Privacy policy

1. Identification of the Data Controller

The entity responsible for processing personal data collected through this Marketplace is Bairro Comercial Digital – BAIRRO.COM Alma (Internal Consortium), headquartered at Largo Sebastião Martins Mestre, 8700-349 Olhão, with telephone number 289 700 120 and email address bairrocomalma@cm-olhao.pt.

For questions regarding the processing of your data or this policy, you can contact us at the email address above.

2. Background

This Privacy Policy reflects our Marketplace's commitment to protecting the personal data of its users—whether they are consumers, sellers, or partners. This policy aims to ensure that data processing is carried out transparently, responsibly, and in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR) and other applicable legislation.

3. Objectives

This policy aims to:

- - Strengthen user confidence in the use of our platform;
  - Explain transparently how we handle personal data;
  - Inform data subjects about their rights and how they can exercise them;

4. Scope of Application

This policy applies to the processing of personal data carried out in connection with the use of our Marketplace, including browsing, account creation, purchasing, selling, or interacting with our services.

Personal data is considered to be any information relating to an identified or identifiable natural person, directly or indirectly, for example through their name, email address, tax identification number, or location.

5. What data do we collect and for what purposes?

We only collect personal data that is strictly necessary for the following purposes:

- - Management of user and vendor accounts: name, email, phone number, address, tax ID number, bank details (vendors);
  - Order processing and delivery: identification, contact details, purchase information;
  - Billing and compliance with legal obligations: name, tax identification number, transaction history;
  - Communications and customer support: email, telephone, messages exchanged on the platform;
  - Service improvement: satisfaction surveys and analysis of platform usage;
  - Security and fraud prevention: access logs, IP.

5.1. Data accessed through Google Login (Google Sign-In / SSO)

Our platform offers authentication via Google account (“Sign in with Google”), implemented through the Nextend Social Login plugin. When the user chooses this form of authentication, our application accesses, with their explicit consent, the following information provided by the Google API:

- - - - Full name
      - Email address
      - Profile photo (public URL)
      - Unique Google account identifier (Google ID)

How we use this data:

- - - - Create and identify your user account on the marketplace.olhao.pt platform;
      - Pre-fill your profile with your name and photo;
      - Authenticate access sessions securely.

Limited Use Statement (in accordance with Google API Services User Data Policy):

The use of data obtained through Google APIs fully complies with the Google API Services User Data Policy, including Limited Use requirements. Specifically:

- - - - The data is used exclusively for authentication and user profile features visible on the platform;
      - Google data is not transferred, sold, or shared with third parties, advertising platforms, data brokers, or information resellers.
      - Google data is not used for advertising, retargeting, or personalized advertising purposes.
      - Google data is not used to determine credit eligibility or for any financial purpose;
      - Platform employees do not manually access Google user data, except for security or legal compliance purposes;
      - Access tokens to other Google services (Gmail, Google Drive, Google Calendar, etc.) are neither requested nor stored.

6. Legal basis for processing

We only collect personal data that is strictly necessary for the following purposes:

- - Contract fulfillment (e.g., order processing);
  - Compliance with legal obligations (e.g., billing);
  - Consent of the data subject (e.g., marketing communications; authentication via Google);
  - Legitimate interest (e.g., continuous improvement of the platform experience).

7. Data retention

Personal data is retained only for as long as necessary for the purposes for which it is intended, or for as long as legal obligations remain:

- - Transaction data: 10 years (in accordance with tax obligations);
  - Other data: for the duration of the contractual relationship or until the right to erasure is exercised;
  - Data obtained via Google Sign-In: deleted within a maximum of 30 days after account closure
  - Cookies: as indicated in our Cookie Policy.

8. Sharing data with third parties

Data may be shared with third parties only when necessary:

- - Service providers (payments, logistics, technical support);
  - Collection point operators (e.g., digital lockers);
  - Legal or tax authorities, when required.

We ensure that all third parties comply with the same security and data protection standards. Data obtained through Google Sign-In is never shared with third parties for commercial or advertising purposes.

9. International Transfers

Your data will not be transferred outside the European Economic Area (EEA). Should this become necessary, we will ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

10. Rights of data subjects

As a data subject, you may exercise the following rights:

- - Access to personal data;
  - Correction of incorrect or outdated data;
  - Deletion of data (“right to be forgotten”);
  - Restriction or objection to processing;
  - Portability of data to another controller;
  - Withdrawal of consent, where applicable;
  - Complaint to the National Data Protection Commission (CNPD).

You can exercise your rights by sending us an email. epd.bairro@cm-olhao.pt . We undertake to respond within a maximum of 30 days.

11. Use of cookies

We use cookies to improve your browsing experience and collect anonymous usage statistics. You can configure or disable cookies in your browser settings.

Types of cookies we use:

- - Necessary: essential to the functioning of the platform;
  - Preferences: store user settings;
  - Statistics: analyze the use of the platform;
  - Marketing: personalize offers (only with consent).

See our website for more information.

12. Data security

We implement appropriate technical and organizational measures to protect personal data:

- - Controlled and restricted access;
  - Encryption of sensitive data;
  - Intrusion detection and backup systems;
  - Continuous training of the team;
  - Monitoring and continuous improvement of security measures.

13. Changes to the Privacy Policy

This policy may be updated periodically. Any changes will be communicated on the platform with the revision date. We recommend that you consult this document regularly.

14. Data Protection Officer (DPO)

The DATA PROTECTION OFFICER (DPO) of the Digital Commercial District – BAIRRO.COM Alma (Internal Consortium) is Dr. Sónia Alexandra Ferreira, appointed by resolution of the Consortium members on May 6, 2025.

The Data Protection Officer is responsible for informing and advising the Digital Commercial District – BAIRRO.COM Alma (Internal Consortium) on the obligations arising from the General Data Protection Regulation, namely verifying the applicability of the Data Protection Policy, ensuring that users and other data subjects are aware of how their Personal Data is processed and what rights they have in this regard, as well as being the Municipality's point of contact with the Supervisory Authority (National Data Protection Commission/CNPD).

Data subjects may always contact the Data Protection Officer to clarify any questions they may have regarding the processing of their Personal Data and the exercise of their rights.

EPD contacts – epd.bairro@cm-olhao.pt

Login

Verification Code