Data Protection Policy

AURUM corresponds to the national brand of MEJ Capital, Unipessoal Lda., Tax ID No. 515018716, Social Security No. 25150187165, headquartered at Rua Mestre de Aviz, No. 15, 1º Dto, Oeiras parish, Oeiras municipality, a limited liability company registered at the Commercial Registry Office of Barcelos, represented by the manager Aura Johana Portillo Rivera Miranda, authorized to act on behalf of the company.

AURUM processes the personal data of its CLIENTS, including, but not limited to:
(i) Name,
(ii) Address,
(iii) Phone/mobile number,
(iv) Email address,
(v) Banking information,
(vi) Tax identification number,
(vii) Profession,
(viii) Audio and visual data.

AURUM may also process sensitive personal data related to the health, physical condition, and genetic information of CLIENTS. Explicit consent is required for processing this sensitive data, in accordance with Article 9(2)(a) of the General Data Protection Regulation (GDPR). CLIENTS acknowledge that refusal to consent to the processing of health-related data may prevent them from fully enjoying the AURUM Padel event experience.

Identification and payment data provided by CLIENTS for event registration and payment are shared with STRIPE, AURUM’s electronic payment service provider. AURUM processes this data to fulfill legal and contractual obligations and to provide the contracted services.

CLIENT personal data may also be shared with the following entities for operational purposes:

  • Life Padel (padel club)

  • Hotels (name and email)

  • Restaurants (name)

  • Oven Creative Studio (company responsible for website operations)

CLIENT RIGHTS
The exercise of data subject rights cannot be restricted or limited. If, for legal reasons, a data subject cannot exercise a particular right, AURUM will promptly provide a clear explanation. Exercising these rights is generally free of charge. To exercise rights, CLIENTS should send an email or registered letter to the Data Controller, Aura Miranda, with the subject line: “EXERCISE OF RIGHTS.”

Data subjects’ rights include, but are not limited to:

  • Access their data

  • Rectify personal data

  • Withdraw consent where applicable

  • Request deletion of personal data when no longer necessary for the purpose it was collected, except for establishing, exercising, or defending a legal claim

  • Request restriction of processing when the data is no longer needed for processing purposes but is required by the data subject for legal claims

  • Data portability

  • File a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados) at Avenida D. Carlos I, 134 - 1.º, 1200-651 Lisbon, Phone: +351 213 928 400, Fax: +351 213 976 832, Email: geral@cnpd.pt

DATA RETENTION
Personal data is retained according to its purpose:

  • Contractual and pre-contractual obligations: two years after the last contractual relationship

  • Legal obligations, including billing: two years after the last contractual relationship

  • Event-related personal data: one month after the event

Longer retention periods may apply in specific cases, such as ongoing legal proceedings.

AURUM guarantees the confidentiality of all CLIENT data. Mandatory personal data in registration forms is essential for service provision; omissions or inaccuracies are the CLIENT’S responsibility and may lead to refusal of services.

Data is stored electronically for contractual, pre-contractual, and commercial purposes, enabling CLIENT identification until relationships are definitively terminated, after which data is anonymized or deleted. Data may also be disclosed to judicial or administrative authorities when required by law, subject to confidentiality obligations.

Personal data may be shared with AURUM service providers, including companies operating the online store or providing services legally on AURUM’s behalf.

AURUM is not responsible for data security during internet transmission.

AUTOMATIC DATA COLLECTION
AURUM also automatically collects website usage data, such as IP addresses, browser type, accessed pages, and other browsing information. These data are subject to the same rules as personal data but are retained for six months, after which they are permanently deleted.