Privacy Policy
At EMOTION MOBILITY GROUP, S.A (“EMOTION”, “out”, “we” or “us”) we care deeply about the protection of your personal data, and we are determined to respect your privacy.
In this Privacy Policy (“Privacy Policy”), we describe our policies regarding the collection, use, and disclosure of Personal Information we receive from users of the site www.emotionmobility.com and applies to all of our apps, services, features, software, and website (“Services”), unless specified otherwise. We collect and associate with your account information like your name, email address, payment info, phone number, kind of device, etc. (“Personal Data”). Every time you use this website, you will be bound by the then-current Privacy Policy, and you should review this text every time you use the website to be sure you agree with it.
Legal Framework
Your personal data shall be processed in a way to ensure compliance with the applicable legislation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 or General Data Protection Regulation (“GDPR”) and Law no. 58/2019 of 8 August, which ensures the execution of the GDPR in the Portuguese legal system.
Data Controller
EMOTION MOBILITY, with registered office at Rua do Silval 37, Floor 8, Oeiras, with the legal entity identification number 515 910 040, is the entity responsible for the processing of your data. Throughout this Policy, references to “we” or “us” shall mean EMOTION MOBILITY.
If you have any questions about this Privacy Policy or about how we treat your data, please refer to the “Contact” section below.
Personal Data and Purposes
Which Type of Data Do We Collect?
Personal data are any information, of any nature and regardless of its medium, relating to an identified or identifiable natural person. Pursuant to the GDPR, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The information we collect about you and how we collect it may vary depending on the products or services you use, subscribe to, or contract.
We only collect the data we consider to be essential for you to browse our website, to provide you with the products or services you request, to manage your orders, to register and invoice your requests, to ensure that these are provided to you and, if you show interest, to let you know about our news.
To consult the purposes and legal basis for processing your data, please refer to the section “Why We Process Your Data and For Which Purposes” below.
We process the following categories and types of personal data:
- Identification data: name, tax identification number, date of birth.
- Contact details: delivery address, e-mail address, phone number.
Why We Process Your Data and For Which Purposes?
EMOTION MOBILITY will process your personal data on the following legal basis:
- Compliance with contractual obligations or pre-contractual endeavours;
- Compliance with applicable legal obligations;
- For certain processing we will require your consent;
- Legitimate interests, insofar as the necessity of the processing of personal data is balanced with your interests or fundamental rights and freedoms.
We use the data we collect from you to provide you with the best possible experience. In particular, we collect and process personal data for:
- Communications with customers;
- Clarification of queries;
- Requests for information;
- Service proposals;
- Communication of offers, new services or products, commercial campaigns, events, satisfaction surveys, and other advertising and marketing communications.
Whom Do We Share Your Data With?
In the context of the rendering of our services or products, we may use service providers and intermediaries, such as companies that provide technological support and electronic payment processing companies, which must have access to some of your personal data.
However, these communications are made solely and exclusively for the fulfilment of the purposes for which the data are collected and in accordance with our instructions, in strict compliance with the regulations on the processing of personal data and information security. In any case, we will share all information regarding such communications with you.
We may also communicate your personal data to third parties where:
- You have expressly consented to it; or
- The communication is made in order to comply with a legal obligation or a court order.
We will only transfer your personal data outside the European Union or the European Economic Area, i.e., to a third country, ensuring strict compliance with European legislation on the transfer of data to third countries and will provide all necessary information, including, for example, an indication of the safeguards for such transfer:
- Adequacy decisions: where the European Commission determines that a third country offers an adequate level of data protection, personal data may be sent to that country without implementing any other measures mentioned above.
- Standard contractual clauses: we use standard contractual clauses for the transfer of personal data to organisations outside the EEA. These contractual commitments have been adopted by the European Commission and ensure adequate protection of personal data transferred to countries outside the EEA by binding recipients of personal data to certain data protection standards, including the obligation to implement appropriate technical and security measures.
For How Long Will We Retain Your Personal Data?
Your personal data will only be kept for the period of time necessary for the purposes for which they were collected or for the periods of time required by law.
