Skip to content

Datenschutzerklärung

With the following information, we intend to inform you about the processing of your personal data by us and your rights, under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council of the 27th of April 2016 – hereinafter referred to as “GDPR”).

1. Controller

According to article 4 no. 7 of the GDPR, the controller is:

BETALYRA, SOCIEDADE UNIPESSOAL, LDA.,
Avenida General Eduardo Galhardo, Edifício Nucase, 115, 2775-564 Carcavelos, Portugal
E-mail: hello@betalyra.pt

2. Types of Personal Data Processed

BETALYRA processes data regarding your identification, your e-mail address as well as data entered in the checklist created by the data subject. The data is supplied by the data subject, by filling in the registration form that is on the website or when the data subjects create and insert information in the checklist.

3. Purposes of the Processing of Personal Data and Legal Bases

The processing of your personal data is always linked to a specified, explicit and legitimate purposes, which have been defined before the processing of the data is commenced, in accordance with the principle of purpose limitation under article 5 no. 1 § b) of the GDPR.

When you fill in the registration form on our website, your personal data is processed in order to become a user and to authenticate on the website. The legal basis for processing your data is the fulfillment of a contract with you – article 6 no. 1 § b) of the GDPR.

The personal data inserted in the checklists by the data subject is processed in order to create the referred checklists. The legal basis for the processing of your data is the fulfillment of a contract with you and your consent for processing of the data (article 6 no. 1 § a) and b) of the GDPR .

4.Time limits for the Storage of Personal Data

Our policy consists of storing data for no longer than is necessary for the purposes for which the data are processed.

Your personal data will be stored during the entire period in which the data subject is a user of the website.

The invoice and accounting data will be stored for 10 years.

5.Transfer of your Personal Data

BETALYRA does not transfer your personal data to third parties, unless it is necessary for the rendering of services or it is necessary for compliance with a legal obligation to which BETALYRA is subject to.

Locations of the processing of your personal data

We process your data in Portugal and in other European countries (EU/EEA). If your data is processed in countries outside of the European Union or the European Economic Area (EEA) (that is, in so-called third countries), this will only take place if you have expressly consented to it, if it is stipulated by law or if it is necessary for providing our services to you. If, in those exceptional cases, we process data in third countries, this will be done by ensuring that certain measures are taken, i.e., the data is processed on the basis of an adequacy decision by the EU Commission or if the processor provides appropriate safeguards in accordance with Article 46 of the GDPR.

6.What are the rights of the Data Subject?

As a data subject, you have the following rights:

Right of access to personal data (Article 15 of the GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to access your personal data as well as access the following information: the categories of personal data processed, the purposes of processing, any recipients or categories of recipients of your personal data and the planned storage period of your data.

Right of rectification of data (Article 16 of the GDPR): You have the right to request the rectification or completion of personal data concerning you, that is incorrect or incomplete.

Right to erasure (“Right to be forgotten”) (Article 17 of the GDPR): You have the right to request the erasure without undue delay of your personal data. BETALYRA is obliged to delete your personal data in the following situations:

  • The personal data is no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdrew consent on which the processing is based, and there is no other legal ground for the processing of your personal data.
  • You have objected to the processing of your data based on the legitimate public interest or on our legitimate interests, and there are no overriding legitimate grounds for the processing.
  • Your personal data have been processed unlawfully.
  • The erasure of your personal data is necessary to comply with a legal obligation to which BETALYRA is subject.

Please note that the right to erasure of your personal data is excluded in the following cases:

  • Your personal data is used to exercise the right to freedom of expression and information.
  • Your personal data is used to comply with a legal obligation to which BETALYRA is subject.
  • Your personal data is used to carry out a task that is in the public interest or in the exercise of official authority that has been assigned to us.
  • Your personal data serves the public interest in the area of public health.
  • Your personal data is necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes.
  • Your personal data is necessary for the establishment, exercise or defense of legal claims.

