Privacy Policy

Within the scope of their activities, the various entities that make up the Benfica Group (hereinafter "Benfica Group" or "Benfica") process personal data of several holders, namely members, supporters, volunteers, athletes, and their families, sports agents, users and users of the IT platforms provided — namely, the website www.slbenfica.pt (Benfica’s official website) and any other applications available for use on computers, tablets, cell phones, or other devices (hereinafter, "Platforms").

The Benfica Group is composed, namely, of: Sport Lisboa e Benfica Clube, NIPC 500276722; Sport Lisboa e Benfica – Futebol, SAD, NIPC 504882066; Sport Lisboa e Benfica SGPS, S.A. NIPC 505270048; Sport Lisboa e Benfica – Multimédia, S.A., NIPC 505564424; Benfica TV, S.A. NIPC 508517494; Benfica

FM, S.A. NIPC 514631228; Benfica Estádio – Construção e Gestão de Estádios, S.A., NIPC 505813378; Parque do Benfica – Sociedade Imobiliária, S.A., NIPC 506807410; Clínica do SLB, Unipessoal, Lda. NIPC 508205360; Sport Lisboa e Benfica – Seguros, Mediação de Seguros, Lda. NIPC 508797404; Identiperímetro Sociedade Imobiliária, S.A. NIPC 508992770; Red Up Sports, Lda. NIPC 514395931; Fundação Benfica NIPC 509259740. All headquartered at Estádio Sport Lisboa e Benfica, Avenida Eusébio da Silva Ferreira, 1500-313, Lisboa.

This Privacy Policy is intended to help people from whom we process data (hereinafter "Data Subjects") understand what personal data we collect, how and why we use it, to whom we disclose it, and how we protect their privacy.

Accordingly, the Benfica Group adopts the conduct and implements the necessary mechanisms to ensure strict compliance with the legislation relating to the protection of personal data that is, at all times, in force, namely Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (" GDPR") and Law No. 58/2019, of August 8, which ensures the execution, in the national legal order [Portugal], of the GDPR.

By using and browsing our Platforms, filling out our forms, and providing data directly or indirectly, you acknowledge and accept the conditions of this Policy, the Terms and Conditions and the Terms of Use, and any other specific terms, policies, and conditions.

Additionally, and whenever specific questions arise as to the processing carried out by the following entities of the Benfica Group, please refer to the Privacy Policies specifically prepared for the processing of personal data carried out by these entities, which may be consulted at any time at the links below:

- Benfica TV, S.A. - Privacy Policy, available here

- Casas do Benfica - Privacy Policy, available here

- Clínica do SLB, Lda. - Privacy Policy, available here

References in this Privacy Policy to the "Benfica Group" or "Benfica", "we" or "our" mean the entity of the Benfica Group with which it has established a relationship and which in the appropriate context determines the purposes and means of data processing, being considered for this purpose the entity responsible for the processing, under the terms of the GDPR.

Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable individual ("data subject"). A person is considered identifiable if he/she can be identified directly or indirectly, namely by reference to an identification number or more specific elements of his/her physical, physiological, psychic, economic, cultural, or social identity.

The Benfica Group collects and processes the personal data necessary for the processing purposes previously defined.

Categories of personal data we process, purposes, and grounds

CATEGORIES OF PERSONAL DATA

TYPES OF DATA

Identification Data

First name, middle name, last name, date of birth, age, gender, ID card number, height, weight, marital status, nationality, photo, biometric data, additional data, passport number, member number

Directory Data

Household number, number of children, address (primary), address (secondary), landline, phone number (mobile), e-mail, fax number, additional data

Other Identifiers

Social media identifiers, VAT, NISS, health user number number, additional data.

Bank Details

IBAN, bank identification data

Professional details

Employer, position, category, professional portfolio

Data contained in donated documents

Data contained in the donated documents

myBenfica account access data

Username, password

Location data

Seat at Estádio da Luz

Others

Image

The Benfica Group is especially concerned with the protection of the rights of minors, so the collection of personal data of people under 18 years of age is, in most cases, dependent on the consent of their parents/guardians.

