PERSONAL DATA MANAGEMENT POLICY



Your privacy is very important to us and we are committed to protecting your personal data. We promise to keep your data safe and to give you ways to manage and review your marketing choices at any time. 

CapoeiraShop operates worldwide. As part of our business, we offer our customers an e-commerce service accessible from our website www.CapoeiraShop.fr.

To provide our services, we collect personal data about you. Data collection takes place on our website, by phone, by email, through social media websites (e.g. Facebook), through written correspondence and through other media we may use from time to time as technology develops. 

This policy is intended to provide you with detailed information on our use of your personal data. 

CapoeiraShop, is the “controller” in respect of your personal data for the purposes of EU General Data Protection Regulation (GDPR) No. 2016/679 of 27 April 2016 with effect from 25 May 2018. 

In the personal data collection forms on the site or in paper format, the customer is notably informed of the mandatory nature, or not, of the data collection. In the event of failure to provide a mandatory data field, CapoeiraShop will not be able to perform its services. 

CONTENTS 

1. WHO COLLECTS PERSONAL DATA? 
2. HOW THE LAW PROTECTS YOU 
3. WHO WE SHARE YOUR DATA WITH 
4. YOUR RIGHTS 
4.1. Your rights under data protection laws 
4.2. How to exercise your rights 
4.3 Consequences of exercising the right of opposition to marketing profiling 
4.4 Withdrawal of consent 
4.5 What if you are not satisfied with the response you receive from us ? 
5. WILL MY DATA BE SENT OUTSIDE THE EU? 
6. HOW LONG WILL MY DATA BE KEPT? 
6.1. General rules concerning the management of the commercial relationship: 
6.2. Specific rules for certain data processing 
7. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA? 
7.1. General rules 
7.2. Rules applicable to bank data, credit cards and debit cards 
7.3. Fight against online fraud 
8. WHAT SHOULD I KNOW ABOUT DATA COLLECTED BY SOCIAL NETWORKS? 
9. IS DATA ON MINORS UNDER THE AGE OF 16 COLLECTED? 
10. MARKETING 
10.1. Principles 
10.2. Electronic marketing (by email, sms & phone) 
10.3. Marketing by post 
10.4. Email retargeting 
11. COOKIES, TAGS & TRACKERS 
11.1 What is a cookie? 
11.2 Why are cookies, tags & trackers used ? 
11.3 How to configure cookies, tags and trackers? 
12. WHO IS THE DATA PROTECTION OFFICER? 
12.1. What are their duties? 
12.2. How can I contact the data protection officer? 



1. WHO COLLECTS PERSONAL DATA? 

The company collecting your personal data is : 

CapoeiraShop, a simplified joint-stock company with a share capital of €5000,00 registered in Portugal (Aveiro district) Trade and Companies Register under number 515 2222 67, whose head office is located at Rua Dr Luis Aguiar 421 3730-389 Vale de Cambra, Portugal

2. HOW THE LAW PROTECTS YOU 

2.1 LAWFUL REASONS FOR PROCESSING 

Your privacy is protected by law. Under data protection law, we are allowed to use your personal data only if we have a lawful reason. We must have one or more of the following lawful reasons: 

• To perform a contract or to take steps at your request prior to entering into a contract (e.g. to process and fulfil an order for goods, or to open and manage a CapoeiraShop credit account), or 
• Where we are required to do so to comply with our legal obligations (e.g. to keep records), or 
• Where it is in our legitimate interests or those of a third party, or 
• Where you have consented 

A “legitimate interest” is where there is a business, commercial or other reason to use your information but it should not unfairly go against what is right and best for you. Examples of legitimate interests given in the EU General Data Protection Regulation (GDPR) include fraud prevention, direct marketing and sharing data within a corporate group (like CapoeiraShop). 

2.2 OUR PROCESSING & REASONS 

We collect and record personal data to carry out the following processing: 

What we use personal data for: 
Our reasons: 
• Customer account, shopping cart and order management; 
• Contract performance 
• Legitimate interests 

• Managing payment transactions • Contract performance 
• Managing our delivery and returns operations • Contract performance 
• Management of customer service (phone/email/social), follow-up of after-sales orders, product returns and refunds • Contract performance 

• Recording conversations with customer services by email or social media for the purposes of improving our customer services, fraud prevention and compliance with legal requirements • Legitimate interests 

• Customer satisfaction management (collection of customer reviews on products and customer service performance) Legitimate interests
• Anti-fraud measures during the payment of the order and management of unpaid invoices after ordering • Contract performance 
• Legitimate interests 

