- When we say ‘we’, ‘us’ or ‘ECOSTEEL’ it’s because that’s who we are and we own and run the sites.
The type of personal information we collect
- We collect certain personal information about visitors and users of our sites.
- The most common types of information we collect include things like: user-names, member names, email addresses, other contact details, forum comments, content you direct us to make available on our sites (such as item descriptions) and web analytics data.
How we collect personal information
- We collect personal information directly when you provide it to us or researching for web pages that work in the same area as we do.
- We collect your personal information when you provide it to us when you subscribe to a newsletter, email list, submit feedback, fill out a survey, send us a communication or download technical files about our products.
How we use personal information
- We will use your personal information:
- updating you with news and information about our products;
- managing our relationship with you, by responding to your comments or queries submitted to us on the site or asking for your feedback or whether you want to participate in a survey;
- Where you give us consent:
- Providing you with marketing information about products and events which we feel may interest you; and
- For purposes which are required by law.
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
When we disclose your personal information
- We will disclose personal information to the following recipients:
- companies that are directly related to ECOSTEEL belonging to their group of undertakings;
- subcontractors and service providers who assist us in connection with the ways we use personal information in particular: website hosting providers which is located in the UK; marketing and analytics services; subscription management services; Noting that our subcontractors and services providers may also transfer and access such information from other countries in which they have operations;
- our professional advisers (lawyers, accountants, financial advisers etc.) which are located in Portugal;
- regulators and government authorities in connection with our compliance procedures and obligations;
- a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
- other recipients where we are authorized or required by law to do so.
Where we transfer and/or store your personal information
- We are based in Portugal so your data will be processed in Portugal. In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
How we keep your personal information secure
- We store personal information on secure servers that are managed by us, and occasionally hard copy files that are kept in a secure location in Portugal. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
How you can access your personal information
- You have the right to make a request to access other personal information we hold about you and to request corrections of any errors in that data. You can also close the subscription you have with. To make an access or correction request, contact our privacy champion using the contact details at the end of this policy.
Marketing Choices regarding your personal information
- Where we have your consent to do so (e.g. if you have subscribed to one of our e-mail lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
Information you make public or give to others
How long we keep your personal information
When we need to update this policy
- We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
- When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
How you can contact us
- If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact us at PARQUE INDUSTRIAL DE AMORIM, Rua Manuel Dias 440, 4495-129 Póvoa de Varzim or at firstname.lastname@example.org.
How you can access your personal information
- You are also entitled to ask us about your personal information, to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described below.
- These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent.
- Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
- If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.