top of page

Privacy Policy

In accordance with the GDPR (Regulation (EU) 2016/679) and Law no. 58/2019

Last updated: January 22, 2026

QBA Advogados, SP, RL (Website responsible: Pedro Quintas), with registered office at Av. Arriaga, no. 75, 3rd floor – 308, 9000-060 Funchal, corporate tax number (NIPC) 511115792, hereinafter “we” or the “Data Controller”, is committed to protecting the privacy and personal data of users of the website www.qbalegal.com (the “Website”), in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.

This Privacy Policy explains who we are, which personal data we collect, how we process it, with whom we share it, how long we keep it, and the rights you have as a data subject.

1. Data Controller

Data Controller

QBA Advogados, SP, RL, Av. Arriaga, no. 75, 3rd floor – 308, 9000-060 Funchal, NIPC 511115792

Email: pquintas@qbalegal.com.
Telephone: +351 291 224 707
 

Data Protection Officer (DPO)

Pedro Moreira da Cruz Quintas, pquintas@qbalegal.com, +351 291 224 707 

 

2. Personal Data We Collect

We may collect different types of personal data depending on how you use the Website:

  • Identification and contact data: name, email, phone number, address;

  • Browsing and technical data: IP address, browser type, operating system, pages visited, access date/time, cookies and similar technologies.

We do not intentionally collect special categories of personal data under Article 9 GDPR, nor data of children under 16 without the consent of parents/guardians.


3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

Responding to contact/information requests

Legal basis (GDPR): Legitimate interests / Performance of a contract
Data examples: name, email, phone, message

Sending newsletters/marketing communications (direct marketing)

Legal basis (GDPR): Consent (opt-in)
Data examples: name, email

Improving the Website and analysing usage

Legal basis (GDPR): Legitimate interests
Data examples: browsing data, cookies

Complying with legal obligations (billing, accounting, defence in disputes)

Legal basis (GDPR): Legal obligation
Data examples: identification and transaction data

Preventing fraud and abuse

Legal basis (GDPR): Legitimate interests
Data examples: IP address, website behaviour

4. Retention Period

We keep your data only for as long as necessary for the purpose for which it was collected:

  • Contact/newsletter data → until consent is withdrawn or you object;

  • Client data → 10 years;

  • Browsing/cookies data → as per the cookie policy, generally 1–2 years or until manually deleted;

  • Support/contact records → up to 3 years.

 

After these periods, data is anonymised or securely deleted.

 

5. Sharing Data with Third Parties

We may share your data with:

  • Service providers, always under a data-processing agreement with GDPR safeguards;

  • Public/judicial authorities when required by law;

  • Business partners — only with your explicit consent.

 

We do not sell your personal data to third parties.

 

6. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience on the Website. Please see our Cookie Policy for more details, including how to manage preferences.


7. Your Rights as a Data Subject

Under the GDPR, you have the following rights (subject to certain conditions):

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object (including to direct marketing)

  • Right not to be subject to automated decision-making

  • Right to withdraw consent at any time (without affecting prior lawfulness)

 

To exercise any right, please contact us via the email address above. We will respond within 1 month (extendable in complex cases).

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD): www.cnpd.pt


8. Security Measures

We implement appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, disclosure, alteration or destruction, such as encryption, firewalls, access controls and periodic training.


9. Changes to this Privacy Policy

We may update this Policy periodically. The latest version will always be available on this page, with the date of the last update. We recommend reviewing it regularly.

 

10. Contacts

For any questions related to this Privacy Policy or the processing of your personal data, please use the contacts above.

bottom of page