Privacy Policy

Definition

D&R Consultores’ data protection statement is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement is intended to be readable and understandable to the general public. To ensure this, we begin by explaining the terminology used.

In this data protection statement, we use, among others, the following terms:

  1. Personal data

Personal data means any information relating to an identified or identifiable natural person (“user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. User

The user is any identified or identifiable natural person whose personal data is processed by the data controller.

  1. Processing

Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Processing restrictions

Processing restriction means the marking of stored personal data with the aim of limiting its future processing.

  1. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

  1. Anonymisation

Anonymisation is the processing of personal data in such a way that the data can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and subject to technical and organisational measures to ensure that the data are not attributed to an identified or identifiable natural person.

  1. Controller

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  1. Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  1. Recipient

The recipient is a natural or legal person, public authority, agency or another body to whom the personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

  1. Third parties

A third party is a natural or legal person, public authority, agency or body other than the user, controller, and processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  1. Consent

User consent is any freely given, specific, informed and unambiguous indication of the user’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

Name and address of the controller

The controller for the purposes of the General Data Protection Regulation (GDPR), other applicable data protection laws in the Member States of the European Union and other provisions related to data protection is:

D&R Consultores  
VAT No.: 517895099  
Email: geral@drconsultores.pt  
Website: https://drconsultores.pt/

Cookie Policy

D&R Consultores’ websites use cookies to improve user experience, enable specific functionalities, and analyse website traffic. Cookies are small text files stored on the user’s device via the web browser. Many websites and servers use cookies to identify users, personalise their experience, and enable specific features.

By using cookies, D&R Consultores can provide services on this website that are more user-friendly and efficient, which would not be possible without cookies.

Cookies allow us, as mentioned above, to recognise users of our website. The purpose of this recognition is to make it easier for users to navigate our site. For example, users who accept cookies do not have to re-enter login information each time they access the website, as that data is retained by the cookie stored on the user’s device. Another example is the cookie used in an online store’s shopping cart — it remembers the items a customer adds to the virtual cart.

Users may, at any time, prevent the setting of cookies via our website by configuring their Internet browser accordingly and may therefore permanently refuse the use of cookies. Additionally, cookies already set may be deleted at any time via a browser or other software solutions. This is possible in all commonly used browsers. If the user disables cookies in their browser, not all features of the website may function properly.

User Consent

When accessing our website for the first time, users are informed about the use of cookies and have the option to accept or decline optional cookies via the cookie banner.

Types of Cookies Used and Purpose

Below is a table with the specific cookies used on this website, their type, purpose, duration, and whether consent is required for their use.A declaração de proteção de dados do D&R Consultores é elaborada em conformidade com o Regulamento Geral de Proteção de Dados (RGPD). Este documento pretende ser claro e compreensível para o público em geral, explicando de forma acessível os termos e procedimentos relacionados com o tratamento de dados pessoais.

Cookie NameTypePurposeDurationProviderNecessary consent

Managing Cookie Preferences

Users can configure their browser to accept or reject cookies, or to notify them when a cookie is being sent. Instructions for adjusting cookie settings can be found in the following browsers:

General Data and Information Collection

When visiting our website, technical data and general information may be automatically collected, such as browser type, operating system, pages visited, and IP address — or voluntarily provided by users through contact forms or other interactions. D&R Consultores does not draw any conclusions about the user from this data.

This information is used to ensure optimal content delivery, improve system security, and cooperate with authorities in the event of security incidents. The data is processed anonymously and stored separately from any personal data provided by the user. These data may be collected automatically while using the website or voluntarily provided by users through contact forms or other interactions.

