Privacy Policy

§ 01Data Controller

The data controller responsible for your personal data is:

Privum Cloud Consulting does not currently have a designated Data Protection Officer (DPO) as it is not required under Article 37 of the GDPR given our size and nature of processing. For any data protection inquiries, please contact us at [email protected].

§ 02Personal Data We Collect

Data you provide directly

We collect personal data that you voluntarily provide when you:

• Fill out contact forms (name, email, company, message)
• Subscribe to our newsletter (email address)
• Apply for positions through our talent pool (name, email, role, portfolio, notes)
• Request a service assessment (name, email, company)

Data collected automatically

When you visit our website, we may automatically collect: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and interaction data. This data is collected via cookies and Google Analytics (see Section 4).

§ 03Legal Basis and Purposes of Processing

Under Articles 6 and 13 of the GDPR, we process your personal data based on the following legal grounds:

§ 04Cookies and Consent Management

We use cookies and similar tracking technologies on our website. In accordance with the GDPR and the ePrivacy Directive, we obtain your consent before activating non-essential cookies.

Cookie consent banner

When you first visit our website, a cookie consent banner is displayed. You can accept or reject non-essential cookies. Only strictly necessary cookies are activated without consent. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

Types of cookies we use

• Strictly necessary cookies: Required for the website to function (no consent required)
• Analytics cookies (Google Analytics): Help us understand how visitors interact with our website. Only activated after consent. We use Google Analytics 4 with IP anonymization enabled.
• Preference cookies: Remember your settings such as cookie consent choice. Only activated after consent.

You can also control cookies through your browser settings. Disabling essential cookies may affect website functionality.

§ 05Data Sharing and Third Parties

We do not sell, trade, or rent your personal data. We may share your data with the following categories of recipients:

• Email service provider: Email delivery for contact form submissions and newsletter
• Analytics provider (Google Analytics): Website analytics — with IP anonymization enabled
• CDN and security provider (Cloudflare): Website security and performance
• Legal authorities: When required by law, court order, or to protect our legal rights

All third-party processors are bound by data processing agreements (DPAs) in accordance with Article 28 of the GDPR.

§ 06Data Security

We implement appropriate technical and organizational measures to protect your personal data, including: encryption in transit (TLS 1.2+), access controls, input validation and sanitization, rate limiting on forms, security headers (X-Frame-Options, CSP, HSTS), and regular security assessments. However, no method of transmission over the Internet is 100% secure.

§ 07Your Rights Under the GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access (Art. 15): Request a copy of the personal data we hold about you
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing (Art. 18): Request limitation of how we process your data
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interest or direct marketing
• Right to withdraw consent (Art. 7): Withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days as required by Article 12(3) of the GDPR. If we need additional time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.

Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority in Portugal is:

§ 08Email Marketing

We may send marketing communications about our services to business email addresses based on legitimate interest (Art. 6(1)(f) GDPR) for B2B communications, or based on consent for newsletter subscriptions.

Every marketing email includes:

• Clear identification of Privum Cloud Consulting as the sender
• A working unsubscribe link that is processed immediately
• Our physical address and contact information

You can opt out of marketing emails at any time by clicking the "Unsubscribe" link in any email or by contacting us at [email protected].

§ 09Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: 2 years from last interaction
• Newsletter subscriptions: Until you unsubscribe
• Job applications: 1 year from submission date
• Analytics data: 14 months (Google Analytics default retention)
• Legal/accounting records: As required by Portuguese law

§ 10International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:

• EU Adequacy decisions: Transfers to countries recognized by the European Commission as providing adequate data protection (Art. 45 GDPR)
• Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we use EU-approved Standard Contractual Clauses (Art. 46(2)(c) GDPR)
• EU-US Data Privacy Framework: For US-based processors that are certified under the framework (e.g., Google, Microsoft)

Our email and analytics processors operate under the EU-US Data Privacy Framework and/or Standard Contractual Clauses, with EU-based processing options where available.

§ 11Children's Privacy

Our website and services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you become aware that a child has provided us with personal data, please contact us at [email protected] and we will promptly delete the data.

§ 12Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "Last updated" date. For material changes that affect how we process your data, we will provide prominent notice (such as a website banner or email notification). We encourage you to review this policy periodically.

§ 13Contact Us

For any questions about this Privacy Policy, to exercise your data protection rights, or to raise any concerns about how we handle your personal data: