Privacy and Cookies Policy - chocolatfestival.pt

INTRODUCTION

The aforementioned Privacy Policy provides you with an overview of how the The Fladgate Partnership Group
process your personal data and your entitlements in this regard, pursuant to the Regulation (EU) 2016/679 of
the European Parliament and of the European Council – General Data Protection Regulation (“GDPR”) and
other applicable legislation on data protection and privacy. All specific personal data that will be collected and
the manner in which they are to be handled depend to a large extent on the services you have previously
requested and agreed upon.

This Privacy Policy is applicable to the personal data of our Website Users, Customers, Suppliers, Applicants and
Staff, whenever these are individuals and not companies.
Each time you use the Website, you are subject to the application of the Privacy and Cookies Policy in force, so
we suggest that you carefully read all of the Policies in order to check if you agree with their respective terms.
Periodically, we may change this Privacy and Cookies Policy. If you wish to keep up to date, visit this webpage,
as all amendments will be posted herein.

For the purposes of the applicable legislation on data protection, the entity responsible for collecting and
handling your personal data may be any of the companies within the TFP group.
TFP’s websites may occasionally include links, banners or other hypertext links to websites and services of
other companies, which have their own privacy policies, and /or third party services installed on your device
that may allow access to information contained therein. Therefore we recommend our website users to
carefully read the privacy policies of such third parties before submitting any personal data to these websites.
TFP does not have any control over the content of these websites and is not responsible for the content of
those third parties’ privacy policies or for the collection and handling of your personal data therein.

GLOSSARY

General Data Protection Regulation (GDPR) – a legal instrument of the European Union aimed at harmonising
European data protection laws. It came into force on the 25th May 2018 and any references thereto must be
interpreted accordingly to include any legislation that changes, materialises or aims at its implementation.
Personal Data – any information regarding an individual that can directly identify such person or that can make
such person identifiable, directly or indirectly, in particular by reference to an identifier.
Data Processing – covers a wide range of operations performed on personal data, including by manual or
automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction of personal data.
Costumers – costumers and others to whom TFP provides services or supplies goods in the course of its
business activity.

Suppliers – refers to partners, consultants, traders (including individual traders) and independent self-employed
workers or any other entity that provides goods and services to TFP. In some circumstances, TFP will
subcontract third party providers to deliver services to Customers on behalf of TFP, which are also covered by
this definition and this Privacy Policy.
Staff – includes dependent worker as well as trainees directly involved in TFP’s business activity.
Applicants – includes applicants for all publicised job offers promoted by TFP, including permanent, part-time
and temporary employments and job functions as independent self-employed workers for TPF’s Costumers; as
well as people who have submitted a spontaneous resumé to TFP not related to a specific job offer. All
individual contractors, self-employed and supplier collaborators or other third parties who apply for jobs within
TFP are considered to be applicants for the purposes of this Privacy Policy.

TFP – whenever TFP is mentioned we mean both the entity responsible for processing the personal data of our
website Users (The Fladgate Partnership – Vinhos, S.A.) but also the other entities of this Business Group,
responsible for the processing of personal data of Customers, Suppliers and Applicants. In this case, the party
associated with the relevant agreement to the policy may be any of the Group’s entities, as indicated below:
− The Fladgate Partnership – Vinhos, S.A.; Companies Registration No. 503 818 127; Headquarters: Rua do
Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Quinta and Vineyard Bottlers – Vinhos S.A.; Companies Registration No. 503 885 428; Headquarters: Rua do
Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Heritage Wines – Distribuição de Bebidas, Lda.; Companies Registration No. 506 312 542; Headquarters: Rua
do Choupelo, n.º 250, 4400-088 Vila Nova de Gaia, Portugal
− Grossão – Comércio de Bebidas S.A.; Companies Registration No. 503 087 300; Headquarters: Av. D. João II –
Quinta dos Barões, 4430-022 Vila Nova de Gaia, Portugal
− Grapes – Great Restaurant, Accommodation and Personalised Event Solutions, Lda.; Companies Registration
No. 509 335 721; Headquarters: Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Sociedade Agrícola de Nogueira, Lda.; Companies Registration No. 501 746 803; Headquarters: Quinta da
Roêda, 5085-036 Pinhão, Portugal
− Três Séculos – Realizações Hoteleiras, Lda.; Companies Registration No. 502 034 378; Headquarters: Rua do
Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− The Yeatman Hotel, Lda.; Companies Registration No. 508 396 557; Rua do Choupelo, nº 345, 4400-088 Vila
Nova de Gaia, Portugal
− Fladgate Partnership Land Holdings, S.A.; Companies Registration No. 500 301 905; Headquarters: Rua do
Choupelo, n.º 250, 4400-088 Vila Nova de Gaia, Portugal
− HILODI – Historic Lodges & Discoveries, S.A.; Companies Registration No. 513 165 096; Headquarters: Rua do
Choupelo, n.º 250, 4400-088 Vila Nova de Gaia, Portugal
− The Vintage House Hotel, S.A.; Companies Registration No. 503 974 242; Headquarters: Lugar da Ponte,
5085-034 Pinhão, Portugal
− Y Not Chocolate, S.A.; Companies Registration No. 514 990 848; Headquarters: Rua do Choupelo, nº 250,
4400-088 Vila Nova de Gaia, Portugal
− Onwine, Lda.; Companies Registration No. 516 026 011; Headquarters: Av. D. João II, nº 1288, 4430-415 Vila
Nova de Gaia, Portugal
− Quinta and Vineyard Bottlers – Lan Holdings, S.A.; Companies Registration No. 500 227 969; Headquarters:
Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Fontenova Hotel, Lda.; Companies Registration No. 515 666 386; Headquarters: Rua do Choupelo, nº 250,
4400-088 Vila Nova de Gaia, Portugal
− QVB SAN, Lda.; Companies Registration No. 515 202 711; Headquarters: Rua do Choupelo, nº 250, 4400-088
Vila Nova de Gaia, Portugal
− Sociedade Quinta do Portal, S.A.; Companies Registration No. 501 695 060; Headquarters: Rua do Choupelo,
nº 250, 4400-088 Vila Nova de Gaia, Portugal
− Fundação The Porto Protocol; Companies Registration No. 515 488 011; Headquarters: Rua do Choupelo, nº
250, 4404-509 Vila Nova de Gaia, Portugal

