Privacy - Neonia

Privacy and Data Protection Policy

Illusionarium, Lda (hereinafter referred to as “Illusionarium”) is committed to respecting your personal data and privacy.

This Privacy and Data Protection Policy aims to clearly and concisely explain how Illusionarium, Lda processes your personal data and ensures your privacy in the course of its activities, namely:
1. Data Protection Officer
2. Principles applicable to your personal data protection
3. Personal Data, Personal Data Processing, and Data Subject
4. Categories of Personal Data processed by Illusionarium
5. Purposes for Processing your Personal Data
6. Legal Bases
7. Retention Period of your Personal Data
8. Sharing of your Personal Data
9. Your Rights and How to Exercise Them
10. Security of your Personal Data
11. Confidentiality
12. Cookies
13. Contact Information
14. Changes to this Privacy and Data Protection Policy

1. Data Protection Officer

The holder of your personal data is Illusionarium, which determines, without limitation:
• The personal data to be processed in the context of providing services and/or supplying products;
• The purposes for which your personal data are processed;
• The means by which your personal data are processed.

2. Principles of Personal Data Protection

Illusionarium processes your personal data in accordance with the principles established by the General Data Protection Regulation (GDPR), including:
• Lawfulness, fairness, and transparency;
• Purpose limitation: data is collected for specific, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes;
• Data minimization: only data necessary for the intended purposes is processed;
• Accuracy: inaccurate data is erased or rectified without delay;
• Storage limitation: data is kept only as long as needed for processing purposes;
• Integrity and confidentiality: appropriate measures are taken to ensure data security and protection against unauthorized or unlawful processing, loss, destruction, or damage.

Additionally, Illusionarium applies the principle of Data Protection by Design and by Default, ensuring protection from the moment of collection through to deletion.

3. Definitions

Personal Data: Any information that can identify you directly or indirectly, such as name, ID number, location data, or online identifiers.

Data Processing: Any operation or set of operations performed on personal data, whether or not by automated means.

Data Subject: Includes clients, former clients, potential clients, job candidates, employees, suppliers, and any individuals whose personal data is processed by Illusionarium.

Minors: Illusionarium processes data of minors only in strict accordance with applicable data protection laws and only with parental or guardian consent.

4. Categories of Personal Data Processed

Depending on the interaction, Illusionarium may collect:
1. Contact data (e.g., name, phone number, email);
2. Commercial data (e.g., invoicing, services provided);
3. Payment data (e.g., credit card info);
4. Account data (e.g., transaction history);
5. Demographic data (e.g., age, gender, education);
6. Preference data (e.g., communication preferences);
7. Social media data (e.g., public interactions);
8. IT usage data (e.g., user ID, login details, IP address).

Providing this data is not mandatory, but some services may be affected if not shared.

5. Purposes of Processing

llusionarium may process your data for:
1. Accounting, tax, and administrative management
2. Commercial and marketing activities
3. Profiling and analytics
4. HR and recruitment
5. Management of electronic communications
6. Compliance with legal obligations

6. Legal Bases for Processing

Data processing is lawful when based on:
• Consent;
• Contractual necessity;
• Legal obligation;
• Vital interests;
• Legitimate interests, unless overridden by your rights.

7. Data Retention

Personal data is retained only for the time necessary to fulfill its purpose. However, it may be kept longer due to:
• Legal obligations;
• Statute of limitations;
• Legal disputes;
• Guidance from data protection authorities.
Once no longer needed, data is securely deleted.

8. Data Sharing

Processors: Service providers acting under contract with Illusionarium.

Other Controllers or Third Parties: Illusionarium group companies or third parties, when legally required or with your consent.

Authorities: Judicial, administrative, or regulatory bodies as required by law.

With your consent: Data may be shared externally at your request.

9. Your Rights

You may exercise the following rights under GDPR:

• Right to information: clear, transparent explanations of how your data is used

• Right of access: know what data is held about you

• Right to rectification: correct inaccurate or incomplete data

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to processing based on legitimate interests

• Right to file a complaint with the Portuguese Data Protection Authority (CNPD)

To exercise these rights, contact Illusionarium via the contact details below.

10. Data Security

Illusionarium applies technical and organizational security measures, including:

• Logical and physical access controls;
• Secure data centers;
• Compliance with internal security policies.

However, no transmission over the internet is completely secure, and Illusionarium cannot guarantee security in open networks.

11. Confidentiality

Illusionarium recognizes the confidential nature of your data. It does not sell, rent, or commercially distribute personal data, except as required by law or to provide services under this policy.

12. Cookies

Illusionarium uses cookies to collect information about website usage. Personal data collected via cookies is processed in accordance with the Cookie Policy.
We recommend reviewing the Cookie Policy regularly for updates.

13. Contact Information

If you have questions or wish to exercise your rights, contact us at:
Email: info@neonia.com
Address: Rua de Ceuta, 118, 4th Floor, Room 27, 4050-190 Porto, Portugal

14. Changes to this Policy

Illusionarium may periodically update this Privacy and Data Protection Policy. Any changes will be marked with a new date.

Date: April 12, 2024