Privacy and Cookies Policy 

This Privacy and Cookies Policy (“Policy”) governs the processing of users’  (hereinafter “You”, “User” or “Users”) personal data collected, within the scope of the  use of the website(s) (hereinafter “website(s)”) of Paint to Pledge (hereinafter “P2P”),  reflecting the institutional concerns of P2P in matters of privacy and processing of  personal data in these contexts. 

Providing personal data in the context of browsing the websites implies knowledge and  express acceptance of the conditions contained in this Policy. 

P2P is committed to treating your personal data with security, respect and  confidentiality. 

This Policy describes why the P2P collects your personal data, what information is  made available to the P2P and third parties when you visit official P2P site or web pages,  how P2P uses, stores and protects that information. You will also find information on  how you can exercise your data subject’s rights. Any personal data disclosed to the P2P  will not be used in ways other than as set forth in this Policy. 

  1. What personal data do we collect, and how? 

1.1 Information you give us 

Access and browsing in general on the website(s) do not necessarily entail provision of  personal data. Any User can freely browse the website(s) and view the available content  without having to register.  

However, the use of certain features of the website(s) requires creating an account  and/or providing a set of personal data. In these cases, it will only be possible to enjoy  the initiatives, activities, features, products, and services in question if you provide the  personal data requested. 

Normally, we obtain person information from you when you communicate or share  information with us, subscribe for newsletters or one of our online initiatives, activities  or services, register to an event, and/or make a donation; though, in some cases, you  may freely subscribe to P2P’s newsletter(s) through the website(s) only being asked for  your email address. 

Depending on the specific purpose (see section 2 below), we may ask you to provide,  inter alia, part of or all the following information: your full name, date of birth, email  and/or postal address, phone number, company/organization, motivation for applying. 

1.2 Information we collect automatically: cookies and web analytics

We automatically collect information through the P2P website to help administer,  protect, and improve our services. 

Such information may include information regarding your device, such as your IP  address, your operating system and your browser activity, location of the device  accessing the website, traffic data (such as the pages you visited on our website, the  time spent on the website, number of downloads from the website) and interactions  with social media platforms (such as sharing of elements from the P2P website to social  media accounts). This information may be collected through the use of cookies and  analytics. 

P2P uses own and third-party cookies to collect and store information to be able to  provide a more customized service to the satisfaction of Users, meeting their  expectations. 

Cookies are small data files made up of letters and numbers placed onto your computer  or mobile devices when you access the P2P website. We use cookies to collect  information about you to the extent necessary to ensure its website functionality and  performance as well as for the purpose of targeting its audience and tailoring the  content offered to the public both on its website and elsewhere. 

Cookies can be classed as session cookies or persistent cookies. Session cookies expire  automatically when you close your internet browser. Persistent cookies remain in your  internet browser until their expiration date, or until they are deleted. Expiration dates  vary by cookie, some expiring after a few minutes, others only after several years. 

For the purposes of marketing and retargeting, we may make use of various advertising  pixels, including Facebook and Twitter pixels: these are codes used to track website  visitors. These data allow us to retarget those users with ads in the future in other  platforms (for example on Facebook or on Twitter). This allows us to gain more insights  about our audience, send targeted messaging to users who already know P2P, and track  the effectiveness of our social advertising efforts. 

If you do not wish to have cookies or pixels installed on your computer or mobile device,  you can set your browser to notify you before you receive a cookie, giving you the chance  to decide whether to accept it. You can also set your browser to turn off cookies. 

Without prejudice to the information provided regarding the use of cookies by P2P, and,  if applicable, with the User’s consent, P2P may carry out sporadic surveys to measure  the quality of the website(s)’ features, and to monitor their qualities and level of User  satisfaction with the website(s). 

We also may use web analytics services to help us identify how people are using our  website by processing the information mentioned above. 

1.3 Links to third-party websites

Our website may provide links to third party websites and social media platforms – such  as Facebook, Twitter, Instagram, YouTube, and LinkedIn – that will collect data about  you if opened. 

P2P does not govern the processing of personal data by such third parties, so we suggest  that you refer to the privacy policies of these websites should you wish to have more  information. 

