Privacy Policy

Entity responsible for processing

Personal data is processed by TURTLEWORK Unipessoal Lda, NIPC 516094831, Incubadora da AIRV, Edifício Expobeiras, Parque Industrial de Coimbrões, 3500-618 Viseu. (hereinafter, "Company").

Contact the company via email: geral@turtlework.pt or postal mail: AIRV Incubadora, Edifício Expobeiras, Parque Industrial de Coimbrões, 3500-618 Viseu.

Data collection and processing

In this Privacy Policy, "personal data" is defined as information that can be used to identify or link an individual, either directly or indirectly. This excludes anonymized data that cannot be easily linked to an individual.

We may collect personal information automatically via interactions with our solutions or directly from individuals. We occasionally obtain personal information from other sources, such as our customers and service providers, possibly prior to direct interaction.

We have listed the different types of personal data that we collect through our Solutions. TurtleWork processes some of the data on behalf of its customers or partners. To ensure transparency, we list all data types we handle, including those processed on behalf of others. However, this policy only applies to data in which we act as a data controller:
Customer Data: We process personal information about TurtleWork's customer representatives, such as names, emails, and contact information.
Account Data: As data controllers, we collect personal data for specific Solutions, such as names, birthdates, contact information, and other information entered during account creation.
Facial Images: We collect and process facial images to avoid re-identification.
Face Measurements: We capture and process facial geometry for our Virtual Try-On and Reverse technologies.
Optical Data: This includes glasses specifications, lens analysis, optical prescriptions, and eye health information, which are required for real-time measurements and service personalisation.
Usage Data: When you use our Solutions, we automatically collect technical data such as IP addresses and device information using cookies and other similar technologies.

Biometrically relevant information

Our solutions capture facial images and measure features such as eye corner width, face shape, and nose bridge dimensions. These measurements derived from facial scans may be considered "biometric identifiers" under certain state laws.

Data uses

We offer our solutions based on contract performance, legitimate interests, and explicit consent, particularly for sensitive data. Our goal is to better understand user interactions so that we can improve the performance of our offerings and solutions.

We communicate with customers and users for service-related and promotional purposes, based on their legitimate interests and consent.

Our data security efforts are intended to prevent fraud and illegal activity while ensuring contractual performance, legal obligations, and legitimate interests.

We use anonymized data to improve our services, enforce our Terms and Conditions, resolve disputes, and protect your rights.

We follow legal standards and contractual obligations to ensure compliance.

Support and troubleshooting ensure that our solutions are available and performing properly.

Personalisation enhances the user experience by identifying individuals and offering tailored services.

Data location

TurtleWork and its Service Providers may store and process your personal data in a variety of locations, including the European Economic Area, the United States, and others, to ensure the effective delivery of our Solutions, support, and legal compliance. TurtleWork and its partners are committed to protecting your data in all jurisdictions while adhering to our Privacy Policy and industry standards.

TurtleWork staff in the EU, which have been recognised for their data protection adequacy, may have access to EU-originating personal data for support purposes. We use Standard Contractual Clauses to protect transfers to non-adequate countries.

Data disclosure

Legal Compliance: We may provide access to your personal information to legal authorities in response to lawful requests or to comply with regulatory requirements. This could occur if it is legally required or to address potential illegal activity or fraud.

Service Providers: Third-party services that support our operations, such as hosting and analytics, may use your personal information solely to improve our Solutions.

Partner ECP: We share Optical Data with our partner ECPs to ensure that a valid prescription is processed in accordance with our guidelines.

Business Transactions: Your personal information may be shared for transactions that you request, such as sending eyewear specifications to retailers for purchase.

Rights and Safety: We may share your information to protect the rights and safety of TurtleWork, our users, customers, and the general public.

TurtleWork Entities: Internal data sharing within TurtleWork companies furthers our Privacy Policy's goals. Significant business changes affecting data control will be communicated to you.

We reserve the right to share your information with your permission, under legal requirements, or if it is anonymized. Non-personal data can be used and shared freely.