Website Users – any person accessing any of the TFP websites or trademarks marketed by TFP:
www.fladgatepartnership.com, managed by The Fladgate Partnership – Vinhos, S.A;
www.climatechange-porto.com, managed by The Fladgate Partnership – Vinhos, S.A;
www.the-yeatman-hotel.com, managed by The Yeatman Hotel, Lda;
www.vintagehousehotel.com, managed by The Vintage House Hotel, S.A.;
www.quintadoportal.com, managed by Sociedade Quinta do Portal, S.A.;
www.grapeshospitality.com, managed by Grapes – Great Restaurant, Accommodation and Personalised Event
Solutions, Lda.;
www.baraofladgate.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.tresseculos.pt, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.dourorivertaxi.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
clerigostastingroom.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.barons-hall.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.hoteldaestrela.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.chafarizdelrei.com, managed by Três Séculos – Realizações Hoteleiras, Lda.;
www.onwine.pt, managed by Onwine, Lda.;
www.directwine.pt, managed by Grossão – Comércio de Bebidas, S.A.;
www.Taylor.pt, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Fonseca.pt, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Croftport.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Krohn.pt, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Croftpink.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.Bin27port.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.portandtonic.com, managed by Quinta and Vineyard Bottlers – Vinhos S.A.;
www.heritagewines.pt, managed by Heritage Wines – Distribuição de Bebidas, Lda.;
www.wow.pt, managed by HILODI – Historic Lodges & Discoveries, S.A.;
www.vintevintechocolate.pt, managed by Y Not Chocolate, S. A.;
www.museudovitral.pt, managed by Três Séculos – Realizações hoteleiras, Lda.
atkinsonmuseum.com, managed by Hilodi – historic Lodges & Discoveries, S.A.;
www.portoprotocol.com, managed by Fundação The Porto Protocol

WHAT TYPE OF INFORMATION DO WE COLLECT?
TFP collects various types of personal data for different purposes, as set out below.
CUSTOMER DATA: We only collect the necessary data for the conclusion, compliance and performance of any
agreement entered into between the Customer and TFP, as well as to reply to any subsequent claims regarding
such agreements. Normally, we just need to have your contact information data (such as full name, phone
number, email, address and postcode) to enable us to ensure that our relationship runs efficiently. We also
keep information related to your online involvement, which we use to ensure that the marketing
communications we direct to you are relevant and appropriate. We may also have CCTV footage, if you visit our
facilities and information that you have decided to share with us directly or through your company (evaluation
of our services and products, allergies, health conditions and food restrictions). You will be informed if, for any
reason, we require any additional personal data.

SUPPLIER DATA: We only collect the necessary data for the conclusion, compliance and performance of any
agreement entered into between the Supplier and TFP, as well as to reply and manage any subsequent claims
regarding such agreements. We will collect personal contact data, including your company data, such as names,
phone numbers, and emails. We will also collect bank details so that we can issue payments to you. We may
also keep information that you have decided to share with us directly or through your company, and CCTV
footage if you visit our facilities.

WEBSITE USERS: We only collect the necessary data to guarantee a first class experience when visiting our
Website, in order to allow you to enjoy all the potential options and discretions provided therein, as well as to
assist us when managing our provision of services. This includes information such as how you use our website,
how often you access it, your browser type, your IP address, the location from where you visit our website, the
language you choose and the time when our website is most often visited, as well as other information better
described in our aforementioned cookie policy. If you contact our Website using, for instance, the chat
function, we will collect any information provided to us, such as your name and contact data.