  1. Why do we collect your personal data? 

We collect and process your personal data for, inter alia, one or more of the following  purposes: 

  • To allow you to contact us and/or receive information from us; To organize or promote events and/or P2P activities; 
  • To allow you to register as a participant to events we hold or organize or co organize; 
  • To process your donation to P2P or any question on how you can support P2P;  To process your employment application; 
  • To consider you for future suitable vacancies, should you not be successful in your  initial application; 
  • To analyze web statistics and log files, with the aim of improving the functioning  of our website(s); 
  • To assess the performance of our advertising and improve the relevance of P2P  campaign and marketing messages displayed to you after you leave our website(s). 

P2P also collects and processes Users’ personal data in the following terms and for the  following purposes: 

  • As part of registration procedures on website(s) or the creation of  personal accounts on the website(s), P2P collects a set of personal data, which  will be processed for the purposes of creating and managing your personal  account, based on the relationship it establishes with you at the time of creation  of said account. 

For this purpose, you are requested to provide personal data, which is  mandatory, under penalty of not being able to complete the registration  process, namely, name, email and password. To complete your personal  account, P2P may collect additional data, which may be, depending on the  personal account created, mandatory or optional (such as birthdate, gender,  additional contact details, nationality and address). 

  • If applicable, on purchase proceedings of P2P products (online store),  P2P will process the personal data needed to manage purchases, and  correspondingly associated transactions, that you carry out from the websites,  based on the execution of the purchase and sale contract entered into, and to  fulfil the legal obligations applicable to P2P. This personal data refers  essentially to your name, email, telephone number, VAT number, address, as  well as the amount of the purchase, payment method and associated data, and  products/services purchased. 
  • On user service, to be able to respond to your requests, P2P will process  your personal data, namely identification and contact details, as well as data  that you share with P2P within the scope of your request. This data will be 

processed based on P2P’s legitimate interest in responding to  questions/requests that any User submits through the websites. 

  • On publicizing P2P activities and upon your consent, P2P will send  newsletters and/or process the User’s personal data for the purpose of profiling  and sending promotional communications, disclosure of events and campaigns,  as well as promotional items adjusted to your interests and preferences related  to P2P initiatives, events, products and services, by automated means such as  text messaging, email and telephone. 

Your profile will be created based on your activity on the websites of P2P, and on  other databases that P2P may have access to, for the purposes of publicizing,  sending institutional information and presenting new initiatives, events,  products and services. 

In addition, P2P sends communications to its institutional contacts for the  purpose of publicizing its institutional activity to relevant entities and persons,  and to send invitations, institutional communication, and other relevant news.  In this context, P2P processes the following personal data: name, email,  telephone, institution that you work for, and position held. These  communications are sent by P2P based on its legitimate interest in keeping in  touch and publicizing its activities with its institutional contacts. 

  • Moreover, P2P may collect images, sound and voice recordings of  participants at events held or co-held by P2P, and these recordings may contain  personal data and be publicized by P2P by any technical means of broadcast,  distribution or communication. 

Your personal data is not used for automatic profiling or decision-making. 

  1. Who processes your personal data and with whom are they shared? 

Controller of Users’ Personal Data – P2P is the controller of the processing of Users’  personal data and may process such data directly and/or through entities  subcontracted for that purpose. 

Internally, all personal data collected by the P2P are processed only by designated P2P  staff members or agents, for one or more of the specific purposes listed above, and only  on a strict need-to-know basis. 

Depending on the purpose for which we process your personal data, we may share the  necessary information with selected third parties, such as: 

  • The people you have indicated as references in your application, should the latter  be of interest to P2P: your name, surname and the details of your resume we wish  to get feedback on; 
  • The host of an event we organize or co-organize: your name, surname and  company/organization; 
  • Selected service providers that are necessary to process your data for the above mentioned purposes; 
  • Social media platforms, through for example retargeting campaigns on Facebook. We will never rent or sell your personal information.

In case of sharing your data with third parties, we ensure as much as possible that the  recipient has provided sufficient proof of compliance with the principles set out in P2P  Rules on Personal Data Protection herein. This includes contractual obligations imposing a strict prohibition of using such data for purposes other than those specified  above and ensuring an adequate level of protection of the personal data shared from us. 

P2P may also transfer your data to subcontracted entities for the purposes mentioned  herein, under the terms of the contracts entered into with them in accordance with the  applicable legislation. 

As well, to fulfil legal obligations, conclude the operations carried out through the  website, or based on the consent you provide for this purpose, P2P may communicate  your data to third parties, whether these are (i) other entities in the universe of P2P, (ii)  partners, sponsors or other entities with whom P2P establishes comparable  relationships, (iii) financial/payment institutions; (iv) competent entities, under the  terms of the law. 

