Privacy and Cookies Policy
This Privacy and Cookies Policy (“Policy”) governs the processing of users’ (hereinafter “You”, “User” or “Users”) personal data collected, within the scope of the use of the website(s) (hereinafter “website(s)”) of Paint to Pledge (hereinafter “P2P”), reflecting the institutional concerns of P2P in matters of privacy and processing of personal data in these contexts.
Providing personal data in the context of browsing the websites implies knowledge and express acceptance of the conditions contained in this Policy.
P2P is committed to treating your personal data with security, respect and confidentiality.
This Policy describes why the P2P collects your personal data, what information is made available to the P2P and third parties when you visit official P2P site or web pages, how P2P uses, stores and protects that information. You will also find information on how you can exercise your data subject’s rights. Any personal data disclosed to the P2P will not be used in ways other than as set forth in this Policy.
- What personal data do we collect, and how?
1.1 Information you give us
Access and browsing in general on the website(s) do not necessarily entail provision of personal data. Any User can freely browse the website(s) and view the available content without having to register.
However, the use of certain features of the website(s) requires creating an account and/or providing a set of personal data. In these cases, it will only be possible to enjoy the initiatives, activities, features, products, and services in question if you provide the personal data requested.
Normally, we obtain person information from you when you communicate or share information with us, subscribe for newsletters or one of our online initiatives, activities or services, register to an event, and/or make a donation; though, in some cases, you may freely subscribe to P2P’s newsletter(s) through the website(s) only being asked for your email address.
Depending on the specific purpose (see section 2 below), we may ask you to provide, inter alia, part of or all the following information: your full name, date of birth, email and/or postal address, phone number, company/organization, motivation for applying.
1.2 Information we collect automatically: cookies and web analytics
We automatically collect information through the P2P website to help administer, protect, and improve our services.
P2P uses own and third-party cookies to collect and store information to be able to provide a more customized service to the satisfaction of Users, meeting their expectations.
Cookies can be classed as session cookies or persistent cookies. Session cookies expire automatically when you close your internet browser. Persistent cookies remain in your internet browser until their expiration date, or until they are deleted. Expiration dates vary by cookie, some expiring after a few minutes, others only after several years.
For the purposes of marketing and retargeting, we may make use of various advertising pixels, including Facebook and Twitter pixels: these are codes used to track website visitors. These data allow us to retarget those users with ads in the future in other platforms (for example on Facebook or on Twitter). This allows us to gain more insights about our audience, send targeted messaging to users who already know P2P, and track the effectiveness of our social advertising efforts.
If you do not wish to have cookies or pixels installed on your computer or mobile device, you can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies.
We also may use web analytics services to help us identify how people are using our website by processing the information mentioned above.
1.3 Links to third-party websites
Our website may provide links to third party websites and social media platforms – such as Facebook, Twitter, Instagram, YouTube, and LinkedIn – that will collect data about you if opened.
P2P does not govern the processing of personal data by such third parties, so we suggest that you refer to the privacy policies of these websites should you wish to have more information.
- Why do we collect your personal data?
We collect and process your personal data for, inter alia, one or more of the following purposes:
- To allow you to contact us and/or receive information from us; • To organize or promote events and/or P2P activities;
- To allow you to register as a participant to events we hold or organize or co organize;
- To process your donation to P2P or any question on how you can support P2P; • To process your employment application;
- To consider you for future suitable vacancies, should you not be successful in your initial application;
- To analyze web statistics and log files, with the aim of improving the functioning of our website(s);
- To assess the performance of our advertising and improve the relevance of P2P campaign and marketing messages displayed to you after you leave our website(s).
P2P also collects and processes Users’ personal data in the following terms and for the following purposes:
- As part of registration procedures on website(s) or the creation of personal accounts on the website(s), P2P collects a set of personal data, which will be processed for the purposes of creating and managing your personal account, based on the relationship it establishes with you at the time of creation of said account.
