Contact Us

Privacy and Data Protection Policy

This Privacy and Data Protection Policy reflects the commitment of Effisus, Unipessoal Lda. to the protection of the personal data of all individuals who interact with the organization, covering both the processing carried out within the context of its institutional operations and those resulting from the use of its official website.

Headquartered at Travessa José Oliveira Mendes, Nos. 87 and 103, 4760-912 Vila Nova de Famalicão, Braga, Portugal, with a share capital of €800.00, and registered with the Commercial Registry Office of Vila Nova de Famalicão under the unique registration number and Tax Identification Number 507227115 (hereinafter “Effisus”), the company conducts the processing of personal data in strict compliance with the General Data Protection Regulation (GDPR) – Regulation (EU) No. 679/2016, Law No. 58/2019 of August 8th, and other applicable legislation and guidelines.

Effisus adopts high standards of transparency, lawfulness, and accountability, ensuring that data is processed lawfully, fairly, and transparently, and that the rights of data subjects are fully respected.

This policy includes a section dedicated to the activities of collecting and processing personal data through Effisus’ website, explaining in an accessible manner how browsing data, forms, contact requests, subscriptions, and other digital interactions are managed.

For a broader understanding of the organization’s approach to data protection, it is recommended to consult the General Privacy and Data Protection Policy of Effisus.

Data Controller Responsibility

Effisus assumes the role of data controller for the processing of personal data.

Collection and Processing of Data

Effisus collects personal data within the scope of its activities, always ensuring that individuals are informed about the purpose and manner of processing such data.

The main situations of data collection include:

  • Recruitment: Collection of data such as name, contact details, and qualifications, used to assess applications and communicate throughout the recruitment process.
  • Clients and Suppliers: Professional and contact data are processed to formalize and manage contracts, orders, and the business relationship.
  • Quote Requests: Basic identification and contact information are used to respond to commercial inquiries.
  • Contract Management: Additional data, such as financial information, may be processed depending on the type of relationship established.
  • Customer Support and Chatbot: Identification and contact data are collected to respond to technical, commercial, or marketing-related requests.
  • Marketing: With consent, data may be used to send newsletters, product updates, event invitations, or personalized communications. Consent can be withdrawn at any time via the link provided in each communication.
  • Subscription Forms: Name and email address are collected to send newsletters and campaigns, upon explicit acceptance at the time of subscription.
  • Platform Authentication: Identification data is processed to enable access to restricted areas and specific features.
  • Contract Signing: Personal data is securely collected for contractual purposes, in compliance with legal obligations.

Additionally, the website collects technical browsing data to improve user experience, ensure platform security, and enable effective communication.

Categories of Data Subjects

In the course of its activities, Effisus collects personal data from various individuals, including, among others, users of its services, employees, suppliers, and partners.
  • Employees and collaborators: Includes individuals with an employment contract, service providers, and other professionals who work with the organization.
  • Representatives of suppliers and partner entities: Includes individuals representing organizations that supply goods or services or collaborate with Effisus in industrial or commercial activities.
  • Clients: Includes individuals such as administrative or financial contacts from companies that have a commercial relationship with Effisus.
  • Individuals interacting with Effisus: Includes any natural person who, directly or indirectly, contacts Effisus — for example, to exercise their rights under the GDPR (such as the right to erasure) or through the use of tools like the chatbot.
  • Users of Effisus online platforms or forms: Includes anyone who browses, uses, or interacts with Effisus websites, applications, or digital platforms, subject to consent for cookie collection or other browsing data.

Purposes of Processing

At Effisus, personal data is processed based on clear, legitimate, and transparent purposes, in compliance with the GDPR. Each processing activity is carried out only when necessary, in a proportionate manner, and with full respect for data subjects’ rights. Data is never used for other purposes without consent or an appropriate legal basis.

The purposes of processing are regularly reviewed and updated to reflect any changes in internal practices, legal requirements, or best practice guidelines, ensuring high standards of information protection and security.

The purposes that justify the collection and processing of personal data by Effisus are as follows:

  • Recruitment and Selection Management;
  • Human Resources Management;
  • Financial Management;
  • Commercial Management;
  • Supplier and Partner Management;
  • Marketing Management;
  • Internal and External Corporate Communication Management;
  • Management of the Security of People, Assets, and Facilities;
  • Privacy and Data Protection Management;
  • Legal Management;
  • Information Technology Management.