• Statistics, analytics, selection and segmentation of customers to improve knowledge of customers, how they use our products and services and their changing needs 
• Contract performance 
• Legitimate interests 
• Sending targeted marketing promotions by email, mobile notification, social network, other websites or via other media as technology develops • Legitimate interests 
• Consent 
• Personalising our sites (mobile and desktop) and applications to customers • Consent 
• Measurement of visits to sites (mobile and desktop) and mobile applications; 

• Consent 
• Providing sharing tools on social networks • Consent 
• Running competitions (e.g. prize draws) Legitimate interests 
• Sharing data with commercial partners Consent 
Contract performance 

3. WHO WE SHARE YOUR DATA WITH 

We share your data within CapoeiraShop Group and we may also share it with public authorities and partners who can use the data for their own purposes (they are recipients) and suppliers only for the account and according to our instructions (our sub-contractors). 

The recipients of the data include: 

• Fraud prevention agencies 
• Financing institutions 
• Police authorities in the context of court orders concerning anti-fraud measures 
• Customs services in case of delivery abroad 
• Commercial partners including marketing and advertising firms. 

We also use sub-contractors for the following operations: 

• secure payment on our website and mobile applications 
• detection and investigation of financial crime, e.g. fraud 
• anti-fraud measures 
• debt collection 
• warehousing 
• delivering your orders and parcels and handling returns 
• customer services, including management of phone calls and printing and sending post 
• customising the content of mobile sites and applications 
• implementation of maintenance and technical development of our website, internal applications and information system 
• collection of customer reviews 
• sending marketing communications (e.g. email, SMS, post) 

We may also share your data if our make-up or that of the wider CapoeiraShop Group changes in future: 
• If there is a future sale, transfer or merger of the business or part of it, or we acquire or merge with another organisation 
• If such a transaction takes place, we may share your data with other parties but we will only do this if they agree to keep your data private and safe 

4. YOUR RIGHTS 

4.1. YOUR RIGHTS UNDER DATA PROTECTION LAWS 

Under Articles 14 to 22 of EU General Data Protection Regulation (GDPR), you have the following rights: 

• Right of access: 
You can request a copy of the data we hold about you. 

• Right of rectification: 
You can query any data we hold about you that you think is inaccurate or incomplete. 

• Right to object to processing, or to ask us to delete, remove or stop using it: 
This is often referred to as the “right to be forgotten”. It is not an absolute right to demand that organisations stop using or delete your data. An organisation may be entitled to keep and continue to use the data (e.g. to comply with a legal obligation to retain records, or so that the organisation can handle complaints and show that it treated you fairly in any period that the law gives you to lodge a complaint or legal claim). 

• Right to limit processing: 
It may sometimes be possible to restrict processing of data so that it can only be used for certain purposes (e.g. legal claims or to exercise legal rights). In such circumstances, we would not use or share the data in other ways while processing is restricted. You can ask us to restrict the use of your data: if it is inaccurate; if it has been used unlawfully but you do not want us to delete it; if it is not relevant any more but you want us to keep it for use in legal claims; if you have already asked us to stop using it but you are waiting for us to tell you if we are allowed to keep using it. 

• Right to object to profiling: 
As explained in section 4.1 in relation to credit scoring systems, if you apply for credit and not satisfied with the result, you have the right to seek an explanation and request that a person manually reviews the decision. You can also ask that we do not make a decision based solely on the automated score generated by our credit scoring system. 

In relation to marketing profiling (selecting you for specific promotions and making product recommdations), you can also object to this but then the offers and recommendations you receive will be less relevant and no longer targeted to your interests. 

• Right to portability: 
This right entitled individuals to ask organisations to transfer their data to another organisation (e.g. you wish to move from one social media service to another; from one music streaming service to another; from one bank to another). It seems unlikely to us that you would want to move the data we hold (e.g. your purchase history with us or details of your account transactions) to another organisation but you have the right to ask. 

It is worth noting also that, under the EU General Data Protection Regulation (GDPR), if an organisation that is processing your data detects a breach of data security that could create a high risk to your rights, then that organisation may be required to notify you of the breach so you are aware of it. In such circumstances, the organisation would also be required to notify the relevant supervisory authority. 

4.2 HOW TO EXERCISE YOUR RIGHTS 

You can exercise your rights in the following ways:

Please include your surname, first name, address, email and, if possible, your customer reference to accelerate consideration of your request. 

Electronically, by writing us at contact@capoeirashop.fr

We may require proof of identity before fulfilling your request. 