For this purpose, you are requested to provide personal data, which is mandatory, under penalty of not being able to complete the registration process, namely, name, email and password. To complete your personal account, P2P may collect additional data, which may be, depending on the personal account created, mandatory or optional (such as birthdate, gender, additional contact details, nationality and address).
- If applicable, on purchase proceedings of P2P products (online store), P2P will process the personal data needed to manage purchases, and correspondingly associated transactions, that you carry out from the websites, based on the execution of the purchase and sale contract entered into, and to fulfil the legal obligations applicable to P2P. This personal data refers essentially to your name, email, telephone number, VAT number, address, as well as the amount of the purchase, payment method and associated data, and products/services purchased.
- On user service, to be able to respond to your requests, P2P will process your personal data, namely identification and contact details, as well as data that you share with P2P within the scope of your request. This data will be
processed based on P2P’s legitimate interest in responding to questions/requests that any User submits through the websites.
- On publicizing P2P activities and upon your consent, P2P will send newsletters and/or process the User’s personal data for the purpose of profiling and sending promotional communications, disclosure of events and campaigns, as well as promotional items adjusted to your interests and preferences related to P2P initiatives, events, products and services, by automated means such as text messaging, email and telephone.
Your profile will be created based on your activity on the websites of P2P, and on other databases that P2P may have access to, for the purposes of publicizing, sending institutional information and presenting new initiatives, events, products and services.
In addition, P2P sends communications to its institutional contacts for the purpose of publicizing its institutional activity to relevant entities and persons, and to send invitations, institutional communication, and other relevant news. In this context, P2P processes the following personal data: name, email, telephone, institution that you work for, and position held. These communications are sent by P2P based on its legitimate interest in keeping in touch and publicizing its activities with its institutional contacts.
- Moreover, P2P may collect images, sound and voice recordings of participants at events held or co-held by P2P, and these recordings may contain personal data and be publicized by P2P by any technical means of broadcast, distribution or communication.
Your personal data is not used for automatic profiling or decision-making.
- Who processes your personal data and with whom are they shared?
Controller of Users’ Personal Data – P2P is the controller of the processing of Users’ personal data and may process such data directly and/or through entities subcontracted for that purpose.
Internally, all personal data collected by the P2P are processed only by designated P2P staff members or agents, for one or more of the specific purposes listed above, and only on a strict need-to-know basis.
Depending on the purpose for which we process your personal data, we may share the necessary information with selected third parties, such as:
- The people you have indicated as references in your application, should the latter be of interest to P2P: your name, surname and the details of your resume we wish to get feedback on;
- The host of an event we organize or co-organize: your name, surname and company/organization;
- Selected service providers that are necessary to process your data for the above mentioned purposes;
- Social media platforms, through for example retargeting campaigns on Facebook. We will never rent or sell your personal information.
In case of sharing your data with third parties, we ensure as much as possible that the recipient has provided sufficient proof of compliance with the principles set out in P2P Rules on Personal Data Protection herein. This includes contractual obligations imposing a strict prohibition of using such data for purposes other than those specified above and ensuring an adequate level of protection of the personal data shared from us.
P2P may also transfer your data to subcontracted entities for the purposes mentioned herein, under the terms of the contracts entered into with them in accordance with the applicable legislation.
As well, to fulfil legal obligations, conclude the operations carried out through the website, or based on the consent you provide for this purpose, P2P may communicate your data to third parties, whether these are (i) other entities in the universe of P2P, (ii) partners, sponsors or other entities with whom P2P establishes comparable relationships, (iii) financial/payment institutions; (iv) competent entities, under the terms of the law.
- How long do we keep your data?
We will keep your personal data only for as long as necessary to fulfil the purposes we collected them for, including for the purposes of satisfying any legal, accounting, or archiving requirements.
