Services Policy and General Conditions

General Scope

iDream is committed to protecting and ensuring the security of its Customers’ information and privacy. This Privacy Policy is intended to make known the general privacy rules and terms of processing the data we collect, in strict compliance with and compliance with applicable legislation in this area, including Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 (“General Data Protection Regulation” or “GDPR”).

Responsible for the processing of personal data

iDream Unipersonal Lda.

Phone: +351 289 401 030
Email: geral@idream.pt
Modara: Rua Assis Esperança Nº5, 8100-543 Loulé
NIPC: 510 232 493
Website: https://www.idream.pt/

1. Collection and processing of personal data

This Privacy Policy applies to all personal information collected and stored by iDream on paper and/or digital formats.

The personal data voluntarily provided by its Owner, and whose processing is a contractual and/or legal obligation of iDream, are treated confidentially, by employees or subcontractors duly authorized for this purpose, and they must follow the specific instructions of iDream.

Your data may be collected directly or by telephone, when you make a request for information or service, through the opening of a Customer form, with the creation of a process number that identifies the form, when you visit or use one of the contact forms available on our website, for requests for information or requests for budget and services.

The personal information we collect is:

  • Full name;
  • Email address,
  • Phone number;
  • Address;
  • Taxpayer number;
  • Credit card details – cardholder’s name, card number, validity and security code – when you pay by credit card;
  • Other additional information, not classified as personal.

In the navigation of the website, whenever it is necessary to identify and collect personal data, the user will have to authorize its collection through authorization mechanisms that may vary by case, but that will be clear in its purpose and intuitive as to the use. For example in a contact form, there will be a box where the user must click to indicate that he authorizes the collection and processing of the personal data entered in the form and later contact by iDream. You should, however, make it clear that without authorization of the processing of the data you will not be able to send your message and contact iDream through the website.

The processing of personal data once authorized will be done in accordance with this Privacy Policy, and your authorization must assume that it has been read and understood, as well as the Terms and Conditions of use of the website.

2. Data collection purposes and categories

Pleas (Article 6(1)(b), (c), d) and f) gdpr): Processing is necessary for the performance of the service to which the data subject is a party, or for pre-contractual due diligence at the request of the data subject; compliance with legal obligations to which iDream is subject; for the defence of the data subject’s vital interests; legitimate interests pursued by iDream.

Regarding the processing of data carried out by iDream in the context of compliance with legal obligations, the basis of lawfulness for the performance of such processing – mostly data communications to external entities – will be the need for processing for the purpose of compliance with these legal obligations by the Controller.

Thus, we collect your data to:

  • Order processing
  • Billing management: for issuing invoices for the acquisition of goods and services
  • Home deliveries: so we can deliver your purchases to your home
  • Customer service: We use your personal data to provide customer support
  • Customer reviews: We may use your contact details to invite you by email to write a comment after your order. By doing so, you can help other customers choose the most suitable product
  • Marketing activities: We also use your data for marketing-related activities as permitted by law. When we use your personal data for direct marketing purposes, such as business newsletters and marketing communications about new products and services or other offers that we think may interest you, we include a link that you can use if you do not want us to send messages in the future
  • Other communications: There may be other times when we contact you by email, mail, phone or text message, depending on the contact details you share with us
  • Legal scope: In certain cases, we need to use the information provided, which may include personal data, to deal with and resolve legal disputes or complaints, for legal investigations, or to execute agreements or to comply with legal requests from competent authorities (e.g. communications to the SEF), to the extent required by law

If we use automated means to process personal data that produces legal effects or that significantly affects you, we will implement appropriate measures to safeguard your rights and freedoms, including the right to obtain human intervention.

3. Data Communication

iDream will implement the necessary and appropriate measures in the light of applicable law to ensure the protection of the personal data subject to communication, strictly complying with the legal provisions regarding the requirements applicable to such communications, in particular informing Customers.

Where iDream communicates personal data to third parties, it will define clear rules for contractualising the processing of personal data with its subcontractors, and require them to take appropriate technical and organisational measures to protect your personal data.

The data may be provided to the judicial or administrative authorities, provided that in compliance with legal obligations, as well as communicated to public and private bodies related to the activity of iDream. The data, depending on the purpose for which it was collected, may be provided to the following categories of recipients:

  • Public entities;
  • Subcontracted service providers;
  • Other entities subcontracted by iDream whose social object is essential to the pursuit of the purpose for which the data were collected.

4. Transfer of data to third countries

The information collected in principle will not be transferred to third countries. In the event of data transfers to countries outside the EU, priority will be given to countries that are under an EU adequacy decision under Article 45 of the GDPR.

iDream will take the necessary steps to ensure the privacy and security of your personal data pursuant to Article 46 of the GDPR and to use it only for the purposes for which it was collected.