APPLICANT DATA: Depending on the relevant circumstances and local legislation applicable, we may collect all
or part of the information listed below:
– Identity data, such as name, contact details (phone and email), immigration status (in case you need a work
permit for your visa), and your photo.
– Professional status and activity, such as data on education, employment history, current salary, pensions and
benefits-related provisions, if such information is necessary for the vacancy to which you wish to apply
– Additional information you choose to share with us, in particular in your CV or in job interviews;
– Additional information that our Customers may share about themselves or that we find out from other thirdparty sources;
– IP address; dates, timings and frequency with which you access our services; and
– CCTV footage, if you visit our facilities.
Please note that the above list of categories of personal data that we may collect is not exhaustive.
In addition to the above mentioned, registration through social networks (involves using your credentials from
social networks such as your login information as a Facebook and Google+ User in order to open and log in to
your own TFP account) also allows us to collect personal data: when you use the login option through social
networks, TFP will only use the public profile information that is necessary for the opening of your TFP account.
TFP will not use any information received from social networks as long as such information is irrelevant for the
referred purpose. Once the account is open, the user will have the opportunity to complete it with any
information that the said data subject wishes to share with us and that will allow us to improve the expected
interaction with our services. Any additional information provided will only be used for the purposes stated in
this privacy policy.

DO I HAVE AN OBLIGATION TO PROVIDE MY PERSONAL DATA?
In the scope of our commercial or professional relationship, you will have to provide the necessary personal
data to start and create such a relationship in order to comply with the existing pre-contractual and contractual
duties and diligences and that data that we and compulsory have to collect. Without such data, we will
generally have to refuse to conclude or perform such an agreement or we will not be able to maintain the
agreement and therefore will have to terminate it.
If you do not provide us with the necessary information and documentation, we will not be able to start or
continue the commercial or professional relationship intended by you, or even follow up on requests you may
send us.

HOW DO WE COLLECT YOUR PERSONAL DATA?
We may collect personal data in several ways:
a) Personal data that we receive directly from you, if you contact us deliberately, usually by phone or email;
and/or if we contact you by phone or email or through business development activities in a more general
manner.
There are several ways in which you can share your information with us. It all depends which suits you better.
These may include:
– Enter your data on TFP Website by filling out the form as part of the registration procedure; or
– Send your CV/ résumé by email or leave a hard copy of your CV;
– Participate in a contest through a social network channel such as Facebook, Twitter, Instagram, Pinterest or
other;
– Sign up for our newsletter or any of our events;
– Through the chat function on our Website.
b) Personal data we receive from other sources, usually through due diligence or other market information,
including lists of applicants in relevant events. We also receive personal information from other sources, for
instance if you introduce “Like” on our Facebook page or choose to “Follow” on Twitter or Instagram, we will
receive personal information from these websites;
To the extent that you access our Website, read or click on an email from us, when appropriate and in
accordance with local legal requirements and legislation, we may also automatically collect your data. When
you visit our Website there is certain information that we may collect automatically, whether or not you decide
to use our services. This includes your IP address, the date, times and frequency of access to our site and the
way in which you browse its content, all as provided in the cookies policy below. We will also collect your data
when you contact us through our Website using, for example, the chat function.
We collect your data automatically through cookies, in accordance with your browser’s cookie settings. If you
are also a TFP Applicant or Customer, we may use data from your usage of our websites in order to improve
other aspects of our communications with you or the services we provide to you.

WHY DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS?
PROVISION OF PRODUCTS AND SERVICES
TFP may process your personal data, when necessary to perform the agreement between you and TFP, as well
as to be able to identify you. We may also use your Personal Data to prevent and research possible misuse of
the said Personal Data.

MARKETING ACTIVITIES
Occasionally, we may send you information that we consider to be of interest to you. In particular and when
appropriate, we may use your data for the purposes listed below:
– to enable us to develop commercial or marketing initiatives, namely to promote actions to publicise new
options or new products and services;
– to send you reports, promotions, offers, events and contacts;
– to provide you with information about specific promotional discounts and offers to which you are entitled to
because of your relationship with TFP;
– to allow us to send newsletters, which may contain information on promotional campaigns, on events, discounts,
promotions and offers, invitations, activities publicising new features, new products or services and for sending information
on participation in contests and prizes, in accordance with the thematic preferences that you have indicated by email;
– allow us to send you reminders about your bookings, order status changes, “abandoned card” reminders and stock
notification information;
– management of membership programmes, such as, but not limited to, the “Cartão WOW”/ ”WOW Card” program;
-to provide you with information about personalised and exclusive offers of products and services identified based on your
personal preferences and behaviour pattern, as well as from the use of products, services and browsing on the websites.
When you have provided us with your email contact details in connection with the sale of a product or service, we may use
them for the purposes of marketing of our own products and services. You may, however, freely and if you do not agree
with our marketing approach, refuse/cancel such communications either at the time of the collection or at the time each
message arrives. Regarding the sending of any other type of e-communication, we will firstly request your prior and express
consent. We need your consent for some aspects of these activities that are not covered by our legitimate
interests (in particular the collection of data through cookies and the provision of marketing directly to you
through digital channels).
If you do not agree with our marketing approach, you are entitled to withdraw your consent at any time. We
may use your data to show you TFP adverts and other content displayed on other websites such as, for
example, on Facebook. If you do not wish us to use your data in this way, turn off the option “Advertisement
Cookies” (please check our Cookies Policy).