We will contact you to acknowledge receipt of your request and we will then answer fully within one month. In some cases, due to the complexity of the request or the number of requests, this period may be extended by 2 months. 

4.3 CONSEQUENCES OF EXERCISING THE RIGHT OF OPPOSITION TO MARKETING PROFILING 

In relation to marketing profiling (selecting you for specific promotions and making product recommandations), you may continue to receive marketing promotions but they will be less relevant to you and no longer be targeted to your interests. 

4.4 WITHDRAWAL OF CONSENT 

Where we are processing your data based on your consent (see section 2 above), you may withdraw your consent at any time by contacting us at the above address or by informing us by phone or by other means we provide, e.g. clicking “unsubscribe” at the bottom of an email or texting “STOP” in reply to an SMS. 

4.5 WHAT IF YOU ARE NOT SATISFIED WITH THE RESPONSE YOU RECEIVE FROM US? 

If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the data protection supervisory authority in your country of residence: 

• In France, the CNIL: www.cnil.fr 
• In Spain, the AEPD: www.agpd.es/portalwebAGPD/index-idfr-idphp.php 
• In Portugal, the CNPD: www.cnpd.pt/index.asp 
• In Belgium, the CPVP: www.privacycommission.be/fr 
• In Switzerland, the PFPDT: www.edoeb.admin.ch/edoeb/de/home.html 
• In Italy, the Garante per la Protezione dei dati personali : http://www.garanteprivacy.it 


5. WILL MY DATA BE SENT OUTSIDE THE EU? 

You are hereby informed that personal data concerning you may be transmitted for the purposes of processing set out above to companies located in countries outside the European Union that do not have an adequate level of protection with regard to personal data protection. 

Prior to the transfer outside the European Union, and in accordance with the regulations in force, CapoeiraShop implements all the procedures required to obtain the guarantees necessary to secure such transfers. 

Activities we currently undertake outside the EU including the following: 


Purpose Data Country of Destination Management of Data Transfer 
Logistic purpose Australia Standard contractual clauses 
Sharing data with social network United States Privacy Shield/Standard contractual clauses 



For more information on managing cross-border flows, you can contact the Data Protection Officer. 

6. HOW LONG WILL MY DATA BE KEPT? 


CapoeiraShop has set specific rules concerning the retention period of the Users' personal data. 

6.1. General rules concerning the management of the commercial relationship: 

To calculate the most relevant retention period, CapoeiraShop distinguishes: 

- Prospects who have never made a purchase from CapoeiraShop and its partners 
- “Customers” who have made at least one purchase 

A distinct retention period will be applied to prospects and customers. 

Regarding prospects, the starting point of the retention period is the creation of the account. 

Regarding customers, the starting point of the retention period is their last purchase at CapoeiraShop. The retention period of a customer's data will differ depending on whether or not the customer adheres to a loyalty programme. 

6.2. Specific rules for certain data processing: 

For some types of processing, the retention of data is subject to specific retention periods. 

Here are some examples: 
• Anti-fraud instructions are kept for 3 years. 
• Invoices related to purchases are kept for 10 years. 

For more information on the retention periods applied by CapoeiraShop, you can contact the data protection officer (see point 12). 

7. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA? 


7.1. GENERAL RULES 

As a data “controller” under the EU General Data Protection Regulation (GDPR), we take all measures to preserve the security and confidentiality of data, and in particular to prevent data from being distorted, damaged or unauthorised third parties having access to data. 

We have deployed a robust security system to ensure the highest security of data collected and to detect data breaches. 

When using sub-contractors, we ensure their compliance with data protection laws. 


7.2. RULES APPLICABLE TO BANK DATA, CREDIT CARDS AND DEBIT CARDS 
To ensure payment security, we use the services of a payment service provider, Ingenico, that is certified by the Payment Card Industry in relation to data security (PCI-DSS). This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and therefore secure the protection of card and transaction data. 
When you place an order for payment by debit card with us, our order taking system connects in real time with the Ingenico system which collects your data and carries out various checks to avoid abuse and fraud. The data is stored on Ingenico servers and is not transmitted to us or our servers at any time. Ingenico requests authorisation from your bank and sends us a transaction number that allows transactions up to the amount of the authorisation. 
So that you do not have to enter your details every time you place an order, you can choose, by ticking the box provided, to have your credit and debit cards associated with your online account saved and stored securely by Ingenico. You can consult the list of your saved cards (in hidden mode), but also delete all or part of its content, in the "Payment Methods" section of the "My Purchases" section under "My Account". In this case, your deleted cards will no longer appear in your online account or in future orders. 
In order to be able to debit your account during invoicing or to credit it following a return, Ingenico keeps the bank data associated with the authorisation number only as long as it is needed to process the payment transaction (payment after ordering the goods) and to handle any subsequent claim (returns, disputes). 
If you have made the choice to save your credit or debit cards, they will be automatically deactivated when the card expires. 
7.3. FIGHT AGAINST ONLINE FRAUD 
In order to secure payments and deliveries and ensure an optimal quality of service, the personal data collected on the site are also processed by CapoeiraShop to determine the level of fraud risk associated with each order and, if necessary, to help adapt the conditions of execution thereof. 


