Data Protection and Privacy Commitment

Direct Hit complies with all applicable EU and national legal standards regarding data protection, privacy, and information security.

Direct Hit has implemented a Personal Data Protection System and an Information Security System to ensure regulatory compliance and demonstrate institutional responsibility regarding data protection and information security, implementing all necessary technical and organizational measures deemed appropriate, both to comply with the general legal regime of the current Data Protection Law and to comply with the special legal regime of the General Data Protection Regulation, applicable since May 25, 2018.

For any clarification or additional information, or to exercise your rights in this area, please contact the Direct Hit Data Protection Officer via email at dataprotection@directhit.eu .

Definitions

“Personal Data”

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers include, for example, a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing of Personal Data”

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Cookies”

“Cookies” are small text files containing relevant information that devices used for access (computers, mobile phones or portable mobile devices) load, through the internet browser, when a website is visited by the Client or User.

Data Officer

Direct Hit – Prestação de Serviços a Empresas, Lda, a legal entity with Tax Identification Number 504526 146, hereinafter referred to as Direct Hit, is the entity responsible for the online sites, systems or computerized applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Clients have remote access to Direct Hit services that are presented or provided, at any time, through them, and is considered the entity responsible for the processing of personal data.

The use of channels, systems or applications by any User, Service Recipient or Client may involve the processing of personal data, whose protection, privacy and security by Direct Hit, as the entity responsible for the respective processing, is ensured, in accordance with the terms of this Data Protection Policy.

Data Officer Contacts

For contact purposes with the Direct Hit Data Protection Officer, please send an email to dataprotection@directhit.eu or to each of the specific addresses identified on the websites, describing the subject of the request and indicating an email address, a telephone contact number or a postal address for reply.

For any other purpose, the following general Direct Hit contacts may be used:

– Postal Address: Rua Sousa Lopes, Nº 65, 5º Esq., 1600-307 Lisboa, Portugal;

– General Email: directhit@directhit.pt ;

– General Telephone: + 351 213 243 750;

– General Fax: + 351 213 243 759;

– Website: www.directhit.eu .

Collection and Processing of Personal Data

Direct Hit processes personal data strictly necessary for providing information and operating its channels, according to the uses made by Users, Service Recipients or Clients, whether those provided for the purpose of registering requests or obtaining information, those provided for the purpose of subscribing to those channels, or those resulting from the use of services provided by Direct Hit through them, such as accesses, consultations, instructions, transactions and other records relating to their use.

In particular, the use or activation of certain channel functionalities may involve the processing of various direct or indirect personal identifiers, such as name, home address, contact details, device addresses, or geographic location, provided that the User, Service Recipient, or Client expressly consents to this, whenever this is necessary for managing the contractual relationship or pursuing legitimate interests, or finally, for the purpose of complying with legal obligations.

In all cases, Users, Service Recipients or Clients will always be informed of the need to access such data for the use of the functionalities of the channels in question.

The personal data collected by Direct Hit is processed electronically, in certain cases in an automated way, including file processing or profiling, and within the scope of managing the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Clients, in accordance with current national and community regulations.

Categories of Personal Data Processed and Data Subjects

The categories or types of personal data that are processed are generally the following:

– Identification data;

– Contact data;

– Professional data;

– Billing data;

– Traffic and access control data.

In the Data Controller’s various establishments, biometric data may also be processed, collected through video surveillance systems or other installed biometric systems.

A detailed list of personal data categories and data subject categories can be found in the Data Processing Information Sheets.

Legal Principles

All data processing operations comply with the fundamental legal principles in the field of data protection and privacy, in particular regarding its circulation, lawfulness, fairness, transparency, purpose, minimization, retention, accuracy, integrity and confidentiality, and Direct Hit is available to demonstrate its responsibility to the data subject or any other third party that has a legitimate interest in this matter.

Foundations of Legitimacy

All data processing operations carried out by Direct Hit have a legitimate basis, namely, either because the data subject has given their consent to the processing of their personal data for one or more specific purposes, or because the processing is considered necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, or because the processing is necessary for compliance with a legal obligation to which the controller is subject, or for purposes of public interest, or because the processing is considered necessary for the purposes of the legitimate interests pursued by Direct Hit or by third parties.

Purpose of Treatment

All personal data processed within the Direct Hit channels is exclusively intended for providing information to Users, managing the personal information of Service Recipients deemed necessary for relationship management or communication purposes, as well as providing services to Clients and, in general, managing the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Clients.

The personal data collected may also, and eventually, be processed for statistical purposes, for disseminating information or promotional actions and for communication actions, namely to promote the dissemination of new features or new services, through direct communication, whether by mail, email, messages or telephone calls or any other electronic communication service.