OTHER PURPOSES
– To store (and update as necessary) your information in our database, so that we can contact you regarding
the agreements you have entered into or wish to enter into with us;
– To offer you services or to obtain assistance and services from you;
– To fulfil specific legal duties;
– To help us direct appropriate marketing campaigns, in which TFP may adopt automated decisions, including
profile definition;
– Where necessary to assist us in the declaration, exercise or defence of a right and
– To defend the vital interests of the data subject.
We may also use your personal data for these purposes if we consider it necessary to do so in order to defend
our legitimate interests.

DEVELOPMENT ON PRODUCTS AND SERVICES
TFP may use your personal data for the development of your products and services. However, we will
predominantly use combined data and statistical information for that purpose. TFP keeps track of the pages
our customers visit within the website to determine which services/products are most requested.
In this case, we collect information concerning the computer or device (including mobile devices) that you use to access the
website, namely your IP address, the website you used to access us, the type and language of your browser, operation
system, cookies, the country from where you are accessing, reference and exit pages, URL, platform, number of clicks you
have made, domain names, searched and visited pages, and the order in which you have visited them, the time spent on a
particular page, the date and time you have accessed our website, access errors and other similar information that your
browser may sends us.

COMMUNICATION
TFP may use your personal data to communicate with you, namely, to send you news related to TFP’s products and
services, or to assist you in matters relaters to customer support, in particular to respond and manage users requests
through customer service channels, as well as to monitor the quality of our service.
TFP’s newsletter subscription may involve the use of personal data in order to carry out personalised advertising of our
products and services, which are available to users through email, push notifications by any other electronic means or
through third parties.
You can freely unsubscribe from receiving our Newsletter at any time, simply by following the information we provide in
each communication.
TFP may use data that has been identified based on your personal and behaviour pattern preferences. In order to send you
customised offers, TFP will collect the said data from your interactions with us, whether through our website, or through an
app, support line, or even from the use of products.
The management of data for the purpose of profiling and market researching is also based on TFP’s legitimate interest. >To
such end, TFP considers the interests and rights of those concerned and the measures taken by the person responsible to
fulfil general duties in terms of proportionality and transparency, having surmised that:
a) the impact on individual fundamental human rights, freedoms and guarantees is reduced;
b) the said management may be reasonably foreseen by the person concerned;
c) the data handling for the referred purpose does not lead to exclusion, discrimination, defamation or endanger of the
holder’s reputation and/or his/her negotiation power.
If you consider that the referred data management may lead to any kind of emotional repercussion, you may exercise your
right of access and/or right to object, as well as voluntarily exclude yourself without any need for justification of your
decision.
We inform you that you can limit this by exercising the right to object by writing an email to any of the contacts listed in
“How to contact us”.

IMPROVING THE SERVICE PROVIDED TO THE USER
Your Personal Data related to your physical or online purchases, tastes and preferences can be used for analysis, user
profiling, market research, quality surveys and improvement of our Customer interaction.

RECRUITMENT ACTIVITIES
In order to fill job vacancies, we can internally develop recruitment activities. We have listed below several ways in which
we may use and process your personal data for this purpose:
– Collect your data through you and other sources, such as LinkedIn;
– Store your data in our database (and update them when necessary), so that we can contact you regarding recruitment;
– Assess data concerning yourself in relation to the vacancies that we believe are appropriate for you;
– Allow you to send your CV, apply online for employment offers or subscribe alerts on job offers that we believe will be of
your interest;
– Comply with our obligation arising from any agreement entered into between you and TFP;
– Comply with our obligations arising from any agreements entered into between third parties and TFP, regarding your
recruitment;
– Streamline our payment and invoicing procedures;
-Check the data provided by you, using third party resources (such as psychometric assessments or skills tests) or to request
information (such as employment recommendations or references, as appropriate under applicable law, that you have
provided contact data of, and as long as you have gathered previous consent authorising us to contact these entities); and
– Comply with our legal obligations, including, for instance, crime detection or tax and fiscal duties collection.
We handle your abovementioned personal data pursuant to the provisions in the GDPR and other applicable legislation,
and we base this data management essentially on pre-contractual procedures and contract performance, on the fulfilment
of a legal obligation or to satisfy legitimate interests pursued by TFP or on the protection of the imperative interests of the
data subject.
That is, we use and process your personal data for the management and performance of agreements or other procedures
requested by the data subject (Article 6, paragraph 1 b) of the GDPR); in the context of a legitimate interest (Article 6
paragraph 1 f) of the GDPR); based on the consent of the data subject (Article 6 paragraph 1 a) of the GDPR) and by legal
imperative or in the public interest (Article 6 paragraph 1 c) of the GDPR).

