RealFevr - Privacy Policy

Last Updated Date: November 15, 2023

1. INTRODUCTION

The following Privacy Policy (“Privacy Policy”) outlines the collection, processing, and utilization of your Personal Data on the website realfevr.com (“Website”), made available by Fantasy Revolution, S.A., a company duly incorporated in accordance with the laws of Portugal, with its registered office at Rua Barata Salgueiro, n.º 33, piso 9, 1250-042 Lisboa, registered with the Commercial Registry Office under the sole identification and registration number 513.810.951 (“we”, “us”, or the “Company”).

In addition to detailing our data protection practices, this Privacy Policy will also inform you about how to exercise your rights concerning your Personal Data. To this end, this Privacy Policy has been drawn up in accordance with current national and European legislation on the protection of natural persons, specifically Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR"), as well as other legal and regulatory provisions and best practices.

Please carefully read the following Privacy Policy before using the Website, since it contains essential information regarding your rights and obligations, as well as conditions, limitations and exclusions that might apply to you. By using the Website, clicking “I Accept” when prompted, or indicating your acceptance in an adjoining box, you confirm that you understand and agree to abide by all of this Privacy Policy.

You may not use the Website if you:

  1. Do not agree to this Privacy Policy;
  2. Are not of legal age in your place of residence; or
  3. Are prohibited from accessing or using the Website or any of the Website’s contents, products, or services in accordance with applicable law.

2. DEFINITIONS

Consent of the Data Subject - Freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;

Special Categories of Personal Data - Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;

Personal Data - Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Processing - Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Controller – The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Personal Data Breach - A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise Processed;

Processor - A natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Controller;

Third-Party - A natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data;

Supervisory Authority – An independent public authority which is established by a Member State responsible for monitoring the application of the GDPR, in order to protect the fundamental rights and freedoms of natural persons in relation to the Processing activities and to facilitate the free flow of Personal Data within the Union. In Portugal, the Supervisory Authority is the Comissão Nacional de Proteção de Dados ("CNPD");

Data Subject - An identified or identifiable natural person to whom the Personal Data concerns;

Pseudonymisation - The Processing of Personal Data in such a way that it can no longer be attributed to a specific Data Subject without recourse to supplementary information, provided that such supplementary information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data cannot be attributed to an identified or identifiable natural person;

International Data Transfers - Transfers of Personal Data that are or will be processed after their transfer to a third country (not located in the European Union or the European Economic Area) or to an international organisation, where such transfer may take place between two or more Controllers or between Controllers and Processors.

3. GENERAL PRINCIPLES

Concerning the principles relating to the Processing of Personal Data, we undertake to ensure that they are:

  1. Object of lawful, fair, and transparent Processing in relation to the Data Subject;
  2. Collected for specific, explicit, and legitimate purposes and not further Processed in a manner incompatible with such purposes;
  3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are Processed;
  4. Accurate and up to date whenever necessary, with all appropriate measures being taken to ensure that inaccurate data, considering the purposes for which it is Processed, is erased, or rectified without delay;
  5. Kept in a form that allows the identification of the Data Subject for no longer than is necessary for the purposes for which the data are Processed;
  6. Handled in a manner that guarantees their security, including protection against unauthorised or unlawful Processing and against accidental loss, destruction, or damage, and appropriate technical or organisational measures are taken.

4. CONTROLLER

The Controller of the Personal Data collected through the Website is Fantasy Revolution, S.A., with its registered office at Rua Barata Salgueiro, n.º 33, piso 9, 1250-042 Lisboa. For questions relating to privacy, you may contact us through the following e-mail address .

5. WHAT INFORMATION DO WE COLLECT

We only Process your Personal Data when we are duly authorised to do so. For the Processing of Personal Data to be lawful, the GDPR requires that there be an adequate legal basis for each specific Processing.

Personal Data Processing is lawful when at least one of the following situations applies:

  1. The Data Subject has given his/her explicit Consent to the Processing of his/her Personal Data for one or more specific purposes;
  2. The Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
  3. The Processing is necessary for compliance with a legal obligation to which the Controller is subject;
  4. Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
  5. Processing is necessary for the purposes of our legitimate interests or by Third-Parties (except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data).

In this context, the following Personal Data is Processed on the Website:

  • User Identification Data: Name, E-mail address, Phone Number, Country, City;
  • User Professional Data: Company, Job Title.

We Process the aforementioned Personal Data through the Website for the following purposes:

  • Newsletters: To keep you informed, engaged, and updated with valuable and relevant insights, we Process User Identification Data, more specifically, your E-mail address. The lawfulness of this Processing activity is based on your Consent.
  • Contact Us: To facilitate communication regarding events, partnerships, commercial relationships, or Intellectual Property matters, we Process User Identification and Professional Data. The lawfulness of this Processing activity is based on your Consent, our legitimate interests (i.e., responding to your inquiries), and/or in order to take steps at the request of the Data Subject prior to entering into a contract.

6. PERSONAL DATA RETENTION PERIOD

Personal Data collected through the Website is Processed in strict compliance with applicable legislation and stored in specific databases created for this purpose. This Personal Data is kept in a format that allows the identification of Data Subjects for no longer than is necessary for the purposes for which it is Processed.

The length of time for which Personal Data is stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements that oblige Personal Data to be kept for a certain period of time.

Therefore, whenever there is no specific legal requirement, the Personal Data will only be stored and kept for the minimum period necessary for the purposes for which it was collected or further Processed, after which it will be deleted.

7. DATA SHARING WITH THIRD-PARTIES

Your Personal Data collected through the Website is not shared with Third-Parties without your Consent, with the exception of cases in which such transmission or communication is necessary for the fulfilment of our legitimate interests, the performance of a contract entered into between you and us, in order to take steps at the request of the Data Subject prior to entering into a contract, and in the event that it is necessary for the fulfilment of a legal obligation to which we are subject to.

As a result, we may need to communicate or grant access to your Personal Data to Third-Parties who collaborate with us, predominantly, to ensure the proper functioning and security of all the services available on Website. These Third-Parties include external consultants, cooperation partners, and information technology support services. We guarantee that each of these Third-Parties ensures the confidentiality of the Personal Data, by entering into data processing agreements with said entities.

In addition, as previously indicated, we may share your Personal Data with Third-Parties under specific circumstances when we hold a good faith belief that it is necessary for the following purposes:

  1. Comply with applicable laws or respond to judicial orders;
  2. Respond to requests from public or governmental authorities, particularly for national security or law enforcement objectives;
  3. Safeguard the vital interests of our users, customers, or other Third-Parties. This includes efforts to prevent spam, thwart fraudulent activities related to our products, and prevent potential loss of life or serious injuries;
  4. To operate and maintain the security and integrity of our Website. This includes preventing or halting any attacks on our computer systems or networks;
  5. To protect our rights, interests, or property;
  6. To enforce our Terms & Conditions of Use.

As a complementary note, we may employ and share aggregated non-personal information with Third-Parties for marketing, advertising, and analytics purposes.

8. DATA TRANSFERS TO THIRD COUNTRIES

The Personal Data we collect may be stored and Processed in Portugal or in any other country where we or our affiliates, subsidiaries, or service providers have operational facilities. The selection of storage locations is guided by the principles of operational efficiency, performance enhancement, and the establishment of redundancies to safeguard data in the event of disruptions or other issues.

We are committed to ensuring that the Personal Data we collect is Processed in accordance with the terms outlined in this Privacy Policy and in compliance with the requirements of relevant legislation, regardless of the location of the Personal Data.

Furthermore, we may engage in the transfer of Personal Data from the European Economic Area to Third Countries. In the event of such transfers in the future, we are dedicated to ensuring that the transfer aligns with the legal provisions applicable, particularly with regard to the assessment of the destination country's data protection adequacy and adherence to the required standards for such transfers.

For more information on the European Commission's decisions regarding the adequacy of Personal Data protection in countries where we Process Personal Data, please refer to this link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

9. TECHNICAL, ORGANISATIONAL, AND SAFETY MEASURES IMPLEMENTED

To guarantee the security of your Personal Data and the utmost confidentiality, we treat the information provided by you in an absolutely confidential manner, in accordance with our internal security and confidentiality policies and procedures, which are updated periodically as necessary, as well as in accordance with the terms and conditions laid down by law.

Depending on the nature, scope, context, and purposes of the Processing of the Personal Data, as well as the risks arising from the Processing activity for the rights and freedoms of the Data Subject, we undertake to apply, both at the time of defining the means of Processing and at the time of the Processing itself, the necessary and appropriate technical and organisational measures for the protection of the Personal Data and compliance with legal requirements.