Right to restriction of processing (Article 18 of the GDPR): You have the right to request that the processing of your personal data be restricted, where one of the following applies:

  • You contest the accuracy of your personal data and we have to verify the accuracy of your personal data.
  • The processing of your personal data is unlawful and instead of requesting the erasure of your personal data, you requested the restriction of their use instead.
  • We no longer need your personal data for the purposes of the processing, but you still need the personal data for the establishment, exercise or defense legal claims.
  • You object to the processing of your personal data and it has not yet been determined whether your or our legitimate reasons override this.

Right to data portability (Article 20 of the GDPR): You have the right to receive the personal data concerning you, which you have provided to BETALYRA in a structured, commonly used and machine-readable format, and you have the right to transfer those data to another controller. Furthermore, you also have the right to request that your personal data be transferred from BETALYRA to another controller, insofar as this is technically feasible. The requirements for the applicability of data portability are as follows:

  • The processing is carried out by automated means based on your consent or on a contract.

Right to object (Article 21 of the GDPR): You have the right at any time to object to the processing of your personal data on grounds relating to your particular situation, which is based on a legitimate interest on our part (Article 6 no. 1 §. f) of the GDPR) or on the public interest (Article 6 no. 1 § e) of the GDPR). This also applies to profiling.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing.

Should you object to the processing of your personal data based on a legitimate interest, we will check in each individual case, whether we can demonstrate compelling legitimate grounds for the processing of the data which override your interests, rights and freedoms, thus we will inform you of those grounds.

In the event that we do not have any compelling legitimate grounds for the processing of the data or your interests as well as rights and freedoms override our own, your personal data will no longer be processed.

If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.

Right of withdrawal (Article 7 of the GDPR): If you have given us consent to process your personal data, you can withdraw this consent at any time without having to give reasons for the withdrawal. Withdrawal of consent does not affect the lawfulness of the processing that has taken place based on the consent before its withdrawal.

Exercise of the rights of the data subject

Should you wish to exercise any of these data subject rights, please contact BETALYRA, by email: hello@betalyra.pt.

It should be noted that we can request that you prove your identity to ensure that the personal data is only provided to the data subject.

BETALYRA shall provide information on actions taken upon your request to exercise data subject rights, within one month of receipt of your request.

If you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If there is a law or legal obligation that prevails over the above-mentioned rights, your request will be denied. In which case, BETALYRA shall inform you within one month of receipt of the request, indicating the reasons for denying your request.

You have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados: https://www.cnpd.pt/.

7.Security of Personal Data

BETALYRA implemented technical and organizational measures to ensure the protection of personal data and to prevent security breaches and access to personal data by unauthorized persons, as well as the respective accidental or unlawful destruction, loss and alteration of personal data.

BETALYRA guarantees the confidentiality of your information. Consequently, BETALYRA does not sell, or in any way provides commercially the information to third parties. BETALYRA commits itself to keep your information confidential under this Privacy Policy and the applicable laws. BETALYRA requires from all its employees confidentiality on all personal information that they have access to. It should be noted that only authorized employees have access to personal information.

8. Cookies

General information regarding the topic “cookies”

We use cookies on our website. Cookies are small text files that are stored on your hard drive, in accordance with the browser you are using and through which certain information flows to the website that sets the cookie. Many of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).

Cookies are used on our website for various purposes. For a better overview, each cookie has been assigned to one of the following categories:

Technically necessary

Cookies that belong to this category are necessary to ensure the core functionality and/or security of this website.

Functionality

Cookies of this category are used to increase user comfort e.g. by storing preferences such as language settings, text size adjustments, user names or local settings.

In the context of Cookies, what personal data are processed?

Processing of data upon visiting our website

Insofar as you use our website solely for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your personal browser transmits to our server.

This information is technically necessary so that our website can be displayed to you. Furthermore, this data is technically necessary to ensure the stability and security of our website. In this case, the legal basis for the processing of your personal data is article 6 no. 1 § f) of the GDPR, i.e., the legitimate interest in providing an optimal presentation of this website as well as the protection of the website against external attacks and their traceability. We delete this personal data at the end of the usage process, unless it is necessary for purposes of abuse detection or abuse traceability; in such a case, we retain this data for up to a maximum of 30 days.