To determine the appropriate retention period, we take into account the nature and sensitivity of your personal data, potential risks of harm from unauthorized use or disclosure of your personal data and the purposes for which we process your personal data.
In particular, the personal data needed for purposes of signing up and managing your P2P Account will be kept as long as you are interested in maintaining it.
Other personal data collected through the websites will be kept for the time needed to achieve the purpose for which they were collected, under the terms of this Policy.
Personal data processed for the purpose of processing spontaneous applications will be kept for a period of one year after submission.
When processing is carried out based on your consent, the data will be kept for that purpose until you withdraw it.
When we no longer need your personal data, or when you request, it will be erased.
- What measures do we have in place to protect and safeguard your information?
We take the protection of your personal data very seriously, and we therefore apply adequate technical and organizational measures to protect against accidental loss and
unauthorized access, use, destruction, or disclosure of data. Some examples of these measures are:
- An official P2P username and password are required in order to access our information technology (IT) systems
- Authentication and authorization for the IT systems are based on roles and tasks • Our data center is physically protected
- Network security is configured to prevent external threats from accessing our infrastructure
- Confidentiality and data protection clauses are signed by service providers to ensure compliance with our security rules and the P2P Rules on Personal Data Protection herein
Specifics on Security:
- P2P guarantees technical means for privacy and security in the transmission of Users’ data using the internet.
- In addition, P2P represents, for this purpose, that it has and will keep in operation all technical means available to it to prevent loss, misuse, alteration, unauthorized access, and improper appropriation of personal data provided or transmitted. In any case, note that, by circulating the data on an open internet network, it is not possible to completely remove the risk of unauthorized access and use, so the User must implement appropriate security measures when browsing the websites.
- Where donations or payments are made through the website’s servers, the information sent will be encrypted and additional security measures, appropriate to the state of the art and good market practice, will be employed.
- What are your rights regarding our processing of your personal data? 6.1 Information and Access
You have the right to request certain information about the personal data we hold about you. Furthermore, you are given the opportunity to verify your Personal Data and to access them.
You are also entitled to request the correction of any mistakes or inaccuracies in your personal data provided we are able to verify your identity. Please note that this does not apply in case your correction request relates to an assessment carried out by our staff and you are unable to provide sufficient proof of the assessment’s inaccuracy or respective data are contained in a record held by our archives.
You are entitled to request that your Personal Data are fully deleted from our systems. However, there may be certain circumstances where we are obliged or legally obliged to retain your Personal Data.
You have the right to object at any time to the Processing of your Personal Data on compelling legitimate grounds relating to your particular situation. Any objection of this kind will be accepted if your fundamental rights and freedoms in question outweigh our legitimate interests, or the public interest, in Processing.
You also have the right to withdraw your consent (without prejudice to the fact that processing carried out until that date, based on consent previously given, remains entirely valid) and opt-out of receiving future information about the P2P via e-mail at any time. Please communicate your wish to unsubscribe at the email address provided.
The User also has, under the terms of the law, the right to request limitation of the processing or portability of their data, subject to the legally applicable conditions.
User’s Rights mentioned above may be exercised using the contact details provided in below.
- Contact us
We aim to always meet the highest standards to safeguard your privacy. Please contact us, if you require more detailed information on your rights regarding the personal data you have provided to us, the way we collect and use them, or if you wish to exercise any of the rights set out above.
Thus, if you have any questions related to the processing of your personal data or the exercise of the rights conferred on you by the applicable legislation and, in particular, mentioned in this Policy, you can use the following contacts:
Without prejudice to any other administrative or judicial remedy, the User is entitled to submit a complaint to the National Data Protection Commission or other competent supervisory authority under the law, if the processing of data by P2P is believed to violate the legal scheme in force from time to time.
Portuguese law and jurisdiction will apply.
- Changes to the Personal Data Processing Terms
P2P may change this Policy at any time. These changes will be duly publicized in the pages of the Website(s).