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Where appropriate and in accordance with legal requirements and local legislation, we may share your personal data for
various reasons and in several ways with the following categories of entities:
– Any of the entities of our Business Group, identified in the Glossary herein.
– In the pending of an investigation, claim or lawsuit filed within the Tax, Audit, Administration or Public Authorities, Courts,
Foreigners and Borders Service (“SEF”) and Portuguese Security Forces, which are responsible for the matter and, internally,
the areas or departments of the TFP Group that collaborate in collecting information and reporting facts to the competent
authority;
– Third party service providers who perform tasks on your behalf (including external consultants, business partners and
professional consultants such as lawyers, auditors and accountants, recruitment companies, technical support and IT
consultants conducting who carry out testing and development work on the technology systems of our Business Group
entities;
– Third party IT service and outsourced documents storage providers, in cases where we have an appropriate management
agreement (or similar protections);
– With the company “UNLOCK THOUGHTS, LDA, Tax and Companies Registration number 513923195, with registered
headquarters in Rua do Bom Sucesso nº 372, 5, civil parish of Lordelo do Ouro and Massarelos, municipality of Oporto, as
partner entity of our Hotel da Estrela and our Hotel Palacete Chafariz d’El Rei, for the same legal effects and purposes
foreseen in this Policy;
– Platforms and suppliers of marketing technology;
– In the event of acquisition or selling of businesses or assets, we may share your personal data with potential purchasers of
these businesses or assets;
– In the event of payments, the credit institutions and other payment service providers, as well as the technology service
providers related to payment services to whom the transaction data is passed on, and which may be bound by legislation of
the State in where they perform, or by agreements concluded by the latter to provide information on transactions to
official authorities of other countries, both inside and outside the European Union, in the battle against financing terrorism,
serious forms of organised crime and money laundering prevention.
Our website and our application will allow you, in some circumstances, social plug-ins from various social networks. If you
decide to interact with a social network such as Facebook, Twitter, Google + (for instance, through account registration),
your activity on our website or in our app will also be available in your social network. If you are connected to one of these
social networks during your visit to our website or app, or if you interact through one of the said social plug-ins, the social
network may include this information to your profile on the said social network, in accordance with your privacy setting. If
you wish to avoid this data transfer, please close your account session on the social network before entering our website or
app or change your privacy settings whenever possible. We recommend you read the privacy policies of the social networks
you use in order to obtain detailed information about the collection and transfer of personal information, and also to get to
know your rights and which privacy settings are appropriate and you should select for your profile.

HOW DO WE SAVE YOUR PERSONAL DATA?
We are committed to take all reasonable and appropriate steps to protect the personal information we have from misuses,
accidental or unlawful amendments, loss and disclosure or unauthorised access. For this purpose, TFP uses security
systems, rules and other procedures to ensure the protection of your personal data, as well as to prevent unauthorised
access, improper use, disclosure, loss or even destruction of your personal data.
If you suspect misuse, loss or unauthorised access to your personal information, please let us know immediately.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We only store your personal data for the time necessary to achieve the purpose that justifies these data collection, and also
to respond to your needs or to the requests you may address to us, or to comply with our contractual and legal obligations.
In order to determine the time period to store your data, we use the criteria listed below. If several criteria are applied
simultaneously, we will keep your personal data in accordance with the criterion that entails the keeping of your personal
data for the longest period of time:
a) When purchasing product and services, we will keep your personal data for the duration of our business relationship,
including any complaints that may arise, as well as for a period of ten [10] years after the termination of such relationship,
notwithstanding the compliance of legal obligations of the data controller;
b) When you contact us to ask questions, requesting information and clarifications, we will keep your personal data for the
period of time necessary to resolve your question or to provide you with the information and/or queries requested;
c) When opening a customer account, that is, when registering on our website, we will keep your data until you ask us to
delete them or after a period of inactivity of two [2] years;
d) When you have consented to the sending of direct marketing, we will keep your personal data while maintaining the
final purpose of the data collection or until you cancel the subscription or request us to delete the data;
e) Regarding the footage captured on video surveillance system (CCTV), during the maximum period of thirty [30] days;
f) Concerning data collected during a recruitment procedure, for a maximum period of five [5] years after the closure of the
recruitment procedure;
g) Regarding the use of cookies, we will keep them as long as it is necessary to achieve the purposes inherent thereto, as
detailed in our Cookies Policy;
h) The period of time provided for in applicable legislation; or
i) Until the specific purpose applicable to the personal data ceases to exist.
We may also retain some of your personal data to the extent necessary to comply with our legal obligations, as well as to
exercise or enforce our rights, including to appeal to courts and administrative entities.
In any of these situations, if there legal judicial or administrative proceedings are pending, the data will be kept for the
duration of the proceedings and up to six [6] months after a final res judicata judgment is rendered.
After the above mentioned periods of data storage, the personal information will be deleted and /or cleared with efficient
safety.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
One of the main targets of the GDPR is to protect and clarify the rights of EU citizens and individuals in the EU with regard
to data privacy. This means that you have several rights to your data, even when you have previously provided such data to
us. These entitlements are better described below.
We will try to process your request without undue delay and, in any case, within one [1] month (subject to any extensions
permitted by law). Please note that we may keep a record of your communications to help us resolve any matters raised
and brought by you.