The purchasing and invoicing data will be kept during the performance of the contract and, after its termination, may still be kept for a reasonable period, should you decide to use our services again or to comply with our legal obligations, namely of a fiscal nature.
What Are Your Rights?
We make every effort to ensure that your personal information is accurate, up-to-date, and complete in accordance with the purposes for which we use that information.
According to the GDPR, you have the right, at any time, to access and object to the processing of your personal information, as well as the right to update, correct, and delete data collected by us that is incomplete, incorrect, out of date, or prohibited by law. You may exercise these rights by contacting us using the contact details provided below (“Contacts”).
We explain your rights briefly below:
- Right to be informed: You have the right to obtain clear, transparent, and easily understandable information about how we use your personal data.
- Data subject’s right of access: You can request a copy of the data we hold about you.
- Right of rectification: You have the right to rectify your personal data if it is incorrect or out of date and/or to complete it if it is incomplete.
- Right to erasure of data (“right to be forgotten”): This right is not absolute, as we may have legal or legitimate reasons to retain your personal data.
- Right to, at any time, object to the processing of data on the basis of consent: You may object to the processing of data where such processing is based on consent. Withdrawing consent does not affect the lawfulness of the consent previously given.
- Right to data portability: You have the right to receive personal data concerning you, in a structured, commonly used, and machine-readable format, and the right to transmit this data to another organisation. This applies only to data you have provided whose processing is based on your consent or on a contract, and if the processing is carried out by automated means.
- Right to limit processing: You can ask us to limit the use of your data to storage only, to stop using it for all other purposes or to retain data that should be deleted.
- Lodging a complaint to the CNPD: You also have the right to lodge a complaint with the data protection supervisory authority in Portugal when your rights have been violated or your personal information is or is being used in a way that you believe is not in accordance with applicable law. The contact details of the Portuguese Data Protection Commission are available here, along with details on how to make a complaint.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise any of these rights by using the contact details provided below (“CONTACTS“).
AUTOMATED INDIVIDUAL DECISIONS
We do not anticipate that any decisions which have legal or other effects on you will be made using purely automated means; however, we will update this policy if this situation changes and notify you of such changes.
HOW DO WE RESPECT THE SECURITY OF SHARED INFORMATION?
We implement the technical and organisational measures that ensure the confidentiality of your personal data, protecting it from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful forms of data processing.
For example, we take the following measures:
-
Pseudonymisation and encryption of personal data;
-
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services;
-
The ability to detect a personal data breach, resolve it and report it;
-
The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;
-
A process to regularly test, assess and evaluate the effectiveness of technical and organisational measures to ensure security of processing;
-
Identification, disclosure and documentation of the roles and duties of personnel with access to personal data;
-
Maintenance of a written record of all processing activities carried out, as per GDPR requirements.
-
Definition and implementation of a written incident log procedure;
-
Appointment of a security officer or, where appropriate, a Data Protection Officer, who shall be appointed where required by law;
-
Definition and implementation of physical access controls;
-
Implementation of security policies and procedures;
-
Adherence to a code of conduct on personal data protection, in accordance with the RGPD;
-
Definition and implementation of a procedure for the destruction or return of personal data and documents, in a secure and confidential way (making it impossible to recover them later and certifying the absence of copies), when the contractual relationship ends (except when there is an obligation to keep personal data for an additional period, in which case the personal data and documents shall be blocked).
Any entity we outsource to will be bound by equivalent security measures, acting at all times under our duly documented instructions.
HOW TO BE INFORMED ABOUT POSSIBLE CHANGES IN OUR PRIVACY POLICY?
As practices regarding the processing of personal data may change from time to time, this Privacy Policy will need to be updated accordingly and on a regular basis, so we advise you to check it periodically. If there is a significant change, we will inform you directly by email.
CONTACTS
If you have any questions about this Privacy Policy or want to exercise your rights to access, update or correct any personal information, please contact us through the following contacts:
Address: Rua do Silval 37, Floor 8, 2780-373 Oeiras
Telephone: (+351) 214 542 050
E-mail: info@emotionmobility.com