Privacy & personal data protection policy

INTRODUCTION

With this Cookies Policy, ICL-MARINHA, LDA., legal entity number 510661335, headquartered in Rua de Xabregas, n.º 20 piso 1 sala 1.02 1900-440 Lisboa, hereinafter "ICL", aims to inform the Clients/Users of ICL policies and procedures Regarding its Cookies Policy and its use and placement through the use of the website explored by ICL – www.day-guide.com. ICL respects the privacy of its Clients/Users, and is committed to protecting the information it collects from them, as well as complying with the legal rules in force defined by General Data Protection Regulation (GDPR).

Access to and the use of the website, as well as the subscription of the services and products it provides implies the accordance, acceptance and linking for users to this privacy and personal data protection policy.

1. WHO ARE WE?

ICL is a commercial company that operates in the sector of provision of services and technologies related to information, informatics and tourism.

ICL is committed to protecting the personal data of the Clients/Users of products and services that it provides and, as well, the personal data of the respective owners in all situations where a treatment occurs Personal Data.

2. NECESSITY OF THIS POLICY

Through this policy, it is intended to make known to Clients/Users the general rules for the processing of personal data, which are collected and treated in strict respect and compliance with the provisions of the legislation of Protection of personal data in force at all times, in particular regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") and other legislation on this subject which is applicable or enters into force , the Law No. 58/2019, of August 8th.

ICL is dedicated to the matter concerning the protection and confidentiality of personal data, having adopted the measures it considers appropriate to ensure the accuracy, integrity and confidentiality of personal data, as well All other rights that assist the respective holders of such personal data.

ICL honors the best practices in the field of security and protection of personal data, and has adopted the technical and organisational measures necessary to fulfil the GDPR and

to ensure that the treatment of personal data is carried out in alawful, fair, transparent and limited manner to the purposes authorized under the GDPR and other applicable legislation.

With this Privacy and Data Protection Policy, we intend to also review the provisions on the protection and processing of personal data provided for in the contracts that Clients/Users have established or establish with ICL, as well as the rules laid down in the terms and conditions governing the provision of the various services and which are duly advertised on our website.

3. PERSONAL DATA SECURITY MEASURES

ICL has always been concerned about ensuring the protection and security of personal data that is available to you. To this end, ICL has implemented an internal security policy and compliance with these rules constitutes an obligation for all those who legally access them in particular to their employees. These safety rules and measures are of a technical and organisational nature and are aimed at the protection of personal data against its dissemination, loss, misuse, alteration, treatment or unauthorised access, as well as against any other form of illicit treatment.

Furthermore, third parties who, in the context of services, are processing personal data of the Clients/Users on behalf of and on account of the ICL, are obliged in writing to carry out technical and security appropriate measures for each moment to meet the requirements set out in the RGPD and other applicable legislation and to safeguard the rights of the data subject.

In the framework of ICL's internal security policy, all forms of online personal data collection are securely encrypted and stored, and physical and logistical security measures have also been implemented.

However, this activity of ICL does not exempt the adoption of security measures by customers/users, in the light of the use of personal defense online systems (firewall, antivirus, anti-spyware , instruments for verifying the suitability of websites, etc.).

4. WHAT ARE PERSONAL DATA?

For the purposes of article 4 (1) of the GPRD, ' Personal data ' means “information relating to an identified or identifiable natural person ('data subject'); A natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such

as a name, an identification number, location data, electronic identifiers or To one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

5. PROCESSING OF PERSONAL DATA

For the purposes of article 4 (2) of the GPD, 'Processing' means “an operation or a set of operations carried out on personal data or personal data sets, by automated or nonautomated media, such as the collection, registration, organisation, structuring, preservation, adaptation or alteration, recovery, consultation, use, dissemination by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion or destruction."

6. WHO IS THE CONTROLLER?

ICL is responsible for the processing of personal data in accordance with the purposes and processing means of it at any time.

For the purposes set out in this policy or in the context of the GPRD, if the personal data subject has any need to contact ICL, it may do so through the email address dpo@dayguide.com or by writing communication to the address of the company, to the headquarters, whose address is: Rua de Xabregas, n.º 20 piso 1 sala 1.02 1900-440 Lisboa.

7. IS THERE A DATA PROTECTION OFFICER?

Although in terms of the RGPG and other legislation in force, ICL does not lack a data protection officer, ICL has decided to implement this solution.

The possibility of the existence and designation of a data protection officer is provided for in articles 37 and below of the GPRD.