RIGHT TO OBJECT: this right allows you to oppose the handling of your personal data, for the reasons related to your
particular situation when your personal data are managed for one of the following purposes: (i) our legitimate interests; (ii)
to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing
materials, including profile definition; and (iv) scientific, historical, research or statistical purposes.
If you exercise the right to Object, we will terminate the processing of the data that you have objected to, unless:
– we can present evidence that we have legitimate compulsory grounds for the data management that overlap with your
interests; or
– we are processing your data in order to declare, exercise or defence a right.

RIGHT TO WITHDRAW CONSENT: If we have obtained your consent to handle your personal data for some activities (for
example, for marketing purposes), you may withdraw this consent at any time and we will no longer perform the specific
activity you have previously consented upon, unless we consider that there is an alternative reason on our behalf to justify
the continuing data management, in which case we will inform you about such condition.

RIGHT OF ACCESS BY THE DATA SUBJECT: You may request us, at any time, to confirm the information we have about
you, as well as additional information about the purposes of our data management, the period of time which we keep your
data, the existence of automated decisions, the recipients to whom the data are disclosed, among any other information
provided for in article 15 of GDPR. We may ask you to verify your identity and more information about your request. If we
grant you access to the information we keep about you, we will not charge for access unless your request is “manifestly
excessive or groundless”. If you request us any additional copies of this information, we may charge you a reasonable
administrative cost, and where this is legally permitted. In cases where we it is legally permitted, we may deny your
request. If we refuse your request, you will always be informed of our reasons and grounds.

RIGHT TO ERASURE: In some circumstances, you are entitled to request us to delete your personal data. Usually, the
exercise of this right must meet one of the following criteria:
– the data is no longer necessary for the purpose for which we originally collected and/or processed;
– when you have withdrawn your consent to process your data and there is no other valid reason why we should continue
to keep and process them;
– if you object to processing and there are no legitimate interests that justify the said data processing;
– the data have been unlawfully processed (for instance, in a way that does not comply with the GDPR); or
– the data needs to be deleted in order to comply with our legal obligations as data controller.
Nevertheless, this right does not apply, and therefore TFP may continue to process your data in a legitimate manner, when
the following proves necessary:
– to exercise the right to information and freedom of speech;
– to comply with legal obligations, to perform a task of public interest or to perform official authority;
– for reasons of public health in the public interest;
– for record, research or statistical purposes; or
– to exercise or protect a right.
When presented with a valid request to erase data, we will take all the reasonable and practical steps to delete the said
data.

RIGHT TO RESTRICTION OF PROCESSING DATA: In some circumstances, you have the right to restrict the processing of
your personal data. This means that we can only carry on storing your data and we will not be able to carry out any further
processing of your data until: (i) one of the circumstances listed below is resolved; (ii) we have obtained your consent; or
(iii) additional processing is required in order to declare, exercise or defend a right, the protection of the rights of another
person or on grounds of important public interest of the EU or of a Member State.
The circumstances in which you have the right to request the restriction of the processing of your personal data are:
– in the event of answering the accuracy of the personal data we deal with. In this case, the processing of your personal
data will be restricted for the period during which the accuracy of the data is being checked;
– if you object to the processing of your personal data based on our legitimate interests. In this situation, you may request
that your data will be restricted while we confirm our grounds for your personal data processing;
– if the processing of your data is unlawful, but you would rather restrict our data processing instead of their erasure; and
– if we no longer need to process your personal data, but we need the data to establish, exercise or defend a right.
If we have shared your personal data with third parties, they will also be notified of the restriction to processing, unless this
notification is impossible to make or involves a disproportionate effort. We will, for sure, notify you before lifting any
restriction on the processing of your personal data.

