Privacy Policy

    1. Introduction

VISION BOX – SOLUÇÕES DE VISÃO POR COMPUTADOR, S.A., with the tax identification number 505.350.173, with registered office at Rua Casal do Canas, no. 2, Zona Industrial de Alfragide, 2790-204 Oeiras (hereinafter, “Vision Box” or the “Company”), is primarily engaged in the development, integration, production, and marketing of computer vision solutions and information systems, as well as the import and export of capital goods, components, computer consumables, consultancy services, and training in similar areas. 

Vision Box recognizes that compliance with data privacy and data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), holds paramount importance in order to ensure that personal data remains secure, that our business operations are efficient, transparent, and that the rights of data subjects are respected. In this regard, Vision Box acts as the controller of the personal data processed in this Website. 

This Privacy Policy (hereinafter, the “Privacy Policy”) is an integral part of the Terms of Use of our Website - https://www.Vision Box.com/ (hereinafter, the “Website”), and aims to provide all users with comprehensive information about the nature of personal data collected and the specific purposes for which it is processed. By doing so, we aim to fully comply with the right to information, ensuring that our users are well-informed about how their data is handled, and simultaneously enhancing the transparency of our activities. 

By browsing our Website, users (hereinafter, “Users”) acknowledge and accept the conditions outlined in this Privacy Policy. Providing personal data in this context signifies Users’ awareness of these policies and their express agreement to abide by them.  

     2. Definitions

For the purposes of this Policy:

  • Controller shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • DPO shall mean Data Protection Officer or the person within the company with the role of ensuring compliance with privacy and data protection laws and regulations;
  • Personal Data shall mean any information of any type relating to an identified or identifiable natural person (“data subject”). A person can be identified, directly or indirectly, in particular by reference to identifiers such as name, an identification number, location data, online identifiers, as logins, and other access credentials or, other factors, inter alia, physical, physiological, genetic, economic, cultural or social;
  • Personal data breach shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • Processing shall mean any operation or set of operations which is performed upon personal data, regardless its manual, logical or automatic nature. Therefore, operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, combination, erasure or destruction, are always data processing;
  • Processor shall mean the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Controller;
  • Supervisory Authority shall mean the independent public authority responsible for monitoring the application of the GDPR, to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of Personal Data within the Union. In Portugal, the Supervisory Authority is the Comissão Nacional de Proteção de Dados (“CNPD”); 
  • Third Party shall mean any natural or legal person, public authority, agency or any other body other than the data holder, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

     3. General Principles

Concerning the principles directly applicable to the Processing of Personal Data, Vision Box undertakes to ensure that all Personal Data is: 

  • Processed lawfully, fairly, and in a transparent manner in relation to the Data Subject; 
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed; 
  • Accurate and, where necessary, kept up to date, while taking every reasonable step to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed. 
  • Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

      4. Purposes and Lawful Grounds for the Processing of Personal Data

Vision Box only processes Users' Personal Data when it is duly authorised to do so. The GDPR requires that, for the Processing of Personal Data to be lawful, there must be an adequate legal basis supporting each specific processing activity.

The Processing of Personal Data carried out by Vision Box shall be lawful only if and to the extent that at least one of the following applies:

  • The Data Subject has given Consent to the processing of his or her Personal Data for one or more specific purposes;
  • The processing activity is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract; 
  • The processing activity is necessary for compliance with a legal obligation to which the Controller is subject;
  • The processing activity is necessary in order to protect the vital interests of the Data Subject or of another natural person;
  • The processing activity is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • The processing activity is necessary for the purposes of the legitimate interests pursued by the Controller or by a Third Party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.

In view of the above, the following Personal Data are processed in Vision Box’s Website:

  • Get in Touch: Vision Box processes the Personal Data provided by Users when they wish to get in touch with the Company. This includes each Users’: 
    • First Name; 
    • Last Name; 
    • Job Title (Optional);
    • Organisation Name; 
    • E-mail address; 
    • Country;
    • Industry. 

