PRIVACY POLICY – ROCKPORT PORTUGAL

1. Introduction and Responsible Entity

Iconic Brands, Lda., collective person no. 518 835 715, headquartered at Avenida Paul Harris, nº1, Building D 2710-724 Mem Martins, Sintra Portugal; is the entity responsible for the processing of personal data collected through the website www.rockport.pt (hereinafter "Rockport" or "Rockport Site").

Rockport recognizes the importance of protecting the personal data of its customers and visitors and is committed to processing personal data legally, fairly, and transparently, in accordance with the General Data Protection Regulation (GDPR) and applicable legislation.

2. Personal Data Collected

Rockport may collect and process the following personal data: - Name - Email - Delivery and billing address - Phone contact - Tax Identification Number - Purchase history - Payment data (never stored by Rockport)

The collection of this data occurs when the User:

- Creates an account on the Site;

- Makes a purchase;

- Subscribes to the newsletter;

- Contacts customer support;

- Browses the Site (through cookies and similar technologies).

3. Purposes of Processing

The data will be processed exclusively for the following purposes:

3.1 Execution of the purchase and sale contract

· Processing and shipping orders;

· Issuing invoices;

· Communication with the customer about orders and deliveries.

3.2 Customer account management

· Access to purchase history;

· Updating data;

· Communication about service changes.

3.3 Marketing and promotional communications

Rockport will only send newsletters, campaigns, and promotional communications if the User gives explicit consent.

The User may withdraw consent at any time through the link provided in each communication or by directly requesting Rockport.

3.4 Compliance with legal obligations

· Fiscal retention of documents;

· Communication of data to authorities when legally required.

3.5 Improvement of the experience on the Site

· Statistical and browsing analysis;

· Use of cookies (see section 6).

4. Data Sharing with Third Parties

Rockport only shares personal data with third parties when necessary for the provision of its services, namely: - Logistics and transportation companies; - Payment companies and processing platforms (e.g., SIBS, banking entities); - Technical support and hosting services for the Site; - Providers of analytical tools (Google Analytics).

In all cases, Rockport ensures that these third parties guarantee the same level of data protection that European legislation requires.

Rockport never sells, rents, or gives personal data for commercial purposes of third parties.

5. International Data Transfers

If data transmission occurs to countries outside the European Economic Area, Rockport ensures:

- The existence of adequacy decisions by the European Commission; or

- Adoption of model contractual clauses approved by the European Commission.

6. Cookies and Similar Technologies

The Site uses cookies to:

- Ensure its proper functioning;

- Store User preferences;

- Improve browsing;

- Statistically analyze traffic (Google Analytics).

The User can set their browser to block cookies, but this may affect the browsing experience.

Rockport's Cookie Policy is available separately on the Site.

7. Data Retention

Personal data will be retained:

- For the period necessary for the purposes described;

- For the mandatory legal deadline (e.g., 10 years for fiscal documents);

- Until the User requests deletion, where applicable.

8. Rights of Data Subjects

The User can, at any time, exercise the following rights:

- Access to their personal data;

- Rectification of incorrect or outdated data;

- Deletion of data, where applicable;

- Data portability;

- Limitation of processing;

- Opposition to processing, including direct marketing;

- Withdrawal of consent, when processing is based on it.

Requests must be sent in writing to: customerservice@rockport.pt

The User may also file a complaint with the National Data Protection Commission (CNPD).

9. Security and Confidentiality

Rockport implements appropriate security measures to:

- Protect data against unauthorized access;

- Prevent loss, destruction, or alteration;

- Ensure confidentiality and integrity.

Despite the measures taken, no system is completely invulnerable, so we recommend that the User keep their protection software updated.

10. Changes to the Privacy Policy

Rockport may change this Policy at any time. Changes will be posted on the Site, and continued use of the Site will imply acceptance of the updated version.