This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari, or Firefox.

FREE SHIPPING ON PURCHASES OVER €155

Cart 0

Congratulations! Your order qualifies for free shipping Only €155 is missing. to get free shipping!
No more products available for purchase

Is this a gift?
Subtotal Free

Shipping, taxes, and discount codes are calculated at checkout
Add order notes

Your Cart is Empty

Privacy policy

The present Privacy Policy has been developed to support Silva Pinto & Monteiro Araújo, Lda, a company with tax identification number 514292830, headquartered at Rua Amália Rodrigues, No. 183, 4630-420 Marco de Canaveses - hereinafter referred to as Violeta, owner of the website www.violetastore.pt, in adapting its activity to the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 ("GDPR").

This policy is complemented by others on security, which are relevant to the company's business, describing together Violeta's approach to information security and privacy.

This policy applies to all Professionals and Partners of Violeta and, when identified, to third parties accessing the company's assets.

The terms 'Privacy', 'Data Privacy', and 'Data Protection' can be used interchangeably as they are associated with a complex set of legal requirements that apply to Personal Data, which goes beyond data security and confidentiality. For example, it includes requirements on data usage transparency and retention.

Compliance with this policy is mandatory, and therefore, all Professionals and Partners have the individual responsibility to ensure compliance with it and, if necessary, should seek clarification from the leaders of their respective teams.

It is Violeta's responsibility to define the appropriate mechanisms to achieve compliance with this policy, with operational implementation responsibility lying with the teams, supported by the Privacy Officer.

Compliance with this policy may be monitored through inspections, audits, and/or requests for written confirmation of compliance, with all areas responsible for regularly assessing their compliance with it within their area of responsibility.

In accordance with this, any employee who has violated this policy is subject to disciplinary action.

This policy is based on the principles established in the GDPR. However, there are national differences in the applicability of data protection and privacy of Violeta, when processing personal data outside the EU, when receiving personal data from outside the EU, or when processing personal data of non-EU citizens.

In case of doubt, contact Violeta through the provided contacts.

Data Protection Principles

In the scope of our activity, we process Personal Data: whether we receive personal data during our business opportunities, our commitments with clients, marketing activities, or a series of other related and supporting activities. Data may be received directly from a Data Subject (e.g., in person, via mail, email, phone, or other sources), notably from our clients, partners, subcontractors, joint controllers, support service providers, and credit reference agencies.

All professionals and partners must only request personal data from a Data Subject that are relevant and necessary to fulfill a specific business purpose and task.

Violeta is committed to complying with the principles of personal data protection defined by the GDPR, namely:

  • Lawfulness, fairness, and transparency: meaning that we must have a legitimate reason under which we process Personal Data, e.g., consent of the Data Subject, compliance with a legal obligation to which we are subject. It also means that we must inform the Data Subject clearly about the processing;
  • Purpose limitation: we must only request Personal Data for specific, explicit, and legitimate purposes and not process them beyond the purpose for which they were requested;
  • Data minimization: the Personal Data subject to processing must be adequate, relevant, and limited to what is necessary; Accuracy: we have an obligation to ensure that Personal Data is accurate and update it whenever necessary;
  • Storage limitation: we must not retain Personal Data for longer than necessary for the purposes for which they are processed, although we may retain some for historical and statistical purposes; Integrity and confidentiality: we must have appropriate security controls in place to protect data against unauthorized and illegal processing, loss, destruction, or damage, including technical and organizational measures, such as defined processes, training, and awareness;
  • Legal transfer outside the European Economic Area: we only transfer Personal Data outside the EEA if appropriate safeguards are in place, such as a contractual basis;
  • Data Subject's rights: Data Subjects have various rights that we must respect (e.g., the right to access a copy of the data we hold and the right to withdraw consent given for direct marketing purposes).

Lawfulness and fairness in processing

Whenever Personal Data is collected, there must be a legal basis for the processing involved. According to the GDPR, we must identify at least one of the following reasons for processing Personal Data:

Consent: The Data Subject has given consent for them to be processed for one or more specific purposes; Contractual: Processing is necessary for the performance of a contract to which the Data Subject is a party or for pre-contractual measures; Legal: Processing is necessary to comply with a legal obligation to which the Controller is subject; Vital interests: Processing is necessary to protect the vital interests of the Data Subject; Public interest: Processing is necessary for the performance of a task carried out in the public interest; Legitimate interests: Processing is necessary for the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.

When acting as Controller, we must ensure that we have a lawful basis for collecting and processing Personal Data.

In some situations, we may act as a Processor on behalf of our client, in which case it is the responsibility of the client to ensure that there is a lawful basis for the processing of Personal Data, which they should share with us. However, we must take measures to ensure that our contract is clear about our responsibilities in this regard and that, if we collect Personal Data directly from Data Subjects on behalf of the client, we have the bases to do so legitimately.

When a Special Category of Data is processed, an additional set of conditions must be met. Please contact Violeta for further guidance.

The GDPR requires that Data Subjects be provided with information about the processing to ensure fair and transparent processing. Whenever we collect Personal Data, we must ensure that we adequately explain the reason why we need the information and how we will process it. When information is gathered through our website, this information is provided through a 'Privacy Notice'.

Any other information to be provided when collecting personal data should also be provided on the internet. Refer to our Privacy Policy and Cookie Policy for more information.

Processing only for specific purposes

Whenever we collect and process Personal Data, we must ensure that we only use it for the specific purposes that have been communicated to the respective Data Subject.

Violeta should never process Personal Data for additional purposes that have not been communicated to the Data Subject. Only then will we be clear about the purpose of processing, and we must understand the purposes for which our clients may have collected the Personal Data or contact the Privacy Officer.

 

Appropriate, relevant, and limited processing

When we collect and process Personal Data, we must follow the principle of data minimization. This means that we should only collect the minimum Personal Data necessary to perform a specific task.

Additionally, we must ensure that we have an adequate amount of personal data to perform a specific task properly. For example, collecting only the necessary data to identify a person.

This also applies to any sharing and other processing activities. It is important to minimize the data held and processed; we must ensure that if we share data internally or externally or use it in activities such as testing, we should only use/share the minimum amount in each case.

Accuracy of personal data

We have an obligation to ensure that Personal Data is kept accurate and up to date. We must ensure that adequate processes are in place to keep data accurate where necessary (for example, of professionals or current and potential clients held by the relevant areas).

When acting as Controller in relation to a client we will not be obliged to implement mechanisms to keep this data up to date; this will be the responsibility of the Controller, i.e. our client.

 

Conservation of Personal Data

Personal Data should not be retained for longer than necessary. This means that we must establish and apply maximum retention periods for the Personal Data we process and implement processes to delete them upon expiration. Therefore, the following retention periods may apply:

(i) for as long as necessary for the relevant activity or services;

(ii) any retention period required by law;

(iii) the end of the period during which disputes or investigations may arise concerning the services; or

(iv) for the minimum period provided for in the contract.

 

Rights of Data Subjects

The GDPR requires us to inform individuals about the Personal Data we collect, the purposes and means for which they are processed. Such information is provided in the form of a 'Privacy Notice'.

a) Right of Access

  • The Data Subject has the right to request access to the Personal Data we hold about them, the purpose of the processing, and the categories of data concerned.
  • We must notify the Data Subject of the recipients with whom we will share their data, especially if the recipient is in another country or belongs to an international organization.
  • Where possible, we will define the data retention period to meet business objectives.
  • We must inform the Data Subject of the right to object to processing and their right to rectification and erasure.
  • We must inform the Data Subject of their right to lodge a complaint with a supervisory authority.
  • When data is collected from someone other than the Data Subject themselves, we must inform the Data Subject of the source of this data.
  • We must ensure that we have processes in place to identify and respond to Data Subject access requests promptly and within a maximum period of one month.

b) Right to Rectification

Data Subjects have the right to rectify inaccurate data, and Violeta must make every effort to do so immediately.

c) Right to Erasure

The Data Subject has the right to obtain from the Data Controller the erasure of their data ('right to be forgotten'). It is Violeta's responsibility to delete the data held as soon as possible, except when there is a legal requirement for its retention. If a request from a Data Subject is received, contact the Privacy Officer before deleting any data.

d) Rights of Children

All individuals, including children, are protected by the GDPR. For children under the age of 13, we must not process their Personal Data based on their consent unless authorized by their respective parental responsibilities.

e) Marketing

Sometimes we may send marketing material to our clients and partners to inform them of services, future events, or other activities of interest to them, in which case we must indicate the right to withdraw consent at any time if they wish not to be contacted again on these terms. We must also ensure that we have processes in place to ensure that all participation preferences are recorded and respected.

