Website privacy policy
1. Framework
This document explains the terms under which Edenred Portugal, S.A. (hereinafter, “Edenred”) collects, uses and processes the data and information collected by its users (hereinafter, “User(s)”).
The rules for the collection, use and processing of data and information are in accordance with national legislation and the applicable General Data Protection Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016.
Edenred takes care of the privacy of its Users, as well as the personal data submitted by them, and is responsible for the site https://edenred.pt (hereinafter, the “Site” or “Website”). In order for the User to be duly informed about the data collected, the purpose for which they are processed and their rights, we recommend that they read this Privacy Policy carefully.
The Privacy Policy applies to data collected and processed in connection with Users’ interaction with the Edenred Website.
2. Data that Edenred collects from its Users
Edenred collects personal data from Users in various forms, including, in particular, when Users visit our Website, subscribe to the newsletter, answer surveys, fill in forms, as well as any other activities, services, features or resources that we make available on our Website. Users may be asked to provide, as appropriate, the following contact details: first name, last name, email address and telephone number.
We will only collect personal data from Users who voluntarily provide it to us or with their consent. Users may always refuse to provide personal data, but such refusal may prevent them from participating in some activities related to the Website.
Edenred may also collect other technical information about computer devices, whenever Users interact with our Website, such as the type of browser, operating system, resolution, software, search engine or mobile device used to access the Website, as well as the type of computer, the access periods, the websites that referred to the Website through a link.
Edenred does not intentionally collect (and cannot distinguish) data from minors under the age of 16. However, if Edenred becomes aware or is informed that data from minors has been collected, Edenred will immediately delete it.
3. Purposes of Data Collection, Transmission, Protection and Breach
Edenred uses the data collected for the following purposes: i) making its services available to Users; ii) providing support and assistance to Users’ requests; iii) fulfilling contractual and legal obligations; iv) providing information and content of interest to Users; v) improving the functioning of the Site, including the management and prioritization of content; and vi) personalizing the User experience by using information in aggregate form to understand how our Users, as a whole, use the services and resources made available on our Site.
Users’ personal data will only be processed for direct marketing purposes when the User expressly consents in advance.
Edenred may use the email address to respond to queries, questions and/or other requests. If the User chooses to include their address on Edenred’s mailing list, the User will receive emails which may include news, updates, information on products and services, etc. If at any time the User wishes to unsubscribe from receiving emails or any other form of contact used by Edenred (when they have given their consent to do so), they may do so in the footer of each email, where instructions for unsubscribing are provided, or by the means indicated in this Policy.
Edenred transmits the data of its Users when necessary to its subcontractors or data controllers, provided that they are necessary for the normal provision of its services, access to which is regulated, within the scope of Edenred’s obligations, by a contract entered into with them. In these terms, Edenred contractually ensures and regularly verifies that its subcontractors are reliable entities that offer adequate protection guarantees, and no data is transmitted to them beyond what is necessary for the provision of the contracted service. Edenred uses various technical and organizational measures for technological protection against attacks on Users’ personal information and only subcontracts service providers that guarantee the same level of protection.
Edenred has adopted appropriate data collection, storage and processing practices, as well as security measures to protect against unauthorized access, unintentional loss, alteration, disclosure or destruction of Users’ personal data. The User, under the terms of this Privacy Policy and within the scope of the provision of services by Edenred, agrees not to access, develop, support or use any software, devices, scripts, robots or any other means or process (including web crawlers, browser plug-ins and add-ons or any other technology, including in a physical environment), directly or through third parties, for the purpose of copying the services of the Site, or copying profiles and other data related directly or indirectly to these services, in particular, the data subject undertakes not to disclose to any third party his/her access data to the Site, which are personal, exclusive and confidential.
Edenred is not responsible for the content accessed through any hyperlink that leads the User to navigate outside the https://edenred.pt domain whenever such hyperlinks are the responsibility of third parties. All the data collected is processed automatically and the information sent by Users is encrypted and managed with advanced security, so the violation, or attempted violation, of databases obtained through the Site will result in the immediate judicial liability of the offender(s).
4. Data subjects’ rights
Users can exercise their rights via the link available here by sending an email to utilizador.pt@edenred.com or by registered letter with acknowledgement of receipt to Edenred Portugal, located at Edifício Adamastor, Torre B, Av. D. João II, n.º 9 i, piso 6 B, 1990-077 Lisboa, for which they must provide proof of their identity. For any other type of request or complaint, the User should contact the Data Protection Officer by email: dpo.portugal@edenred.com.
Edenred Users have and may exercise the following rights in relation to their personal data:
(a) Right to Information – at the time of collection or processing, the holder of the personal data has the right to be informed of the purpose of the processing, the data controller, the entities to which their data may be communicated, the conditions for access and rectification and which mandatory and optional data will be collected.
(b) Right of Access – the holder of personal data has the right to access it, without restriction or delay, as well as to know what information is available about the origin of the data, the purposes for which it is processed and its communication to third parties.
(c) Right of rectification – the data subject has the right to demand that the data concerning him/her is accurate and up-to-date, and may at any time request its rectification from Edenred’s data controller.
(d) Right to erasure – the data subject has the right to have their data no longer processed, erased and deleted, under certain conditions, in the event that: i) they are no longer necessary for the purpose for which they were collected; ii) the data subjects withdraw their consent or object to the processing of their data; iii) if the processing of the data does not comply with legal provisions.
(e) Right to restriction of processing – the data subject has the right to have their data limited to what is essential for the purpose of processing.
(f) Right to object – the data subject has the right to object, at his/her request and free of charge, to the processing of his/her personal data for marketing purposes or any other form of prospecting and to his/her personal data being communicated to third parties, unless otherwise provided by law.
(g) Right to data portability (data transfer) – the data subject has the right to receive their data or to request that it be transferred to another entity that will become the new controller of their personal data (only if technically possible).
(h) Right to be informed of a data breach – the holder of personal data has the right to be informed if there is a security breach that compromises their data.
(i) Right to complain to the supervisory authority – the data subject has the right to complain not only to the company’s personal data controller, but also to the supervisory authority, the National Data Protection Commission.
5. Data retention period
Edenred retains Personal Data for the period deemed necessary and sufficient for the purposes for which it was collected and processed, with the period of data storage varying according to the purpose for which the information is processed and in accordance with the legal rules requiring its retention, after which it will be deleted, subject to appropriate technical and functional guarantees, as documented in each of the relevant processes.
6. Final considerations
Edenred reserves the right to change its Privacy Policy, Cookies Policy and Terms and Conditions described on this page, so we advise you to visit this address frequently to stay informed about how we are working to protect the personal data we collect.
Any material or relevant changes to this Privacy Policy will be communicated by Edenred Portugal by any means deemed appropriate, including the publication of a specific notice to that effect or a notice on the Website.
In short, we believe that Users are aware of these policies when browsing https://edenred.pt.
Date of last revision: 18/04/2022