The Benfica Group processes this data in accordance with the applicable legislation, for various purposes, including:

TREATMENT PURPOSES

GROUNDS FOR LAWFULNESS

Management of the relationship with Benfica members and supporters

(a) Processing the registration as a Member and issuing the Membership card

(b) Sending information requested by the Benfica member and supporter

(c) Managing contacts, information, or complaints

(d) Recording calls for monitoring the quality of the service provided

(e) Providing services such as the payment of fees and the purchase of tickets and articles related to Benfica (merchandising)

(f) Adapting services to the needs and interests of members and supporters

(g) Managing subscriptions to the Benfica Newspaper

(h) Management of benefits and partnerships

  • Execution of the contract and pre-contractual proceedings
  • Compliance with legal obligations
  • Consent

Management of contact requests, clarification of doubts or additional information

  • Consent
  • Pre-contractual proceedings

Marketing of SLB products and services

(a) Management of the contractual relationship and marketing of Benfica Products

(b) Management of the commercial relationship and provision of services

(c) Processing of online purchases and invoicing and payment

(d) Customer service

(e) Sending communications regarding the status of orders placed

  • Execution of the contract and pre-contractual proceedings
  • Compliance with legal obligations

Institutional relations management

(a) Contact management

(b) Event management

  • Execution of the Contract and pre-contractual proceedings
  • The legitimate interest pursued by the controller

Prospection

(a) Talent management

(b) Hiring new talent

(c) Sending communications about opportunities

  • Pre-contractual proceedings
  • The legitimate interest pursued by the controller
  • Consent

Platform management

(a) Interacting on social media platforms and networks, using or reproducing content publicly available there, where the user has referred to or tagged/hashtagged, Benfica, Benfica's brands, products, or services

(b) Handling of complaints and suggestions

(c) Making available comments submitted regarding the quality of Benfica's products or services

  • The legitimate interests pursued by the controller
  • Consent

myBenfica account management

(a) Creation of myBenfica account

(b) Password recovery management

(c) Management of requests submitted through the account myBenfica

  • Execution of the Contract and pre-contractual proceedings
  • The legitimate interest pursued by the controller
  • Consent

Merchandising

(a) Management of the established contractual relationship

(b) Product and brand management

  • Execution of the contract and pre-contractual proceedings
  • The legitimate interest pursued by the controller

Food & Beverage

(a) Management of applications submitted through the APP

(b) Order processing, payment, and invoicing

(c) Customer service

(d) Sending updated notifications on the status of the order

  • Execution of the contract and pre-contractual proceedings
  • Compliance with legal obligations

Management of requests to access the documentation on file and management of loans and donations

  • Execution of the contract and pre-contractual proceedings
  • Consentiment

Media Accreditation Management

  • Legitimate interests pursued by the controller

Compliance with legal obligations

Response and reporting to judicial orders, administrative requisitions, or information requests submitted by public authorities with their own or delegated powers

  • Compliance with legal obligations

Marketing

(a) Information or marketing actions, in particular for the sending of communications for direct marketing purposes, including through the use of automated calling and communication systems which do not rely on human intervention (automatic calling machines), facsimile machines, or electronic mail (e-mail), including SMS (short message services), EMS (enhanced messaging services), MMS (multimedia messaging services), application notifications and other similar types of applications;

(b) Dissemination of institutional information about Benfica; campaigns, promotions, publicity, and news about Benfica's products and/or services

(c) Execution of market studies and evaluation surveys

(d) Profile Definition, namely with a view to developing customization mechanisms

  • Consent

Exercise of Benfica's rights

Collection of debts: either judicially (through ordinary courts or arbitration tribunals) or extrajudicially (cases in which personal data may be ceded to Benfica's representatives and advisors, such as lawyers solicitors and/or accountants).

  • Execution of the contract
  • Compliance with legal obligations

Protection of people and assets

(a) Video surveillance

(b) Access management to the Stadium and other SLB facilities

(c) Car park access management

  • Legitimate interests pursued by the controller

The personal data collected is processed in strict compliance with the applicable legislation and stored in a specific database created for this purpose.

The period for which data is stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements that require data to be retained for a certain period. Thus, and whenever there is no specific legal requirement, the data will be stored and maintained only for the period necessary for the purposes for which they were collected, as identified above.

Under the terms of the applicable legislation, the data subject may request at any time the following rights:

Right of access:

Benfica ensures the existence of means allowing the data subject to have access to the personal data that the entity holds on the data subject

Right to rectification:

Benfica ensures the existence of means that allow the data subject to rectify their personal data, if they are incorrect/inexact, or complete them if they are incomplete.