Security of Retained Data

Violeta will maintain data security by protecting the Confidentiality, Integrity, and Availability of Personal Data, as follows:

Confidentiality means that only authorized personnel can access the data;

Integrity means that Personal Data must be accurate and suitable for the purposes inherent in the processing;

Availability means that authorized users must be able to access the data if they need it for authorized purposes.

Disclosure of Data

All professionals and partners must avoid any inappropriate disclosure of Personal Data and comply with our general duties regarding Confidentiality.

It is allowed:

a) To disclose Personal Data to third parties only under instruction or when we have a legitimate basis to do so, and there are no restrictions in place.

b) To disclose Personal Data to third parties in the event of selling or buying any business or assets, or when we are a Joint Controller for processing, as part of a joint venture.

c) To share Personal Data with a third party who is processing data on our behalf, which may include transferring data to a third country.

 

Generally, Personal Data may be disclosed:

a) To Professionals or agents so they can perform their functions as such.

b) In cases where non-disclosure may harm the prevention or detection of crimes, the prosecution of offenders, or the assessment or collection of any tax or duty. Violeta must have adequate reasons to disclose the data under this category to avoid criminal proceedings. All disclosures must be justified and documented.

For legal purposes, data may be disclosed if:

a) Required by law, statute, or court order.

b) For the purpose of obtaining legal advice;

c) In the scope or for the purposes of judicial proceedings or when necessary for the defense of a legal right.

d) For the safeguarding of national security.

 

International Transfer of Personal Data

Violeta may transfer any Personal Data to a third country or international organization. The Personal Data we hold may also be processed by employees operating in a third country or by one of our suppliers.

We must ensure that at least one of the following conditions applies:

a) The country to which the Personal Data is transferred guarantees an adequate level of protection for the rights and freedoms of Data Subjects, by decision of the EU Commission.

b) Appropriate safeguards are provided (e.g., standard data protection clauses).

c) The Data Subject has given explicit consent to the transfer after being informed of the potential risks.

d) The transfer is necessary for one of the reasons set out in the GDPR, including the performance of a contract between Violeta and the Data Subject, or the protection of the vital interests of the Data Subject.

e) The transfer is legally required for important reasons of public interest or for the initiation of legal proceedings or defense in the same context.

 

Log information, cookies, and web beacons

Violeta's website uses cookies to distinguish its users. Violeta collects standard internet log information, including the user's IP address, browser type and language, access times, and addresses of referring websites.

To ensure that our website is well-managed and to facilitate navigation, Violeta or its service providers may also use cookies (small text files stored in the user's browser) or web beacons (electronic images that allow our website to count visitors who access a site and certain cookies) to collect aggregated data.

Professional Information

Collection and Retention

  • As an employer, Violeta collects, processes, and retains personal data of workers, contractors, consultants, and candidates. The Human Resources Department and other departments processing Personal Data of professionals must verify and document the legal basis inherent in the processing they carry out.
  • The Personal Data of professionals should only be processed when there is a valid and legitimate purpose for doing so. The collection of personal data related to our employees occurs through various channels and formats, such as: registration forms; electronic web forms (e.g., during the recruitment process); data records; CCTV images; Team photographs, including identification cards; data from other sources (e.g., previous employers); credit checks, and security checks; etc.
  • The creation and storage of personal data related to our professionals occur through various channels and formats, such as: payment receipts; evaluation records; Employment contracts; emails; sickness records; etc.

Training and Awareness

We are committed to providing adequate training on personal data protection to all professionals. If necessary, we will provide personalized training and awareness to individuals according to their roles.