  1. Types of Data Collected  
  • Contact data: Includes name, email address, phone number, postal address (if applicable).  
  • Browsing data: Includes IP address, device information, browser types, operating system, pages visited, visit duration, browsing behaviour, and other automatically generated information.  
  • Voluntarily provided data: Includes any data submitted by users via contact forms, newsletter signups, account registrations, etc.
  1. Purpose of Data Processing  

Collected data is processed for the following purposes:  

  • Service requests and support: Data is used to respond to user requests, deliver requested services, and provide the best possible website experience.  
  • Website improvement and analytics: Browsing data is analysed to optimise services, identify usage patterns, and enhance features.  
  • Marketing communications: With user consent, contact data may be used to send promotional content, newsletters, or other relevant information.
  1. Legal Basis for Data Processing

Data is processed based on:

  • User consent: When required (e.g., newsletter subscriptions).  
  • Contract performance: When providing services requested by the user.  
  • Legitimate interest: For website and service optimisation, or responding to legitimate user requests.
  1. Data Sharing with Third Parties

If data is shared with third parties, it is done in compliance with the GDPR and only with partners necessary for service provision, such as analytics providers or operational partners. Any data transfers are governed by contracts that safeguard user rights.

  1. Data Storage and Security

Collected data is stored for the period necessary to fulfil the stated purposes, unless a longer retention period is required or permitted by law. D&R Consultores applies technical and organisational measures to ensure the security of personal data.

Contact via Website

The D&R Consultores website contains information enabling direct electronic contact with our company, including a general email address. If a user contacts the controller by email or via a contact form, the personal data transmitted is stored automatically. Such personal data, voluntarily transmitted by the user to the controller or processor, is stored for the purpose of handling the request or initiating contact.

Regular Deletion and Blocking of Personal Data

The data controller only processes and retains the user’s personal data for as long as is necessary to achieve the storage purpose, or as permitted by EU or Member State law.  

If the storage purpose no longer applies, or a legal retention period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

User Rights

  1. Right to Confirmation

Each data subject has the right, granted by the European legislator, to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. If a user wishes to exercise this right, they may contact our data protection officer or another staff member at any time.

  1. Right of Access

Each user has the right, granted by the European legislator, to obtain free information about their stored personal data at any time and to receive a copy of that information. Furthermore, EU directives and regulations grant access to the following details:

  • The purposes of the processing;  
  • The categories of personal data concerned;  
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organisations;  
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;  
  • The existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing, or to object to such processing;  
  • The right to lodge a complaint with a supervisory authority;  
  • Where the personal data is not collected from the user, any available information as to its source;  
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the user.

Users also have the right to know whether personal data is transferred to a third country or international organisation. If so, they have the right to be informed of the appropriate safeguards related to the transfer.

To exercise the right of access, users may contact our data protection officer or another staff member at any time.

  1. Right to Rectification

Each user has the right, granted by the European legislator, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Considering the purposes of the processing, the user has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  1. Right to Erasure (“Right to Be Forgotten”)

Each user has the right, granted by the European legislator, to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller is obliged to erase personal data without undue delay where one of the following grounds applies, unless processing is necessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;  
  • The user withdraws consent on which the processing is based according to Article 6(1)(a);  
  • The user objects to the processing under Article 21(1) and there are no overriding legitimate grounds for the processing;  
  • The personal data has been unlawfully processed;  
  • The personal data must be erased to comply with a legal obligation in Union or Member State law;  
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the above applies and a user wishes to request the deletion of personal data stored by D&R Consultores, they may contact our data protection officer or another staff member at any time. The data protection officer shall ensure the erasure request is processed immediately.

Where D&R Consultores has made personal data public and is obliged under Article 17(1) to erase it, we will, taking account of available technology and implementation costs, take reasonable steps, including technical measures, to inform other controllers processing the data that the user has requested the deletion of any links to, or copies or replications of, such data. Our data protection officer or another staff member will take the necessary measures on a case-by-case basis.

  1. Right to Restriction of Processing

Each user has the right, granted by the European legislator, to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of the data;  
  • he processing is unlawful, and the user opposes the erasure of the personal data and requests the restriction of its use instead;  
  • The controller no longer needs the personal data for processing purposes, but the user requires it for the establishment, exercise or defence of legal claims;  
  • The user has objected to processing under Article 21(1) pending verification whether the legitimate grounds of the controller override those of the user.

If any of these conditions are met, and a user wishes to request restriction of processing, they may contact D&R Consultores’ data protection officer or another authorised staff member. The restriction will be handled accordingly.