In general terms, we adopt the following security measures:

  1. Regular audits to assess the effectiveness of the technical and organisational measures implemented;
  2. Awareness-raising and training of staff involved in Personal Data Processing operations;
  3. Pseudonymisation and encryption of Personal Data, whenever justified;
  4. Mechanisms capable of ensuring the permanent confidentiality, availability, integrity, and resilience of information systems;
  5. Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident.

10. RIGHTS OF DATA SUBJECTS

Under the GDPR, Data Subjects have several rights that allow them to have greater control over their Personal Data. These rights include the right to access their Personal Data (Right of Access), request corrections to inaccuracies (Right to Rectification), and, in certain circumstances, have their Personal Data erased (Right to Erasure).

Data Subjects can also request the restriction of Personal Data Processing (Right to Restriction of Processing), obtain their Personal Data in a portable format for transfer (Right to Portability), and object to specific Processing activities (Right to Object). Data Subjects also have the right to lodge a complaint with a Supervisory Authority (Right to Lodge a Complaint).

If the Processing activity is based on Consent, Data Subjects can withdraw their Consent at any time (Right to Withdraw Consent). However, this will not affect the lawfulness of the Processing activities based on Consent before its withdrawal.

To exercise any of these rights, Data Subjects can contact us through the following E-mail address: . The response to such requests will be provided within one month, although this period can be extended in certain situations (e.g., due to the complexity of the request).

13. THIRD-PARTY LINKS

Our Website may feature links to other external sites. In this regard, this Privacy Policy does not apply to such Third-Party links.  It's important to note that the owners of these linked sites are exclusively accountable for their privacy practices and the content they provide. We do not assume responsibility for, endorse, or exercise control over the content and privacy practices of third-party websites.

When you visit a third-party website, you will be subject to the terms and conditions outlined in their respective privacy policies, and it is advisable to carefully review and understand these policies.

12. COOKIES

We utilize cookies, which are small data files with unique identifiers placed on your device to identify your browser. Cookies serve various purposes, including collecting user information to enhance our platform, storing preferences and settings, and facilitating the sign-in process. It's important to note that while you can manage your cookie preferences in your account settings, disabling all cookies may restrict your ability to use or access certain parts or all of our Website.

Additionally, our web pages may incorporate electronic images referred to as web beacons, also known as single-pixel gifs. These web beacons assist in the delivery of cookies on our websites and help track user visits. We may also embed web beacons in our promotional emails or newsletters to determine if and when these communications are opened and acted upon.

Furthermore, we occasionally collaborate with other companies to place our web beacons on their websites or within their advertisements. This collaboration enables us to gather data on how often interactions with an advertisement on our Website lead to a purchase or other actions on the advertiser's website.

Finally, the services we provide may include web beacons or similar technologies from third-party analytics providers, such as Google Analytics. These technologies help us compile aggregated statistics about the effectiveness of our promotional campaigns and other operations. These analytics providers may set or read their own cookies or other identifiers on your device, allowing them to collect information about your online activities across various applications, websites, or other products.

For further details on how with process your Personal Data through cookies and web beacons, please visit our Cookie Policy.

13. CHANGES TO THE WEBSITE

We reserve the right to change this Privacy Policy at any time. In the event of a change to the Privacy Policy, the “Last Updated Date”, available at the top of this page, will also be updated. If the change is substantial, a notice will be placed on the Website.

Continuing to use the Website after the “Last Updated Date” will signify your acceptance of a consent to these alterations.

14. CHILDREN

The Website is not designed for individuals under 18 years of age. If you are under 18, you are not permitted to use the Website. As a result, we do not intentionally gather information from, or direct our content towards, individuals under 18 years of age.

If we become aware or have reason to believe that we have collected Personal Data of individuals under the age of 18, we will promptly delete them. Additionally, different countries may have varying minimum age requirements for providing consent for data collection. If you are below the minimum age required for data consent in your country, you are not eligible to use the Website.

15. APPLICABLE LAW AND JURISDICTION

This Privacy Policy, as well as the collection, Processing, or transmission of the Data Subject's Personal Data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the legislation and regulations applicable in Portugal.

Any disputes arising from the validity, interpretation, or execution of this Privacy Policy, or which are related to the collection, Processing, or transmission of each User’s Personal Data, shall comply with the rules established on the Website’s Terms & Conditions.