Provided that prior information and express authorization are always obtained for these latter purposes, Users, Service Recipients or Clients may, at any time, exercise their right to withdraw consent or their right to object to the use of their personal data for purposes other than managing the relationship with the Data Controller, namely for the pursuit of legitimate interests, for sending informational communications or for inclusion in informational lists or services, and must, for this purpose, send a written request addressed to the Data Protection Office of Direct Hit, in accordance with the procedures indicated below.

Data Processing Information Sheets

In accordance with the principles of loyalty and transparency, and to guarantee compliance with the duty to inform, Direct Hit directly delivers or makes publicly available to all holders of personal data, depending on how their personal data was collected, information sheets on the data processing operations carried out. These sheets are accessible for consultation at any customer service unit or with the Data Protection Officer.

Data Retention Periods

Personal data will only be kept for the period necessary for the purposes that motivated its collection or subsequent processing, ensuring compliance with all applicable legal standards regarding archiving, and specifying the concrete retention period in each of the Data Processing Information Sheets.

Use of Cookies

Direct Hit may use two main categories of cookies: cookies for online sites and cookies for direct electronic communication channels. Users or Clients are always guaranteed the option to disable cookies in either category.

Direct Hit uses cookies on its online sites to improve the performance and browsing experience of Users and Clients, increasing the speed and efficiency of response and eliminating the need to repeatedly enter the same information.

The use of cookies helps websites recognize Users’ and Customers’ devices the next time they visit, and in some cases, is essential for their operation.

The cookies used by Direct Hit, across all its channels, do not collect personal information that allows the identification of Users or Customers, only storing generic information, such as the method or geographical location of access and how they use the channels, among others. Cookies only retain information related to the preferences of Users and Customers, and no personal identifiers are recorded.

Users, Service Recipients, and Clients may, at any time, through the computer application they use to browse the internet (“browser”), decide to be notified about the receipt of “cookies,” as well as to block their entry into their system.

Regarding the type of intended purposes, Direct Hit may, whenever justified, use three different types of “cookies,” according to the following specifications:

(i) essential “cookies” – some “cookies” are essential to access specific areas of online channels, allowing navigation and use of their applications, such as access to secure areas of the sites, through user registration – without these “cookies,” the services that require them cannot be provided;

(ii) Functional cookies – Functional cookies allow us to remember user preferences regarding navigation on online sites, thus eliminating the need to reconfigure and personalize them each time they visit;

(iii) Analytical cookies – These cookies are used to analyze how users use online sites, allowing us to highlight articles or services that may be of interest to users, monitor site performance, as well as identify the most popular pages, the most effective method of linking between pages, or determine why some pages are receiving error messages – these cookies are used only for statistical creation and analysis purposes, never collecting personal information.

For these purposes, Direct Hit can provide a high-quality experience to Users, Service Recipients, or Clients by personalizing information and offers and identifying or correcting any problems that may arise in the context of their use.

Regarding the type of validity, there are two types of “cookies”:

(i) Permanent “cookies” – these are “cookies” that are stored on the devices used to access the channels (computers, mobile phones, etc.), at the level of the computer application used to browse the internet (“browser”), and are used whenever Users or Clients visit any channel again – in general, they are used to direct navigation according to the User’s or Client’s interests, allowing Direct Hit to provide a more personalized service;

(ii) Session cookies – these are temporary cookies that are generated and are only available until the session ends, since the next time the Client/User accesses their internet browser, the cookies will no longer be stored – the information obtained allows for session management, identification of problems, and provision of a better browsing experience.

Users, Service Recipients, or Clients may disable some or all cookies at any time – to do so, they must follow the instructions available in each of the computer applications used to browse the internet (“browser”), however, disabling cookies may result in the loss of access to some website functionalities.

Direct Hit, within the scope of direct electronic communication channels, may also use “cookies” when opening different electronic communications sent, such as newsletters and emails, for statistical purposes – allowing us to know if these communications are opened and to track clicks through links or advertisements within those communications.

Also in this category of “cookies,” Users, Service Recipients, or Clients always have the option to disable the sending of electronic communications through the specific option in the footer of those communications.

Data Communication to Other Entities

The provision of information or services by Direct Hit to its Users, Service Recipients, or Clients through its channels may eventually involve the use of services from subcontracted third-party entities, including entities based outside the European Union, for the provision of certain services. This may imply access to personal data by these entities.

In these circumstances, and whenever necessary, Direct Hit will only use subcontracted entities that provide sufficient guarantees of implementing appropriate technical and organizational measures in a way that ensures the processing meets the requirements of applicable regulations. These guarantees will be formalized in a contract signed between Direct Hit and each of these third-party entities.

Data Recipients

Except in the context of fulfilling legal obligations, executing contracts, or pursuing legitimate interests, under no circumstances will personal data of Users, Service Recipients, or Clients be communicated to third parties other than subcontractors or legitimate recipients, nor will any other communication be made for purposes other than those mentioned above.