  1. Right to Data Portability

Each user has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit that data to another controller without hindrance, where:

  • Processing is based on consent under Article 6(1)(a) or Article 9(2)(a), or on a contract under Article 6(1)(b); and  
  • The processing is carried out by automated means, provided it is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • In exercising their right to data portability under Article 20(1), the user also has the right to have personal data transmitted directly from one controller to another, where technically feasible and without adversely affecting the rights and freedoms of others.

To exercise the right to data portability, the user may contact the designated data protection officer at D&R Consultores or another staff member at any time.

  1. Right to Object

Each user has the right, granted by the European legislator, to object, on grounds relating to their particular situation, at any time, to the processing of personal data concerning them based on Article 6(1)(e) or (f). This also applies to profiling based on these provisions.

D&R Consultores shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the user, or for the establishment, exercise or defence of legal claims.

If D&R Consultores processes personal data for direct marketing purposes, the user has the right to object at any time to the processing of personal data concerning them for such marketing. This includes profiling to the extent it is related to such direct marketing. If the user objects, D&R Consultores will cease to process the data for marketing purposes.

Additionally, the user has the right to object, on grounds relating to their particular situation, to processing for scientific or historical research purposes or statistical purposes under Article 89(1), unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the user may contact D&R Consultores’ data protection officer or another staff member directly. Users may also exercise this right through automated means using technical specifications, in line with Directive 2002/58/EC.

  1. Automated Individual Decision-Making, Including Profiling

Each user has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal eff

  1. Right to Withdraw Consent

Each user has the right, granted by the European legislator, to withdraw their consent to the processing of personal data at any time.

If the user wishes to exercise this right, they may contact D&R Consultores’ data protection officer or another authorised staff member at any time.

Use of Analytics Tools and Tracking Technologies

To enhance user experience, deliver personalised services, and analyse website traffic, we use various third-party tools and technologies. Some of these tools may collect users’ personal data, while others enable specific features without direct data collection.

Google Analytics (with anonymisation function)  

We use Google Analytics to analyse user interactions with our website. Data is collected anonymously through cookies, and IP anonymisation is enabled to protect user privacy. For more information, see Google’s Privacy Policy.

Facebook Pixel  

We use Facebook Pixel to track user behaviour on our website and evaluate the effectiveness of our Facebook marketing campaigns. This tool helps us optimise ads based on user actions, such as page visits or conversions. Data is anonymised and processed according to Facebook’s privacy policy. Users can manage ad preferences in their Facebook account or through our consent mechanisms.

WP Forms  

WP Forms allows users to submit information via contact forms on our website. Submitted data is stored to respond to user enquiries. The data is stored securely and not shared with third parties unless required to fulfil a user’s specific request.

Google reCAPTCHA  

We use Google reCAPTCHA to protect our website from automated access and interactions (bots). It collects data such as IP address and user behaviour to verify authenticity. This data is processed by Google according to its privacy policy.

Google Maps, YouTube, and Vimeo  

These tools may collect navigation data such as IP address to provide map or video services. Data is processed in compliance with each provider’s privacy policy: Google, Vimeo.

Google Fonts and Adobe Fonts  

We use fonts provided by Google and Adobe to enhance the website’s visual appearance. These tools may collect information like IP address when fonts are loaded. Refer to Google’s and Adobe’s privacy policies.

Legal Basis for Processing

Art. 6(1)(a) serves as the legal basis for processing operations where we obtain user consent for a specific purpose. If the user has consented to the processing of their personal data for one or more specified purposes.

Legitimate Interests Pursued by the Controller or Third Party

When processing is based on Article 6(1)(f), our legitimate interest is to promote our services and activities in the interest of all our visitors and the general public.

Personal Data Retention Period

The criterion for determining the retention period for personal data is the applicable legal retention period. After this period expires, the corresponding data is routinely deleted.

Changes to the Privacy Policy

We may update our Privacy Policy from time to time. We will notify users of any changes by publishing the new version of this Privacy Policy on this page.