Privacy policy

At Mercantlis we understand that the use of your personal data requires your trust. We are subject to the highest privacy standards and will only use your personal data for clearly identified purposes and in accordance with your data protection rights. 
The confidentiality and integrity of your personal data is one of our main concerns. 
This Privacy Police establishes how Mercantlis uses the personal data of its customers and potenciaol customers. 
The Personal Data collected and processed consists of information regarding name, email, address, including the district, although other Personal Data may be collected that may be necessary or convenient for Mercantlis to provide Services.

After collecting the Personal Data, Mercantlis provides the User with detailed information about the nature of the data collected and about the purpose and treatment that will be carried out in relation to the Personal Data. 

Mercantlis also collects and processes information about the characteristics of the device, its hardware and the characteristics of the browser/software, as well as information about the pages visited by the User within the Site. This information may include your browser type, domain name, access times and links through which the User accessed the Site (“Usability Information”). We only use this information to improve the quality of your visit to our Site. 

Usability Information and Personal Data are referred to in this Privacy Policy as “User Data”. 

For the purposes of this Privacy Policy, a contractual relationship is understood to be any contract established between Mercantlis and the entities that relate to it, regardless of the respective object. 

Within the scope of processing User Data, Mercantlis resorts or may resort to third parties, subcontracted by itself, to, on behalf of Mercantlis, and in accordance with the instructions given by Mercantlis, proceed with the processing of User Data, in accordance with the law and this Privacy Policy. 

These subcontracted entities may not transmit User Data to other entities without Mercantlis having previously given, in writing, authorization to do so, and are also prevented from contracting other entities without prior authorization from Mercantlis. 

Mercantlis is committed to only subcontracting entities that offer maximum security in the execution of appropriate technical and organizational measures, in order to guarantee the defense of the User’s rights. All entities subcontracted by Mercantlis are bound by the latter through a written contract which regulates, namely the object and duration of the treatment, the nature and purpose of the treatment, the type of personal data, the categories of data subjects and the rights and obligations of the parties.

 After collecting personal data, Mercantlis provides the User with information about the categories of subcontracted entities that, in the specific case, can process data on behalf of Mercantlis. 
Mercantlis may collect data directly (i.e., directly from the User) or indirectly (i.e., through partner entities or third parties). Collection can be done through the following channels: 
In terms of general principles relating to the processing of personal data, Mercantlis undertakes to ensure that the User Data processed by it are:  Mercantlis undertakes to ensure that the processing of User Data is only carried out under the conditions listed above and with respect for the principles mentioned above. 
When the procesisng of User Data is carried out by Mercantlis based on the User’s consente, the User has the right to withdraw their consente at any time. The withdrawal of consente, however, does not compromise the legality of the treatment carried out by Mercantlis based on the consente previously given by the User.

The period of time during wich the data is stored and maintained varies according to the purpose for which the information is processed. 
Indeed, there are legal requirements that oblige the retention of data for a minimum period of time. Thus, and whenever there is no specific legal obligation, the data will be stored and kept only for the minimum period necessary for the purposes that motivated their collection or subsequente processing and, at the end of this period, they will be deleted. 

In general terms, Mercantlis uses User Data for the following purposes: 
User Data collected by Mercantlis is not shared with third parties without the User’s consente, with the exception of the situations referred to in the following paragraph. However, in the event that the User contracts with Mercantlis services that are provided by other entities responsible for the processing of personal data, the User Data may be consulted or accessed by these entities, insofar as this is necessary for the provision of said services and the User will be informed of this. 

Under the applicable legal terms, Mercantlis may transmit or communicate the User’s Data to other entities in the event that such transmission or communication is necessary for the execution of the contract established between the User and Mercantlis, or for pre-contractual measures at the User’s request, in case it is necessary to comply with legal obligation to which Mercantlis is subject, or in case it is necessary to obtain the legitimate interests of Mercantlis or a third party. In the event of a transmission of User Data to third parties, reasonable efforts will be made so that the transmitter uses the User Data transmitted in na appropriate manner with this Privacy Policy. 
In order to guarantee the security of User Data and maximum confidentiality, Mercantlis treats the information you provide us in na absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, wich are periodically updated according to needs, as well as the legally established terms and conditions. 

Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the procesisng for the rights and freedoms of the User, Mercantlis undertakes to apply, both when defining the means of processing as at the time of processing itself, the technical and organizational measures necessary and appropriate for the protection of User Data and compliance with legal requirements.

It also undertakes to ensure that, by default, only the data that are necessary for each specific purpose of the treatment are processed and that these data are not made available without human intervation to an indeterminate number of people. 

Communication between the user’s device and Mercantlis is carried out through secure channels and communications that use the HTTPS protocol and the SSL security standard. 
Even so, in terms of general measures, Mercantlis adopts the following:  The Site does not transfer your personal data to recipientes located in countries outside the European Union. 
When you visit our website, a small text file (Cookie) is created and saved on your computer’s disk, therefore, when browsing the Site you are accepting the installation of this text file on your device. This file will allow you to access the Site more easily and quickly, as well as customize it according to your preferences. 

If you want to delete them or define their blocking automatically, in the “Help/Help” menu of your browser you will find how to make these settings. However, if you do not allow the use of cookies, there may be some features on the Site that you will not be able to use. 

When browsing our Site, you are allowing the collection and storage of small text files called cookies, which contain information and wich are downloaded to the Users’ computer or other devices through a server. These text files will allow for a more personalized and eficiente browsing experience. On each visit to the Site, your internet browser sends these cookies back to the Site, allowing the recognition and memorization of the Users’ identity, as well as their usage preferences. 

For more information, see our cookie policy aqui.
      1. Information provided to the User by Mercantlis (when data is collected directly from the User):
  2. The identity and contacts of Mercantlis and the data controller;
  3. Contacts of the Data protection Officer; 
  4. The purposes of the treatment for wich the personal data are intended, as well as, if applicable, the legal reasons for the treatment; 
  5. If data processing is based on legitimate interests of Mercantlis or a third party, indication of such interests; 
  6. If applicable, the recipientes or categories of recipientes of the personal data; 
  7. If applicable, indication that the personal data will be transferred to a third country or na international organization, and the existence or not of an adequacy decision adopted by the Comission or reference to appropriate or adequate transfer guarantees; 
  8. Period of conservation of personal data; 
  9. The right to request Mercantlis permission for personal data as well as its correction, deletion or limitation, the right to object to processing and the right to data accessibility; 
  10. If data processing is based on the User’s consent, the right to withdraw it at any time, without compromising the legality of the processing carried out based on the previously given consent; 
  11. The right to lodge a complaint with the CNPD or another supervisory authority;
  12. Indication whether or not the communication of personal data constitutes a legal or contactual obligation, or a necessary requirement to enter into a contract, as well as whether the holder is obliged to provide personal data and the possible consequences of not providing such data; 
  13. If applicable, the existence of automatic decisions, including profiling, and information regarding the basic concept, as well as the importance and expected consequences of such processing for the data subject. 

In the event that User Data is not collected directly by Mercantlis from the User, in addition to the information referred above, the User is also informed about the categories of personal data subject to processing and, as well as about the origin of the data and, eventually, if they are from publicity accessible sources. 

If Mercantlis intends to further process the User Data for a purpose other than the one for wich the data was collected, before such treatment, Mercantlis will provide the User with information about that purpose and any other information of interest, in the terms above referred. 

7.2 Procedures and measures implemented with a view to fulfilling the right to information.
The information referred to in 7.1. is provided in writing (including by electronic means) by Mercantlis to the User prior to processing the personal data in question. Under applicable law, Mercantlis is under no obligation to provide the User with the information metioned in 7.1 when and to the extent that the User is already aware of them. 
The information is provided by Mercantlis at no cost. 
Mercantlis guarantees the means that allow the User to consult their Personal Data. The User has the right to obtain from Mercantlis confirmation that the personal data concerning him or her are being processed and, if applicable, the right to access their personal data and the following information: 
Upon request, Mercantlis will provide the User, free of charge, with a copy of the User Data that is being processed. The provision of other copies requested by the User may incur administrative costs. 
The User has the right to request, at any time, the rectification of his Personal Data and, as well as the right to have his incomplete personal data completed, including by means of na additional declaration. 

In the event of data rectification, Mercantlis communicated the respective rectification to each recipiente to whom the data has been transmitted, unless such communication is considered impossible or implies a disproportionate effort for Mercantlis. 
The User has the right to obtain, from Mercantlis, the deletion of their data when one of the following reasons applies: 
In case of deletion of data, Mercantlis communicates to each recipiente/ entity to whom the data has been transmitted the respective deletion, unless such communication proves impossible or implies a disproportionate effort for Mercantlis. 

When Mercantlis has made User Data public and is obliged to erase them under the right of such deletion, Mercantlis undertakes to ensure the measures that are reasonable, including those of a technical nature, taking into account the technology available and the costs of its application, to inform those responsible for the effective processing of personal data that the User has asked them to delete the links to that personal data, as well as the copies or reproductions thereof. 
The User has the right to obtain, from Mercantlis, the limitation of the procesisng of User Data, if one of the following situations applies (the limitation consists of inserting a mark in the personal data kept with the aim of limiting its treatment in the future):
When User Data is subject to limitation, it may only, with the exception of conservation, be processed with the User’s consente or for the purposes of declaring, exercising or defending a right in a judicial proceeding, defending the rights of another natural person or collective, or for legally foreseen public interests reasons. 

The User who has obtained a restriction on the processing of his data in the cases referred to above will be informed by Mercantlis before the limitation on the treatment is annulled. 

In the event of limitation of data processing, Mercantlis will notify each recipient to whom the data has been transmitted of the respective limitation, unless this communication proves impossible or implies a disproportionate effort for Mercantlis. 
The User has the right to receive the personal data concerning him and that he has provided to Mercantlis, in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller, if: 
The portability right does not include inferred data, nor devided data, i.e., personal data that are generated by Mercantlis as a consequence or result of the analysis of the data subject to treatment. 

The User has the right for their personal data to be transmitted directly between those responsible for the treatment, whenever this is technically possible. 

The User has the right to object  at any time, for reasons related to his particular situation, to the processing of personal data concerning him that is based on the exercise of legitimate interests pursued by Mercantlis, or when the processing is carried out for purposes that other than those for which personal data were cololected, including profiling, or when personal data is processed for statistical purposes.

Mercantlis will complete the processing of User Data, unless it presents urgent and legitimate reasons for such treatment that prevail over the interests, rights and freedoms of the User, or for the purposes of declaring, exercising or defending a right of Mercantlis in a legal proceeding. 

When User Data is processed for the purposes of direct marketing, the User has the right to object at any time to the processing of data concerning him for the purposes of said marketing, which includes the definition of profiles on the in so far as it relates to direct marketing. If the User objects to the procesisng of their data for the purposes of direct marketing, Mercantlis ceases processing the data for that purpose. 

The User also has the right not to be subject to any decision taken exclusively based on automated processing, including the definition of profiles, which produces effects in its legal sphere or which  significantly affects it in a similar way, unless the decision: 
The right of access, the right of rectification, the right of deletion, the right of limitation, the right of portability and the right of opposition may be exercised by the User by contacting Mercantlis’ data Protection Officer via email:

Mercantlis will respond in writing (including by electronic means) to the User’s request within a maximum period of one month from receipt of the request, except in cases of special complexity, in which this period may be extended to two months. 

If the requests submitted by the User are manifestly unjustified or excessive, namely due to their repetitive nature, Mercantlis reserves the right to charge administrative costs or refuse to comply with the request. 

In the event of a data breach and, to the extent that such breach is likely to imply a high risk for the User’s rights and freedoms, Mercantlis undertakes to communicate the breach of personal data to the User in question within 72 hours from becoming aware of the incident. 

Under legal terms, communication to the Use ris not required in the following cases: 

If Mercantlis has applied adequate protection measures, both technical and organizational, and these measures have been applied to the personal data affected by the breach of personal data, especially measures that make the personal data incomprehensible to any person not authorized to access such data, such as encryption; 

If Mercantlis has taken subsequente measures to ensure that the high risk to the User’s rights and freedoms is no longer likely to materialize; or 

If communication to the User implies a disproportionate effort for Mercantlis. In that case, Mercantlis will make a public communication or take a similar measure through wich the User will be informed.
To exercise any of these rights, you can complete the annex. 


Mercantlis reserves the right to change this Privacy Policy at any time. In case of modification of the Privacy Policy, the date of the last modification, available at the bottom of this page, is also updated. If the change is substancial, a notice will be posted on the Site. 

The Privacy Policy, as well as the collection, processing or transmission of User Data, are governed by provisions of Regulation (EU) 2016/679, of the European Parliament ando f the Council, of April 27, 2016 and by the applicable laws and regulations in Portugal, namely by law 58/2019.

Any disputes arising from the validity, interpretation or execution of the Privacy Policy, or that are related to the collection, processing or transmission of User Data, must be submitted exclusively to the jurisdiction of the judicial courts of the district of Porto, without pejudice to applicable mandatory legal rules.