Personal Data Protection, Privacy and Cookies Policy
WINNING, LDA, with its registered office at Palacete dos Ulmeiros, Alameda das Linhas de Torres nº 152 E14, Lisbon, with share capital of €107,142.85 (one hundred and seven thousand, one hundred and forty-two euros and eighty-five cents), registered at the Lisbon Commercial Registry Office under the single registration and legal person number 510.098. 711 (referred to as ‘WINNING’), establishes, through this Personal Data Protection and Privacy Policy (‘Policy’), the guidelines for the protection and management of the personal data that it processes in its capacity as data controller in connection with the use of our website https://winning-consulting.com (‘Website’).
When data processing is carried out for the Alan Allman Associates ecosystem, WINNING, Lda., Alan Allman Associates Portugal, SA. and Alan Allman Associates International are considered separate entities, but jointly responsible for processing the data in question for these specific purposes. For all other processing, the entities of the group are autonomous and carry out the respective processing as individual controllers.
Intro
The protection of privacy and personal data is a fundamental commitment of WINNING to each holder of personal data (‘Holder’) who collaborates with us or uses the company’s digital platforms and services. With the application of the General Data Protection Regulation (‘GDPR’), EU Regulation 2016/679, of 27 April 2016, in force since 25 May 2018, and the publication of the national Enforcement Law, Law 58/2019, of 8 August, WINNING remains strongly committed to protecting the privacy and personal data of its Data Subjects. To this end, the company continually updates its Personal Data Protection and Privacy Policy in accordance with the principles and standards of the GDPR.
As part of its activity, WINNING collects and processes different categories of personal data and is subject to the applicable legislation, which defines how this processing should be carried out and guides the technical and organisational security and protection measures that must be implemented to safeguard this data.
In this page, which is part of our general data protection and privacy policy, we explain what personal data we collect, record, use, store and share about you in the context of your use of our website. Please read it carefully.
Data processed when using the website
By using our website you do not have to provide us with any personal data, except for cookies.
Why do we need your personal data?
We may process and store personal data from visitors to our site who accept the functionality of cookies that are not necessary for the management of the site’s functionalities.
When you visit the WINNING website, information such as pages visited, clicks, views, type of device, operating system and browser used is recorded. We use cookies to improve your browsing experience by personalising content and analysing website traffic. Some cookies are strictly necessary for the basic operation of the website, while others collect data for statistical and marketing purposes. All the information collected complies with the GDPR guidelines and is intended solely to optimise the experience and performance of the website.
In this case, your data is processed for the management of the website’s functionalities, during the persistence time of each cookie, as described in the table below, based on your consent, pursuant to Art. 6(1)(a) of the GDPR.
Cookies
Cookies are small text files stored on your computer via your browser, which retain information related to your browsing preferences and allow statistical analyses. These files identify the visitor and make it possible to personalise web pages, facilitating the flow of data between the different pages of the same site.
Online identifiers stored in cookies may, alone or together, be considered personal data relating to an identified or identifiable natural person.
In the European Union, the use of cookies is regulated by the e-Privacy Directive (Directive 2002/58/EC).
What data does our website's cookies process?
The data processed by cookies includes various online identifiers, such as session identifiers and specific cookies (_ga, _gid), browser type and version, operating system, device type (mobile or desktop), screen resolution, country of origin and user preferences, such as consent status and visual settings. In addition, the cookies used make it possible to personalise content, such as YouTube video player settings, and to distinguish between human visitors and bots for site security (e.g. _cf_bm, cf_clearance). This data enables a more personalised and secure browsing experience.
What are the cookies on our website?
Our website uses three categories of cookies:
- Necessary: Essential cookies for the basic functioning of the website, such as navigation and access to secure areas. The website will not function properly without these cookies.
- Statistical: Cookies that help understand how visitors interact with the site, collecting and reporting information anonymously for the purposes of analysing performance and use.
- Marketing: Marketing cookies are used to track visitors to websites. The intention is to display adverts and content that are relevant and engaging to the individual user and therefore more valuable to third party publishers and advertisers.