8. WHAT SHOULD I KNOW ABOUT DATA COLLECTED BY SOCIAL NETWORKS? 

CapoeiraShop offers you the option to use social networks to improve our commercial relationship and offer you targeted advertising offers through these networks. 

If you use social networks to communicate and interact with us (including Facebook Messenger, Facebook Connect, and the Facebook, Instagram or Twitter “share” buttons) it is likely that this will involve a data exchange between CapoeiraShop and the social network. 

For example, if you are connected to Facebook on your computer and you visit a page of the CapoeiraShop site, Facebook is likely to collect this information. Likewise, if you click on the "tweet" button on a CapoeiraShop site page, Twitter will collect this information. 

We recommend that you consult the personal data management policies of the various social networks you use to know the personal data that may be transmitted and what it will be used for. 

9. IS DATA ON MINORS UNDER THE AGE OF 16 COLLECTED? 

In accordance with the general terms and conditions, the user must be 16 years old or more to create an account on CapoeiraShop website and make purchases. 

When creating an account, the user has the option to communicate the data of his children. The user may transmit data concerning minors under the age 16 to CapoeiraShop. He ensures that he is the holder of parental authority and expressly agrees to transmit theses personal data of a minor to CapoeiraShop. 

10. MARKETING 

10.1. PRINCIPLES 

We use your contact details to send you targeted advertisements by email, post, mobile notification, on social networks or third-party websites. We will comply with the rules applicable to each channel. 


10.2. ELECTRONIC MARKETING (BY EMAIL, SMS & PHONE) 

The Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 permit electronic marketing (email, SMS, phone) to existing customers for similar products and services without consent as long as the customer is given an easy means to opt-out on each occasion, e.g. by clicking an “unsubscribe” link. 

Otherwise, your consent is required before we can market to you by electronic means. We seek your consent at various points, e.g. when creating a new account online or online banners asking if you would like to sign up to our newsletters by email. 

You are asked to consent to the following: 

• to receive CapoeiraShop offers by email 
• to receive offers from CapoeiraShop partners to whom your details will be sent 

CapoeiraShop will not send you personalised requests by email or text message if you have not consented to such unless we are allowed to do so under the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002. 

In all cases, you can opt-out of marketing at any time as follows: 
• When creating an account, tick "no" in the boxes related to marketing; 
• For email, by clicking on the “unsubscribe” link provided in each email or by going to the My Account section of our website in the newsletter section; 
• For text messages (SMS), by sending a “STOP” message to the number indicated or by going to the My Account section of our website in the newsletter section; 
• In all cases, by speaking with a customer services adviser 

10.3. MARKETING BY POST 

We have a legitimate interest in sending you marketing materials by post but we will not do so if you tell us that you do not want to receive marketing materials in this way. You can opt-out of marketing by post at any time by going to the My Account section of our website, by speaking with a customer services adviser or by writing to us at the address in the previous section. Please note that, if you have been pre-selected to receive a marketing publication by post before you opt-out, then you may still receive that publication. It can take a few weeks for an opt-out request to be effective. 


10.4. EMAIL RETARGETING 

After browsing our site, you may receive an email even though you have not provided your email address to us. How is this possible? 

We, like many other retailers, use the services of companies that identify internet users who have already visited our website and send them personalised emails. 

These companies use cookies to distinguish users and then customise the adverts they receive based on their online browsing history. 

Who collected my email address? 

This processing involves commercial partners who have already collected your email address from other sources, as well as your consent to authorise the sending of advertising. 



11. COOKIES, TAGS & TRACKERS 

When using our online services, information relating to the navigation of your device (computer, tablet, smartphone, etc.), may be recorded in "cookies" files placed on your device, subject to any choices you have expressed about cookies. You can set your browser settings to reject cookies but please bear in mind that, if you do this, certain personalised features of our site cannot be provided to you. 


