Open a company →
MadeiraLab / Privacy Policy
§ - Legal

Privacy Policy.

This policy describes how MadeiraLab processes personal data under the EU General Data Protection Regulation (GDPR) and applicable Portuguese data-protection law.
Last updated:26 May 2026 Effective from:26 May 2026 Version:1.0

§ 01 - Data controllerWho is responsible for your data

The data controller is MadeiraLab - Architectural legal advisory, with registered office at R. da Alfândega 10, São Martinho, 9000-059 Funchal, Madeira, Portugal. You may contact us regarding any aspect of this policy at funchal@madeiralab.com.

For data-protection requests (rights of access, rectification, erasure, etc.) please use the subject line "GDPR request".

§ 02 - What data we collectCategories of personal data

We process the following categories of personal data:

  • Contact data you submit through our forms - name, email address, telephone number, message content, and source of the inquiry.
  • Technical data automatically collected when you visit the site - IP address (anonymised), browser type and version, operating system, referrer URL, pages visited and time stamps.
  • Analytics data from Google Analytics 4 with IP anonymisation - aggregated behaviour, traffic sources, conversion events.
  • Communication data - content of emails, calls and messages you exchange with our partners.

We do not intentionally collect special categories of data (Article 9 GDPR - health, ethnicity, political opinions, etc.). If you voluntarily disclose such information in a message, we will treat it confidentially under attorney-client privilege.

§ 03 - Purposes & legal basisWhy we process your data

We process your data on the following legal bases (Article 6 GDPR):

  • To respond to your inquiry - legal basis: pre-contractual measures and/or our legitimate interest in responding to prospective clients (Art. 6(1)(b) and (f) GDPR).
  • To deliver our advisory services after engagement - legal basis: performance of contract (Art. 6(1)(b) GDPR).
  • To comply with statutory obligations - anti-money-laundering (AML) checks, tax record retention, professional obligations under Portuguese law (Art. 6(1)(c) GDPR).
  • To operate and improve our website - legal basis: legitimate interest in providing a secure, functional website (Art. 6(1)(f) GDPR).
  • Analytics and performance measurement - legal basis: consent given through the cookie banner (Art. 6(1)(a) GDPR).

§ 04 - RetentionHow long we keep your data

  • Inquiry data (no engagement) - retained for up to 24 months from last interaction, then deleted or anonymised.
  • Client engagement data - retained for the duration of the engagement and a further 10 years thereafter (Portuguese statutory archival period for legal services).
  • Accounting and AML records - retained for 10 years as required by Portuguese law.
  • Web analytics - retained in aggregated form for 14 months in Google Analytics.
  • Server access logs - retained for 30 days for security purposes.

§ 05 - Recipients & transfersWho can access your data

We share personal data only when necessary, with the following categories of recipients:

  • Internal partners and staff of MadeiraLab bound by professional confidentiality.
  • Processors acting on our behalf - hosting providers (within the EU), email infrastructure, CRM and accounting tools, all bound by Data Processing Agreements (Art. 28 GDPR).
  • Public authorities when required by Portuguese or EU law (e.g. tax authority, AML reporting, judicial requests).
  • Counterparties - only with your explicit instruction in the course of an engagement (notaries, banks, regulators, foreign counsel).

Most of our processors are based in the European Union or EEA. Where data is transferred outside the EU/EEA (e.g. Google Analytics in the United States), we rely on the EU-US Data Privacy Framework and standard contractual clauses approved by the European Commission, ensuring an equivalent level of protection.

§ 06 - Your rightsWhat you can request

Under GDPR you have the following rights regarding your personal data:

  • Right of access (Art. 15) - obtain confirmation and a copy of your data.
  • Right to rectification (Art. 16) - correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) - request deletion, subject to statutory retention obligations.
  • Right to restrict processing (Art. 18) under specific conditions.
  • Right to data portability (Art. 20) - receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) to processing based on legitimate interest.
  • Right to withdraw consent at any time, without affecting prior lawful processing.
  • Right to lodge a complaint with the Portuguese Data Protection Authority - Comissão Nacional de Proteção de Dados (CNPD) - or your local supervisory authority in the EU.

To exercise any of these rights, email funchal@madeiralab.com with the subject line "GDPR request". We respond within one month (extendable by two further months in complex cases, as permitted by Art. 12(3) GDPR).

§ 07 - CookiesHow the site uses cookies

Our website uses a minimum set of technically necessary cookies and, with your consent, analytics cookies:

  • Strictly necessary cookies - session, CSRF protection, language preference. Set automatically; no consent required.
  • Analytics cookies (Google Analytics 4) - set only after you give consent via the cookie banner. Used to measure aggregate traffic and improve content.

You can withdraw or change your consent at any time by clearing site cookies in your browser or revisiting the cookie banner.

§ 08 - SecurityHow we protect your data

We implement appropriate technical and organisational measures under Art. 32 GDPR - encryption in transit (HTTPS/TLS), restricted access on a need-to-know basis, secure backups, access logging, and regular review of data-protection practices. Our staff and processors are bound by confidentiality.

§ 09 - ChildrenUse of the site by minors

Our services are directed exclusively at adults (18+) and legal entities. We do not knowingly collect data from children. If we become aware of such data, we delete it promptly.

§ 10 - Changes to this policyHow we communicate updates

We may update this policy to reflect changes in law or our practices. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email to active clients, or by a prominent notice on the site for general visitors.

§ 11 - ContactReach our data team

Questions, requests or complaints regarding this policy may be sent to funchal@madeiralab.com or by post to MadeiraLab, R. da Alfândega 10, São Martinho, 9000-059 Funchal, Madeira, Portugal.