Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
This document describes how FROM ADVISORY, UNIPESSOAL LDA (“From:”) uses and shares personal data within the scope of real estate marketing.
From: is Arrow Global Portugal's new B2C platform, which boosts the marketing and activation of its real estate projects. It acts as a strategic partner for the Group's different entities, ensuring an integrated approach throughout the entire value chain.
We use your personal data to offer our real estate services, including property valuation, advertising and management of purchase and sale transactions.
Use as required or permitted by law
Whenever required by law, your personal data will be used for other purposes, namely when From: is obliged to provide them at the request of official authorities.
We use the following legal grounds for processing personal data:
Our main basis for processing data is the legitimate interest of our business.
The General Data Protection Regulation (“GDPR”) allows the use of personal data where the legitimate interest of the organization is not overridden by the interests, fundamental rights and freedoms of the data subject (customer). The law calls this requirement for processing personal data “legitimate interest”. Below we describe the actions we take in relation to your data, the legal grounds underlying the processing, as well as explaining what our legitimate interest is when it constitutes the reason for processing.
| Interest | Reason(s) for Treatment | Explanation |
|---|---|---|
| Management of real estate services |
|
We have an obligation to manage your Account appropriately, in accordance with the underlying contract and/or as defined in the laws and regulations issued by the applicable supervisory authorities. |
| Compliance with and support for legal and regulatory obligations |
|
We have to comply with various legal and regulatory obligations and support other entities in fulfilling their legal and regulatory obligations. |
| Training and Quality |
|
In order to ensure the good quality of the services provided, customer data is used for the purposes of training our team and reviewing the quality of our services and results, as well as those of our partners. |
| Customer service and market research |
|
In order to guarantee the quality of the services provided, we use customer data for communication purposes and, if necessary, for market research purposes. |
The use of personal data is subject to an extensive framework of safeguard measures, which helps to ensure the protection of customers' rights. This includes informing customers about how their personal data will be used and how they can exercise their rights to obtain their personal data, correct or limit it, object to processing or complain if they are dissatisfied. These safeguards help to maintain a fair and appropriate balance so that our activities do not override the interests, rights and fundamental freedoms of the data subject.
We receive and use information that the data subjects themselves provide us with, resulting in a variety of personal data about each client. All the information we store falls into the following categories.
| Type of information | Description | Source |
|---|---|---|
| Key customer identifiers | We keep personal data, which can be used to identify the customer; this includes:
|
This personal data is included in all data sources. For example, names, addresses and dates of birth are associated with Account data, so that correspondence can be made, and associated with all other data that From: holds on that person. Data provided directly by customers in their daily interactions with From: or our subcontractors. Zip code data is also obtained from sources such as CTT. We also access public databases on people and companies, including Insolvency Services, Registry Offices, Central Credit Register reports, commercial and business directories. |
| Client's circumstances | We may retain personal data relating to an individual's personal circumstances, including physical and mental health, financial situation (including hardship) and communication difficulties. The purpose of this information is to ensure that all circumstances are taken into account in the provision of real estate services. | This information will be obtained through:
|
| Financial data | We may receive information, including financial data, that customers hold with banks. This includes details of bank accounts, credit cards, mortgages and other agreements involving credit contracts. |
|
| Data of public interest | We receive data from commercial sources, which includes lists of politically exposed persons (PEPs) and data relating to sanctions, in order to ensure compliance with regulatory requirements. | We receive this data from reliable commercial sources, as agreed, on a regular basis. |
| Other derived data | We produce other data to efficiently manage our databases and ensure that the relevant data about a person is in the correct file. Relationships between addresses: When we detect an apparent change of address for a person, a link may be created between the old and new address. | From: generates this data from available data sources. |
This section describes the types of recipients with whom we share data and our process for ensuring that they are appropriate entities.
In certain cases, some entities are entitled to oblige us, by law, to disclose certain data for certain purposes.
Arrow Global Portugal Group and/or related entities:
The data collected may be transmitted to the companies of the group and/or related to Arrow Global Portugal to which From belongs and operates in a joint economic activity and may act both as data controller and as subcontractor for the respective data collection and with which it maintains service contracts and/or commercial partnerships and shares internal communication duties and for the various regulatory institutes.
Supervisory Authorities
We share information with supervisory authorities as part of our obligations.
Subcontractors
We can entrust the management of the real estate service to one of our Subcontractors, who will act as our partner. We use market-leading partners and rely on their expertise in the field to manage your Account on our behalf. We will let you know when and if this outsourcing takes place.
Many of these companies simply operate as our partners and do not have control over your data.
Information technology subcontractors
We may use other entities to perform tasks on our behalf (e.g. IT service providers and call center service providers) to assist us in running the business. These subcontractors will always act as our partners and will be instructed by us to contact you.
Payment Processors
If you have chosen to pay by direct debit or credit card, From: will provide the relevant information to the processing companies in order to make the transaction possible.
Clients
Customers have the right to obtain copies of their personal data held by From:. Find out how to do this below, in section 10.
Legal and regulatory bodies
In compliance with a legal or regulatory obligation or in order to protect our rights or the rights of a third party, we may share data with any law enforcement agency, regulator, court, governmental authority or otherwise.
