data processing, undertakes to adopt the technical and organizational measures necessary to protect the User's data and comply with legal provisions. XPERIALAB also undertakes to ensure that only the data necessary for the specific needs of the treatment will be processed and to limit the access of these data to professionals whose intervention in the treatment is strictly necessary.

XPERIALAB adopts the following measures:

    • Training of its staff involved in data processing.
    • Adopting security measures on their websites.
    • Mechanisms to restore information systems and access to personal data in the event of a technical incident.
    • Encryption of personal data.
    • Regular audits to ensure compliance with the aforementioned technical and organizational measures.

 

7. International transfers

XPERIALAB does not transfer data outside the European Economic Area.

8. Minors

XPERIALAB does not process personal data of minors.

9. Use of Cookies

XPERIALAB uses cookies on its websites. If you want to manage the cookies collected and stored during your visits, you can access the cookie settings in the item available in the upper left corner of your monitor or consult the Cookies Policy .

10. User Rights

User rights:

 

    • Right of access – right if the personal data concerning the User are subject to processing and, if so, the right to access their personal data.
    • Right of rectification – right to rectify the User's personal data that are incorrect or incomplete.
    • Right of deletion – right to have your personal data deleted in the shortest possible time. Except for situations in which, for legal reasons, the data cannot be deleted.
    • Right to limitation of processing - in accordance with article 18 of the RGPD, the User has the right to request the limitation of the processing of his/her personal data, either in the form of suspension or limitation of the processing of certain categories of data, or regarding the purposes of the treatment.
    • Right of portability – the User has the right to receive the personal data that concern him and that he has provided in a structured format and the right to have this data transmitted to another data controller.
    • Right of opposition – the User has the right to object at any time to the processing of data concerning him. They are excepted in situations where there are legitimate reasons that prevail over this right as legal reasons.

 

The revocation of consent by the User does not invalidate the processing of data while the consent was in force.

The User may exercise his rights by contacting XPERIALAB through the following channels:

    • Sending a registered letter to the address Av. da Peregrinação, 9, 1 dto, 1990-425 Lisbon, care of the Privacy Ombudsman.
    • Email Privacy@xperialab.eu.

 

The communication must include the following elements:

    • Name and email.
    • Right you want to exercise. In the case of the right to limit processing, the reasons that lead the User to believe that his/her data is being improperly processed.
    • Address for notification purposes, in cases where the request is made by letter.

 

XPERIALAB undertakes to respond to the User through the channel used by him within a maximum period of 15 days after the date of receipt. In cases of special complexity, this deadline can be extended, and XPERIALAB must present a new deadline and the reasons for its postponement.

The User may also, if he/she considers that XPERIALAB has not complied with the requirements of the RGPD or other national legislation applicable to data protection, exercise the right to complain to the National Data Protection Commission using the website of this body.

11. Violations of personal data

In case of data breach and whenever there is a risk to the User's rights and freedoms, XPERIALAB will communicate the breach of personal data to the National Data Protection Commission within 72 hours of becoming aware of the incident.

In case of high risk, XPERIALAB will communicate with Users as soon as possible for the adoption of mitigation measures.

12. Changes to the Privacy Policy

XPERIALAB may amend this Privacy Policy. In this case, the date that appears in the title of this page will be updated and if the changes are substantial, notices will be placed on the websites.

13. Applicable law and jurisdiction

Any dispute arising from the validity, interpretation or execution of the Privacy Policy or relating to the collection, processing or transmission of the User's data must be submitted exclusively to the jurisdiction of the judicial courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules .