1. Who is the data controller and processor
The data controller and processor is Green Apple — International Trading, Lda., headquartered on Rua Aida Cunha e Silva, Edifício Du Bocage — 1º B, 2070-062 Cartaxo, Portugal, and with Portuguese company identification number 507303938 (henceforth ‘Green Apple’ or ‘we’).
2. What personal data is collected
Browsing through the public area of our website does not require registration. Therefore, no personal data is collected.
Access to the private area of our website requires you to initiate a registration process, where we will ask you to provide information that identifies your company (company name, address, fiscal identification number) and contact information (name of the person of contact, phone number and e-mail address).
Your access to the private area requires that we collect authentication information (e-mail address and password of the user account), as well as information on the date and hour of the last authentication and the contents of your favourites and shopping cart lists.
In the context of projects, it is usually necessary to collect additional information to support the elaboration of a proposal and its execution. The scope of the information that is necessary to obtain in this context will depend on the actual projection in question. As an example, we may need to obtain information on the architectural schematics, photographs of the spaces to be worked on the project, detailed information about your preferences (like style, colours, materials, etc.), among others.
3. How we collect your personal data
The collection of your personal data is performed mostly by directly asking you to provide that information. At first, your personal data is request on our website when you initiate the registration process. Afterwards, additional information is requested through e-mail, phone or personal contact. In all those occasions, we will explain you why we are asking you to provide that specific information.
In addition, we collect some information through your usage of some of the functionalities of our private area. We collect the date and time of your authentication every time you authenticate to enter the private area. And we also collect the contents of your favourites and shopping cart lists.
4. Why do we collect your personal data and how we use it
We collect your personal data for the following reasons: (i) to allow the execution of a contract for the supply of services and goods, and associated legal obligations; (ii) to allow the development of direct marketing activities with the goal of fostering a future commercial transaction; (iii) to safeguard our legitimate interests; (iv) for other purposes for which you have given your explicit consent.
The personal data requested during the registration process (company identification and contacts) is used, at first, to help us analyse your potential as a future customer, based on which we take a decision on whether to grant you access to the private area of our website. If necessary, we will use the contacts you gave us during the registration process to contact you and request additional information to perform this analysis. If your registration request is denied, your personal data is eliminated.
When your registration request is accepted, the personal data you provided in the registration process will be added to your user account. This information will then be used for the management, invoicing and delivery of future orders.
Your contacts (phone number, e-mail address or others you may have given us) will occasionally be used in direct marketing actions.
If you choose to subscribe our newsletter, which you can do in the private area of the website, we will use the e-mail address associated with your user account to send you a newsletter. This newsletter contains information about the Green Apple’s products, services, novelties, campaigns and promotions. Subscribing to the newsletter is optional (opt-in) and can be started or canceled at any time in the private area.
The data collected during your usage of the private area (contents of the favourites and shopping cart lists), as well as the contents previous orders you placed, is used to help us adjust our offers to your preferences.
The data collected in the context of projects is used to allow the elaboration of proposals and the execution of the project. As a rule, this information, as well as the finished project proposal, is stored for eventual use in future projects or for consultation in case of disputes. If you wish, you can request us to eliminate that information upon project completion.
Green Apple does not employ automated data processing, nor does it create user profiles to be used on automated decision processes.
5. How long do we keep your personal data
Your personal data is kept for a period of time that varies depending on whether you are a customer user (the user that has already purchased goods or services from us) or a non-costumer user (all other users).
The personal data of non-costumer users is kept for a period of 2 years counting from the date we accepted your initial registration request (access to the private area is granted for a period of 6 months) or we accepted your request to renew access to the private area (renewal requests can be made in the 18 months following the revocation of access).
The personal data of customer users are kept for the time necessary to the fulfilment of our legal obligations. After that, your personal data may be eliminated based on our analysis of the potential to maintain a commercial relationship with you.
6. Use of your contacts for direct marketing actions
When we accept your request to access the private area of our website, we do it based on the belief that a future commercial relationship can be established, or an existing commercial relationship can be maintained. On that assumption, it is essential that we can contact you to develop direct marketing actions. Thus, your access to the private area is contingent on your continued consent for us to use at least one phone number and one e-mail address to contact you for these purposes.
You can, at any time, indicate which contacts you would like us to use for these direct marketing actions, and which ones you would like to see excluded from this use. You can do so by contacting our sales team or through the e-mail firstname.lastname@example.org.
You can, at any time and through the same channels, remove your consent to use any of your contacts for our direct marketing actions. In that case, your access to the private area shall be revoked, your user account closed, and you will not receive any further contacts from us.
7. Who do we share your personal data with
We do not share your personal data with third parties, unless that is strictly necessary and justified.
When we use a carrier to deliver your order, we share your company name, delivery address and, eventually, your phone number with the carrier. By law, the shipment of goods must be accompanied by proper documentation that identifies the buyer (company name, address and fiscal identification) and details the contents of the shipment (products, quantities and, in some cases, prices as well). Therefore, the carrier will also have access to this information.
When executing projects, we may have to hire the specialised services from third parties to execute some service at the address where project is being executed. In those cases, we will share the address where the project is executed with these service providers.
We may also have to share your personal data with third parties in order to satisfy legal obligations or sovereign and judicial orders. We may also share your personal data with third parties if that is necessary in case we need to solve a dispute in court.
8. How we store and secure your personal data
Your personal data is stored in databases that are themselves stored in servers owned by Green Apple or, when leased, are of exclusive use and access by Green Apple (dedicated servers). These servers are managed following the best practices of IT security, such as the use or authentication systems, firewalls, VPNs, and the regular application of security updates. The access to these databases is under our exclusive control, and we do not grant access to them by third parties in any circumstance.
Furthermore, we have a strict policy of access to the information contained in these databases, ensuring that it is only accessed by employees that are authorised to do so.
The transmission of data between your device and our website is encrypted, ensuring as much as possible, that your personal data is protected even in the case the data transmission is intercepted by a malicious third party.
9. Links to third party websites
Our website may contain links to third party websites. We cannot be responsible for the security and contents of those websites. You should read the privacy and cookies policy of those websites before using them and, especially, before giving them your personal data.
Every time our website is accessed, access data is saved in a log file known as the server log. The data record saved in this regard contains the following information: date and time of access and IP address. We only analyse these log files in the event of misuse of our website.
In addition, cookies placed by third party providers are used on our website.
11. What are your rights regarding your personal data
The rights you have regarding your personal data depend on your country of residence, your legal status and the laws applicable to them. Notwithstanding, we recognise the following rights to all our users.
Right of access to your personal data. Some of the personal data we have about you is available on the private area of our website. In addition, you can, at any time, request that we provide you with all of your personal data in our possession.
Right of rectification of your personal data. You can, at any time, contact us and ask that we update or correct your personal data.
Right to erasure. You can, at any time, ask us to delete part of or all your personal data in our possession. In case of users who have never bought services or goods from us (non-customer users), there is no legal obligation for us to retain that information, and your personal data shall be immediately deleted. In case of users who have previously bought services of goods from us (customer users), we will delete all personal data for which we have no legal obligation to retain.
Right to restrict the processing of your personal data. You can prevent the use of your e-mail address as a recipient of our newsletters by not subscribing to them in the first place or, after subscribing, by cancelling that subscription. Even though you are required to consent us to contact you through one phone number and one e-mail address for the purposes of direct marketing actions, you can tell us which phone number and e-mail address you want us to use for those purposes. If you do not consent that we contact you for direct marketing actions, you can ask us to close your user account and we will no longer contact you.
The exercise of these and other rights may not be possible when your personal data is used to safeguard the public interest, namely to detect and prevent crimes.
To exercise your rights regarding your personal data you can contact us through the e-mail email@example.com or through our sales team.