RIGHT TO RECTIFICATION: You have the right to request us to rectify any inaccurate or incomplete personal data we
keep regarding you. If we have shared such personal data with third parties, they will be notified of the rectification, unless
this notification is impossible to make or involves a disproportionate effort. Where appropriate, we will also inform you to
which third parties we have disclosed inaccurate or incomplete personal information. When we consider that it is
reasonable not to comply with your request, we will explain the reasons for our decision. It is important that the personal
information we keep regarding you is accurate and updated. Please let us know if there are any changes to your personal
information during the period in which we keep your data.

RIGHT TO DATA PORTABILITY: If you wish so, you are entitled to transfer your personal data between data controllers.
This means that you can transfer data from your TFP account to another online platform. To enable you to do it, we will
supply you with your data in a automated read-only format, protected by password, so that you can transfer the data to
another online platform. Alternatively, we can directly transfer the data for you. This right to data portability is applicable
to: (i) personal data that we process automatically (i e, without human intervention); (ii) personal data provided by you; and
(iii) personal data that we process based on your consent or to fulfil an agreement.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY: You also have the right to file a complaint to
your local supervisory authority, which in Portugal is the Comissão Nacional de Proteção de Dados (www.cnpd.pt).
Please contact us if you intend to exercise any of these rights or withdraw your consent for the processing of your personal
data (if your consent is our legal basis for processing your personal data). Please note that we may keep a record of your
communications to help us resolve any issues you raise.

HOW CAN YOU EXERCICE YOUR RIGHTS / HOW YOU CAN CONTACT US?
If you wish to exercise any of the above rights, or you suspect of misuse, loss or unauthorised access or have any comments
or suggestions to this Privacy policy, you may contact us at the following addresses:
– The Fladgate Partnership – Vinhos, S.A., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400 – 088 Vila
Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Quinta and Vineyard Bottlers – Vinhos S.A., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088
Vila Nova de Gaia,Portugal
Alternatively, you can email us at dpo@qavb.com
– Heritage Wines – Distribuição de Bebidas, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-
088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@heritagewines.pt
– Grossão – Comércio de Bebidas S.A., A/c. Encarregado de Proteção de Dados, Avenida D. João II – Quinta dos Barões, 4430-
022 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@grossao.com
– Grapes – Great Restaurant, Accomodation and Personalised Event Solutions, Lda., A/c. Encarregado de Proteção de Dados,
Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@grapeshospitality.com
– Sociedade Agrícola de Nogueira, Lda., A/c. Encarregado de Proteção de Dados, Quinta da Roêda, 5085-036 Pinhão,
Portugal
Alternatively, you can email us at dpo@san.pt
– Três Séculos – Realizações Hoteleiras, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088
Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@tresseculos.pt
– The Yeatman Hotel, Lda., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 345, 4400-088 Vila Nova de Gaia,
Portugal
Alternatively, you can email us at dpo@theyeatman.com
– Fladgate Partnership Land Holdings, S.A., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia,
Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– HILODI – Historic Lodges & Discoveries, S.A., A/c. Encarregado de Proteção de Dados, Rua do Choupelo, nº 250, 4400-088
Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@wow.pt
– The Vintage House Hotel, S.A., A/c. Encarregado de Proteção de Dados, Lugar da Ponte, 5085-034 Pinhão, Portugal
Alternatively, you can email us at dpo@vintagehousehotel.com
– Y Not Chocolate, S.A., A/c. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@vintevintechocolate.pt
– On Wine, Lda., A/C. Encarregado de Proteção de Dados, Avenida D. João II, nº 1288 (Rotunda Gil Eanes), 4430-415 Vila
Nova de Gaia, Portugal
Alternatively, you can email us at dpo@onwine.pt
– Quinta and Vineyard Bottlers – Land Holdings, S.A., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova
de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Fontenova Hotel, Lda., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– QVB SAN, Lda., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Sociedade Quinta do Portal, S.A., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4400-088 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com
– Fundação The Porto Procotol., A/C. Proteção de Dados, Rua do Choupelo, nº 250, 4404-509 Vila Nova de Gaia, Portugal
Alternatively, you can email us at dpo@fladgatepartnership.com

HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?
Data transfer to other countries (countries outside the European Union) only occurs if it is necessary for the execution of
orders or upon your requests (for example, payment orders or shipment of products), by legal requirement or if you have
given us an express authorisation to do so. If requesting service providers of third countries is required, they will be obliged
to comply with the written instructions in this regard by signing an agreement with the standard contractual clauses of the
European Union, in order to comply with the level of data protection applicable in the European Union. You will receive
detailed information from us separately as required by law. We want to ensure that your data is stored and transferred in a
safe way. Therefore, we will only transfer data outside the European Economic Area or EEA (i e, the State Members of
European Union together with Norway, Iceland and Liechtenstein) where this is in line with the data protection legislation
and the means of transfer provide adequate guarantees in relation to your data, namely:
– through a data transfer agreement incorporating the current standard contractual clauses adopted by the European
Commission for the transfer of personal data by data controllers in the EEA to controllers and subcontractors in jurisdictions
lacking adequate data protection legislation; or
– transferring your data to a country where the European Commission has noted an adequate level of data protection; or
– if you have consented to the transfer of data.
To ensure that your personal data receives an adequate level of protection, we have applied appropriate procedures with
third parties with whom we share your personal data to guarantee that your personal information is handled by such third
parties in compliance with data protection law.