Our clients' personal data is processed within the European Economic Area (EEA), where it is protected by European legislation, specifically the General Data Protection Regulation (GDPR). Our company only shares personal data with third parties, provided it is legally authorized to do so. When we do so, we establish appropriate contractual arrangements and security mechanisms to protect the data and comply with data protection, confidentiality and security standards.
From: is a subsidiary company of Arrow Global Group (“AGG” and/or “Arrow”), based in the United Kingdom. After Brexit, the European Commission issued an adequacy decision, dated June 28, 2021, as no additional safeguards are required if your data is transferred to the United Kingdom, thus ensuring the protection and safeguarding of your data under both United Kingdom and European Union privacy legislation.
We only share personal data with other non-EEA countries when we are legally entitled to do so, namely when:
We may also justify sharing data on other legal grounds, such as for the purposes of legal proceedings, investigation or to protect our legal rights.
In general, we will retain all information about customers for as long as they have an active contract.
Once the Account is closed, we will continue to retain all information, generally for a period of 10 (ten) years after closure. The criteria used to determine the storage period will include the limitation of liability period, agreed contractual terms, regulatory requirements and industry standards.
The exceptions to this standard ten-year approach are detailed below:
Archived data
We will retain archived data in physical or digital format for business continuity purposes. When data is retained for longer than the period described above, it will not be accessible to unauthorized employees and in the case of digital copies the data will be encrypted. We will take steps to ensure that if it is essential to have access to these files, we will remove personal information that is not necessary.
| Rights | Description | Section |
|---|---|---|
| The right to be informed | You have the right to be informed about how we collect and use your personal data. This has been described in this privacy notice. | All |
| Rights related to automated individual decisions | You have rights in relation to any automated individual decision, which produces effects in your legal sphere or significantly affects you in a similar way. | 9 |
| Right of access | You have the right to access your personal data and additional information stored by us. | 10 |
| Right to data portability | In certain circumstances, you have the right to obtain personal data and reuse it for your own purposes in different services. | 10 |
| Right to rectification | You have the right to rectify inaccurate data or complete incomplete data. | 11 |
| Right to object | You have the right to object to the processing of your personal data. | 12 |
| Right to erasure | In certain circumstances, you have the right to request the erasure or removal of personal data when there is no compelling reason for its continued processing. | 12 |
| Right to restriction of treatment | In certain circumstances, you have the right to ask us to block or limit the processing of your personal data. | 13 |
If you want to exercise any of these rights, you can contact us:
From:
Avenida Almirante Gago Coutinho, nº. 30, piso 0, 1000-017 Lisboa, Portugal
Scores and rankings
We do not currently carry out scoring and ranking of customer accounts or profiles, however we may consider implementing this in the future if it proves beneficial for account management, while respecting the personal circumstances of each customer.
You have the right to ask us about the data we hold on you. This is known as a Data Subject Access Request. You have the right to inquire about the personal data we hold about you.
The new data protection legislation also covers the right to data portability, which could give consumers, in certain processing contexts, the right to receive their personal data in a portable format when it is processed on certain grounds, such as consent. This right will not apply to data processed by From: as the data is processed on the basis of legitimate interest.
When we receive personal data, we carry out various checks to detect defects or errors. Ultimately, we rely on our suppliers and customers to provide accurate data.
If you believe that any of the data we hold is incorrect or incomplete, you have the right to request that it be updated.
If it turns out that the data is incorrect, we will update our records accordingly. If, on completion of the checks, we still trust that the data is correct, we will continue to retain and preserve it - although you can ask us to add a note to your file indicating that you disagree or providing an explanation of the circumstances. In addition, we need to keep the original incorrect records for auditing purposes.
If you would like to do so, please contact us.
As a customer, you have specific rights under the GDPR. You have the right to object to the use of personal information or ask us to delete, remove or stop using it if there is no longer a need for us to keep it. These are called the “right to object” and the “right to erasure” or “right to be forgotten”.
As a customer, in relation to the direct marketing actions that From may carry out as part of its activity, you also have specific rights under the GDPR and Law 41/2004, of August 18 (which regulates the protection of personal data and privacy in telecommunications). You have the right to object at any time to the use of personal information or ask us to delete, remove or stop using it if there is no longer any need for us to keep it. These are known as the “right to object” and the “right to erasure” or “right to be forgotten”.
Section 4 details the information we process and why we need this information in relation to the activities we carry out. This is why your right to object does not automatically imply the deletion of your information, however, we will analyze all requests received and if it is not possible for us to delete your information, we will inform you and clarify why we cannot do so.
In certain circumstances, you can ask us to restrict how we use your personal data. This is not an absolute right, and your data may continue to be processed where certain grounds exist. These grounds include:
Only one of these grounds needs to be demonstrated in order to continue processing the data. We will take into account and respond to requests received, including assessing the applicability of these exclusions. Please note, that given the importance of keeping complete and accurate records, for the purposes described above, it will generally be appropriate to continue processing the data. In particular, to ensure the proper management of your Account.
We try to provide better customer service, but if you are not satisfied, you should contact us so that we can analyze your questions.
| Name | From: |
| Contact | Address Avenida Almirante Gago Coutinho, nº. 30, piso 0, 1000-017 Lisboa, Portugal Website: |
You can also direct your questions to the National Data Protection Commission (CNPD), the body that regulates the processing of personal data in Portugal:
Our local data protection officer can be contacted by e-mail at the following address DPO@from.pt or by letter to our address.