Right to erasure “Right to be forgotten”:

Benfica ensures the existence of means that allow the data subject to request the "erasure" of their personal data when any of the following circumstances occur:

  • When the data is no longer necessary for the purposes for which they were collected or otherwise processed;
  • When the data subject withdraws his consent to the processing of his data and there is no other legal basis for the processing;
  • When the data subject exercises his right to object and no other legitimate grounds are prevailing for processing;
  • When personal data has been unlawfully processed;
  • When the data must be deleted to comply with a legal obligation applicable to the entity as a controller; or
  • when the data has been obtained in the context of the direct offer of information society services to minors.

Right to object:

Benfica ensures the existence of means that allow the data subject to object specific personal data processing for specific purposes listed below, without prejudice to directives or laws in force:

  • Performance of public interest tasks for the pursuit of a legitimate interest of the said controller or a third party
  • Guarantee that the purpose of the processing is compatible with the purpose for which the data was initially collected, including the definition of profiles
  • Sending marketing communications or processing for targeted advertising, based on the legitimate interests of Benfica

Right to restriction of processing:

Benfica ensures the existence of means that allow the data subject to request the restriction of the processing of their personal data

Right to data portability:

Benfica ensures the existence of means that allow the data subject to request that a copy of their personal data be sent to another controller. This data is transmitted in a digital and structured format.

Push notifications are pop-up notifications that appear on your screen, presented through applications installed on your mobile device or computer. These serve as a quick way to communicate and send short messages. They can also be web notifications, when they appear while surfing the Internet, regardless of which browser you have installed and use to surf the Internet.

Since push notifications are notifications displayed on the device or browser itself, if you want to stop being notified or want to manage the notifications you receive you can do so on the device or browser itself.

Regardless of the operating system of your mobile device/tablet and the browser you use, the settings for these notifications can be changed at any time, either specifically for certain applications or websites or for the entire device or browser.

The User can change the settings of his browser through the following links:

  • Google Chrome, click here;
  • Microsoft Edge, click here;
  • Mozilla Firefox, click here;
  • Internet Explorer, click here;
  • Safari, click here;
  • Opera, click here.

You can change the settings of your operating system through the following links:

  • Android operating system, click here;
  • iOS operating system, click here;

Data subjects may exercise their rights by written request addressed to the Benfica Group to the e-mail address linhabenfica@slbenfica.pt or to the address Av. Eusébio da Silva Ferreira, Estádio do Sport de Lisboa Benfica, 1500-313 Lisboa, PORTUGAL.

In accordance with the applicable legislation, you are also guaranteed the right to withdraw your consent for the processing of the data for which consent is the basis for the legitimacy of processing, through the above-mentioned contact details. To this end, you have the right to withdraw your consent at any time, which shall not, however, invalidate the processing carried out until that date based on the consent previously given.

Additionally, Data Subjects with a myBenfica account can exercise their rights directly through their account, as well as manage their consents.

Data Subjects may also contact the Benfica Group Data Protection Officer “DPO” at dpo@slbenfica.pt.

Without prejudice to any other means of administrative or judicial appeal, the data subject has the right to submit a complaint to the national supervisory authority (CNPD) or any other competent supervisory authority under the terms of the law, if he/she considers that his/her data is not being processed legitimately by Benfica, under the terms of the applicable legislation and this Policy.

This Privacy Policy applies in full to all users of the Benfica Group Platforms. However, given the specificity inherent to the usage of the referred digital platforms, it is important to regulate some particularly relevant issues within this scope.

Benfica Group is aware that communicating personal information is of great concern to users who use the Internet. Notwithstanding the security measures adopted by the Benfica Group, we alert all users that when accessing the Internet they should regularly take precautions and adopt additional security measures in this regard, namely by using an updated computer and browser, and being careful when using shared computers.

Through our Platforms, we provide links to third-party websites, which are subject to separate Privacy Policies. Please note that this Privacy Policy does not apply to such websites and Benfica Group is not responsible for the collection of your information by such third parties through their websites.

