Privacidade & Dados
Política de Privacidade
Quem Somos
O que recolhemos
We collect only data strictly necessary for the provision of the requested service (data minimisation principle — Art. 5(1)(c) GDPR):
Identification and Contact Data
Full name, email address, phone number and Tax ID/NIF (when applicable for invoicing). Collected via contact and quote forms.
Technical Access Data
IP address and access timestamp, automatically collected by the Cloudflare infrastructure for security and fraud prevention. These data are not used for marketing profiles.
Session and Preference Data
Preferred language, interface theme (light/dark) and temporary AI assistant session ID — stored locally in your browser (localStorage) and never transmitted for marketing purposes.
Billing Data
Name, Tax ID, address and payment data — securely processed via Stripe (PCI-DSS Level 1) for invoice issuance. PertoDaqui does not store card numbers.
Conversational Interaction Data
When using the AI assistant 'O Daqui' via Website, WhatsApp or social networks, we collect the phone number (as unique identifier for management permissions), the public profile name and the content of messages sent for request processing.
Para que usamos
Responding to Contact Requests
Replying to messages, information requests and quotes submitted through the site's forms.
Contract Performance
Managing adjudications, invoicing, delivery of digital projects and post-delivery technical support.
Compliance with Legal Obligations
Retention of tax and accounting documents for the mandatory legal periods (10 years, under Portuguese commercial and fiscal legislation).
Security and Fraud Prevention
Protecting the infrastructure and users against unauthorised access, DDoS attacks and fraud attempts, through Cloudflare services.
Fundamentos Jurídicos
Each data processing activity has a specific legal basis, as required by Art. 6 GDPR:
Contract Performance (Art. 6(1)(b))
Processing necessary for the provision of the agreed service (quotes, adjudications, invoicing and project delivery).
Explicit Consent (Art. 6(1)(a))
Explicit consent for processing scheduling data (name, email, phone and selected time slot). Users can request deletion of their data at any time via privacy@pertodaqui.pt.
Legal Obligation (Art. 6(1)(c))
Retention of tax and accounting records for the legally imposed periods.
Legitimate Interests (Art. 6(1)(f))
Protecting platform security and detecting fraud, with minimal privacy impact on users.
Por quanto tempo
Contact Requests and Unconverted Quotes
6 months after the last contact, unless converted into a contract.
Active Projects
For the duration of the contract and the minimum legal period of 10 years (tax documentation).
Security Data (Cloudflare Logs)
72 hours in operational mode, in accordance with Cloudflare's privacy policy.
Browser Preferences (localStorage)
Persist until you clear your browser data. No synchronisation with external servers.
WhatsApp Conversations (via Meta Platforms Ireland Ltd.)
12 months from last interaction, or immediately after opt-out. After this period, data is securely and irreversibly deleted both from local database and via WhatsApp Business API.
After the applicable retention period, data is deleted securely and irreversibly.
Com quem partilhamos
We do not sell, rent or transfer your data to third parties for commercial or marketing purposes. Sharing is limited to strictly necessary technical sub-processors:
| Partner | Role |
|---|---|
| Cloudflare, Inc. | Infrastructure, CDN and Security (DDoS, WAF) |
| Stripe, Inc. | Payment Processing (PCI-DSS Level 1) |
| PertoDaqui Own System | Online Scheduling (in-house infrastructure, no third parties) |
| Groq Cloud | Natural Language Processing (AI Assistant — stateless mode) |
| Meta Platforms Ireland Ltd. | Communication infrastructure provision (WhatsApp Business API) |
WhatsApp Business API — Compliance details
Política de Cookies
We follow a minimalist cookie approach, in compliance with the ePrivacy Directive (2002/58/EC) and GDPR:
Essential Technical Cookies
Required for the site to function. No consent required. Includes: Cloudflare bot protection cookie (__cf_bm) and privacy preference cookie (pdq_consent) to record your choices.
Functional Cookies (Optional)
Activated only with your consent. Includes the AI Assistant session memory (odaqui_session) for conversation continuity. The scheduling system is in-house and requires no additional cookies.
Local Storage (localStorage)
Not technically cookies. We locally store: preferred language (lang), interface theme (theme) and AI assistant session ID (odaqui_session). This data never leaves your device.
By default, PertoDaqui does not use marketing tracking. External analytics tools are only used when contracted by the client, with proper consent and configuration.
Direitos RGPD
Under Articles 15 to 22 of the GDPR, you have the following rights:
Right of Access (Art. 15)
Obtain confirmation of whether we process your data and receive a complete copy thereof.
Right to Rectification (Art. 16)
Correct inaccurate or incomplete data we hold about you.
Right to Erasure (Art. 17)
Request deletion of your personal data, except where a legal retention obligation exists.
Right to Portability (Art. 20)
Receive your data in a structured, machine-readable and interoperable format (JSON or CSV).
Right to Object (Art. 21)
Object to processing based on legitimate interests or for direct marketing purposes.
Right to Restriction (Art. 18)
Request suspension of processing while a contestation is under review.
How to exercise your rights
Send a written request to privacy@pertodaqui.pt, indicating the right you wish to exercise and a means of identity verification. We respond within 30 business days, free of charge.
privacidade@pertodaqui.ptDeletion via WhatsApp Business API
For WhatsApp conversations, you can request data deletion via the WhatsApp Business API (endpoint /api/gdpr/whatsapp-delete) to ensure data is removed both from our local database and Meta's servers.
Automatic Opt-out
The system automatically detects opt-out commands: 'SAIR', 'STOP', 'CANCELAR', 'NO', 'NÃO'. When sending any of these commands, the conversation is immediately blocked, the conversation history is deleted and the user receives confirmation that data has been removed. The user can restart the conversation at any time, which implies new consent.
Como protegemos
Encryption in Transit
All traffic is encrypted with TLS 1.3 via Cloudflare. SSL/TLS certificates are managed automatically.
Encryption at Rest
Structured data stored in Cloudflare D1 (globally distributed SQL database) benefits from AES-256 encryption by default.
Protection Against Attacks
Enterprise-level DDoS protection, Web Application Firewall (WAF), Rate Limiting and bot protection via Cloudflare.
Anti-Spam Forms
All forms are protected with Cloudflare Turnstile (private CAPTCHA) and honeypot fields, without exposing your data to third parties.
In the event of a data breach that puts your rights and freedoms at risk, we will notify the CNPD within 72 hours and affected data subjects without undue delay, in accordance with Art. 33 and 34 of the GDPR.
Memories: Photography
The PertoDaqui Memories service collects and processes personal data and photographs as part of the vintage photo digital restoration service.
Data collected
Name, email address, phone number (optional) and the photograph submitted for evaluation or restoration.
Purpose
Data is used exclusively to evaluate the photograph's condition, provide a quote, perform the restoration and deliver the result to the client.
Local processing
Photographs are processed locally in Portugal, in Figueira de Castelo Rodrigo. They are not sent to external AI services (Google, OpenAI, etc.) or third-party cloud platforms.
Retention
Photographs are automatically deleted 14 days after final delivery, unless the client gives explicit consent for portfolio inclusion.
Portfolio
The original or restored photograph is only published in the portfolio with the client's free, specific, informed and unambiguous consent. This consent can be revoked at any time via memorias@pertodaqui.pt.
Contact
To exercise your rights regarding the Memories service (access, rectification, erasure, portability), contact memorias@pertodaqui.pt.
Alterações à Política
We reserve the right to update this Privacy Policy to reflect legal, technical or service changes. For significant material changes, we will notify active clients by email at least 30 days in advance. The date of the last update is always indicated at the top of this page.