Privacy Policy

Home

Privacy Policy

Last Updated: November 2025

At Sistematica, we are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, sistematica.org, or interact with our services. We comply fully with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Portuguese data protection laws.

1. Who We Are (Data Controller)

The entity responsible for processing your personal data is:

Sistematica

Lisbon, Portugal

Email: [email protected]

2. Personal Data We Collect

We collect various types of information to provide and improve our services to you:

  • Information you provide directly: This includes your name, email address, telephone number, and any other details you submit to us via contact forms, newsletter subscriptions, or service inquiry forms.
  • Automatically collected data: When you visit our Website, we automatically collect certain technical information, such as your IP address, browser type and version, operating system, referring URLs, pages viewed, and the time spent on those pages. This is typically done through cookies and analytics tools.
  • Correspondence data: We keep records and copies of your communications with us, including emails and messages submitted through our website forms.

3. Purposes and Legal Bases for Processing Your Data

We process your personal data only when we have a valid legal basis under the GDPR:

  • Responding to inquiries and providing services: To fulfill our contractual obligations or take steps at your request before entering into a contract (Art. 6(1)(b) GDPR).
  • Sending newsletters and marketing communications: Based on your explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.
  • Improving website functionality and user experience: For our legitimate interests (Art. 6(1)(f) GDPR) in understanding how our website is used and enhancing its performance and user-friendliness.
  • Complying with legal obligations: Where processing is necessary for compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR).

4. Sharing and Disclosure of Personal Data

We value your privacy and do not sell, trade, or rent your personal data to third parties. However, limited disclosure may occur in the following circumstances:

  • Trusted service providers: We may share your data with third-party service providers who perform services on our behalf (acting as "processors"), such as Formspree for handling contact form submissions and Google Analytics for anonymized website usage statistics.
  • Legal requirements: We may disclose your personal data to competent authorities when required by law, court order, or to protect our legal rights and interests.

All third-party processors are carefully selected, bound by appropriate data processing agreements, and are located within the EU/EEA or jurisdictions providing an adequate level of data protection (e.g., through Standard Contractual Clauses or the EU-US Data Privacy Framework where applicable).

5. International Data Transfers

In cases where personal data is transferred outside the European Economic Area (EEA), we ensure that robust safeguards are in place to protect your data. This typically includes relying on Standard Contractual Clauses approved by the European Commission, or other valid transfer mechanisms as per GDPR requirements.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Contact inquiries: Personal data related to inquiries is retained for a maximum of 24 months from the last interaction, unless a longer period is required by law.
  • Newsletter subscriptions: Data is retained until you unsubscribe from our newsletter.
  • Analytics data: Anonymized analytical data is retained according to the respective service provider's policy (e.g., Google Analytics data is typically retained for up to 14 months in identifiable form before anonymization).

7. Your Rights Under GDPR

Under the GDPR, you have the following important rights regarding your personal data:

  • Right of access: To request a copy of the personal data we hold about you.
  • Right to rectification: To request that we correct any inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): To request the deletion of your personal data under certain conditions.
  • Right to restrict processing: To request that we limit the way we use your personal data.
  • Right to object to processing: To object to our processing of your personal data in certain situations.
  • Right to data portability: To request that we transfer your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: To withdraw your consent at any time where we rely on consent to process your personal data.
  • Right to lodge a complaint: To lodge a complaint with the Portuguese Data Protection Authority (CNPD) if you believe your rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request in accordance with GDPR requirements.

8. Security Measures

We are dedicated to safeguarding your personal data. We implement robust technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Using HTTPS protocol for secure communication across our website.
  • Access Controls: Implementing strict access controls to personal data.
  • Secure Hosting: Utilizing secure and regularly audited hosting environments.
  • Regular Assessments: Conducting periodic security assessments and updates.

9. Cookies and Similar Technologies

Our use of cookies and other tracking technologies is detailed in a separate, dedicated document. Please refer to our Cookie Policy for comprehensive information on how we use cookies and how you can manage your preferences.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service offerings. When we make material changes, we will notify you by prominently posting an updated policy on our Website or by direct communication where required by law. We encourage you to review this policy periodically.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: [email protected]

Postal address: Sistematica, Lisbon, Portugal