Privacy policy
GoldNutrition collects some personal data from users (data subjects). In order to comply with Regulation 2016/679 on the processing of personal data, which entered into force on May 25, 2018, GoldNutrition hereby informs you:
Data Controller
GoldNutrition
Rua dos bem Lembrados
2645-471 Cascais - Portugal
Contact e-mail of the Data Protection Officer:
- Types of personal data processed
The types of personal data that GoldNutrition processes, by itself or through third parties, are name, surname, telephone number, company name, e-mail address, address, website, usage data, Cookie and User name.
Personal data may be freely provided by the user or, in the case of usage data, collected by registering on GoldNutrition's website or platforms. Unless otherwise specified, all data collected by GoldNutrition is mandatory and failure by the User to provide this data may make it impossible for GoldNutrition to provide its services. In cases where GoldNutrition specifically states that some data is optional, users are free to stop communicating this data without any consequences for the availability or operation of the service.
Users who have any doubts about the type of processing, the lawfulness of the processing and the data involved are invited to contact the data controller at the address above or by emailing the Data Protection Officer.
Any use of cookies - or other tracking tools - by this website or by the owners of third-party services used by this website will be for the purpose of providing the services requested by the user, in addition to the other purposes described in this document and in the cookie policy, if available.
- Security in the processing of personal data
The data controller guarantees that the data is housed in systems equipped with protection measures aimed at ensuring a level of trust appropriate to the risk, in accordance with Regulation 2016/679, Article 32.
Personal data is obtained using computers and/or IT-enabled tools, following organizational procedures and means strictly related to the purposes indicated. In addition to the controller, in some cases the data may be accessed internally by GoldNutrition's administration, sales, marketing, legal system administration departments and subcontractors (such as external technical service providers, postal services, hosting providers, IT companies, communication agencies) appointed, where necessary, as data processors by the controller. The updated list of these parties can be requested from the controller at any time.
- Lawfulness to process personal data
The controller may process personal data relating to the user if one of the following applies (Regulation no. 2016/679, Article 6):
- Users have given their consent for one or more specific purposes;
- The processing of personal data is necessary for the performance of a contract with the user and/or any pre-contractual obligations of the user;
- The processing of personal data is necessary for compliance with a legal obligation to which the owner is subject;
- The processing of personal data is necessary for the purposes of legitimate interests pursued by the owner or a third party;
In any case, the personal data protection officer appointed by the Controller will willingly cooperate to clarify the legal basis for the processing, and in particular if the provision of data is a mandatory requirement by law or contract, or a necessary requirement to enter into a contract.
- Place of processing of personal data
Personal data is processed at the registered office of the Controller. Depending on the User's location, data transfers may involve the transfer of User Data to a country other than their own.
Users also have the right to be informed about the legal basis for transfers of Data to countries outside the European Union or to any international organizations governed by public international law or formed by two or more countries, and about the security measures taken by the Controller.
If any such transfers occur, Users can find out the reasons in the relevant sections of this document or by asking the Owner using the information provided in the contact section.
- Personal data retention period
Personal Data will be kept for as long as necessary for the purposes for which they are collected.
Therefore:
Personal Data collected for the purposes related to the performance of a contract between the Controller and the User shall be kept until such contract has been fully performed.
Personal Data processed for purposes related to the legitimate interests of the Owner will be kept for as long as necessary to fulfill such purposes. Users may obtain specific information on the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Data Protection Officer.
- Purposes of processing
User Data is collected to enable the Data Controller to provide its services and products, as well as for the following purposes: contacting the user, anti-spam protection, access to third-party service accounts, statistics, saving and backup management, content commenting, viewing content from external platforms, payment processing, interaction with social networks and external platforms, user database management, interaction with data collection platforms and other third parties, email address management and messaging, registration and authentication, tag management and traffic optimization and distribution.
Facebook permissions requested by the GoldNutrition website
The GoldNutrition website may request certain Facebook permissions that allow it to perform actions with the user's Facebook account and to retrieve information, including personal data. This service allows connection to the User's account on the Facebook social network, provided by Facebook Inc.
For more information on the following permissions, see the Facebook permissions documentation and the Facebook privacy policy.
The permissions requested for the collection of personal data are as follows: birthday, e-mail address, first name and last name.
Klarna Privacy Policy
In order to offer Klarna's payment methods, at the time of payment, we may transmit to Klarna during the purchase process your personal data included in the contact form and order details, so that Klarna can assess whether you meet the requirements to access its payment methods and to adapt these payment methods to your profile. Your personal data is processed in accordance with the provisions of Klarna's privacy policy.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
- Access to third-party service accounts
This type of service allows the GoldNutrition website to access your account data with a third-party service and perform actions with it.
These services are not activated automatically, but require explicit authorization from the user (holder of the personal data).
- Facebook account access
This service allows the GoldNutrition website to connect with the User's account on the Facebook social network, provided by Facebook, Inc.
Permission request: birthday, email contact and email.
Place of processing: USA - Privacy Policy.
Content commenting
Content commenting services allow users to create and publish comments on the content of this service (on the GoldNutrition website).
Depending on the settings chosen by the controller, users can also leave anonymous comments.
If an e-mail address is indicated in the personal data provided by the user, it can be used to send notifications and comments on the same content. Users are responsible for the content of their comments.
If a content commenting service provided by a third party is installed, it may still collect web traffic data for the pages where the commenting service is installed, even when users do not use the content commenting service.
- Directly managed comment system (on the GoldNutrition Site)
This Site has its own internal content comment system.
Personal Data processed: cookie, e-mail, name, username, surname and website.
Contacting the User
- Contact form (GoldNutrition website)
By filling in the contact form on the GoldNutrition website with their details, users authorize the data controller to use these details to respond to requests for information, quotations or any other type of request as indicated in the title of the form.
Personal data processed: name, user surname, e-mail address, company name, telephone number, country and website.
- Mailing list or newsletter (GoldNutrition website)
By registering for the mailing list or newsletter, the user's e-mail address will be added to the contact list of those who may receive e-mail messages containing commercial or promotional information about this site. Your e-mail address may also be added to this list as a result of your registration on the GoldNutrition website or after making a purchase.
Personal data processed: e-mail address, first and last name.
- Contact telephone number (GoldNutrition website)
Users who provide a telephone number may be contacted for commercial or promotional purposes related to this site, as well as to fulfill support requests.
Personal data processed: first name, last name, telephone number.
Statistics
The services contained in this section enable the controller to monitor and analyze web traffic and may be used to track user behavior.
- Google Analytics (Google Inc.)
Google Analytics is an internet analysis service provided by Google Inc. ("Google"). Google uses the data collected to track and examine the use of this service (this Site) to prepare reports on activities and share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network.
Personal data processed: cookie and usage data.
Place of processing: USA - Privacy Policy - Opt Out.
- WordPress Stat (Automattic Inc.)
WordPress is an analysis service provided by Automattic Inc.
Personal Data processed: cookie and usage data.
Place of processing: USA - Privacy Policy.
User database management
These types of services allow the controller to create user profiles from an e-mail address, a personal name, or other information that the user provides on the GoldNutrition website, as well as tracking user activities through analytical resources.
This personal data may also be combined with publicly available information about the user (such as social network profiles) and used to build private profiles that the owner can display and use to improve the service of the GoldNutrition website.
Some of these services may also be enabled to send scheduled messages to the user, such as emails based on actions performed on this service on the GoldNutrition website.
Managing e-mail addresses and sending messages
These types of services make it possible to manage a database of e-mail contacts and telephone numbers for communication with the User.
These services can also be used to process data relating to the date and time when the User viewed the e-mail or when the User interacted with the e-mail received (e.g. when the User selected the links included in the e-mail).
- MailChimp (The Rocket Science Group, LLC.)
MailChimp is an e-mail address management and message sending service provided by The Rocket Science Group, LLC.
Personal Data processed: e-mail.
Place of processing: USA - Privacy Policy.
Tag management
This type of service helps the Data Controller to manage the tags or scripts required by the GoldNutrition website in a centralized manner. As a result, user data is processed by these existing services and used later for remarketing campaigns.
- Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data processed: Cookie and Usage Data.
Place of processing: USA - Privacy Policy.
Interaction with data collection platforms and other third parties
These types of services allow users to interact with data collection platforms or other services directly from the pages of the GoldNutritiom website in order to store (save) and reuse data.
If one of these services is installed by the Controller on the GoldNutrition website, it may collect usage and browsing data on the pages where they are installed, even if users do not actively use the service.
Interaction with social networks and external platforms
These types of services allow users to interact with social networks or other external platforms directly from the pages of the GoldNutrition website. The interaction and information obtained by the GoldNutrition website is always subject to the user's privacy settings on each social network. If a service that allows interaction with social networks is installed by the person responsible, it may collect traffic data for the pages where the service is installed, even when users are not using them.
- The Facebook like button and social widgets (Facebook, Inc.)
The Facebook like button and social widgets are services that allow user interaction with the Facebook social network provided by Facebook, Inc.
Personal Data processed: cookie and usage data.
Place of processing: USA - Privacy Policy.
- The LinkedIn social button and widgets (LinkedIn Corporation)
The LinkedIn social button and widgets are services that allow users to interact with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data processed: cookie and usage data.
Place of processing: USA - Privacy Policy.
- The YouTube social button and widgets (Google Inc.)
The YouTube social button and widgets are services that allow users to interact with the YouTube social network provided by Google Inc.
Personal data processed: usage data.
Place of processing: USA - Privacy Policy.
Payment processing
Payment processing services allow the GoldNutrition website to process payments by credit card, bank transfer or other means.
In order to protect personal data from the moment the transaction is made and by default, the site only collects (from the user, i.e. the holder of the personal data) and transmits (to the financial intermediaries) the information that is strictly necessary to make the payment.
Some of these services may also enable the sending of time-scheduled messages to the User of this Site such as email-based invoices and other notifications.
- Paypal
PayPal is a payment service provided by PayPal Inc., which allows users to make payments online.
Personal data processed: various types of data as specified in the service's privacy policy.
Anti-spam protection
These types of services analyse traffic potentially containing users' personal data, with the aim of filtering out parts of the traffic, messages and content that are recognized as SPAM.
- Google reCAPTCHA (Google Inc.)
Google reCAPTCHA is a SPAM protection service provided by Google Inc.
The use of reCAPTCHA is subject to the privacy policy and the terms of use of Google.
Personal data processed: cookie and usage data.
Place of processing: USA - Privacy Policy.
Registration and authentication
By registering or authenticating, users allow the GoldNutrition website to identify them and users are granted access to dedicated services.
Depending on what is described below, registration and authentication services may be provided by third parties (e.g. logging in to the GoldNutriton website using Facebook credentials).
In this case, the GoldNutrition website may access some data stored by these third-party services for registration or identification purposes.
- Facebook Authentication (Facebook, Inc.)
Facebook Authentication is a registration and authentication service provided by Facebook, Inc. and is connected to the Facebook social network.
Personal data processed: various types of data as specified in the service's privacy policy.
Place of processing: USA - Privacy Policy.
Saving and backup management
These types of services enable the controller to save and manage backups of the website processed at the controller's headquarters. The backups may include the source code and content, as well as the data that the user provides on the Site.
Viewing content from external platforms
These types of services allow the user to view and interact with the content installed by the controller on external platforms or directly on the pages of the GoldNutrition website. If this type of service is installed, it may collect web traffic data for the pages where the service is installed, even when users are not using them.
- Google Fonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc. that allows this website to incorporate content of this type of data into its pages.
Personal data processed: usage data and various types of data as specified in the service's privacy policy.
Place of processing: USA - Privacy Policy.
- Google Maps widget (Google Inc.)
Google Maps is a map visualization service provided by Google Inc. that allows this Site to incorporate the content of this type of data into its pages.
Personal data processed: cookie and usage data.
Place of processing: USA - Privacy Policy.
Users' rights
Users may exercise certain rights with regard to their data processed by the owner.
In particular, users have the following rights:
- Withdraw consent at any time. Users have the right to withdraw their consent in cases where they have previously given their consent to the processing of their personal data from epd@goldnutrition.pt.
- Object to the processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.
- Access their data. Users have the right to obtain information about the processing of their personal data and to obtain a copy of the data being processed.
- Verify and request rectification of their data. Users have the right to check the accuracy of their data and to ask for it to be updated or corrected.
- Restrict (limit) the processing of their data. Users have the right to restrict the processing of their data in accordance with Article 18 of Regulation No. 2016/679.
- To have their personal data erased. Users have the right to have their personal data erased, in accordance with Article 17 of Regulation No. 2016/679.
- Receive their data and have it transferred to another controller (Portability). Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller. This determination is conditional on the user formally exercising this right.
- Lodge a complaint. Users have the right to lodge a complaint with the National Data Protection Commission.
- The exercise of the above rights by holders of personal data should be made to the e-mail epd@goldnutrition.pt.
Details of the right to object to the processing of personal data
In cases where personal data is processed in the public interest, in the exercise of an official authority vested in the controller or for the purposes of the legitimate interests pursued by the controller, users may object to such processing without any justification being required.
Users should be aware, however, that if their Personal Data is processed for direct marketing purposes, they may object to such processing at any time without providing any justification.
These requests can be exercised free of charge and will be dealt with by the Data Protection Officer as soon as possible and in all cases within a period of less than one month.
Cookies Policy
The website uses cookies. To find out more and for a more detailed warning about cookies, the user can consult our Cookie Policy.
Additional information on the processing of personal data
In addition to the information contained in this privacy policy, the GoldNutrition website may provide the user with additional and contextual information about the specific services or the collection and processing of personal data upon request.
System logs and maintenance
For operation and maintenance purposes, the GoldNutrition website and any third-party services may collect files that record interaction with this website (system logs) or use other personal data (such as IP address) for this purpose.
Changes to this privacy policy
The controller reserves the right to make changes to this privacy policy at any time by communicating to its users via e-mail, the website or by letter to the extent technically and legally feasible - by sending a notice to users via any contact information available to the controller. It is highly recommended that the site be consulted several times in relation to the latest modification described at the bottom.
If the changes affect processing activities carried out on the basis of the user's consent, the controller will collect new consent from the user where required.
Definitions and legal references
Personal Data (or Data)
1) "Personal data" means information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2) "Processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
4) "Profiling" means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects relating to his or her performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
(7) 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to its appointment may be provided for by Union or Member State law;
(8) "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
9) "Recipient" means a natural or legal person, public authority, agency or other body that receives communications of personal data, regardless of whether or not it is a third party. However, public authorities that may receive personal data in the context of specific inquiries under Union or Member State law are not considered recipients; the processing of such data by such public authorities must comply with the applicable data protection rules depending on the purposes of the processing;
(10) 'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
11) "Consent" of the data subject means a freely given, specific, informed and explicit indication of his or her wishes by which the data subject signifies agreement, by a statement or by an unambiguous affirmative action, to personal data relating to him or her being processed;
21) 'supervisory authority' means an independent public authority established by a Member State in accordance with Article 51
(23) 'cross-border processing' means (a) the processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or a processor in the Union, where the controller or processor is established in more than one Member State; or (b) the processing of personal data which takes place in the context of the activities of a single establishment of a controller or a processor, but which substantially affects, or is likely to substantially affect, data subjects in more than one Member State;
(24) 'relevant and reasoned objection' means an objection to a draft decision which seeks to establish whether there has been a breach of this Regulation or whether the action envisaged in respect of the controller or processor is in accordance with this Regulation, clearly demonstrating the seriousness of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where appropriate, to the free movement of personal data within the Union;
(26) 'international organization' means an organization and the bodies governed by it governed by public international law, or another body established by or on the basis of an agreement concluded between two or more countries.
- Usage Data
The information collected automatically through this Site (or third-party services contracted on this Service (this Site)), which may include: the IP addresses or domain names of the computers used by users using this site, the URI addresses (Uniform Resource Identifier), the date and time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response server (positive result, error, etc.), the country of origin, the number of requests made, the number of requests made, the number of requests made, the number of requests made, the number of requests made, the number of requests made, the number of requests made, the number of requests made, the number of requests made, etc.), the country of origin, the characteristics of the browser and operating system used by the User, the various time details per visit (for example, the time spent on each page within the application) and the details on the path followed within the application, with particular reference to the sequence of pages visited and other parameters on the operating system of the User's device and/or IT environment.
- User
The person using this website who, unless otherwise specified, coincides with the data subject.
- Data Subject
The natural person to whom the personal data refers.
- Data Controller
GoldNutrition
Rua dos bem Lembrados
2645-471 Cascais - Portugal
- Contact e-mail of the Data Protection Officer:
- Service
The service provided by the Site/Application as described in the relevant terms (if available) and on this Site/Application.
- European Union (or EU)
Unless otherwise specified, all references in this document to the European Union include all current member states of the European Union and the European Economic Area.
- Cookie
Small units of data stored on the user's device.
- Legal information
This privacy statement has been prepared on the basis of multiple legal provisions, including Articles 13/14 of Regulation (EU) 2016/679 (GDPR - General Data Protection Regulation).
This privacy policy refers only to this website, with the exception of the cases expressly referred to in this document