Rights of Data Subjects

Data subjects are informed about the processing of their personal data and the rights they can exercise with Effisus. In accordance with the law, and within the legally established limits and exceptions, they may exercise the following rights:

  • Right of access: You can request confirmation about the processing of your personal data and access related information.
  • Right to rectification: You can correct inaccurate personal data or complete incomplete data.
  • Right to erasure: You can request the deletion of your personal data, without prejudice to legal obligations to retain them.
  • Right to restriction of processing: You can request to limit the processing of your data in certain situations.
  • Right to data portability: You can receive your data in an organized, commonly used, and machine-readable format, and request that this data be transferred to another data controller.
  • Right to object: You can object at any time to the processing of your data for reasons related to your personal situation, including profiling.
  • Right to withdraw consent: You can withdraw the consent you gave for the processing of your data without affecting the lawfulness of processing carried out up to that point.
  • Right to lodge a complaint: You can file a complaint with the Portuguese Data Protection Authority (www.cnpd.pt) if you consider that your rights are not being respected.

Lawful basis for processing

The processing of ordinary data is carried out based on the following lawful conditions:

  • Consent: Applies when there is no other legal basis. It must be explicit, informed, free, specific, unequivocal, documented, and revocable at any time. Example: newsletter subscriptions.
  • Contract performance: When processing is necessary to enter into or perform a contract, such as employment or service agreements.
  • Compliance with legal obligations: When processing is required by law, such as mandatory communications to public authorities.
  • Legitimate interest: When Effisus or third parties have legitimate interests that justify the processing, provided that the rights and freedoms of data subjects do not override them.

Data Protection Agreements

When entering into contracts involving the processing of personal data, Effisus ensures that these are carried out securely and in compliance with applicable legislation, including clauses on responsibilities, security measures, and incident notification.

In cases of subcontracting, Effisus guarantees that subcontractors are rigorously assessed regarding security and compliance, and that they sign contracts containing clauses ensuring processing in accordance with Effisus’ instructions, security measures, and incident notification, as well as a prohibition on further subcontracting without authorization. Effisus conducts periodic audits and continuous assessments to ensure compliance with data protection requirements.

International Personal Data Transfers

In the course of its activities, Effisus may transfer personal data to countries outside the European Economic Area (EEA). In such cases, it adopts appropriate contractual measures to ensure the protection of data during the transfer. These include written agreements that ensure that the recipient entities located in a third country outside the EEA implement security measures equivalent to those required by the GDPR.

The contract must also ensure that the processing of personal data in the destination country complies with the GDPR and other equivalent standards.

When applicable, Effisus uses standard contractual clauses approved by the European Commission, ensuring that the data receives the same level of protection outside the EEA as it would within it.

Data Storage

Personal data is retained for the legally required period or, in the absence of such period, for the time strictly necessary for the purpose for which it was collected, in accordance with the following criteria: lawful basis for processing, operational necessity, data minimization, and data deletion.

When processed for purposes of public interest archiving, scientific or historical research, or statistical purposes, data may be retained for longer periods, provided that appropriate measures such as data minimization and pseudonymization are ensured, as established by applicable legislation.

General Measures Adopted to Ensure the Security of Personal Data
Effisus adopts strict and internationally recognized rules to ensure the protection of personal data, applicable to all those who legally process such data.

Technical and organizational measures are implemented to guarantee the confidentiality, integrity, and authenticity of the data. Whenever possible, data is encrypted, anonymized, and subject to access control, in accordance with the principle of least privilege.

Notification and Complaints 

Without prejudice to submitting a direct notification to Effisus through the contacts available at https://effisus.com/en/contacts-2/, you may also file a complaint directly with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados) at www.cnpd.pt, using the contact details provided by this entity for that purpose.

Changes to the Privacy Policy

This Privacy Policy may be updated periodically. Regular consultation is recommended. Changes take effect from the date of their publication on the website, with the date of the latest update indicated.

Date of last update: 2025/10/31

Effisus
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.