At Brick News, we believe that data protection should be transparent, easy to understand and, above all, fair for all parties.
For this reason, we would like to inform you in this Privacy Policy which Personal Data we collect from you and use, whether and, if so, to which third parties this data is passed on, how long we store the data and what rights you have should you not agree with our responsible handling.
If, after reading this Privacy Policy, you still have questions, please do not hesitate to contact us using the contact details below.
Who is responsible for data processing?
The entity responsible for data processing is Brick News.
What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.
What is processing?
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
How do we use your Personal Data
In principle, we will only use your Personal Data in accordance with applicable data protection laws, in particular the Portuguese Data Protection Law (“Law no. 58”), the General Data Protection Regulation (“GDPR”), and only as described in this Privacy Policy.
All Personal Data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent. In particular, we only process and collect Personal Data if:
- You have given your consent,
- The data is necessary for the fulfilment of a contract / pre-contractual measures,
- The data is necessary for the fulfilment of a legal obligation, or
- The data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.
We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
Processing of Automatically Collected Data
a) Hosting
To provide our website, we use the services of PTISP who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.
b) Collection of access data and log files
We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
c) Use of cookies
We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.
d) Analytics and Advertising
We would like to show you interesting advertising and use various third-party tools and cookies for this purpose. These collect and process information about your activities on our website. By knowing what you are looking for and how you use our website, we can adapt our advertising to your needs. And thus increase the likelihood that you will also be shown suitable and interesting advertising outside our website.
We also analyze this data to evaluate the relevance of the advertisements and to optimize the advertisements for you. Through the tools, your browser regularly establishes a connection to the server of the tool provider when you visit our website. For some tools, we have no direct influence on what data is processed by the providers. The following PII may be processed by third-party providers:
- HTTP header information (e.g., IP address, web browser, website URL, date and time).
- measuring pixel-specific data (e.g., pixel ID and cookie ID)
- additional information about visits to our website (e.g., orders placed, products clicked on).
The legal bases for processing are our legitimate interest and your consent in case of cookies. For further information on Analytics and Cookies please refer to our Cookie Policy.
- f) Content Management System (CMS)
We use the Content Management System (CMS) of WordPress a service provided by Automattic Inc, to publish and maintain the created and edited Content and texts on our website. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. The legal basis for this processing is our legitimate interest.
Data processing when you submit it to our website and when you use our services
When you contact us through our website or use our services, some data is collected and processed by us or on our behalf by our selected third-party providers.
a) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request.
b) Data processing in the context of providing our services
The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much personal data (for example, your name, address, e-mail address, IP address) as is absolutely necessary. Nevertheless, we rely on the processing of certain personal data, to fulfil our contractual obligations to you or to carry out pre-contractual measures.
c) Comments in our Blog
When you leave comments in our blog or posts, your IP address, your Name, and e-mail address (for registration) are stored on the basis of our legitimate interests and our contractual obligations to you. This is done for our security in case someone leaves unlawful content in comments and posts. In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Within the blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add Personal Data to your comment that you would not want to be available.
Transfer of Personal Data
We will not disclose or otherwise distribute your Personal Data to third parties unless this:
- is necessary for the performance of our services,
- you have consented to the disclosure,
- or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the Law no. 58 and GDPR. External service providers support us, for example, in the technical operation and support of the website (see above), data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the Law no. 58 and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
Automated decision-making
Automated decision-making including profiling does not take place at Bricks Blog.
Direct marketing in the context of a customer relationship
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
Your data subject rights
These rights are standardized in the Law no. 58 and the GDPR. These include:
- the right to information,
- the right to rectification,
- the right to erasure,
- the right to restriction of data processing,
- the right to data portability,
- the right to object to data processing,
- the right to revoke any consent you have given, and
- the right to lodge a complaint with the competent supervisory authority.
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Data Security
Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.
All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.
We also use technical and organizational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Please keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another person.
Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.
Withdraw your consent
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Social Media
We are present on social media on the basis of our legitimate interest. If you contact us via those social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the Law no. 58 and the GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself if very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service.
Changes and updates
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. This Privacy Policy was last updated on Thursday, 08 December 2022.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.