Logotipo Volta em brancoLogotipo Volta em preto

    • Privacy Policy

     

    volta considers respect for privacy and the protection of personal data to be a core value in all its activities, particularly in its relationship with users and stakeholders.

    In this context, and based on the principle of transparency, volta has adopted and published this Privacy Policy. It applies regardless of the communication channel through which you interact with us and aims to ensure that users clearly understand how their personal data is processed and what rights they have.

    volta and its team are committed to processing personal data in accordance with this Policy and with full confidentiality.

    We aim to provide information that is both comprehensive and easy to understand. However, if you have any questions or require further clarification on privacy-related matters, you may contact us using the details available in the website footer, with the subject line “Personal Data and Privacy.”

    I. Data Controller

    User data is processed by volta, a private non-profit organisation, with tax identification number (NIPC) 516 554 999, and registered office at Avenida da República, no. 74, 1st floor, left, Alvalade, 1600-205 Lisbon, Portugal, acting as the data controller.

    volta may be contacted through the channels listed in the website footer. For matters related to personal data, please use the subject “Personal Data and Privacy.”

    II. Data Subjects and Personal Data Processed

    volta processes personal data of its users, in particular connection and browsing data, such as IP addresses and access logs.

    No special categories of personal data are processed.

    Users are not legally required to provide personal data; however, failure to do so may limit access to certain website functionalities.

    III. Purposes, Legal Basis, and Retention Periods

    Personal data relating to browsing and connection, collected through cookies, is processed for the following purposes:

    • Ensuring the proper functioning of the website
    • Analyzing how the website is used

    This processing is based on volta’s legitimate interest in improving the performance and security of the website, as well as on user consent where applicable. Such data is retained for a period of up to one year.

    In addition to browsing data, volta may process contact details voluntarily provided by users (name, email address, phone number) for the following purposes:

    • Sending informational and institutional communications, including promotional contente related to volta’s activities
    • Invitations to events
    • Updates regarding the Deposit Return System
    • Sharing relevant content

    This processing is based on the user’s freely given, informed, and specific consent, provided at the time of data submission. Data is retained until the user withdraws consent or objects to the processing, whichever occurs first, which may be done at any time via the contact details available in the website footer.

    IV. Data Recipients

    User personal data may be shared by volta with third parties, including service providers, for the purpose of ensuring website functionality and analyzing its usage, in compliance with legal obligations.

    Data may also be shared with subcontractors engaged by volta to carry out the identified processing activities on its behalf. In such cases, all provisions of this Policy remain applicable, and volta remains responsible for the processing of personal data.

    V. Transfers to Third Countries

    Where it is necessary to transfer data to third countries, particularly where recipients are located outside the European Union (EU), volta ensures that such transfers are carried out based on a European Commission adequacy decision or, where such a decision does not exist, through appropriate safeguards, including the use of standard contractual clauses adopted by the Commission.

    VI. Data Security

    volta implements appropriate technical and organizational measures to ensure the security of user data, safeguarding its confidentiality, integrity, and availability.

    Equivalent measures are required of subcontractors and third parties with whom data is shared.

    If users wish to obtain further information regarding these measures or report a data or security breach, they may do so using the contact details in the website footer, with the subject “Personal Data and Privacy.”


    VII. Data Subject Rights

    volta recognizes the following rights for users as data subjects:

    i. Access – Users may request confirmation as to whether their personal data is being processed, access that data, and obtain information about the processing activities.

    ii. Rectification – Users may correct inaccurate data, complete incomplete data, and update outdated information at any time. Users are responsible for providing accurate data and may be held responsible for any damages resulting from incorrect or outdated information provided to volta or third parties.

    iii. Erasure – Where processing is based on consent and that consent is withdrawn, or where processing becomes unlawful, users may request the deletion of their personal data.

    iv. Restriction of Processing – Users may request restriction of processing where the lawfulness of processing is contested or where, despite no longer being required, data needs to be retained for legal purposes.

    v. Data Portability – Where processing is based on consent or a contract and carried out by automated means, users may request that their data be provided to them or transmitted directly to another controller.

    vi. Objection – Users may object to processing based on legitimate interests.

    vii. Withdrawal of Consent – Where processing is based on consent, users may withdraw it at any time. Cookie settings can also be managed through the cookie preferences available on the website or via browser settings.

    viii. Right to Lodge a Complaint – Users have the right to lodge a complaint with the relevant supervisory authority. In Portugal, this is the National Data Protection Commission (CNPD): (https://www.cnpd.pt/).

    These rights can be exercised at any time via the contact details provided in the website footer, using the subject “Personal Data and Privacy.” The exercise of these rights is free of charge.


    VIII. Validity and Updates

    This version of the Policy was published on June 30, 2022. Any material changes will be communicated to users through the available communication channels. Users are encouraged to review this Policy periodically to stay informed of any updates.