Vision Box processes the previously mentioned Personal Data based on its legitimate interests and, if applicable, to take steps at the request of the Data Subject prior to entering into a contract. The purpose of this processing activity is to handle and fulfil the information requests submitted by the Users of the Website. In this regard, Users recognize that they voluntarily provided their Personal Data for such purpose. 

 

  • We are Hiring: Vision Box displays several Career Opportunities in its Website, for which Users can apply. To this extent, each User shall provide the following Personal Data: 
    • First Name; 
    • Last Name; 
    • E-mail; 
    • Phone,
    • Curriculum Vitae (CV);
    • Additional Files, which may contain Personal Data (optional);
    • Cover Letter, which may contain Personal Data (optional);
    • Additional information related to each User, such as a fun fact, favourites list, superpower, and a ask yourself section, which may contain Personal Data (optional). 

 

Vision Box processes the aforementioned Personal Data to take steps at the request of the Data Subject prior to entering into a contract. The purpose of this processing activity is to analyse the job applications submitted by the Users of the Website. In this regard, Users recognize that they voluntarily provided their Personal Data for such purpose. 

  • Newsletters: Vision Box sends direct electronic communications to Users who have explicitly given their consent through a clear affirmative action. In this case, Users provide Consent by actively checking the designated box that states: “I would like to receive Vision Box communications”. Vision Box is providing informative and engaging newsletters related to the following subject matters: 
    • product launches;
    • project announcements;
    • brand activities;
    • events and webinars;
    • blog posts, whitepapers, among others. 

In the event of content changes, Users will be notified. 
In light of the above, Vision Box processes each Users’ E-mail address based on the consent of each User, which translates in a freely given, specific, informed, and unambiguous indication of the Data Subject’s agreement to the Processing of the Personal Data relating to him or her. The purpose of this processing activity is to send direct electronic communications to each Users’ e-mail address. Despite the aforementioned information, Vison Box has implemented an unsubscribe option for every communication to be sent, as well as a Communication Manager where the User can configure their communication preferences - https://shorturl.at/svPRT.

      5. Data Retention Periods

The Personal Data processed to handle and fulfil the information requests submitted by the Users of the Website (Get in Touch) will be retained until the User has been sufficiently informed regarding their inquiry. Additionally, if the User expresses interests in entering into a contractual agreement with Vision Box, the Personal Data will be retained until the contractual relationship ends, unless there is a legal obligation for Vision Box to retain such Personal Data for extended periods. 

The Personal Data processed to analyse the job applications submitted by the Users of the Website (We are Hiring), will be kept for a period of 1 (one) year after the job vacancy has been filled. However, if the User is hired by Vision Box, the Personal Data will be retained for the duration of the contractual relationship, unless there is a legal obligation for Vision Box to retain the Personal Data for a longer period.  

The Personal Data processed to send direct electronic communications to each Users’ e-mail address (Newsletters) will be kept until the User has withdrawn his or her consent. Please note that the withdrawal of consent shall not affect the lawfulness of this processing activity before its withdrawal. 

      6. Cookies

6.1 Cookies Definition
Cookies are small information files, usually in html format, stored by a website in Users’ equipment (computer, laptop, smartphone, tablet, etc.). All cookies and other tracking technologies, such as tags, pixel tags, web beacons, user IDs or other technological forms that may be developed, are regulated by this Policy (jointly, “Cookies”).

On each visit to the Website, User’s internet browser permits access to the Cookies installed on User’s equipment, allowing the recognition and memorisation of User’s digital identifier (where applicable), as well as the immediate activation of User’s usage preferences. These Cookies will only be placed on User’s device with their express and opt-in consent, except in the case of strictly necessary cookies which are required for the Website to work.

Regarding strictly necessary cookies, Users may delete them or set up their device to ensure that they are automatically blocked according to the instructions provided in the following Section Management and Blocking of Cookies.