- Functionality: Cookies that enable additional functionality and personalisation on the website, such as remembering language preferences, layout settings and facilitating the use of specific features. These cookies improve the user experience by maintaining choices made previously, but do not collect information for advertising purposes.
The Necessary Cookies present on our website
Name
| Provider | Purpose | Timeframe | Type |
cf_bm | canva.com | Distinguish between humans and bots | 1 day | HTTP |
_cfuvid | canva.com | Part of the Cloudflare service for load balancing and content delivery | Session | HTTP |
ar_debug | google-analytics | Checks if a technical debugging cookie is present | 3 months | HTTP |
ASI | canva.com | The cookie is necessary for secure login and for the detection of spam or abusive use of the site. | Session | HTTP |
cf_clearance | canva.com | Distinguish between humans and bots | 1 year | HTTP |
CookieConsent | winning- consulting.com | Stores consent status | 1 year | HTTP |
wpEmojiSettingsSupports | winning- consulting.com | Maintaining the presentation, configuration and layout of the site | Session | HTML |
The Statistical Cookies present on our website
Name | Provider | Purpose | Timeframe | Type |
analytics_event_v2 # analytics_event_v2 | canva.com | Enables visual content queries | Persistent | Indexed DB |
dv_last_interaction | static.canva.com | Stores data about time on the website | Persistent | HTML |
yt-player-headers- readable | youtube.com | Defines the best video quality based on the visitor’s device and network | Persistent | HTML |
The Marketing Cookies present on our website
Name | Provider | Purpose | Timeframe | Type |
#-# | youtube.com | Used to track user interaction with embedded content | Session | HTML |
_ga |
winning- consulting.com | Sends data to Google Analytics about device and behaviour |
2 years |
HTTP |
_ga_# |
winning- consulting.com | Sends data to Google Analytics about device and behaviour |
2 years |
HTTP |
_gat |
winning- consulting.com | Sends data to Google Analytics about device and behaviour |
1 day |
HTTP |
_gid |
winning- consulting.com | Sends data to Google Analytics about device and behaviour |
1day |
HTTP |
TESTCOOKIESENA BLED | youtube.com | Used to track user interaction with embedded content |
1 day | HTTP |
VISITOR_INF01_LIV E | youtube.com | Used to provide targeted adverts or retargeting, storing and tracking visitor identity and interaction |
180 days | HTTP |
YSC |
youtube.com | Tracks interactions with embedded YouTube content |
Session |
HTTP |
yt.innertube::nextl d | youtube.com | Registers a unique ID to keep statistics on the YouTube videos the user has watched |
Persistent |
HTML |
ytidb::LAST_RESUL T_ENTRY_KEY | youtube.com | Tracks interactions with embedded content |
Persistent |
HTML |
YtIdbMeta#databa ses | youtube.com | Tracks interactions with embedded content |
Persistent | Indexed DB |
yt-remote-cast- available | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. |
Session | HTML |
yt-remote-cast- installed | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. |
Session | HTML |
yt-remote- connected-devices | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. | Persistent | HTML |
yt-remote-device- id | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. | Persistent | HTML |
yt-remote-fast- check-period | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. | Session | HTML |
yt-remote-session- app | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. | Session | HTML |
yt-remote-session- name | youtube.com | Stores user preferences for the video player when using embedded YouTube videos. | Session | HTML |
The Functionality Cookies present on our website
Name
| Provider | Purpose | Timeframe | Type |
leadership_lock#leadership_lock | canva.com | Provisionally classified for interface functionalities | Persistent | IndexedDB |
Data sharing with third parties
As a rule, we do not share the data of visitors to our website. However, in order to maintain and improve our services, your personal data may be shared with service providers, other data controllers or, in some cases, public bodies and organisations.
We may be required to disclose your personal data in response to requests from courts, law enforcement authorities or other regulatory bodies. Whenever possible, we will inform you in advance and ensure that we disclose only the minimum necessary, taking into account the specific purpose to protect your privacy.
