GDPR - Your Data Protection Rights

Last updated: January 1, 2025

The General Data Protection Regulation (GDPR) is a European Union law that protects your personal data. This document explains your rights under the GDPR and how to exercise them.

1. Introduction to GDPR

1.1 What is GDPR

GDPR is legislation that establishes rules on how organizations can collect, use, and store personal data of residents of the European Union. It applies to all companies that process data of EU citizens, regardless of where they are located.

1.2 Our Commitment

hontras.com is fully committed to protecting your personal data and complying with all GDPR provisions. We have implemented robust technical and organizational measures to ensure the security of your information.

2. Data Controller

The data controller responsible for processing your personal data is:

• Name: hontras.com
• Address: Rua das Flores, 172, Windsor Park, Portugal
• Email: support@hontras.com

3. Your Rights Under GDPR

3.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether we are processing your personal data and, if so, access to that data. You can request:

• A copy of the personal data we hold about you
• Information about the purposes of processing
• The categories of personal data in question
• The recipients or categories of recipients
• The envisaged retention period
• The source of the data, if not collected directly from you

How to exercise: Send an email to support@hontras.com with the subject "GDPR Access Request". We will respond within 30 days.

3.2 Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data we hold about you. This includes the right to complete incomplete data.

How to exercise: Contact us via support@hontras.com indicating which data needs to be corrected and providing the correct information.

3.3 Right to Erasure (Article 17 - "Right to be Forgotten")

You have the right to request the deletion of your personal data under certain circumstances:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

How to exercise: Send a request to support@hontras.com explaining why you want your data to be deleted.

Note: This right is not absolute. We may need to retain certain data to comply with legal obligations or to establish, exercise, or defend legal claims.

3.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing of your personal data when:

• You contest the accuracy of the data (during the verification period)
• The processing is unlawful, but you do not want the data to be erased
• We no longer need the data, but you need it for legal claims
• You have objected to processing (during the verification period of legitimate grounds)

How to exercise: Contact us via support@hontras.com specifying which processing you wish to restrict and why.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller when:

• The processing is based on consent or contract
• The processing is carried out by automated means

How to exercise: Request via support@hontras.com. We will provide your data in JSON or CSV format.

3.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data when:

• The processing is based on legitimate interests
• The processing is for direct marketing purposes
• The processing is for scientific or historical research purposes

How to exercise: Send an objection to support@hontras.com. We will cease processing unless we can demonstrate compelling legitimate grounds.

3.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

Our position: We do not make automated decisions that significantly affect you without human intervention.

3.8 Right to Withdraw Consent (Article 7)

When processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.

How to exercise: You can withdraw consent through the cookie settings on our site or by sending an email to support@hontras.com.

4. How to Exercise Your Rights

4.1 Request Process

To exercise any of your GDPR rights:

1. Send an email to support@hontras.com
2. Clearly indicate which right you wish to exercise
3. Provide sufficient information to verify your identity
4. Specify any relevant details about your request

4.2 Identity Verification

To protect your privacy, we may need to verify your identity before processing your request. This may include requesting:

• Copy of identification document
• Email address confirmation
• Answers to security questions

4.3 Response Times

We will respond to your request within one month of receiving it. In complex cases, we may extend this period by an additional two months, informing you of the extension and the reasons.

4.4 Costs

We do not charge a fee for processing GDPR requests. However, if your requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

5. Cookie Management

5.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better experience.

5.2 Types of Cookies We Use

• Essential Cookies: Necessary for the basic functioning of the site. Cannot be disabled.
• Functionality Cookies: Enable enhanced features and personalization.
• Analytics Cookies: Help understand how visitors interact with the site.
• Marketing Cookies: Used to display relevant advertisements (only with your consent).

5.3 How to Manage Cookies

You can manage your cookie preferences in several ways:

• Cookie Banner: Accept or decline cookies when you first visit our site
• Browser Settings: Configure your browser to block or alert about cookies
• Opt-Out Tools: Use tools such as Google Analytics Opt-out

5.4 Consequences of Disabling Cookies

Disabling cookies may affect the functionality of our website. Some features may not work correctly without cookies.

