Privacy Policy

This Privacy Policy explains how personal data is collected, used, and protected when you visit this website.

1. Data Controller

The controller of personal data is: J&C WEB Technology LDA with VAT: 518816575

Address: Rua Lajeiras 1 Prova, Pinheiro 3680-179, Oliveira de Frades – Portugal
Email: [email protected]

Personal data is processed in accordance with:

  • Regulation EU 2016 679 General Data Protection Regulation
  • UK GDPR
  • UK Data Protection Act 2018

2. Categories of Personal Data Processed

The website may process the following categories of personal data:

  • Name
  • Email address
  • Anonymised IP address
  • Technical and usage data
  • Information submitted through the contact form

3. Contact Form

When you submit a message through the contact form, the following data is collected:

  • Name
  • Email address

Purpose of processing: Responding to your enquiry and maintaining communication.

Legal basis:

  • Article 6 paragraph 1 point b GDPR, pre contractual measures
  • Article 6 paragraph 1 point f GDPR, legitimate interest in business communication

Storage and retention:

  • Stored in the website database
  • Forwarded to a Google Workspace email account
  • Retained for 2 years unless legal obligations require longer retention

The contact form is protected by Cloudflare Turnstile in order to prevent abuse and automated submissions.

4. Analytics

This website uses self hosted Matomo analytics hosted on a server located within the European Union.

Configuration:

  • Cookieless tracking
  • IP anonymisation enabled
  • No user ID tracking
  • No fingerprinting
  • No cross site tracking

Matomo does not directly identify visitors.

Purpose of processing: Website traffic analysis and website performance improvement

Legal basis: Article 6 paragraph 1 point f GDPR, legitimate interest in analysing and improving the website

Analytics data is retained for 2 years.

5. Embedded Content

This website contains embedded content such as videos from YouTube.

YouTube content is blocked until you provide consent through the cookie banner. Once activated, YouTube may:

  • Set cookies
  • Collect personal data
  • Transfer data outside the European Union

When you consent to loading YouTube content, your data may be processed by Google LLC in the United States.

Legal basis: Article 6 paragraph 1 point a GDPR, consent

Where personal data is transferred outside the European Union or the United Kingdom, appropriate safeguards are implemented, including adequacy decisions and Standard Contractual Clauses.

6. Cloudflare Security and Protection

This website uses services provided by Cloudflare.

Cloudflare provides:

  • Reverse proxy services
  • DNS services
  • Security monitoring
  • DDoS protection
  • Turnstile anti spam protection

Cloudflare may process IP addresses and technical data in order to ensure website security and prevent abuse.

Legal basis: Article 6 paragraph 1 point f GDPR, legitimate interest in securing the website

Where personal data is transferred outside the European Union or the United Kingdom, appropriate safeguards are implemented in accordance with Article 46 GDPR.

7. Email Communication

Emails are processed using Google Workspace.

When you contact us:

  • Your email address and message content are stored within Google Workspace
  • Personal data may be transferred outside the European Union or the United Kingdom
  • Transfers rely on appropriate safeguards such as Standard Contractual Clauses or adequacy mechanisms

Email correspondence is retained for up to 2 years unless legal obligations require longer storage.

8. Cookies and Consent Management

This website uses a consent management tool that:

  • Blocks non essential third party content until consent is provided
  • Allows you to manage your preferences

Matomo analytics operates without cookies.
YouTube and other embedded content may set cookies only after consent has been granted.

9. Data Retention

Personal data is retained only for as long as necessary for the purposes described in this policy:

  • Contact form data: 2 years
  • Email correspondence: 2 years
  • Analytics data: 2 years

10. International Data Transfers

Where personal data is transferred outside the European Union or the United Kingdom, appropriate safeguards are implemented. These may include:

  • Standard Contractual Clauses
  • Adequacy decisions adopted by the European Commission
  • Other lawful transfer mechanisms where applicable

11. Your Rights

Under GDPR and UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase personal data
  • Restrict processing
  • Object to processing based on legitimate interest
  • Withdraw consent at any time
  • Data portability
  • Lodge a complaint with a supervisory authority

If you are located in the European Union, you may lodge a complaint with your local Data Protection Authority. If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office.

Requests regarding personal data may be sent to:
[email protected]

12. Security Measures

Appropriate technical and organisational measures are implemented to protect personal data, including:

  • Encrypted connections
  • Secure hosting within the European Union
  • Access control mechanisms
  • Ongoing security monitoring
  • Infrastructure protection provided by Cloudflare

In the event of a personal data breach, affected individuals will be notified where required by applicable law.

Effective date: 1 February 2026