6.2 Purposes of the Cookies

The Website may set different types of Cookies, with which category being related to a different purpose:

  • Strictly Necessary Cookies – Without these Cookies we cannot provide access to core features of the Website and/or access to functionalities explicitly requested by the User. The User may configure their browser to block or alert about these Cookies. However, note that his may affect core features of the Website.
  • Functional Cookies – These Cookies help perform certain functionalities like sharing the content of the Website on social media platforms, collecting feedback, and other third-party features.
  • Analytics Cookies – These Cookies are used to collect statistical information. Through this information, Vision Box is able to analyse how its Website is used and how Users interact with the different webpages. These Cookies may also be used, along with Advertising cookies, to count the interactions with the advertisements on the Website. Additionally, these Cookies may also be used to perform conversion analysis as well as to determine how many times a User clicked on a particular advertisement, supporting Vision Box to decide, and managing advertising on the Website.

6.3 Responsible for Placing the Cookies
Each Cookie has a domain name associated with it, and may be classified, with respect to its origin, by the following categories:

  • First Party Cookies: Cookies managed and stored by the domains of Vision Box.
  • Third Party Cookies: Cookies placed on the User’s device through a domain or device managed by a third party whose content or technological solution is integrated within the Website. In this case, the third party may process data collected through Cookies and Vision Box may be unable to configure/change the Cookies’ operation.

6.4 Cookies Duration
Regarding their duration (storage period), cookies may be classified as follows:

  • Session Cookies: these cookies will be deleted when or shortly after the User ends the browser session or closes the browser or application used to access the Website.
  • Persistent Cookies: these cookies will be stored for longer periods. To delete these Cookies either an active action by the User or the end of the defined storage period is required.


6.5 Cookies Collected

Name Domain Description Duration Category Type
ARRAffinity .vision-box.com ARRAffinity cookie is set by Azure app service and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user. Session Necessary Third Party
ARRAffinitySameSite .vision-box.com This cookie is set by Windows Azure cloud and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. Session Necessary Third Party
__hssrc .vision-box.com This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session. Session Necessary Third Party
__hssc .vision-box.com HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. 1 hour Necessary Third Party
__cf_bm Hubspot.com This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. 1 hour Necessary Third Party
_hjAbsoluteSessionInProgress .vision-box.com Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie. 1 hour Functional Third Party
_ga_* .vision-box.com Google Analytics sets this cookie to store and count page views. 1 year 1 month 4 days Analytics Third Party
_ga .vision-box.com Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. 1 year 1 month 4 days Analytics Third Party
_hjSessionUser_* .vision-box.com Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. 1 year Analytics Third Party
_hjFirstSeen .vision-box.com Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user. 1 year Analytics Third Party
_hjSession_* .vision-box.com Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. 1 year Analytics Third Party
__hstc .vision-box.com Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). 6 months Analytics Third Party
hubspotutk .vision-box.com HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. 6 months Analytics Third Party

 

6.6 Management and Blocking of Cookies

To protect the Users’ rights and their privacy and data protection, the Website make available a cookie management tool. By using this feature, the Users can, at any time, manage a number of aspects of their cookie preferences, including obtaining information about the Cookies used or withdrawn consent for Cookie storage and access. Our cookie management tool can be accessed by clicking in the button below in the homepage. 

  • Privacy policy

Alternatively, most browsers allow users to control, through their settings, the Cookies that are stored on their device and to review which Cookies are used, deleting them immediately if they no longer want to allow Cookies to be stored. Users can also change their browser settings to disable the storage of Cookies or to notify them whenever a new Cookie is set. 

Users should be aware that disabling Cookies on their browser settings can have an impact on the functioning of the Website, as the settings in most current browsers are not detailed enough to allow Users to disable all Cookies that are not Strictly Necessary for the proper functioning of the websites they visit. On devices offering such features, Users can have greater control over their Cookies by using free extensions available online.

