Privacy Policy

This Privacy Policy explains how we process the personal data collected through the playluso.com website and in the course of providing our services, in accordance with Regulation (EU) 2016/679 (GDPR) and Portuguese Law no. 58/2019.

1. Data controller

The controller of your personal data is:

2. Data we collect

• Contact data: name, email, phone and the content of the messages you send us (by email, WhatsApp or form).
• Client and billing data: name or company name, tax number (NIF), address and the data needed to issue invoices and manage the contract.
• Technical and usage data: IP address, device and browser type, pages visited and access date/time, collected through server logs and, with your consent, analytics cookies.

3. Purposes and legal bases

• Respond to enquiries and prepare proposals — pre-contractual steps at your request [Art. 6(1)(b) GDPR].
• Provide the contracted services and manage the relationship — performance of a contract [(b)].
• Comply with invoicing, accounting and tax obligations — legal obligation [(c)].
• Measure website performance via analytics cookies — based on your consent [(a)].
• Keep the website secure and prevent fraud — legitimate interest [(f)].

4. Recipients and processors

To deliver our services we rely on providers that process data on our behalf under a data-processing agreement:

• Website hosting and infrastructure: Vercel Inc.
• Sending and receiving email: Resend and Apple (iCloud).
• Messaging: Meta Platforms (WhatsApp).
• Traffic analytics (with consent): Google (Google Analytics).

5. International transfers

Some of these providers are based outside the European Economic Area, notably in the USA. Such transfers rely on adequacy decisions or on Standard Contractual Clauses approved by the European Commission, with appropriate safeguards for your data.

6. Retention periods

• Contact data without engagement: up to 24 months after the last contact.
• Client and contract data: for the duration of the relationship and applicable legal periods.
• Invoicing and accounting records: 10 years, as required by Portuguese tax law.
• Technical logs and cookies: as set out in the Cookie Policy.

7. Your rights

You may at any time exercise the rights of access, rectification, erasure, restriction, portability and objection, and withdraw any consent given, without affecting the lawfulness of prior processing. To do so, contact us by email.

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD — www.cnpd.pt).

8. Security and automated decisions

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or disclosure. We do not carry out solely automated decision-making, including profiling, that produces legal effects concerning you.

9. Changes

This policy may be updated. The version in force is always the one published on this page, with its update date.