The Benfica Group does not have access to data regarding financial transactions (namely credit card number, this information is made available directly to the online payment company that you have chosen for the payment processing - whose conditions can be found on the site of the entity that provides these services to the Benfica Group: https://stripe.com/en-pt or https://www.sibs.com/, according to the payment method chosen), however, if it is necessary to confirm the payment of the order or resolve any questions arising from it, it may have access to this data.

For more information about cookies and how the Benfica Group uses them on its websites or applications see the Cookies Policy.

The Benfica Group implements a set of procedural and technological measures to ensure the safety of the processing of personal data carried out by the Benfica Group or by companies hired by it.

Procedures and security controls are defined at both physical and digital levels, to ensure data integrity and access control and that only authorized users have access to the data.

Benfica adopts measures to safeguard the security of personal data, including protection against illegitimate access, appropriation, tampering and/or unauthorized disclosure, improper disposal, and dissemination of malicious software (computer viruses), adopting the appropriate technical and organizational measures for this purpose.

Benfica guarantees privacy and security in the transmission and storage of personal data, using SSL (Secure Sockets Layer) encryption of all information provided by the user.

In matters of privacy and personal data protection, Benfica's obligations towards the User, as the holder of personal data, are obligations of means (and not of result), for which reason, when accessing the Platforms and the Contents, the User recognizes and accepts, equally, to run the risks inherent to such activity in the digital and electronic environment, namely, the illegitimate access, appropriation, unauthorized tampering and/or disclosure, undue deletion and dissemination of malicious software (computer viruses).

The user recognizes and accepts, furthermore, that Benfica, its administrators, directors, and employees, cannot be held responsible for illicit acts practiced by third parties, including other users, namely those referred to in the previous number, even in cases where such acts cause damage, be it of a patrimonial or moral nature.

Any communication or message sent by the User by e-mail, the transmission of files, the inclusion of data, or any other form of unsolicited communication and, provided it does not contain instructions to the contrary, shall be considered non-confidential and free of any restrictions of use.

Benfica uses other entities for the rendering of certain services. This provision of services may eventually imply access, by these entities, to the personal data of the Data Subjects.

Thus, any processor of the Benfica Group will process the personal data of the data subjects in name and on behalf of Benfica under the strict obligation to follow our instructions. The Benfica Group shall ensure that such processors provide enough guarantees that appropriate technical and organizational measures are taken so that the processing complies with the requirements of the applicable legislation and ensures the safety and protection of the rights of the data subjects, under the data processing agreement executing with the processors.

For integrated management of members and control of the Sport Lisboa e Benfica brand, we inform you that your personal data may be communicated between the entities that compose the Benfica Group.

Benfica may also communicate personal data to third parties when it deems such communications necessary or appropriate (i) considering the applicable legislation, (ii) in compliance with legal/regulatory obligations/judicial orders, or (iii) to answer requests from public or governmental authorities, as well as (iv) in the scope of partnerships it has established.

In any of the situations mentioned above, Benfica undertakes to take all reasonable measures to ensure the actual protection of the personal data it handles.

Benfica undertakes to ensure the security and integrity of data in the cross-border transfer (outside the European Economic Area) and to inform the data subjects of this transfer whenever it occurs. Additionally, Benfica is responsible for implementing the necessary mechanisms to obtain the legal basis to execute any cross-border transfer, whenever applicable (for example, the celebration of the Standard Contractual Clauses approved by the European Commission).

You may contact the Benfica Group for further information on the processing of your personal data, as well as any questions related to the exercise of your rights under the applicable legislation and those referred to in this Privacy Policy, through the following contacts:

Phone: 707 200 100

E-mail: linhabenfica@slbenfica.pt

Adress: Av. Eusébio da Silva Ferreira, Estádio do Sport de Lisboa Benfica, 1500-313 Lisboa, PORTUGAL

Benfica reserves the right, at any time, to make changes or updates to this Privacy Policy and these changes are duly updated on our Platforms. We suggest that you check this Privacy Policy regularly to be aware of any changes.

Check out here the Privacy Policy versions:
Privacy Policy - 16.05.2018 - Version 1
Privacy Policy - 26.01.2022 - Version 2 (actual version)


Benfica Group Privacy Policy
Version: 2.0 / Entry into force: 26.01.2022


We use cookies to improve your browsing experience.
By your continued use of this site you accept our cookie use policy.

Accept