  1. How long do we keep your data? 

We will keep your personal data only for as long as necessary to fulfil the purposes we  collected them for, including for the purposes of satisfying any legal, accounting, or  archiving requirements. 

To determine the appropriate retention period, we take into account the nature and  sensitivity of your personal data, potential risks of harm from unauthorized use or  disclosure of your personal data and the purposes for which we process your personal  data. 

In particular, the personal data needed for purposes of signing up and managing your  P2P Account will be kept as long as you are interested in maintaining it. 

Other personal data collected through the websites will be kept for the time needed to  achieve the purpose for which they were collected, under the terms of this Policy. 

Personal data processed for the purpose of processing spontaneous applications will be  kept for a period of one year after submission. 

When processing is carried out based on your consent, the data will be kept for that  purpose until you withdraw it. 

When we no longer need your personal data, or when you request, it will be erased. 

  1. What measures do we have in place to protect and safeguard your information? 

We take the protection of your personal data very seriously, and we therefore apply  adequate technical and organizational measures to protect against accidental loss and 

unauthorized access, use, destruction, or disclosure of data. Some examples of these  measures are: 

  • An official P2P username and password are required in order to access our information technology (IT) systems 
  • Authentication and authorization for the IT systems are based on roles and tasks Our data center is physically protected  
  • Network security is configured to prevent external threats from accessing our  infrastructure 
  • Confidentiality and data protection clauses are signed by service providers to  ensure compliance with our security rules and the P2P Rules on Personal Data  Protection herein 

Specifics on Security: 

  • P2P guarantees technical means for privacy and security in the  transmission of Users’ data using the internet. 
  • In addition, P2P represents, for this purpose, that it has and will keep in  operation all technical means available to it to prevent loss, misuse, alteration,  unauthorized access, and improper appropriation of personal data provided or  transmitted. In any case, note that, by circulating the data on an open internet  network, it is not possible to completely remove the risk of unauthorized access  and use, so the User must implement appropriate security measures when  browsing the websites. 
  • Where donations or payments are made through the website’s servers,  the information sent will be encrypted and additional security measures,  appropriate to the state of the art and good market practice, will be employed. 
  1. What are your rights regarding our processing of your personal data? 6.1 Information and Access 

You have the right to request certain information about the personal data we hold about  you. Furthermore, you are given the opportunity to verify your Personal Data and to  access them. 

6.2 Correction 

You are also entitled to request the correction of any mistakes or inaccuracies in your  personal data provided we are able to verify your identity. Please note that this does not  apply in case your correction request relates to an assessment carried out by our staff  and you are unable to provide sufficient proof of the assessment’s inaccuracy or  respective data are contained in a record held by our archives. 

6.3 Erasure 

You are entitled to request that your Personal Data are fully deleted from our systems.  However, there may be certain circumstances where we are obliged or legally obliged  to retain your Personal Data.

6.4 Objection 

You have the right to object at any time to the Processing of your Personal Data on  compelling legitimate grounds relating to your particular situation. Any objection of  this kind will be accepted if your fundamental rights and freedoms in question  outweigh our legitimate interests, or the public interest, in Processing. 

You also have the right to withdraw your consent (without prejudice to the fact that  processing carried out until that date, based on consent previously given, remains  entirely valid) and opt-out of receiving future information about the P2P via e-mail at  any time. Please communicate your wish to unsubscribe at the email address provided. 

The User also has, under the terms of the law, the right to request limitation of the  processing or portability of their data, subject to the legally applicable conditions. 

User’s Rights mentioned above may be exercised using the contact details provided in  below. 

  1. Contact us 

We aim to always meet the highest standards to safeguard your privacy. Please contact  us, if you require more detailed information on your rights regarding the personal data  you have provided to us, the way we collect and use them, or if you wish to exercise any  of the rights set out above. 

Thus, if you have any questions related to the processing of your personal data or the  exercise of the rights conferred on you by the applicable legislation and, in particular,  mentioned in this Policy, you can use the following contacts: 

Email: [email protected] 

Without prejudice to any other administrative or judicial remedy, the User is entitled to  submit a complaint to the National Data Protection Commission or other competent  supervisory authority under the law, if the processing of data by P2P is believed to  violate the legal scheme in force from time to time. 

Portuguese law and jurisdiction will apply. 

  1. Changes to the Personal Data Processing Terms 

P2P may change this Policy at any time. These changes will be duly publicized in the  pages of the Website(s).