       7. Transfers of Personal Data to Third Countries

The Personal Data processed by Vision Box are not made available to any Third Parties established outside the European Union or the European Economic Area. If, in the future, such transfers of Personal Data occur, Vision Box undertakes to ensure that it complies with the relevant applicable legal provisions in this regard. 

Such international transfers of Personal Data shall only occur: 

  • Where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection (Transfers on the basis of an adequacy decision);
  • Vision Box or its Processors have provided appropriate safeguards, and on condition that enforceable Data Subjects rights and effective legal remedies for Data Subjects are available, such as the adoption of binding corporate rules or standard data protection clauses adopted by a supervisory authority and approved by the Commission (Transfers subject to appropriate safeguards). 
  • Provided that at least one condition foreseen in Article 49 of the GDPR applies (derogations for specific situations).  

      8. Technical, Organisational, and Security Measures Implemented

To guarantee the security of the Data Subject's Personal Data and maximum confidentiality, Vision Box processes the Personal Data provided by its Users in a confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically as necessary, as well as in accordance with the terms and conditions provided for by law.

Depending on the nature, scope, context, and purposes of the Processing of the Personal Data, as well as the risks arising from the processing activity for the rights and freedoms of the Data Subjects, Vision Box undertakes to apply, both at the time of defining the means of processing and during the processing activity itself, the necessary and appropriate technical and organisational measures to protect Personal Data to comply with legal requirements.

Vision Box namely adopts the following security measures:

  • Antivirus software, firewall and data prevention loss;
  • Restrictions to share non-authenticated archives;
  • Restrictions on Peer-to-Peer applications;
  • Database encryption software;
  • User account password;
  • Appropriate maintenance services and with approved levels of correction.

       9. Data Subject’s Rights

Data Subjects are guaranteed the right to request access to and rectification or erasure of Personal Data or restriction of processing concerning the Data Subject or to object to processing as well as the right to data portability. In this regard, the Data Subjects recognise that the exercise of the above rights to erasure, limitation or opposition to processing may jeopardise the abovementioned processing activities. 


Data Subjects also have the right to lodge a complaint with the Portuguese Data Protection Supervisory Authority (Comissão Nacional de Proteção de Dados -CNPD). 

Data Subjects who wish to exercise their rights, request any information, or submit an objection or complaint about the way in which their Personal Data is processed, may contact the Vision Box through the following means of communication:

  • E-mail: [email protected]
  • Address: Rua Casal do Canas, no. 2, Zona Industrial de Alfragide, 2790-204 Oeiras. 

Vision Box will reply all requests within 30 days.

      10. Personal Data Breach

In the event of a Data Breach and to the extent that such breach is likely to result in a high risk to the rights and freedoms of the Data Subject, Vision Box undertakes to communicate the Personal Data Breach to the Data Subject concerned without undue delay.

In accordance with the law, communication to the Data Subject is not required when:

  • Vision Box has implemented adequate protection measures, both technical and organisational;
  • If Vision Box has taken subsequent measures to ensure that the high risk to the rights and freedoms of the Data Subject is no longer likely to materialise.
  • If communication to the Data Subject would involve a disproportionate effort for Vision Box. In this case, Vision Box may make a public communication or take a similar measure by which the Data Subject will be informed.

      11. Modifications to the Privacy Policy

Vision Box reserves the right to change this Privacy Policy at any time. In case of modification of the Privacy Policy, the date of the last change, available at the top of this page, will also be updated. If the change is substantial, a notice will be placed on the Website.

      12. Applicable Laws and Jurisdiction

This Privacy Policy, as well as the processing activities described herein, are regulated by the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 and by the applicable laws and regulations in Portugal.

Any disputes arising from the validity, interpretation, or execution of this Privacy Policy, or related to the processing activities described herein, shall be submitted exclusively to the jurisdiction of the Judicial Courts of the District of Lisbon, without prejudice to the applicable mandatory legal rules, with express waiver of any other.