Our Commitment to the Protection of Personal Data
ORES SIGI, headquartered at Lugar do Espido – Via Norte, in Maia, registered under NIF 516614347 (hereinafter referred to as “the Company”), is the Data Controller of the personal data of users of this website (hereinafter referred to as “Users” or “Data Subjects”), including its restricted area (hereinafter referred to as “the website”).
As such, the Company must always process Users’ personal data in a responsible, fair, and transparent manner. We are strongly committed to protecting your privacy and your personal and private data. We collect, store, and use your personal data strictly in accordance with this Personal Data Protection Commitment and with the applicable data protection provisions, including, but not limited to, the European General Data Protection Regulation (GDPR) and national data protection laws.
As part of our commitment to protecting personal data, the Company will always strive to provide you with the information necessary to understand how and under what conditions your personal data is processed.
This document aims precisely to provide Users with the necessary information regarding the processing of their personal data within the scope of using our website.
2. Personal Data
Personal data is any information about an identified or identifiable person. This includes information about your identity, such as your name, email address, or home address. Any information that cannot be directly linked to your identity (e.g., statistical details such as the number of website users) is not considered personal data.
You may generally use our website without revealing your identity or providing any personal data. In this case, we will only collect general information about your visit. However, some services we offer require you to provide certain personal data. In general, we will only process such data for purposes related to your use of this website, including, but not limited to, providing the information you request. Whenever personal data is requested, only essential data must be provided. Additional information may also be requested, which is optional and provided voluntarily. We always inform you which fields are mandatory and which are optional. More detailed information is provided in the relevant section of this Personal Data Protection Commitment.
There is no automated decision-making based on your personal data in the context of using our website.
3. Processing of Personal Data
We store the information you provide on dedicated, protected servers located within the European Union. Technical and organizational measures are implemented to protect these servers against loss, destruction, unauthorized access, modification, or disclosure of your data. Access to your data is restricted to a limited number of persons responsible for the technical, commercial, or editorial support of these servers. Despite regular checks, full protection against all risks is not possible.
Your personal data is transmitted over the Internet in encrypted form. We use SSL (Secure Socket Layer) encryption for data transmission.
The website is intended for use only by persons over the age of 16. We do not knowingly or intentionally process children’s personal data. If we discover that we have collected personal data from children, we will immediately delete it. Please contact us if you become aware that we have collected or processed children’s personal data.
4. Disclosure of Personal Data to Third Parties
We use your personal data solely to provide the services you request. If we use external service providers in the execution of requested services, they will also have access to the data exclusively for service execution purposes. By implementing the necessary technical and organizational measures, we ensure compliance with data protection policies and require the same from our external partners.
We contractually require our service providers acting as our processors to implement appropriate security measures to protect your personal data.
Categories of recipients to whom we may disclose personal data include:
i. Entities providing website management services;
and possibly other entities providing the following services:
ii. Data storage (data centers);
iii. Design and execution of marketing materials and media;
iv. Provision of website infrastructure, technical support, maintenance, and application systems.
We may also transfer your personal data in the context of a business sale, merger, demerger, or change of control within the Company or in preparation for any such events. In any case, data processing by the entity receiving the data will comply with the terms of this Personal Data Protection Commitment.
Other than as stated above, we will not disclose personal data to third parties, including for advertising purposes, without your express consent. We will only disclose your personal data to third parties if you have given us your consent or if we are legally entitled or obliged to do so under statutory provisions and/or administrative or judicial decisions. This includes, for example, the provision of information for criminal prosecution, danger prevention, or to assert intellectual property rights.
5. Legal Basis for Data Processing
Throughout this Personal Data Protection Commitment, we inform you about the legal basis on which we process your personal data.
6. Data Deletion and Retention Period
We delete or anonymize any personal data you provide as soon as the purpose for which it was stored no longer applies. However, we may continue to retain your personal data if required by legal obligations to which we are subject, including but not limited to statutory retention and documentation obligations. In such cases, personal data will be deleted or anonymized after the legally specified retention period expires.
7. Communications
There are several ways you may contact us, including via the email address provided on our website and by telephone.
7.1 Contact via Email
If you contact us by email, we will collect the personal data you provide, including your name and email address. We will process any data transmitted via this contact method solely to respond to your request or concern.
It is your decision which information you provide in such communication. The legal basis for processing the data you provide in this context is your consent, under Article 6(1)(a) of the GDPR.
The data will be deleted once it is no longer needed to fulfill the purpose for which it was collected. For personal data, this means the conversation is considered ended once it can be reasonably inferred that the matter has been definitively clarified.
8. Other Information Regarding the Use of Our Website
8.1 Information Related to Your Computer
Each time you access our website, we collect the following information about your computer, regardless of whether you register: your computer’s IP address, browser request, and date/time of the request. We also collect the status and amount of data transmitted during the request. Additionally, we collect information about the browser product/version used and the computer’s operating system. The IP address is stored only while you are using the website and is then deleted or anonymized by truncation. The remaining data is stored for a limited time.
8.2 Use of Cookies
Like many other websites, ours uses cookies. Cookies are small text files stored on your computer that store certain browser settings and data for exchange with our website. Cookies allow us to recognize your device and immediately apply default settings. You can find detailed information about our use of cookies on our Cookie Policy Page.
8.3 Links to Other Websites
Our online service may contain links to other websites (examples: Google, Google Maps, Google Play Store, App Store). These links are usually marked as such. We cannot control whether linked websites comply with applicable data protection laws. Therefore, we recommend reviewing the data protection policies provided on those websites before following any links.
9. How Can You Exercise Your Data Protection Rights?
9.1 Data Subject Rights
You have extensive rights regarding the processing of your personal data. Data Subjects may exercise their rights by contacting the Company at: dataprotection@sonaesierra.com
Data Subjects may, under the law, exercise the following rights:
- Right of access;
- Right to rectification;
- Right to restriction of processing;
- Right to data portability;
- Right to object;
- Right to erasure (or the right to be forgotten)
You also have the right to lodge a complaint with the supervisory authority, which in Portugal is the Comissão Nacional de Proteção de Dados (CNPD).
9.2 Additional Information on Withdrawing Consent and Objecting to Processing
You may withdraw the consent you provided for the processing of your personal data at any time, with future effect. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To the extent that the processing of your personal data is not based on your consent but on another legal basis, you may object to the data processing. Your objection will be evaluated and, if legal conditions are met, processing will cease. You will be informed of the outcome of the evaluation and, if processing continues, you will receive further information on the reasons why the processing is permissible.
10. Updates to This Personal Data Protection Commitment
The terms of this Personal Data Protection Commitment may be changed or updated and will always be published on our website. Any revision is identified by the date on which it occurs (see below). We reserve the right to change this Personal Data Protection Commitment at any time, with future effect. Changes may be made, among other reasons, due to technical modifications to the website or legal changes in data protection. The current version of this Personal Data Protection Commitment will always remain available on our website. We recommend reviewing it regularly.
11. Atualizações do documento
| Date | Version | Country | Comment |
|---|---|---|---|
| 01/08/2025 | 1.0 | PT | Initial Version |