Data retention

We retain personal information until the session is completed or as deemed necessary. We also keep it to fulfil legal obligations, resolve disputes, and keep records. Our policy allows for the secure deletion of data at our discretion, unless legally required otherwise. For inquiries, please contact dpo@turtlework.pt. As a data processor for a customer, we keep data according to their instructions.

We do not retain any facial data.

Cookie and data collection technologies

TurtleWork and our Service Providers use cookies and other similar technologies to improve performance, analytics, and personalisation. For legitimate business purposes, we may share anonymized or summarised data with our partners or Service Providers.

Cookies are small data files sent between your browser and the server. Session cookies expire when you close your browser, whereas persistent cookies last longer. We use both varieties.

For more information on how we use cookies and related technologies, please see our Privacy policy. Cookies, storage, and access to data.

Communications

Service Communications: We will notify you of any significant updates to our Solutions, such as changes, reports, and service modifications. These essential notifications are included with our Solutions and cannot be turned off while in use.

Notifications and Promotions: We will send you account-related alerts as well as updates on new features, offerings, and events that we believe you will enjoy. These can be delivered through a variety of channels, including phone, email, and our Solutions.

If you do not wish to receive promotional messages, you may opt out at any time by emailing dpo@turtlework.pt or following the unsubscribe instructions in the communication.

Data security

TurtleWork and our Service Providers use standard security protocols to protect your personal information, such as physical barriers, processes, and encryption. Despite these precautions, it is important to note that data security cannot be guaranteed.

Data subject rights

You have rights regarding your personal information. Contact us at dpo@turtlework.pt if you want to exercise your rights under the GDPR or CCPA, such as access, rectification, erasure, or objecting to processing. We may verify your identity in order to protect the data of others. If necessary, we will keep your verification information legally. You can also file complaints with EU authorities.

Data Controller/Processor

According to data protection laws such as GDPR and CCPA, there are two key roles:
Data Controller: Determines why and how personal information is processed.
The Data Processor handles personal information on behalf of the Data Controller.

Here's how these roles apply to our Solutions: TurtleWork manages customer and usage data while also processing facial measurements and optical data. If prescription is used: TurtleWork manages certain types of data while processing others on behalf of the customer.

When TurtleWork acts as a Data Processor, it adheres to the customer's instructions. The customer, as the Data Controller, is responsible for ensuring legal compliance. End-users should direct data requests to the customer who owns their data. If we receive such requests, we will direct them to the customer.

Cookies, storage and access to data

All browsers allow the user to accept, refuse, or delete cookies by selecting the appropriate settings in the browser. Your browser's "options" or "preferences" menu allows you to configure Cookies. To learn more about cookies, go to www.allaboutcookies.org.

As previously stated, the Site uses Google Analytics to collect and process User data. The use of Google Analytics is intended for the following purposes: access to statistical information about users; determination of the usefulness, interest, and number of visits to the site; monitoring and monitoring of pages and content visited, countries from which the Site is accessed; and methods of using the Site. To learn more about Google Analytics, go to www.google.com/intl/pt/policies/privacy/partners.

When legally required, the Company will obtain the User's consent to the use of Cookies and information storage and access mechanisms under the terms required by law.

The website makes use of "cookies." Cookies are small text files that uniquely identify your computer on our server. Cookies do not identify individual users, but rather the computer or device used.

We use Google analytics services on this website to measure the effectiveness of our content and our users' preferences, allowing us to help improve the Website's functionality. We use performance cookies to track how frequently users visit our website. This information is only used for statistical purposes and does not identify any users.

Changes to the privacy policy

The Company reserves the right to modify or update the Privacy, Security, and Data Protection Policy at any time, with relevant changes duly notified to the User through the website via a specific notice that will appear when using the Site. When legally required, the User must consent to any modifications or updates. Refusal of consent may imply, depending on the circumstances, the inability to access the Website.

If this Privacy Policy conflicts with those that may be published later as a result of changes, the latter will take precedence.