CherryHorizon, Lda. is obliged to comply with the applicable legislation concerning personal data, namely the rules stipulated in the General Data Protection Regulation (“GDPR”), approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
1. Personal Data
According to GDPR, personal data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. Responsibility for the processing of personal data
2.1 Data Controller
CherryHorizon, Lda., will act as data controller of all data collected on the Website (in all matters regarding personal data you can contact us by using the following e-mail address: firstname.lastname@example.org).
Where appropriate, CherryHorizon, Lda. may have to resort to processors to carry out the processing activity on its behalf, for which the Website users give their consent.
CherryHorizon, Lda., will only resort to processors that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the applicable Regulation and ensure the protection of the rights of the data subject.
In particular, CherryHorizon, Lda. may resort to processors for the following purposes: payment processing, invoicing, back-office operations on the Website (namely all the necessary technical and operational support and assistance concerning the Website).
3. Collection and processing of personal data
The access and the mere use of the Website by the users do not imply the collection or treatment of any personal data. However, whenever the user creates an account on the Website, certain data will be collected. The nature of those data varies according to the purpose that is associated with it.
4. Transfer of personal data
In certain cases, data collected through the Website may be transferred to other entities that provide services to CherryHorizon, Lda. (namely IT services providers, hosting services providers, banks, payment operators and accounting services providers). Those entities are located in European Union countries.
5. Rights of the data subject
The Website users are guaranteed the right of access, rectification and erasure, withdrawal of consent, restriction of processing, opposition to the processing for the purposes previously defined and portability of the personal data they have transmitted.
The data subject may exercise those rights at any time through the following e-mail address: email@example.com.
Additionally, the data subject may also present a complaint before the national control authority (CNPD), whose contact details may be consulted at https://www.cnpd.pt.
6. Retention period of personal data
Personal data collected by CherryHorizon, Lda. will be stored during the period of time that the user´s account remains active on the Website. Once the user´s account on the Website is terminated, their personal data will be held for the period of time permitted by the applicable law. However, users may always exercise the right of erasure of their personal data.
7. Purposes associated with the processing of personal data
Personal data transmitted through the Website will be processed and stored in a database specifically created for the purposes of registration, access and use of the Website by the users, as well as for compliance with legal obligations.
8. Data gathered on the Website
8.1 Registration on the Website
To create an account it is necessary to provide basic data:
- name and surname
- e-mail address
- company name
- other information tagged by the company, if relevant, and if your account has been serviced by your company.
Users can create a profile on the platform.
A profile is a feature of the Account that allows users to include information about themselves (“definition of me” & “ambition”) and shall include other information in the future. Users are free to choose which information they want to include on their profile (such as a photo and other information). Users do not have to provide additional information on their profile. However, profile information help users to get more from the Platform. CherryHorizon, Lda. never asks for sensitive information but users are free to include such data on their profile. Please always consider it carefully. Such additional data can be deleted at any time without removing the user´s account.
8.3 Activity on the Platform
The Platform collects other data that Users provide when using the following features:
- Actions (description, date, completion & deletion)
- Goals (description, name, definition of done, resources, needs, motivation, actions and notes; new sections will be added in the future to improve experience and outcomes)
- Sessions contents (in each session, the answers are freely written by the Users and saved)
- Mood pulse rating (each rating is saved)
These data enable to provide a better user experience.
The Platform will use the registered email address to send emails to the User in order to make better use of the platform and provide better services. The platform will not send emails for promotional purposes.
9. Security measures
CherryHorizon, Lda. is committed to protecting the privacy of the Website's users. Therefore, CherryHorizon, Lda. uses highly innovative security systems that ensure that all personal data is properly stored and protected, preventing any unauthorized access to these elements, as well as their loss, dissemination, destruction or use beyond the purposes that justified their collection.
In particular, CherryHorizon, Lda. applies technological and organizational means to secure user's personal data. Security safeguards are implemented corresponding to the threats and category of data to be secured:
- Users’ personal data shall be collected and stored on a secured server.
- Moreover, data shall be secured by internal procedures of CherryHorizon, Lda. related to processing personal data and information security policy.
- SSL protocol (Secure Socket Layer). Communication between the user’s device and the servers shall be encoded using the SSL protocol.
- At the same time, CherryHorizon, Lda. states that using the Internet and services provided by electronic means may pose a threat of malware breaking into the user’s IT system and device, as well as any other unauthorized access to user’s data, including personal details, by third parties.
- In order to minimize such threats, users shall use appropriate technical security means, e.g. using updated antivirus programs or programs securing identification of user on the Internet. In order to obtain detailed and professional information related to security on the Internet, CherryHorizon, Lda. recommends taking advice from entities specializing in relevant IT services.
- In order to log in to the Account, it shall be necessary to provide relevant username and password. In order to ensure an appropriate level of security, the password for the Account shall exist on the Platform only in a coded form. Furthermore, when registering on and logging in to the Platform it will proceed to a secure https connection.
- CherryHorizon, Lda. undertakes all necessary actions, so that its processors and other cooperating entities guarantee that appropriate security measures will be applied whenever they process personal data at the request of CherryHorizon, Lda.