PRIVACY POLICY
1. Introduction
The Commercial Companies R.C. Sanches II, Lda., Gastrolisboa, Lda., and Alma Tables, Lda., all headquartered at Avenida D. João II, No. 30, 4th Floor B, 1990-092 Lisbon, in the parish of Parque das Nações (hereinafter referred to as "Plateform"), place maximum and central importance on the processing of personal data of their Customers (hereinafter “Data Subjects”), ensuring full respect for their privacy and the protection and security of personal data against external threats and internal misuse, in compliance with Regulation No. 2016/679 of the European Parliament and of the Council, of April 27, 2016 (hereinafter “GDPR”).
As such, Data Subjects are informed and have the right to be notified, within the scope of their contractual relationship, about how Plateform collects, organizes, retains, shares, consults, uses, corrects, stores, processes, protects, and deletes the Personal Data provided by them.
These Personal Data are provided through the website, the online booking platform, the provision of services, complaints made at the dining establishment, as well as via e-mail.
The legitimate purposes for which Personal Data are processed by Plateform stem from the mandatory compliance with relevant legislation to ensure that Plateform has the legal basis to process Personal Data of Data Subjects. Specifically, the Data Subjects whose Personal Data will be processed by Plateform include Employees/Service Providers of Plateform (subject to an internal privacy policy) and Customers and Potential Employees.
Additionally, Data Subjects have the right to be informed about the processing of Personal Data for other relevant purposes within Plateform’s operations, which Plateform aims to disclose to Data Subjects in accordance with this Privacy Policy.
Thus, Plateform has published its privacy policy on its website and online booking platform, allowing any Data Subject to access and carefully review this privacy policy, which has been written clearly and simply to facilitate understanding and the exercise of the respective rights of Data Subjects (also referred to as ‘’ARCO Rights’’).
2. Scope of Application and Responsibility for Processing
This privacy policy applies to the personal data processed by Plateform, directly or indirectly, within its commercial activity, obtained through all available tools – website, online booking platform, and dining establishment.
Within the scope of the personal data processing mentioned above, Plateform may define specific privacy policies that refine, develop, or specify particular aspects of the personal data processing carried out for the indicated purpose or for new purposes that may be developed or promoted by Plateform, ensuring compliance with the GDPR for such new activities.
Such sectoral privacy policies will, in compliance with applicable legal provisions, be communicated to Data Subjects through the agreed means available for this purpose, in accordance with applicable legal and contractual provisions.
Furthermore, in specific and particular cases – subject to sectoral privacy policies – Plateform may subcontract third parties to develop the respective personal data processing, always ensuring, at all times, the rights and guarantees of the Data Subjects and the compliance of these subcontractors with applicable legal, regulatory, and contractual obligations.
Plateform can be contacted for questions related to data processing or for exercising the rights of Data Subjects through the email address: rgpd@plateform.pt or by mail to the address: Plateform - Avenida D. João II, No. 30, 2nd Floor A, Parque das Nações, 1990-092 Lisbon.
3. Purposes of Processing and Legal Bases
The data obtained are processed to comply with Plateform’s legal obligations and to send promotional, marketing communications, gifts, or invitations.
If you provide your consent for the data to be used for other purposes, they may be stored within the scope described in the respective consent declaration – promotional purposes (offers of products or services), individual customer profile definition, market research, and, if necessary, transmission to specific contractual partners.
You may revoke your consent at any time, with future effect.
All personal data obtained are adequate, relevant, and limited to their respective. purposes, fully respecting the legal basis provided by the GDPR.
In summary, excluding processing related to Employees and Service Providers (subject to an independent internal privacy policy), the purposes for which Personal Data are processed and their respective legal bases are as follows:
Purpose of Processing
- Processing Personal Data of Potential Employees and Customers for control and security in various facilities managed by the Controller – Video Surveillance
Legal Basis
Processing necessary for the protection of legitimate interests pursued by the companies.
- Processing Personal Data of Customers within the scope of service management, the established legal relationship, and the billing process
Legal Basis
Execution of a contract or pre-contractual measures requested by the Data Subject.
- Processing Personal Data of Customers for marketing purposes, including but not limited to (i) providing information about Plateform’s social activity updates (Newsletters), (ii) granting promotional discounts, and (iii) other institutional information
Legal Basis
Consent provided by the Data Subject for these specific purposes.
- Processing Personal Data of Customers for statistical analysis and commercial management of Plateform
Legal Basis
Processing necessary for the protection of legitimate interests pursued by Plateform.
- Processing Technological Personal Data (cookies)
Legal Basis
Consent provided by the Data Subject for this specific purpose.
- Processing Personal Data of Customers for complaint purposes
Legal Basis
Compliance with legal obligations of Plateform.
The legal basis for data processing is Article 6(1)(b) of the GDPR. Our simultaneous (legitimate) interest in this data processing arises from the purpose of directing you to the appropriate contact person, responding to your requests, and resolving potential issues if necessary.
4. Data Disclosure to Subcontractors
Plateform may grant access to subcontracted third-party entities to the Personal Data of Data Subjects solely to ensure the provision of necessary services for website management and maintenance.
In the context described above, Plateform, in compliance with applicable legal and regulatory obligations, requires these subcontracted entities or those within the same Business Group to commit to adopting all necessary security precautions, given the nature of the Personal Data and the risks posed by their processing, to protect the security of the Personal Data provided by the Data Subjects. Specifically, they must ensure, as much as possible, the absence of distortion or corruption and unauthorized
third-party access.
5. International Data Transfers
Plateform will carry out Personal Data processing entirely within the territory of the European Economic Area (EEA) and does not anticipate any international transfers of Personal Data.
6. Data Retention Period
Plateform will retain Personal Data only for as long as necessary to achieve the purposes for which they were collected. They will be deleted upon express and independent communication from the Data Subject, as provided for in the following Chapter.
In general, and except to safeguard Plateform’s legitimate interests, the retention periods
in effect are as follows:
Purpose of Processing
- Processing Personal Data of Potential Employees and Customers for control and
security in various facilities managed by Plateform – Video Surveillance
Retention Period
External Personal Data related to the recording of images at Plateform's facilities or establishments will be processed for 30 (thirty) days, except when reasonably necessary to ensure compliance with legal obligations or Plateform’s legitimate interests.
- Processing Personal Data of Customers within the scope of service management, the established legal relationship, and the billing process
Retention Period
In compliance with legal obligations and legitimate interests of Plateform, the obtained Personal Data will be retained for the period necessary to meet applicable tax obligations.
- Processing Personal Data of Customers for marketing purposes, including but not limited to (i) providing information about updates to Plateform’s social activities (Newsletters), (ii) granting promotional discounts, and (iii) other institutional information
Retention Period
The Personal Data of Customers fulfilling the described purpose will be retained until the Data Subject requests the deletion of their Personal Data or in cases of account inactivity for a period exceeding 5 years.
- Processing Personal Data of Customers for statistical analysis and commercial management of Plateform
Retention Period
The Personal Data of Customers fulfilling the described purpose will be retained until the Data Subject requests the deletion of their Personal Data or for the period necessary to ensure Plateform’s legal obligations.
- Processing Technological Personal Data (cookies)
Retention Period
The Personal Data of Customers fulfilling the described purpose will be retained until the Data Subject requests the deletion of their Personal Data or for the period necessary to ensure Plateform’s legal obligations.
- Processing Personal Data of Customers for complaint purposes
Retention Period
The Personal Data of Customers fulfilling the described purpose will be retained until the Data Subject requests the deletion of their Personal Data or for the period necessary to ensure Plateform’s legal obligations.
7. ARCO Rights of Data Subjects
In addition to the right to revoke previously given consent, Data Subjects have the following additional rights, provided the respective legal requirements are met:
- Right to access their data;
- Right to rectify inaccurate or incomplete data;
- Right to the deletion of stored data;
- Right to restrict the processing of their data;
- Right to data portability;
- Right to object, as provided in Article 21 of the GDPR.
Plateform commits to always and in all cases comply with the legally established deadlines for fulfilling and executing the exercise of ARCO rights by any Data Subject.
Plateform reserves the right to exercise, according to its legal and regulatory applicability, all rights of exception granted by applicable legislation, for the full/partial execution of ARCO rights of Data Subjects.
The Data Subject has the right to lodge a complaint with a data protection supervisory authority at any time. To do so, they may contact the data protection authority of the State of their habitual residence.
8. Responsibilities of Data Subjects
Data Subjects are obliged, when using any of the technological tools made available by Plateform, to exercise maximum caution to prevent unauthorized access to their PersonalData, maintaining complete confidentiality of their password and any information that may arise within their personal account (where applicable).
If the Data Subject or any other user of the technological tools provided by Plateform provides false or inaccurate information to Plateform, the latter cannot be held responsible for such circumstances.
9. Mandatory Nature of Requested Personal Data
The Personal Data not duly identified as “optional” or “voluntary” in the forms provided by Plateform shall be mandatory to fulfill the respective purposes outlined above.
As such, if the Data Subject does not provide the necessary Personal Data to achieve the purposes outlined above, Plateform will not be able to fulfill their request.
10. Security Measures for Personal Data
Given the significant concern and commitment that Plateform demonstrates in defending privacy matters, several technical and organizational security measures have been adopted to protect the personal data provided against disclosure, loss, misuse, alteration, processing, or unauthorized access, as well as against any other form of unlawful processing.
Accordingly, the personal data collection forms require encrypted sessions, and all personal data you provide remain securely stored in systems contracted by Plateform, with additional access controls and prevention of information extraction, under all physical and logical security measures deemed essential to the protection of your Personal Data.
11. Applicable Law
This Privacy Policy is fully subject to Portuguese Law and the GDPR.
12. Changes to the Privacy Policy
Plateform reserves the right to amend its Privacy Policy as described here or any terms and conditions of Sectoral Privacy Policies, always in full compliance with applicable national and EU legislation.
Last Revision: January 2025