Data Protection and Privacy Policy
MADEIRA WINE COMPANY, S.A. complies with all applicable European Union and national legal standards regarding data protection, privacy, and information security.
MADEIRA WINE COMPANY, S.A. is currently implementing a Personal Data Protection System and an Information Security System to ensure regulatory compliance and to demonstrate institutional accountability in matters of data protection and information security. The company is implementing all necessary technical and organizational measures to comply with both the general legal regime of the current Data Protection Law and the special legal regime of the General Data Protection Regulation (GDPR), applicable since May 25, 2018.
For any clarification, additional information, or to exercise your rights in this regard, please contact the Data Protection Office of MADEIRA WINE COMPANY, S.A. via email at
Definitions
"Personal Data" Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers include, for example, a name, an identification number, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Processing of Personal Data" An operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Cookies" Small text files containing relevant information that access devices (computers, mobile phones, or portable mobile devices) load through the web browser when a website is visited by the Client or User.
Data Controller
MADEIRA WINE COMPANY, S.A., with headquarters at Avenida Zarco, 2, 9000-069 Funchal, registered at the Commercial Registry Office of Funchal under registration and Legal Entity number 511004206, with a share capital of 1,750,000.00 Euros (hereinafter referred to as MWC), is the entity responsible for the website www.madeirawinecompany.com and the IT applications (hereinafter referred to as "channels" or "applications") through which Users, Service Recipients, or Clients have remote access to MWC’s services and products.
The use of these channels or applications may involve personal data processing operations. MWC, as the Data Controller, ensures the protection, privacy, and security of such data in accordance with the terms of this Data Protection and Privacy Policy.
Contact Details of the Data Controller
To contact the MWC Data Protection Office, please send an email to
Collection and Processing of Personal Data
MWC processes personal data strictly necessary for providing information and operating its channels. This includes data provided by Users or Service Recipients for registration or inquiries, data provided by Clients for channel subscription, and data resulting from the use of services (such as access logs, consultations, transactions, and other usage records).
Specifically, the use or activation of certain features may involve the processing of direct or indirect personal identifiers—such as name, home address, contact details, device addresses, or geographic location—subject to the express consent of the User, Service Recipient, or Client. In all cases, individuals will be informed of the necessity of such data to access specific features.
Personal data is processed electronically and, in certain cases, automatically (including file processing or profiling) within the scope of pre-contractual, contractual, or post-contractual relationship management, pursuant to effective national and EU regulations.
Legal Principles
All data processing operations comply with fundamental legal principles regarding data protection and privacy, namely: lawfulness, fairness, transparency, purpose limitation, data minimization, storage limitation, accuracy, integrity, and confidentiality. MWC is prepared to demonstrate its accountability to the data subject or any third party with a legitimate interest.
Legal Basis for Processing
All processing operations carried out by MWC have a legal basis, including:
· The consent of the data subject for one or more specific purposes;
· The necessity for the performance of a contract to which the data subject is a party, or for pre-contractual measures at the data subject's request;
· Compliance with a legal obligation to which the controller is subject;
· The pursuit of legitimate interests held by MWC or third parties.
Purpose of Processing
Personal data processed via MWC channels is used exclusively for:
1. Providing information to Users;
2. Managing personal information of Service Recipients for communication and relationship management;
3. Providing services contracted by Clients;
4. General management of pre-contractual, contractual, or post-contractual relationships.
Data may also be processed for statistical purposes, promotional activities, and marketing (e.g., announcing new features or products) via direct communication (mail, email, messages, or calls). MWC ensures prior information is provided and express authorization is obtained for marketing purposes. Users may exercise their right to object to marketing at any time by contacting the Data Protection Office.
Data Retention Periods
Personal data will be stored only for the period necessary for the purposes for which they were collected or further processed, ensuring compliance with all applicable legal archiving standards.
Use of Cookies
MWC uses cookies to improve performance and the browsing experience, increasing response efficiency and eliminating the need to repeatedly enter the same information. MWC cookies do not collect personal information that identifies the User; they only store generic information (e.g., access location or usage patterns).
Types of Cookies used:
· Essential Cookies: Required for accessing specific areas or secure sections.
· Functionality Cookies: Remember user preferences so the site doesn't need to be reconfigured upon return.
· Analytical Cookies: Used for statistical analysis to monitor site performance and popular content, without collecting personal data.
· Session vs. Permanent: Session cookies are temporary (deleted when the browser closes); permanent cookies remain on the device to personalize future visits.
Users can block or delete cookies at any time via their browser settings, though this may limit access to certain website features.
Communication of Data to Other Entities
Providing services may require MWC to use third-party subcontractors (including those outside the EU). MWC only uses subcontractors who provide sufficient guarantees to implement appropriate technical and organizational measures, formalized through written contracts.
Data Recipients
Except for legal obligations, personal data will not be communicated to third parties other than authorized subcontractors or legitimate recipients for the purposes stated above.
International Data Transfers
Any transfer of personal data to a third country or international organization will only occur in compliance with legal obligations or after ensuring conformity with applicable EU and national legal standards.
Security Measures
MWC and its subcontractors implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, protecting data against unauthorized disclosure, loss, misuse, or alteration. Note: Users are responsible for keeping access codes confidential and following security best practices (e.g., updated antivirus software).
Exercise of Data Subject Rights
Users and Clients may, at any time, exercise their rights to access, rectification, erasure, portability, restriction, or objection to processing, subject to legal limitations. Requests must be submitted in writing to the Data Protection Office.
Complaints, Suggestions, and Incident Reporting
Users have the right to lodge a complaint via the official Complaints Book (Livro de Reclamações) or with regulatory authorities.
Incident Reporting: MWC has an incident management system. To report a personal data breach (accidental or unlawful destruction, loss, alteration, or unauthorized access), please contact the Data Protection Office immediately.
Changes to the Privacy Policy
MWC reserves the right to update this Policy at any time to ensure continuous improvement. Changes will be published across MWC channels to ensure transparency.
Express Consent and Acceptance
By voluntarily providing personal data, the User, Service Recipient, or Client acknowledges and accepts the terms of this Policy and expressly authorizes the processing of their data as defined herein.