5. Retention of personal data

Your Personal Data is kept by iDream, as long as the existing relationships between this Entity and the respective Holders are maintained, or for the legal period of retention or for maintaining the purpose for which they were collected, in order to allow the identification of the Holders until they have definitively ceased those relationships or obligations.

The data collected will be destroyed at the end of their legal retention period. The length of time during which the data is stored and stored varies according to the purpose for which the information is used. There are, however, legal requirements that require you to retain the data for a certain period of time.

6. Security measures

iDream is committed to ensuring the confidentiality, protection and security of its Customers’ personal data by implementing appropriate technical and organisational measures to protect your data against any form of undue or illegitimate processing and against any accidental loss or destruction of such data.

To this end, we have created procedures that prevent unauthorized access, accidental loss and/or destruction of personal data, committing us to comply with the laws on the protection of customers’ personal data and to process this data only for the purposes for which it was collected, as well as to ensure that this data is treated with adequate levels of security and confidentiality.

Your personal data will be limited to persons who need to know them in the performance of their duties, to the strictest extent necessary for the pursuit of the processing purposes.

Among the cases in which administrative staff have access to your data and other special categories of data are the processing of data for the purpose of billing and execution of the services provided to you or for the management of your requests for information or complaints.

iDream is not responsible for the data that you make available on social networks. The use of iDream’s social networks may involve the transmission of data to social media service providers, who may be based outside the European Union or the European Economic Area

7. Information storage

The data will be stored electronically on a server maintained and controlled by iDream, located in Portugal and in Cloud service providers based in the European Union.

Security is always monitored in terms of infrastructure and data access. Access is restricted and protected by various access management and encryption tools, with the purpose that unauthorized third parties do not have access to them. The risk of loss/destruction is thus minimized, but not extinguished and there is always the possibility of illegal access to the data. In this case, escape retention measures will be implemented.

8. Rights of the data subject

Right of information – at the time of its collection or processing the holder of the personal data has the right to be informed as to the purpose of the processing, the data controller, entities to which his data may be communicated, conditions of access and rectification and what mandatory and optional data will be collected.

Right of access – the holder of the personal data has the right to access them, without restrictions or delays, as well as to know what information is available about the origin of the data, purposes of processing and communication of the same to third parties.

Right of rectification – the holder has the right to require that the data about him/her be accurate and current, and may at all times request its rectification from the data controller.

Right of erasure – the data subject is entitled to the right to have his data no longer processed, be deleted and deleted, under certain conditions, in the event of:

  • cease to be necessary for the purpose they have been collected;
  • holders withdraw their consent or oppose their processing;
  • If the processing of the data does not comply with the legal provisions.

Right to limitation of processing – the holder of personal data has the right to limit his data only to the essential for the purpose of the processing.

Right of data portability (data transfer) – the data subject has the right to receive your data or to request the transmission of data to another entity that is the new person responsible for your personal data (only if technically possible).

Right of opposition – the data subject has the right to opposed, at his request and free of charge, the processing of his personal data for the purposes of direct marketing or any other form of prospecting and that his personal data be communicated to third parties, unless otherwise provided by law.

Right not to be subject to automated decisions or profiling – As the holder of personal data you have the right not to be subject to any decision made solely on the basis of automated processing, including profiling.

Right to know of the existence of a data breach – the holder of the personal data has the right to be informed if there is a security breach that compromises your data.

Right of complaint to the supervisory authority – the holder of the personal data has the right to complain not only to the person responsible for the processing of personal data of the company, but also to the supervisory authority, the National Data Protection Commission (CNPD).

You also have the right to withdraw or change, at any time, the consent you have given us to use your personal data, when it has legitimized the use of it.

9. Obligations of entities involved in the processing of data

Each entity involved in the processing of your data is obliged to comply with applicable data protection legislation, in particular as regards the security and confidentiality of its processing.

Those responsible for the processing of Personal Data, as well as persons who in the performance of their duties are aware of them are obliged to professional secrecy, in accordance with the law.

10. Contact in charge of data protection

iDream Unipersonal Lda.

Phone: +351 289 401 030
Email: geral@idream.pt
Dwelling: Rua Assis Esperança Nº5, 8100-543 Loulé
NIPC: 510 232 493
Website: https://www.idream.pt/

11. Amendment and updating of privacy policy

iDream reserves the right, at any time, to make modifications or updates to this Privacy Policy, and these changes are duly published on our website. If you have any questions or wish, at any time, to cease to be part of the iDream database you can exercise this right by contacting us through the following means.

iDream Unipersonal Lda.

Phone: +351 289 401 030
Email: geral@idream.pt
Dwelling: Rua Assis Esperança Nº5, 8100-543 Loulé
NIPC: 510 232 493
Website: https://www.idream.pt/