11.1 WHAT IS A COOKIE? 

The term "cookie" refers to several technologies that make it possible to perform online browsing tracking or behavioural analysis of website users. These technologies are multiple and constantly evolving. There are, in particular, cookies, tags, pixels and Javascript code. 

A cookie is a small text file saved by the browser of your computer, tablet or smartphone which keeps limited user data to facilitate browsing and allow certain features, e.g. online shopping baskets and personal recommendations based on what you have viewed. 

There are two types of cookies: 
• first party cookies, by CapoeiraShop for the purposes of browsing and the operation of the site; 
• third-party cookies from third-party partner companies to identify your interests and send you personalised offers. These third-party cookies are directly managed by the companies that publish them and must also comply with the data protection regulations. 

11.2 WHY ARE COOKIES, TAGS & TRACKERS USED? 

Cookies that we use on our site and mobile applications (apps) allow us: 
• to establish visitor statistics, volumes and use of the various elements of our services. As such, we use cookies to measure the audience for our site, 
• to adapt the presentation of our site according to the type of device used (e.g. tablet), 
• to adapt the presentation of our site according to the preferences of each user, 
• to memorise information relating to a form that you have filled in on our site (registration or access to your account, subscribed service, contents of your shopping basket, etc.), 
• to allow you to access reserved and personal areas of our site (e.g. My Account, through login information), 
• to implement security measures (e.g. when you are asked to log back into your account after a certain period of time), 
• to share information with advertisers on other websites to offer you relevant advertising in line with your interests. As such, we use advertising cookies, 
• to share information on social networks. As such, we use cookies to share on these networks. 


CapoeiraShop collects your prior consent to the use of advertising, audience measurement and social network sharing cookies in accordance with data protection law. 

At any time, you can express and modify your wishes in terms of cookies, by the means described below. 

• Configuration of your web browsing software 
You can set your web browsing software so that cookies are saved in your device or, on the contrary, are blocked ‒ either systematically or depending on their source. You may also configure your web browsing software so that you are prompted each time to allow or block cookies before a cookie can be saved to your device. 

How do you implement your preference based on the browser you use? 
To manage cookies and your preferences, each browser is configured in a different way. It is described in your browser's help menu, which will explain to you how to modify your cookies preferences. 
For Internet Explorer™: http://windows.microsoft.com/en-EN/windows-vista/Block-or-allow-cookies , 
For Safari™: http://docs.info.apple.com/article.html?path=Safari/3.0/fr/9277.html , 
For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647 , 
For Firefox™: http://support.mozilla.org/en/kb/ , 
For Opera™: http://help.opera.com/Windows/10.20/en/cookies.html 

• Configuration of your smartphone operating system 
You can control the use of cookies on your smartphone in the operating system rules. 
For iOS: https://support.apple.com/en-en/HT201265 
For Android: https://support.google.com/chrome/topic/3434352 

• Configuration of cookies with a tool proposed by CapoeiraShop 
In order to comply with data protection law, CapoeiraShop uses a tool allowing the user to set the use of cookies when connecting to the www.laredoute.com site. 
To access the list of cookies used and details of how to configure their use go to your personnal account on capoeirashop.fr 

• Opposition list to manage the use of cookies 
You have the option to object to the storing of cookies by visiting the website 
http://www.youronlinechoices.com 

12. WHO IS THE DATA PROTECTION OFFICER? 

12.1. WHAT ARE THEIR DUTIES? 
The role of the data protection officer (DPO) within CapoeiraShop is to ensure compliance with the regulations and rules described in this document. Our DPO is based in Portugal and leads a privacy team with representatives in each country. 

Our DPO is responsible for establishing a record of processing of personal data in each country and ensuring compliance of such processing with the data protection law. 

Our DPO ensures the awareness of teams and is responsible for managing responses to customers that exercise the rights set out in section 5 above. 


12.2. HOW CAN I CONTACT THE DATA PROTECTION OFFICER? 

You can contact the data protection officer at dpo@laredoute.com 

You can find out more about data protection and your rights via your supervisory authority’s website: 

• In France, the CNIL: www.cnil.fr 
• In the UK, the ICO: www.ico.org.uk 
• In Spain, the AEPD: www.agpd.es/portalwebAGPD/index-idfr-idphp.php 
• In Portugal, the CNPD: www.cnpd.pt/index.asp 
• In Belgium, the CPVP: www.privacycommission.be/fr 
• In Switzerland, the PFPDT: www.edoeb.admin.ch/edoeb/de/home.html 
• In Italy, the Garante per la protezione dei dati personali : www.garanteprivacy.it