Privacy Policy

1. Introduction

The platform is committed to protecting the privacy and personal data of its users. This Privacy Policy explains how we collect, use, disclose, and protect your personal information, in compliance with the General Data Protection Regulation (GDPR) and applicable Portuguese legislation.

2. Data Controller

The data controller for personal data is the entity managing the "myLensFolio" platform. You can contact us for any data protection related questions via email: mail@mylensfolio.com.

3. Personal Data Collected

We collect the following types of personal data:

• Registration data: name, email, username
• Profile data: store name, contact information
• Content data: photos, albums, descriptions uploaded to the platform
• Technical data: IP address, browser type, platform usage data
• End customer data: email, order information (when applicable)

4. Processing Purposes

Your data is processed for the following purposes:

• Provision of platform services
• User account management
• Payment and commission processing
• Communication with users and clients
• Platform improvement and development
• Compliance with legal obligations
• Fraud prevention and security

5. Legal Basis for Processing

The processing of your personal data is based on the following legal bases:

• Contract execution: for provision of contracted services
• Consent: for marketing and promotional communications
• Legitimate interest: to improve our services and security
• Legal obligation: for compliance with legal and tax requirements

6. Data Sharing

We may share your personal data with:

• Payment processors: for transaction processing
• Service providers: hosting, email marketing, technical support
• Legal authorities: when required by law or to protect rights
• End customers: only information necessary for transactions (e.g., email for delivery)

All our partners are required to comply with data protection standards and act only according to our instructions.

7. International Data Transfers

Your data is mainly stored and processed within the European Union. In case of transfers outside the EU, we ensure adequate protection mechanisms exist, such as European Commission adequacy decisions or standard contractual clauses.

8. Data Retention Period

We retain your personal data only for the period necessary for the purposes for which they were collected, including for compliance with legal obligations.

• Account data: While account is active + 3 years after cancellation
• Transaction data: 10 years (legal tax obligation)
• Marketing data: Until consent revocation
• Technical data: Up to 2 years for security purposes

9. Your Data Protection Rights

According to GDPR, you have the following rights:

• Right of access: Obtain information about your processed data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restriction: Restrict processing in certain circumstances
• Right to object: Object to processing for marketing or based on legitimate interest
• Right to portability: Receive your data in a structured format
• Right to withdraw: Withdraw consent at any time

To exercise these rights, contact us via email: mail@mylensfolio.com.

10. Cookies and Similar Technologies

We use cookies and similar technologies to improve your platform experience:

• Essential cookies: Necessary for platform functioning
• Performance cookies: For usage analysis and improvements
• Functionality cookies: To remember preferences

You can manage your cookie preferences through your browser settings.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These include:

• Data encryption in transit and at rest
• Role-based access controls
• Regular security monitoring
• Secure backups and recovery procedures
• Data protection training for our team

12. Personal Data Breach

In case of a personal data breach that may represent a risk to your rights and freedoms, we will notify you and the competent control authority within 72 hours, as required by GDPR.

13. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated through the platform or by email, with reasonable advance notice. Continued use of our services after changes constitutes acceptance of the new policy.