06 - Personal Data Protection Policy and GDPR Compliance

06 – Personal Data Protection Policy and GDPR Compliance

The protection of Customers’ personal data is treated with the utmost seriousness by ARTESANATO DE PORTUGAL | PORTUGUESE HANDICRAFT from the Heart of Portugal. All data processing is carried out in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) and applicable Portuguese legislation. This policy clearly explains how data is collected, used, stored, and protected.

6.1 – Data Controller

The entity responsible for processing personal data is ARTESANATO DE PORTUGAL, which determines the purposes and means of processing the data collected through this website.

6.2 – Personal Data Collected

The data collected may include:

  • name

  • address

  • email address

  • telephone contact

  • billing information

  • data required for order shipping

  • purchase history

No sensitive data is requested or processed.

6.3 – Purposes of Processing

Personal data is used exclusively for:

  • processing and shipping orders

  • billing and compliance with legal obligations

  • communication with the Customer regarding order status

  • responding to information requests

  • user account management (when applicable)

  • improving browsing experience and website performance

Data is never used for purposes incompatible with those described above.

6.4 – Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

  • performance of a contract (order processing)

  • compliance with legal obligations (billing and tax records)

  • consent (subscription to optional communications)

  • legitimate interest (service improvement and fraud prevention)

6.5 – Data Sharing with Third Parties

Personal data may be shared only with entities essential to the operation of the service:

  • CTT – Correios de Portugal (order shipping)

  • payment service providers

  • website hosting and maintenance services

  • tax authorities, when required by law

No data is sold, transferred, or used for external commercial purposes.

6.6 – Data Retention

Personal data is retained only for the period necessary to fulfil the purposes of processing, in compliance with applicable legal deadlines, particularly tax and accounting requirements.

6.7 – Rights of the Data Subject

The Customer has the right to:

  • access their data

  • rectify incorrect data

  • erase data (“right to be forgotten”), when applicable

  • restrict processing

  • data portability

  • object to processing

  • withdraw consent, when processing is based on consent

Requests may be submitted through the contact details provided on the website.

6.8 – Security and Protection

Appropriate technical and organisational measures are adopted to protect personal data against:

  • loss

  • unauthorised access

  • unauthorised alteration

  • unauthorised disclosure

  • accidental or unlawful destruction

6.9 – Cookies and Similar Technologies

The website uses cookies strictly necessary for its operation and optional cookies for analytics and experience improvement. The Customer may manage these preferences through their browser.

6.10 – Updates to this Policy

This policy may be updated whenever necessary to reflect legal changes or service improvements. The most recent version will always be available on this page.

Index Exit Legal Area

Updated in January 2026