International Data Transfers

Any transfer of personal data to a third country or international organization will only be carried out in compliance with legal obligations or with the guarantee of conformity with applicable Community and national legal standards in this matter.

Security Measures

Taking into account the most advanced techniques, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks, of varying probability and severity, for Users, Service Recipients or Clients, Direct Hit and all entities subcontracted by it apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

To this end, various security measures are adopted to protect personal data against its dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of unlawful processing.

It is the sole responsibility of Users, Service Recipients, or Clients to keep their access codes secret and not share them with third parties. Furthermore, in the specific case of computer applications used to access the channels, they must maintain and keep access devices secure and follow the security practices recommended by manufacturers and/or operators, particularly regarding the installation and updating of necessary security applications, including, among others, antivirus applications.

If it becomes necessary to subcontract services to third-party entities that may have access to the personal data of Users, Service Recipients, or Clients, Direct Hit’s subcontractors will be obliged to adopt the security measures and protocols at the organizational level and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss, or destruction of personal data.

Exercising the Rights of Personal Data Holders

Users, Service Recipients, or Direct Hit Clients, as holders of personal data, may at any time exercise their data protection and privacy rights, including the rights of access, rectification, erasure, portability, restriction of processing, or objection to processing, under the terms and with the limitations provided for in the applicable regulations.

Any request to exercise data protection and privacy rights must be addressed in writing by the respective holder to the Data Protection Officer, in accordance with the procedure and contact described below.

Complaints or Suggestions

Users, Service Recipients, or Clients have the right to file a complaint, either by registering the complaint in the Complaints Book or by submitting a complaint to the regulatory authorities – in the latter case, they may submit a petition or complaint directly to the National Data Protection Commission through the contacts available at www.cnpd.pt .

Users, Service Recipients, or Clients may also make suggestions by sending an email to the Data Protection Officer at dataprotection@directhit.eu .

Incident Reporting

Direct Hit has implemented an incident management system within the scope of data protection, privacy, and information security.

If any User, Service Recipient, or Client wishes to report any situation involving a personal data breach that accidentally or unlawfully results in the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed, they may contact the Data Protection Officer or use Direct Hit’s general contact information.

Modification of the Data Protection Policy

In order to guarantee its updating, development and continuous improvement, Direct Hit may, at any time, make changes to this Data Protection Policy that are considered appropriate or necessary, ensuring its publication on different channels to guarantee transparency and information to Users, Service Recipients and Clients.

Express Consent and Acceptance

The terms of the Data Protection Policy are complementary to the terms and provisions regarding personal data set out in the Specific Terms of Use of each of Direct Hit’s channels.

The free, specific and informed provision of personal data by the respective owner implies knowledge and acceptance of the conditions contained in this Policy, it being considered that, by using the channels or by providing their personal data, Users, Service Recipients and Clients are expressly authorizing its processing, in accordance with the rules defined in each of the applicable channels or collection instruments.

Special Data Protection Policies

With a commitment to transparency and information, and to ensure the adequacy of the Data Protection Policy to the different data processing operations carried out and, above all, to the different categories of data subjects, Direct Hit may develop special Data Protection Policies, such as, for example:

– the Data Protection Policy in the Workplace;

– the Data Protection Policy in Application Management; and

– the Data Protection Policy for Supplier Employees.

These special policies are made available directly to the respective categories of data subjects and are available for consultation upon request to the Data Protection Officer.

Data Protection Officer

To exercise any type of data protection and privacy rights, or for any matter relating to data protection, privacy and information security, Users, Service Recipients and Clients who interact with Direct Hit may contact the Data Protection Officer via email at dataprotection@directhit.eu , describing the subject of the request and indicating an email address, a telephone contact address or a postal address for a reply.

Versions of the Data Protection Policy

Version of this Policy: Version 3.0.

Date: 20210425.

To consult previous versions of the Data Protection Policy, please send a request by email to dataprotection@direct.eu .

Visão geral da privacidade

Consoante o seu consentimento, os Cookies neste sítio eletrónico podem ser utilizados (i) para melhorar a sua navegação e desempenho, (ii) para analisar a sua utilização, (iii) para possibilitar a criação de conteúdos de publicidade direcionada ou (iv) para integrar com a gestão de redes sociais.

Por defeito, só os Cookies estritamente necessários se encontram ativos.

Poderá aceitar ou rejeitar todos os Cookies nos botões apresentados ou gerir ou desativar alguns destes Cookies selecionando as opções “Configurar Cookies”.

Para mais informações sobre tratamento de dados, visite, por favor, a [Política de Cookies] ou a [Política de Proteção de Dados].