6. Legal Bases for Processing

We process your personal data based on the following legal bases:

6.1 Consent (Article 6(1)(a))

When you give us specific permission to process your data, such as when accepting cookies or subscribing to our newsletter.

6.2 Contract Performance (Article 6(1)(b))

When processing is necessary to provide services you requested or to take steps at your request before entering into a contract.

6.3 Legal Obligation (Article 6(1)(c))

When we need to process your data to comply with a legal obligation, such as tax or accounting requirements.

6.4 Legitimate Interests (Article 6(1)(f))

When processing is necessary for our legitimate interests or those of third parties, provided your rights and freedoms do not override. This includes:

• Improving our services
• Preventing fraud and ensuring security
• Website usage analysis

7. International Data Transfers

7.1 Transfers Outside the EU

Some of our service providers may be located outside the European Union. We ensure that all international transfers comply with GDPR requirements.

7.2 Safeguards

We implement appropriate safeguards for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Certifications such as Privacy Shield (when applicable)

8. Data Security

8.1 Security Measures

We implement technical and organizational measures to protect your personal data:

• Data encryption in transit (SSL/TLS)
• Data encryption at rest when appropriate
• Strict access controls
• Regular security monitoring
• Employee training on data protection
• Regular privacy impact assessments

8.2 Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

9. Data Retention

9.1 Retention Periods

We retain your personal data only for as long as necessary:

• Contact Data: Until you request deletion or 3 years of inactivity
• Newsletter Data: Until you cancel your subscription
• Analytics Data: 26 months (Google Analytics default)
• Consent Data: 3 years from the last consent
• Legal Data: As required by law (usually 5-7 years)

9.2 Secure Deletion

After the retention period, your data is securely deleted or anonymized using methods that prevent recovery.

10. Children's Rights

10.1 Age of Consent

We do not knowingly collect personal data from children under 16 years of age without parental consent, as required by GDPR.

10.2 Special Protections

If we discover that we have inadvertently collected data from a child without appropriate consent, we will take steps to delete that information as soon as possible.

11. Data Processors

11.1 Third Parties That Process Data

We work with third-party data processors to provide our services. All processors are carefully selected and must:

• Comply with GDPR and applicable data protection laws
• Implement appropriate security measures
• Process data only in accordance with our instructions
• Sign data processing agreements

11.2 List of Processors

Our main data processors include:

• Web hosting services
• Analytics providers (Google Analytics)
• Email services
• Security providers

12. Privacy Impact Assessments

We conduct Privacy Impact Assessments (PIAs) for processing activities that may present high risk to individuals' rights and freedoms. This helps us identify and mitigate privacy risks.

13. Right to Lodge a Complaint

13.1 Supervisory Authority

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the relevant supervisory authority.

13.2 Portuguese Authority

In Portugal, the supervisory authority is:

• Name: Comissão Nacional de Proteção de Dados (CNPD)
• Website: www.cnpd.pt
• Email: geral@cnpd.pt
• Phone: +351 213 928 400
• Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa

13.3 Friendly Resolution

We encourage you to contact us first if you have concerns. We will do our best to resolve any issues amicably.

14. Updates to This Document

We may update this document periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes through our website or by email.

15. Contact Information

To exercise your GDPR rights or ask questions about data protection, contact us:

• Data Controller: hontras.com
• Primary Email: support@hontras.com
• Alternative Email: info@hontras.com
• Contact Email: contact@hontras.com
• Address: Rua das Flores, 172, Windsor Park, Portugal

16. Additional Resources

For more information about your data protection rights:

• Visit the official GDPR website: gdpr.eu
• Consult the CNPD: www.cnpd.pt
• Read our complete Privacy Policy
• Review our Terms of Use

17. Commitment to Transparency

hontras.com is committed to total transparency regarding the processing of personal data. We believe you have the right to know exactly how your data is used and protected.

We will continue to improve our data protection practices and keep you informed of any changes that may affect your privacy rights.