Privacy Policy

This is heading element

Privacy Policy

1. Introduction

The protection of your personal data is important to HALIOTIS.

This Privacy Policy explains how we process your personal data when you use the website shop.haliotis.pt (hereinafter referred to as the “Website”), in accordance with Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation – “GDPR”), as well as the applicable national legislation on personal data protection.

 

2. Data Controller

The Data Controller responsible for processing personal data is:

Haliotis Actividades Marítimo Turísticas, Lda.
Registered office: R. Cônsul Dabney, 9901-856 Horta, Portugal
VAT / Company Number: 506 796 876
Email: shop@haliotis.pt
Telephone: +351 262 781 160

Data Protection Officer (DPO):
DataProtectionOfficer@haliotis.pt

 

3. What Personal Data Do We Process?

Depending on how you use the Website, we may process the following categories of personal data:

3.1 Identification Data

  • Full name
  • Tax identification number (where applicable)
  • Nationality (where required for specific services)

3.2 Contact Data

  • Email address
  • Telephone number
  • Billing address
  • Shipping address

3.3 Order-Related Data

  • Products purchased
  • Purchase history
  • Preferences associated with orders
  • Information regarding returns or complaints

3.4 Payment Data

Payments are processed by certified external payment providers.
HALIOTIS does not store full credit or debit card details.

 

3.5 Technical and Browsing Data

  • IP address
  • Device information
  • Operating system
  • Browsing data
  • Cookies (as described in the Cookie Policy)

 

4. Purposes and Legal Basis for Processing

Your personal data is processed for the following purposes:

4.1 Contract Performance

(Legal basis: Article 6(1)(b) GDPR)

  • Processing orders
  • Invoicing
  • Delivering products
  • Managing purchased services
  • Customer support
  • Handling returns and warranty claims

4.2 Compliance with Legal Obligations

(Legal basis: Article 6(1)(c) GDPR)

  • Tax and accounting obligations
  • Retention of legally required documentation
  • Responding to public authorities

4.3 Legitimate Interest

(Legal basis: Article 6(1)(f) GDPR)

  • Website security
  • Fraud prevention and detection
  • Protection of legal rights
  • Internal administrative management

4.4 Consent

(Legal basis: Article 6(1)(a) GDPR)

  • Sending marketing communications (where applicable)
  • Use of non-essential cookies

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

 

5. With Whom Do We Share Your Data?

We may share your personal data with:

  • Shipping and logistics partners
  • Payment service providers
  • IT service providers (hosting, maintenance, technical support)
  • Legal or accounting advisors
  • Public authorities when legally required

All data processors act under data processing agreements in compliance with the GDPR.

 

6. International Data Transfers

As a rule, your data is processed within the European Union / European Economic Area.

If it becomes necessary to transfer data outside the EEA (for example, when using international technology platforms), such transfers will be carried out based on:

  • An adequacy decision by the European Commission; or
  • Standard Contractual Clauses approved by the European Commission; or
  • Other lawful transfer mechanisms provided for in Chapter V of the GDPR.

 

7. Data Retention Period

Personal data is retained only for the period necessary to fulfill the purposes for which it was collected, namely:

  • Invoicing data: up to 10 years (legal tax obligation);
  • Customer data: during the contractual relationship and applicable legal limitation periods thereafter;
  • Marketing data: until consent is withdrawn;
  • Technical and security data: for the period necessary to ensure fraud prevention and Website protection, in accordance with applicable law.

After this period, data will be deleted or anonymized.

 

8. Data Subject Rights

Under the GDPR, you have the right to:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent

Requests may be submitted to:
DataProtectionOfficer@haliotis.pt

You also have the right to lodge a complaint with the Portuguese supervisory authority:

Portuguese Data Protection Authority (CNPD)
www.cnpd.pt

 

9. Data Security

HALIOTIS implements appropriate technical and organizational measures to protect personal data against:

  • unauthorized access;
  • unlawful alteration;
  • loss or destruction;
  • unauthorized disclosure.

However, no electronic transmission or storage system is completely secure.

 

10. Changes to This Privacy Policy

HALIOTIS may update this Privacy Policy whenever necessary.

Users are encouraged to review this page periodically to stay informed of any changes.

 

11. Contact

For any questions regarding the processing of your personal data:

DataProtectionOfficer@haliotis.pt
shop@haliotis.pt
+351 262 781 160

Product added to wishlist
Product added to compare.

iqitcookielaw - module, put here your own cookie law text