Responsible for Data Processing
The collection and processing of data that we carry out complies with the requirements of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016.
Data Subjects Rights
Data subjects have the right to:
- Access – BCI data subjects have the right to access their personal data. Access to personal data can be done by accessing the website’s user area, by entering the username and password chosen when registering at the website;
- Rectification, deletion, limitation or portability - the BCI data subject has the right to request the rectification, deletion, limitation of treatment and portability of their personal data, upon request by email addressed to BCI, and on a case-by-case basis, according to the data category in question.
- Opposition - the BCI data subject has the right to object to the processing of data, for important and legitimate reasons, duly explained in writing, sent by email addressed to BCI;
- Notification – the BCI data subject has the right to be notified of the data processing, whenever it occurs in situations not foreseen in this policy;
- Automated processing – the BCI data subject has the right that decisions taken on the basis of “automated processing” that concern them or that significantly affect them and that are based on their personal data are taken by individuals and not just by computers. They also have the right, in this case, to express their point of view and to challenge the decision.
- Right to complain - BCI data subjects have the right to complain about the way their data is handled to the responsible for data processing identified above in first instance or to the National Data Protection Commission (www.cnpd.pt) on second.
The categories of data collected by BCI are:
- Data for membership subscription – “membership”;
- Data for billing membership or store products – “invoicing”;
- Contact details – “contact”;
- Data for shipment of goods – “shipping”;
- Data for newsletter – “newsletter”;
- Contact forms – “contact form”.
Data Collection and Purpose
The data we collect through our website is submitted by the user at the time of membership subscription or store products purchase.
- Membership Subscription Data is collected in order to be possible to validate the information of the user and to provide access to private members area;
- Billing data is collected in order to be able to carry out the commercial transaction related to membership subscription or store products purchase, and, accordingly, issue a legal billing document on behalf of the user;
- Contact details are collected in order to communicate with the user, on a member relation or costumer relation in the pre-purchase and post-purchase period, as well as in future technical assistance, return or complaint situations;
- Data for shipment of goods is collected to allow the shipment of goods, whenever the address in question is different from the address used for invoicing;
- Data for newsletters is collected for the purpose of sending information to the user;
- Data from Contact Forms is collected through the several contact forms available in the website and result from the user submission. The purpose of this collection is to provide feedback to the users request;
Data processing occurs after a membership subscription or purchase order by the user (membership, invoicing, contact and shipping data categories), or after subscribing to our newsletter (newsletter data category);
Safety in treatment
The data collected is recorded in a database in the BCI website. Access to the website's administration panel, access to the hosting control panel and access to the database manager are secured with strong passwords and 2-factor authentication.
The hosting account uses an updated SSL certificate.
Backup copies of the hosting are made daily for redundancy purposes and fortnightly for system reset purposes.
Data is stored locally on a BCI computer located at our headquarters. This computer has a password to access and resume after inactivity, firewall and antivirus program. This computer is periodically backed up to an external hard drive.
The management and invoicing software where the data is entered is configured with access levels, and only the Board and a person designated under its responsibility is allowed to change or delete any customer data. Access to the software in question is individual and made by password.
No data is transmitted to third parties, other than those imposed by legal obligations (invoicing).
We keep data for the periods of time mentioned below:
- Membership data is kept indefinitely for members history purpose;
- Billing data is kept indefinitely in our billing software;
- Contact details are kept for up to 3 years after the end of the membership subscription;
- Data for shipment of goods are kept up to 3 years after the last shipment of goods;
- Data for newsletters is kept permanently, unless the user requests its deletion;
- Data from Contact Forms is kept up to 1 year after the request the user sent us is fully satisfied.
Present changes do not affect membership subscriptions or purchases and/or other business relationships made in the past or in progress.