16/11/2021, Santo Tirso
Moreira e Costa, Lda. is a legal entity established in Portugal with commercial name and hereinafter referred to as (“Redicom”) that takes the protection of personal data very seriously. We treat personal data confidentially and always in accordance with the statutory data protection regulations.
“Redicom Commerce Cloud” refers to Redicom cloud-based Software provided as a service to Merchants.
“Customers” refers to Redicom Customers that are Merchants/retailers that use our Software named Redicom Commerce Cloud to power their online shops Businesses.
“End-users” refers to the Merchants own customers, collected and used by the Merchants, who are solely responsible for compliance with the applicable data protection law. In addition, such information may be subject to our Merchants own privacy policies.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Data controller” means, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data protection laws” means for the purposes of this document, the collective description of the GDPR and any other relevant data protection laws that the Company complies with.
“GDPR” stands for General Data Protection Regulation (EU) (2016/679).
“Personal data” means any information, collected by our corporate website, relating to an identified or identifiable natural person, that is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“End-user Information” means any information, including personal data, collected by the Merchants' (our Customers) online shop, powered by Redicom Commerce Cloud.
Personal Data and information we collect
When using our corporate services, visiting our website or Social Media Pages, Redicom may collect Customer Information, which may include Personal Data.
What Personal Data do we collect and process for our own purposes as a controller?
- Contact information such as name, e-mail address, mailing address, phone number, company name and job title;
- Feedback information, such as name and e-mail address when we provide feedback or customer support from within the Service(s);
We may collect Personal Data in a variety of ways. Such information may be collected through provided Services, e.g., when signing up a newsletter, when responding to a survey, on form submissions on our corporate website, ticket submission on our support platform or when leaving comments. For the purposes of GDPR, Redicom shall be the controller for this information that has submitted to us.
Purposes of Customer Information
We use Customer Information for legitimate business purposes, including the following: (i) provide requested Service(s); (ii) send automated communication from Service(s); (iii) send requested information about Service(s); (iv) respond to customer service requests, inquires, questions and concerns; (v) administer accounts; (vi) send periodic emails with important notices or information about Services (updates, bug fixing, etc.); (vii) send promotional and marketing communications; (viii) facilitate billing and payment transactions for the use of our Service(s);
Further information concerning the legal basis on which we collect and use Customer Information, please contact us using the contact details provided below.
Cookies and other information
The following types of cookies are used in our corporate website:
- Essential website cookies – these cookies are strictly necessary to provide with services available through our website and to use some of its features;
- Performance and Functionality Cookies – these cookies enhance performance on our website;
- Analytics and Customization Cookies – these cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective marketing campaigns are, or even to help us customize our website.
Processing Customer Information
Redicom does not own, control or direct the use of any of the end-user information stored or processed by Customers. Only Customers or end-users are entitled to access, retrieve and direct the use of such Customer Information. Redicom is largely unaware of what Personal Data is actually being stored or made available by end-users to the Service and does not directly access such information except as necessary to provide Services (including to respond to support requests, provide development works, maintenance, updates, etc.), as otherwise authorized by Customers or as required by law. Redicom is not responsible for the content of the Personal Data collected from end-users or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Customers nor is Redicom responsible for the manner in which the Customer collects, handles disclosure, distributes or otherwise processes such information.
Customers are the “controllers” of the end-user's Personal Data, meaning that they control the manner which such information is collected and used, as well as the determination of the purposes and means of the processing of such information and are responsible for compliance with the applicable data protection law. In addition, such information may be subject to our own privacy policies. As the controller, it is the Customers responsibility to inform the end-users about the processing, and, where required, obtain necessary consent or authorization for the use of any Personal Data that is collected.
As the processors on behalf of our Customers, we follow our Customer’s instructions with respect to the functionality of our Service(s). In doing so, we implemented reasonable technical and organizational measures against unauthorized processing of such information and against loss, destruction of, or damage to, Customer Information.
Merchants expressly authorize us, as service providers, to process the Personal Data in our systems to (i) provide, improve, enhance, support and operate the Service(s) and its availability; (ii) develop new products and services; (iii) preventing risk and fraud; (iv) process payments.
If an end-user seeks access to, or wish to correct, update, modify or delete Personal Data which is part of the Customer Information and processed by us as data processor on behalf of our Customer, they should direct query our Customer, i.e. the controller.
Access, Choices and other rights
In case of EEA resident individuals, they have the following data protection rights regarding Personal Data collected and processed by Redicom as data controller:
- To review, access, correct, update, restrict or request deletion of Personal Data that has been previously provided, or if requesting to receive an electronic copy of Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided by applicable law), can be done so at any time by contacting us.
- The right to opt-out of marketing communications we send are available at any time by clicking on the “manage subscription” or “opt-out” link in the marketing e-mails we send, or by contacting us.
- If we have collected and processed Personal Data with consent, then consent can be withdrawn at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to withdrawal, nor will it affect processing of Personal Data conducted in reliance on lawful processing grounds other than consent.
- The right to complain can be exercised by contacting the local data protection authority.
We will send emails and/or announcements with administrative information related to the Service(s) on occasions when it is necessary to do so to our customers using our Services and Software. For instance, if our Service(s) are temporarily suspended for maintenance, we might send an e-mail. Generally, these communications may not be opted-out because they are not promotional in nature.
Personal Data retention and deletion
We will retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship and provide the Services to our Customer; (ii) when we have legal obligation to which we are subject; or (iii) as advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Personal Data protection
We maintain the confidentiality of any personal data and protect it against unauthorised access. As a consequence, we take great care and use the very latest security standards in order to ensure maximum protection for personal data.
Personal Data breach
In line with GDPR we have a duty to report a data breach to the regulator as soon as we are aware of it. The regulator in Portugal, where the head office of Redicom is based, is the Portuguese data protection authority https://www.cnpd.pt/
Personal Data disclosure
Personal Data is stored and processed only in Portugal located facilities.