Process Design and Amendment

For all proposed new business systems and procedures involving Personal Data, it must be considered whether a privacy impact assessment is required to identify risks and controls.

COOKIE POLICY

This website uses cookies to provide a better experience for its visitors, as well as to ensure that it is fully operational. This Cookie Policy is part of our Privacy Policy, which you should consult for more information about us and how we protect user information. In order to provide a personalized and efficient service to our users, it is necessary to memorize and store information about how this Website should be used. To do this, we use small text files called cookies that contain small amounts of information downloaded to the user's computer or other devices through a server. The user's internet browser subsequently sends these cookies back to the Website on each subsequent visit, allowing the recognition and memorization of the identity of our visitors, including their usage preferences. You can find more detailed information about cookies and how they work here (aboutcookies.org). Browsing this Website allows the collection of information using cookies and other technologies. By using this site, you accept the use of cookies as described in this Cookie Notice.

What types of cookies are used and why?

Some of the cookies we use are necessary to allow navigation on this website and to take advantage of its features such as accessing secure areas and content exclusively for registered users. Our website also uses functional cookies to record information about our users' options and allow us to adapt our website to their needs; for example, remembering the user's language of origin or region or that a user has completed the filling out of a survey. The recorded information is anonymous and is intended only for the purpose mentioned above. We may use, directly or indirectly, web analytics services to assess the effectiveness of our content and the preferences of our users, which allow us to contribute to the optimization of the operation of this website. Additionally, we use web beacons or tracking pixels to count the number of visitors and performance cookies to monitor how individual users access our website and how often. This information is used only for statistical purposes without identifying any particular user. However, for registered users who are logged into the website, we may combine this information with data collected via web analytics services and cookies to analyze in more detail how visitors use this website. This website does not use targeting cookies to promote targeted advertising to our visitors. Whenever detailed information about the cookies used on our website is needed, we appreciate your contact via email.

How to control cookies?

Website users accept the introduction of cookies on their computers or devices in the terms indicated above without prejudice to the available control and management. We inform users that removing or blocking cookies may affect their user experience and may limit access to some areas of the website.

Browser Controls

The vast majority of browsers allow our users to view stored cookies and delete them individually or alternatively block cookies on a specific website or all of them in general. We remind you that set preferences, including self-exclusion, are lost whenever cookies are deleted. For further clarification, users should consult the websites or cookiecentral.com.

Management of analytics cookies

Our users may choose to exclude their anonymity in their browsing activity within the websites monitored by analytics cookies. We use the following service providers where you can obtain more information about their privacy policies and how to exclude their cookies by clicking on the following links:

Google Analytics: google.com/analytics/learn/privacy.html

Facebook Pixel: facebook.com/business/help/742478679120153

Management of local shared objects or flash cookies

A local shared object or flash cookie resembles other browser cookies, but differs in that it can store more types of information. These cookies cannot be controlled through the mechanisms identified above. Some areas of our website use this type of cookies to store user preferences for media player features, and without them, the content of some videos cannot be properly viewed. These cookies can be manually controlled by visiting the Adobe website.

Social buttons

We use social buttons to allow our users to share or add pages to favorites. These buttons are related to social networks that may obtain information about our visitors' activities on the Internet, including on our website. Understanding how the information is used and how users can be excluded from its collection should be obtained by reviewing the respective Terms of Use and Privacy Policies of those websites.

Email communications

To assess the relevance of our communications, we may use monitoring technologies to determine if our visitors have read, clicked on links, or forwarded certain email communications sent by us. If users disagree with this approach, they should unsubscribe, as it is not possible to send these emails without these active monitoring mechanisms. Registered subscribers can update their communication preferences at any time by contacting us via email, or they can unsubscribe by following the instructions in the email communication sent to their email address.

This Cookie Policy may be revised at any time, at our discretion. When such changes occur, the revision date at the top of the page will be changed. The amended Cookie Policy will come into effect from the revision date. We recommend that users of our website periodically review the Cookie Policies for the purpose of staying informed about our management of cookies.

Updated March 4, 2024