GUARANTEES AND WARNINGS
User guarantees that the personal data provided to TFP are correct and accurate and will notify any change or amendment
to them assuming sole responsibility for losses and damage caused by erroneous, inexact or incomplete communication of
these data. User is explicitly warned that when disclosing personal data in public TFP media such as Facebook, Google +,
Twitter and Instagram, this information may be seen and used by third parties. TFP does not read any personal
communication published or posted on our costumers’ own web pages.

BROWSERS RECOMMENDED
TFP website is optimised for viewing on Google Chrome, Safari, Mozilla Firefox, Microsoft Edge.

COOKIES POLICY
WHAT IS A COOKIE?
A “cookie” is an information file that is stored on your computer’s hard drive and that records your browsing on a website
so that when you revisit that website you can be presented with customised options based on the information stored on
your last visit. We may also use cookies on our website to analyse traffic and for advertising and marketing purposes, which
do not harm your system.
If you wish to check or change the type of cookies you accept, you can do so in your browser settings.

HOW DO WE USE COOKIES?
We use cookies basically to do two things: to track your use of our website, allowing us to understand how you use the site
and to track any patterns that may arise individually or from larger groups, which will help us to develop and improve our
site and services in response to what visitors want and need.
Cookies can be:
– Session Cookies: these are only stored on your computer during your web session and are automatically deleted when
you close the browser – they usually store an anonymous ID session allowing you to browse a site without having to log in
to each page, but do not collect any information from your computer; or
– Persistent Cookies: these are stored as a file on your computer and are maintained when you close your web browser.
The cookie can be read by the site that created it when you return to that site. We use persistent cookies such as Google
Analytics, Facebook and Mailchimp.
– Strictly necessary Cookies: They are essential to enable you to use the site effectively and they cannot be deactivated.
Without these cookies, the services that are available to you on the website could not be provided. These cookies do not
collect information about you that can be used for marketing purposes.
– Performance Cookies: These cookies allow us to monitor and improve the performance of our site. For example, they
allow us to track visits, identify traffic sources, and to check which parts of the site are most popular.
– Functionality Cookies: These cookies allow our website to remember the choices you have made (such as your username,
language and region where you are) and provide improved functional options. For example, we may provide you with
important news or updates on our website. These cookies can also be used to remind you of changes you made: from the
size of text, type of font, and other parts of web pages that you can customise. They can also be used to provide services
you have requested, such as viewing a video. The information that these cookies collect are usually anonymous.
– Customized Cookies: These cookies are persistent (while you are registered with us) and mean that when you sign in or
return to a web page you may see similar adverts to those you have browsed previously.

CONSENT
Pursuant to Law no. 41/2004, of 18 August, the storage of information and the possibility to access information stored in a
user’s IT device (in particular thorough cookies) will only be carried out by TFP if the user has given prior and explicit
consent to the use of cookies on his/her device. Therefore, we request you to accept this Privacy and Cookies Policy, before
you start browsing our websites.

HOW CAN I AVOID COOKIES ON YOUR WEBSITES?
All Costumers are entitled to withdraw consent to the use of cookies by TFP, eliminating cookies stored on their computer
through settings options of their internet browsers.
Finally, if you wish to have greater control over the use of cookies, you can download programs or add-ons to your browser,
known as “do not track”, which will allow you to choose the cookies that you want to allow.
If you block or do no authorise the use of cookies, no cookie will be stored in your device, but this will not guarantee the
proper functioning of our websites. Therefore the costumer cannot take maximum advantage of the contents available on
our websites, and in each new access to the website, you will always be asked for permission to use cookies.

ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS
Occasionally, it may be necessary to process personal data and, where appropriate and in accordance with local
requirements and legislation, to process sensitive personal data regarding the exercise and defence of legal claims. On this
perspective, article 9 paragraph 2 f) of GDPR such processing when it “is necessary for the establishment, exercise and
defence of legal claims in a judicial proceeding or whenever courts act in the exercise of their judicial function.”
This may arise, for instance, in circumstances where we need to obtain legal advice in relation to legal proceedings or if we
are required by law to retain or disclose specific information as actors in legal proceedings.

CHANGES TO OUR PRIVACY POLICY
TFP reserves the right to change this Privacy and Cookies Policy at any time, and any changes will be duly posted on the
TFP’s websites.
Last update: 2th May 2024