Our Privacy Pledge

MCretail, SGPS, S.A. is a company that bases its activity on transparency and security in the processing of personal data. This commitment is transferred to the relationship with our investors, partners, customers, suppliers in a daily basis. The privacy and security of the data you entrust us with are a priority for us.

It is our commitment to only collect, store, process, transmit or delete personal data of our investors, partners, customers, suppliers, with transparency and that these personal data are essential to provide the best services. We inform you how we use your personal data and for what purposes, with the guarantee that we collect, share and keep the data with reference to the best practices in the security and protection of personal data field.

When your personal data is collected, stored, processed, transmitted or deleted by other entities, we demand the same level of privacy and security.

We want you to feel confident that your data is safe with us, as we are always committed to protecting your privacy, and we take our responsibilities with regard to the protection of your personal data with great seriousness and commitment.

Who is Responsible for Your Personal Data

MCretail, SGPS, S.A., headquartered at Rua João Mendonça, nº 529, 4464-501 Senhora da Hora, Matosinhos, registered with the Commercial Registry Office under the unique legal person number 501532927, with share capital of €1,000 ,000,000.00, hereinafter abbreviated as MC, is responsible for the processing of your personal data under the terms of the General Regulation on Data Protection and the complementary legislation on personal data protection in force in the countries in which it operates.

Personal Data We May Collect

In this Privacy Policy, the term “Personal Data” means the set of information that relates to you and that allows us to identify you, directly or indirectly. Your personal data may include, for example, your name, your tax identification number, your contacts (physical or electronic), your transactions and your interactions with us.

We may also receive your personal data from other companies, namely when they collect, process or store them under a service provision contract.

MCretail, SGPS, SA may collect the following categories of personal data:

i. Investor/shareholder identification and contact information – full or abbreviated name, citizen card number, tax identification number, address, telephone, e-mail and number of shares held;

ii. Customer identification and contact details – full or abbreviated name, address, telephone, e-mail;

iii. Supplier data – in the case of natural persons, full name and tax identification number; in the case of legal persons, representative name and contact details;

iv. Partner data – in the case of natural persons, full name and tax identification number; in the case of legal persons, representative name and contact details;

How and Why We Use Your Personal Data
We use your personal data for the following purposes:

i. Provision of information in response to requests arising from the relationship with investors/shareholders and internal reporting;
ii. Operationalization of partnership actions within the scope of Corporate Social Responsibility;
iii. Compliance with regulatory reporting duties;
iv. Fulfilment of communication and brand actions and projects.

How Long Do We Keep Your Personal Data

We keep your personal data only for the period necessary to fulfil the objectives identified in the previous paragraph and to comply with the law.

Once the maximum retention period has been reached, your personal data will be anonymized or securely destroyed/erased.

With Whom We Can Share Your Personal Data

In some cases we may disclose your personal data to other Sonae Group companies. In such cases, we require that they have the appropriate security measures in place to protect your personal data.

When required by law, we may have to disclose your personal data to authorities or third parties, in which case our control over how your personal data is protected is limited.

How You Can Exercise Your Personal Data Protection Rights

In certain circumstances, you have the right to ask of us:

i. Additional information about our use of your personal data;
– Access to your personal data;

ii. That we transmit your personal data that you have provided us to another entity;
– Updating your personal data;
– The deletion of your personal data;
– The suspension of the processing of your personal data if you object to it;

iii. Limiting the way we use your personal data while we correct it or clarify any doubts about its content or our use of it;

iv. The provision of a channel so that you can challenge decisions taken solely on the basis of the automated processing of your personal data.

You also have the right to withdraw or change, at any time, the consent you have given us to use your personal data, when the processing is based on consent.

The exercise of these rights is excepted when your personal data are used to safeguard public interest, namely in cases of detection and prevention of crimes, or when they are subject to professional secrecy.

To exercise your personal data protection rights or whenever you have any questions about the use we make of your personal data, you should contact us through the following means:

– Postal Address: Rua João Mendonça, nº 529, 4464-501 Senhora da Hora, Matosinhos

– E-mail address: dadospessoais@sonaemc.com

You can also contact our Data Protection Officer using the same postal address and the email address dpo@sonaemc.com.

If you are dissatisfied with the way we use your personal data or with our response to your request to exercise your rights, you can file a complaint to the National Data Protection Commission (CNPD) – Address: AV. D. Carlos I, 134, 1º, 1200-651 Lisboa – Telephone: +351213928400 – Fax: +351213976832 – E-mail address: geral@cnpd.pt.


How We Protect Your Personal Data

We have a variety of information security measures, in line with the best national and international practices, in order to protect your personal data, including technological controls, administrative, technical and physical measures and procedures that guarantee the protection of your personal data, preventing its misuse, unauthorized access and disclosure, its loss, its undue or inadvertent changing, or its unauthorized destruction. In terms of information security, we assume the same commitment of continuous improvement that we are guided by in our daily activity.

Among others, we highlight the following measures:
i. Restricted access to your personal data only by those who need it for the purposes we set out above;
ii. Storage and transfer of personal data only in a secure way;
iii. Protection of information systems to prevent unauthorized access to your personal data;

– Implementation of mechanisms that guarantee the safeguarding of the integrity and quality of your personal data;
– Permanent monitoring of information systems, with the aim of preventing, detecting and preventing the misuse of your personal data;
– Redundancy of personal data storage, processing and communication equipment, to avoid loss of availability.


Updates to this Privacy Policy
This Privacy Policy may be updated from time to time, which will be disclosed on our website.

Use of Cookies and Privacy and Security Policy

What is a Cookie?

It is a file that is imported to your computer or to another device when you access certain web pages and that allows the collection of information about your browsing experience. In some cases, Cookies are necessary to facilitate navigation and allow saving and retrieving information about a user’s browsing habits or their equipment, among others. Depending on the information they contain and the way you use your equipment, they can be used to recognize the user.


Identification of Cookies

Session Cookies – These are temporary, cookies are generated and are available until the session is closed. The next time the user accesses their internet browser the cookies will no longer be in storage. The information obtained allows to manage sessions, identify problems and provide a better browsing experience.

Analytical Cookies – These cookies are used to analyse how users use the site, allowing to highlight items or services that may be of interest to users, and to monitor the site’s performance, knowing which pages are most popular, which connection method between pages is more effective or to determine why some pages are receiving error messages. These cookies are only used for statistical analysis and creation purposes, without ever collecting personal information.

Functionality Cookies – Functionality cookies allow to remember the user’s preferences regarding navigation on the website. That way, you don’t need to reconfigure and customize it every time you visit the website.

Advertisement cookies – These are those that if treated well by us or by third parties, allow us to more effectively manage the offer of advertising spaces that exist on the website, being able to analyse your browsing habits and show you advertising related to your navigation profile.


Disabling Cookies

The user can allow, block or delete the Cookies installed on his equipment by configuring the browser options installed on his computer. Please read your browser’s help section carefully to find out more information on how to enable “private mode” or unlock certain Cookies.

Internet Explorer: Tools > Internet Options > Privacy > Settings. For more information, you can consult Microsoft support or browser Help.

Firefox: Tools > Options > Privacy > History > Custom Settings. For more information, you can consult Mozilla support or browser Help.

Chrome: Settings > Show advanced options > Privacy > Content settings. For more information, you can consult the Google help centre or browser Help.

Safari: Preferences > Security. For more information, you can consult Apple support or browser Help.