I - Preamble

This privacy policy is established between AML GROUP, SA, hereinafter referred to as "AML GROUP," and its respective customers, hereinafter referred to as "USERS," and aims to protect the privacy and security of personal data while they are customers of the company and simultaneously users of the website, hereinafter referred to as the "SITE."

In this context, it has been developed in accordance with Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (EU), the General Data Protection Regulation (GDPR), and other applicable legislation on personal data protection, with the intention of adhering to best practices in security and personal data protection.

In this regard, the processing of personal data covered by this policy refers to the personal data of SITE users (internet page) under the responsibility of the company AML GROUP, SA, in the process of purchasing goods and services as customers.

The domain amlgroup.pt and its online store are owned by AML GROUP, SA, which is responsible for the processing of personal data.

For the purpose of providing and acquiring services, personal data will be requested on the respective SITE solely for the purpose of processing the request.

The requested data will be the minimum necessary, related to the contact form (name, email, phone, and region) and order processing (name, last name, taxpayer number, address, email, and phone number).

Failure to provide the requested data for the purpose of purchasing the product or service will prevent the respective contractualization.

Users will also be asked for their consent to receive a commercial newsletter with advertising purposes and other information related to the products and services offered by AML GROUP.

II - Purpose of Data Processing

Product marketing;

Pre-contractual and contractual diligences;

Acquisition of goods and services;

Billing management;

Collections and payments.

III - Duration of Processing

The duration of the processing of personal data provided by customers, USERS of the SITE, for the purpose of purchases, billing, or collection, shall be governed by applicable legislation, remaining only for the time strictly necessary for the purpose of collection.

After the commercial relationship ends, or if the user withdraws consent, the data will be kept for the necessary time and will be deleted after this period, without prejudice to the applicable mandatory regulations.

IV - Navigability vs. Cookie Policy

In order to clarify, in a simple and transparent manner, how information is collected during navigation on the SITE, reference is made to the cookie policy in a general sense.

Cookies are small text files with fragments of information, downloaded and stored on the user's device during visits to certain websites.

They can be temporary, automatically deleted as soon as the browser is closed, or they can persist until a predefined expiration date.

Their use is a common practice in accessing websites, and various browsers allow each user to choose whether to use them in full or in part or to delete those that have been created.

There are various types of cookies in terms of validity and type, and their use helps improve the browsing experience to make it simpler and faster.

In practical terms, USERS can choose to fully or partially use the types of cookies generated internally or externally, but they should be aware that some websites may be displayed incorrectly if they choose not to activate cookies.

V - User Rights

USERS, as data subjects and subjects of data processing, have rights in accordance with this privacy policy and the purpose of the data processing collected, highlighting some of paramount importance:

The right to access, which involves obtaining information about their own data, the purpose of processing, its nature, the retention period, and the origin;

The right to erasure, when the data is no longer necessary for the purpose for which it was collected or when the user, on their own initiative, withdraws consent.

Rights established in the GDPR, EU legislation, and other mandatory provisions concerning the processing of personal data to which the domain holder is subject.

VI - Final Provisions

To safeguard the aforementioned rights inherent to USERS of the SITE, AML GROUP, SA, has implemented the measures required by Article 32(1) of the GDPR, "Security of Processing," aiming to achieve a level of security commensurate with the risk, as appropriate:

a) Pseudonymization and encryption of personal data;

b) The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

d) A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of processing.

In the event that USERS feel their legitimate interests are harmed during the processing of personal data, they can exercise their right to complain or lodge a complaint with the competent authorities.

They may also advocate for the above-described rights through the following contacts, allowing AML GROUP to act in a timely manner and within the legally stipulated deadlines in data protection matters to cease any harm or non-compliance, if it occurs:

Via email: geral@amlgroup.pt

Via Postal Mail: AML GROUP, SA | Rua da Marginal, No. 56 | 4700-713 Palmeira, Braga - Portugal

Phone: +351 253 625 474