When visiting our website, the following personal data may be processed, which is automatically transmitted by your browser to our servers and stored there in the form of so-called “log files”:

  • IP address of the terminal device used to access the website
  • Date, time and duration of the request
  • Country of origin of the request
  • Content of the request (specific page / file)
  • Access status/http status code
  • Internet address of the website from which the request to access our website was made
  • Browser and installed add-ons (e.g. Flash Player)
  • Operating system and interface
  • Language and version of the browser software
  • Amount of data transferred in each case

We use authentication cookies when you login to our website, which are used for security reasons. These cookies are required for Supabase, which are necessary for authentication (login and signup), which are as follows:

  • sb-access-token;
  • sb-refresh-token;
  • supabase-auth-token.

In this respect, the possibility of using the services provided in our website depends on you providing us with certain personal data. We collect, use and process this personal data only to the extent necessary to provide you with the respective service. The legal basis for the processing of your personal data is article 6 no. 1 § b) of the GDPR.

Processing activity – Plausible Analytics

On our website we use the service Plausible Analytics. It is a lightweight and open-source web analytics service with no cookies and fully compliant with the GDPR. It is hosted in the European Union and powered by European-owned cloud infrastructure.

We use Plausible Analytics to measure and analyze the use of our website, namely, the number of visitors to our website, the number of page views. We can use the statistics obtained to improve our offer and to make it more interesting for the user.

Plausible Analytics does not use cookies and does not collect personal data. There are no identifiers. There is no cross-site or cross-device tracking either. Your data is not used for any other purposes. All user data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.

Further information regarding processing by Plausible Analytics can be found in the privacy policy.

Processing activity – Supabase

We use the service Supabase for the database and for authentication.

In the context of the use of Supabase, the following data may be processed:

  • Identification data: name;
  • E-mail address;
  • IP address;
  • Information related to the checklists as well as information in the checklists;
  • Username;
  • Profile picture.

The data is stored in the Supabase database.

The users may publish their checklists and as a result their checklists are publicly available.

Supabase uses cookies for handling the signup/login process. It is not possible to perform authentication without these cookies and they are first stored upon user signup or login.

Further information regarding processing by Supabase can be found in the privacy policy.

Processing activity – Vercel

For our website we use Vercel’s cloud platform. O Vercel is operated by Vercel Inc., a Delware Corporation.

Vercel is a platform for frontend developers, that provides speed and reliability.

The following data may be processed by Vercel:

  • Identification data: name;
  • E-mail address;
  • IP address;
  • Information introduced in the checklists. Vercel uses strictly necessary cookies that are required for Vercel to function. It also uses analytics cookies to understand how the users use the product and to design better experiences. Further information regarding processing by Vercel can be found in the privacy policy.

Processing activity – OVHCloud

Our website registered a domain in OVHCloud. OVHCloud is supplied by OVH OVHHOSTING – SISTEMAS INFORMÁTICOS, UNIPESSOAL, LDA., with registered office in Praça de Alvalade, nº 7, 7º Dtoº, 1700-036 Lisbon.

OVHCloud provides cloud services.

In our website, the domain redirects to the IP/server of VERCEL/SUPABASE.

Further information regarding data processing by OVHCLOUD can be found in its privacy policy: https://www.ovhcloud.com/pt/terms-and-conditions/privacy-policy/.

Processing activity – hCaptcha

In our website we use hCaptcha anti-bot service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”).

hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website or visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user).

The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background. Website visitors are not advised that such an analysis is taking place if the user is not shown a challenge.

Data processing is based on Article 6(1)(f) of the GDPR: the website operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA).

For more information about hCaptcha and IMI’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.

Changes to the Privacy Policy

BETALYRA may change its Privacy Policy at any time. The latest version will always be available on our website and it will govern the use of the users’ information.

Questions

For any questions regarding the processing of your personal data, please contact us via the following e-mail address hello@betalyra.pt.

Carcavelos, 30th of June 2023