If the controller is located outside the EU, we will apply appropriate safeguards to ensure the protection of your data. These safeguards may include: verification of the adequacy decision of the European Commission (EC) for the country of destination, the implementation of appropriate safeguards for the transfer or, in the case of internal transfers, the application of binding corporate rules.
Who carries out processing operations on our behalf?
WINNING uses subcontractors for the purpose of processing personal data, within the parameters defined by law. These entities are obliged, under the terms of contracts entered into with them, to keep confidential and guarantee the security of the data to which they have access, and may not use this data for any other purpose, nor carry out any type of analysis or relationship with other data they hold.
We may share some of your personal data with the following subcontractors:
Subcontractor | Region |
U.S. |
When a subcontractor is established in a country outside the EU, we apply the necessary safeguards, which may include: confirmation of the European Commission’s (EC) adequacy decision for transfers to a given country; that transfers are subject to adequate guarantees; or, if the transfer is internal to the organisation, compliance with the binding rules applicable to companies.
How do we guarantee the security of personal data?
We are aware of, aware of and constantly reviewing and improving the measures in place to protect your personal data from unauthorised access, accidental loss, disclosure or destruction.
To prevent loss, disclosure, unauthorised use or access and to ensure appropriate use of your information, we use appropriate and reasonable physical, technical and administrative procedures to safeguard the personal data we collect and process. We keep data to the extent required or permitted by law.
When and whenever we collect, transfer or store sensitive information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure.
Social Networks
If you choose to share information via social networks such as LinkedIn, Facebook, Instagram or Twitter, the information you share, including your name and preferences, will be visible to visitors to your personal pages. We recommend that you carefully read the data protection policies of the social networks in question, as these will apply to the processing of your personal data by these third parties.
How can you exercise your rights?
You have the right to request access to any of your personal data. If any of this information is incorrect, you can ask for it to be corrected. If we are processing your personal data improperly, you can request that we restrict the processing or even erase it.
If you wish to access your personal data or exercise any of your rights as a data subject, you can make your request via our website or contact us using the following means:
- By e-mail: privacy@winning.pt;
- By letter: Attn: Tiago Santos, Privacy Officer, at Palácio dos Ulmeiros, Alameda das Linhas de Torres, No. 152, Office 14, 1750-149, Lisbon, Portugal.
Your Rights
a) Right to Information: You have the right to obtain information from the Data Controller, namely identity and contact details; purposes of the processing; legal basis for the processing; recipients of the personal data;
b) Right of Access: The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning him/her is being processed and, if so, the right to access his/her personal data;
c) Right to Rectification: The data subject has the right to obtain the rectification of inaccurate personal data concerning him/her and the right to have incomplete personal data completed;
d) Right to Erasure: In certain situations, you may have the right to have your personal data erased;
e) Right to Restriction of Processing: In certain situations, you may have the right to obtain restriction of the processing of your personal data;
f) Right to Portability: In certain situations, you may have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and you may have the right to transmit this data to another controller;
g) Right to object: In certain situations, you may have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data and we may be obliged to cease processing your personal data;
h) Right not to be subject to automated decisions: You have the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces effects in your legal sphere or significantly affects you in a similar way.
Complaint
If you are dissatisfied with the way we use your personal data or with the response to your request to exercise your rights, you can lodge a complaint with the Supervisory Authority:
Comissão Nacional de Proteção de Dados (CNPD)
Avenida D. Carlos I, n.º 134, 1200-651 Lisboa,
+351 213 928 400 (telephone), +351 213 976 832 (fax) or geral@cnpd.pt (e-mail address)
Reviews
This policy was revised on 21 October 2024, ensuring its compliance with current legal, regulatory and operational requirements. It is a revision and integration of our ‘GDPR’ and ‘Privacy’ policies and is subject to regular changes and updates.
As far as possible, we will communicate any changes to this policy, but we also invite data subjects to consult it regularly to stay informed of any updates.