     

    App: Volta – Consumer

     

    SDR places the highest value on the protection of your data. The mobile application “Volta – Consumer” is designed for consumers using the Portuguese Deposit Return System (DRS) to check whether an EAN code is eligible in the scheme and to find collection points for returning PET and can packaging

    The app does not require user registration and is not intended to collect personal data about its users. SDR states that the app only collects anonymous diagnostic and technical information necessary to maintain app stability, security, and performance.

    1. Controller for Data Processing

    SDR Portugal – Associação de Embaladores (SDR)
    Torre Zenith – Rua Doutor António Loureiro Borges, nº 9, Piso 11, Miraflores, 1495-131 Algés
    NIPC: 516554999
    Commercial Registry: Conservatória do Registo Comercial de Lisboa
    Phone: 210195116
    Email: geral@sdrportugal.pt

    Data protection inquiries may be sent by email to geral@sdrportugal.pt or by post to the above address.

    2. Data Processing in the App

    SDR provides the application “Volta – Consumer” to enable consumers to:

    • validate whether beverage packaging EANs are included in the Portuguese DRS scheme;
    • view a map of available collection points for PET and can returns;
    • consult collection point details such as address, map location, opening hours, and navigation options; and
    • access general information, FAQs, and contact details about the Portuguese deposit return system.

    In this context, SDR describes the following processing activities for the consumer app:

    2.1. No user account or identification data

    The app does not require account creation, login, or user profile management. SDR therefore does not intentionally collect user identification data such as name, surname, email address, or phone number through the app.

    2.2. EAN validation

    The app allows users to validate whether a beverage packaging EAN is part of the Portuguese DRS scheme. The EAN may be entered manually or captured by the device camera.

    • The EAN code refers to a product identifier and is not, in itself, personal data.
    • If the camera is used, image access is used only to read the barcode on the device. SDR does not intend to collect or store photos or video of the user for this purpose.
    • The processing of the barcode-reading function is limited to providing the requested validation result.

    2.3. Collection point map and navigation

    The app displays collection points where consumers can return PET and can packaging within the Portuguese DRS system, including address, map location, opening hours, and navigation information.

    • The collection point information relates to participating return locations, not to the user.
    • If the user opens navigation through a third-party map or navigation service, that provider may process data independently under its own privacy terms.
    • According to the information provided for this draft, SDR does not collect user location data through the app.

    2.4. Anonymous diagnostic data

    SDR states that the app only collects anonymous diagnostic and technical data. This information is used exclusively to operate, secure, maintain, and improve the app.

    • Such information may include app version, device type, operating system version, crash logs, performance events, and similar technical diagnostics.
    • This information is intended to be anonymous and not to identify the user personally.
    • Where data is truly anonymous, the GDPR does not apply to that information as personal data.

    3. Legal Bases

    Based on the information provided for this consumer app draft:

    • use of the app functions requested by the user, such as barcode validation and display of collection-point information, may be considered necessary to provide the requested service;
    • anonymous diagnostic data is used for app security, stability, and improvement; and
    • where any device permission is required, such as camera access for barcode scanning, access depends on the permission settings chosen by the user on the device.

    This section should be confirmed by SDR’s legal team before publication, particularly if any analytics or SDK provider is used in production.

    4. Recipients of Data

    Only authorized persons and contracted service providers may have access to data processed for operating the app, where applicable.

    • Sensoneo j.s.a., Company ID 50 746 057, Kollarova 27, 84106 Bratislava, Slovakia (IT service provider; processor under Art. 28 GDPR, where applicable);
    • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (IT service provider; processor under Art. 28 GDPR, where applicable). Any transfer to the USA, in particular to Microsoft Corporation, is stated to rely on the EU-US Data Privacy Framework, where applicable.
    • Apple Inc. and Google LLC may process data independently when the app is downloaded, installed, updated, or used via the App Store or Google Play.

    SDR does not control processing carried out independently by Apple, Google, or any external map/navigation provider. Their own privacy policies apply to such processing.

    5. Automated Decision-Making

    SDR does not use automated decision-making within the meaning of Art. 22 GDPR.

    6. Data Security

    SDR implements appropriate technical and organizational measures designed to protect processed data and app infrastructure. These measures may include access controls, logging, backups, firewalls, and other security mechanisms proportionate to the risks involved.

    7. Your Rights

    Where personal data is processed, users have the rights granted under the GDPR, including the right of access, rectification, erasure, restriction, portability, and objection, subject to the legal conditions of each right. Users may also lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD).

    8. Data Retention

    Because the app is described as not collecting user personal data and only using anonymous diagnostic data, no retention period for identified user data is intended to apply. If any technical logs that could qualify as personal data are generated in exceptional circumstances, SDR should define and publish the applicable retention period before launch.

    App volta

    volta App is now available an application that allows you to verify packaging acceptance criteria, check eligibility by scanning the barcode, and locate the nearest volta Point or Kiosk.

    The consumer app can be downloaded from the App Store and Google Play Store.

    All Volta Points

    "*" indicates required fields

    Accepted file types: pdf, doc, docx, jpeg, png, Max. file size: 25 MB.
    Consentimento

    "*" indicates required fields

    Privacidade*
    About voltaImpactWhere to returnFrequently Asked QuestionsContacts