You can contact the ICL Data Protection Officer, who in the case is João Carlos Pinto Correia, via the following email address: dpo@day-guide.com

8. TYPES OF PERSONAL DATA THAT MAY BE SUBJECT TO TREATMENT

Considering the activities developed by ICL, this entity proceeds to the processing of the personal data necessary for the provision of services, supply of goods or in its activities of social responsibility, by treating personal data such as name, address, telephone number, email address or tax identification number. The information collected may be greater or lesser depending on the information made available by the Clients/Users.

With the exception of obligations arising from compliance with legal obligations, all data shall be exclusively processed by ICL only to the extent that it is necessary for the development of its activity, also allowing the Clients/Users to have access, for example, to specific features of the services, suggestions and proximity information services.

Personal data, traffic, geographic location, profile and/or consumption may be subject to treatment for advertising purposes or disclosure of offers of goods or services by ICL, this is the case that the holder of the personal data has authorised/consented such.

If there is prior consent of the Clients/Users, it may be withdrawn at any time, without, however, the lawfulness of the treatment carried out on the basis of the consent previously may be called into question. For withdrawal of consent, you may use the email address: dpo@day-guide.com

9. CIRCUMSTANCES OF TREATMENT BY SUBCONTRACTORS

In the context of the activities developed, ICL uses third parties to provide certain types of services which may imply access by these entities to personal data of Clients/Users. When this happens, ICL ensures that the subcontractors comply with the standards of the GPRD and other applicable legislation as well as compliance with certain standards that are similar to our internal security policy.

In the case of communication of personal data to other subcontracted entities, ICL remains responsible for such personal data.

10. DESTINATION OF PERSONAL DATA

Personal data is only intended for ICL or its group companies and may only be the object used by third parties for the purpose of fulfilling legal obligations.

11. COLLECTION OF PERSONAL DATA

ICL only collects personal data by telephone, by email, by contractual means, through its(s) Website(s) and always ensuring the prior consent of the holders of personal data.

Note that some of personal data are indispensable to the execution of the concluded contracts and, in case of lack or insufficiency thereof, they may put into question the provision of services or the supply of goods on the part of the ICL.

For other personal data holders that aren’t ICL Clients/Users, the rules of this policy also apply to them.

The personal data collected can be processed in an automated or non-automated manner. ICL ensures compliance with the GPRD and other applicable legislation. Personal data is stored in specific databases, created for this purpose. Personal data will never be used for any purpose other than the one for which it was collected or for which consent was given by the data subject.

12. PURPOSES

In general, the personal data that are collected, are based on and are intended for the management of the contractual relationship, the provision of contracted services, the adequacy of services to the needs and interests of the Clients/Users, information and publicity actions.

As already stated, personal data may also be processed for the purposes of complying with legal obligations.

If this is the subject of consent by the Clients/Users, ICL may use the personal data provided by the holder for other purposes, such as for the purposes of social responsibility actions, sending complaints and suggestions, to make known campaigns, promotions, advertising and news about the products and/or services of ICL, as well as for conducting market studies or evaluation surveys.

13. RETENTION OF PERSONAL DATA

The preservation and storage of personal data is necessarily related to the purpose for which the information was collected and is dealt with.

Except where there may be a legal obligation to maintain personal data, such personal data shall only be stored and retained for the minimum period necessary for the purpose for which it was collected.

14. TRANSFER OF PERSONAL DATA

ICL does not transfer personal data and, if it succeeds, it will do so in accordance with the GPRD and other applicable legislation. This, however, does not affect the exercise of the right to portability on the part of the personal data subject.

15. YOUR RIGHTS AND WAYS OF EFFECTIVING THEM

As a personal data holder, ICL warrants to you, at any time, the right of access, rectification, updating, limitation and erasure of your personal data (except for the data that is indispensable to the provision of services or the provision of goods in which the contractual relationship still lasts), the right to oppose the use thereof for commercial purposes by ICL and the withdrawal of consent, as well as the right to portability of the data. All rights contained in the law that the personal data subject may exercise are provided by ICL.

For the exercise of these rights, you can contact us through the email address dpo@dayguide.com or by written communication addressed to the company, to the headquarters, whose address is: Rua de Xabregas, n.º 20 piso 1 sala 1.02 1900-440 Lisboa.

16. COMPLAINT

Although you can directly submit any complaints to ICL in the aforementioned terms, you may be able to file a complaint with the Control Authority which, in Portugal, is the National Commission of Data protection (CNPD – Comissão Nacional de Proteção de Dados), with address in Av. D. Carlos I, 134, 1, 1200-651 Lisboa.

17. CHANGES TO PRIVACY AND PERSONAL DATA PROTECTION POLICY

The ICL reserves the right, at any time and whenever it is necessary, to make changes that are necessary, and such changes are subject to publicity with the channels used by The ICL.