Privacy
Privacy and Cookies Policy
1. Data controller
This website is operated by Bva – Biscaia, Viegas e Associados, Sociedade de Advogados, SP, RL, NIPC 518363520, with registered office at Avenida José dos Santos Farias, 137, Loja A, R/C esq., 8125-167 Almancil, hereinafter referred to as the “Firm” or “BVA Advogados“, which acts as the controller of the personal data collected and processed through the website www.bva-advogados.pt (the “Website”).
The Firm may be contacted on data protection matters through the following details: a. Address: Avenida José dos Santos Farias, 137, Loja A, R/C esq., 8125-167 Almancil b. E-mail: algarve@bva-advogados.pt c. Telephone: 289398493
2. Legal framework
The processing of personal data through the Website is carried out in accordance with: a. Regulation (EU) 2016/679 (GDPR) – General Data Protection Regulation; b. Law No. 58/2019, of 8 August, which ensures the implementation of the GDPR in the Portuguese legal order; c. Law No. 41/2004, of 18 August, as amended by Law No. 46/2012, concerning the processing of personal data and the protection of privacy in the electronic communications sector (including rules on cookies).
3. Personal data processed
In the context of the use of the Website, the Firm may process the following categories of personal data: a. Browsing and Website usage data Data processed: IP address, device identifiers, date and time of access, pages visited, browser and operating system, performance and error data, as well as information resulting from strictly necessary cookies. Purposes: i. To ensure the functioning, security and technical integrity of the Website; ii. To produce aggregated and anonymous statistics on usage (logs and basic metrics); iii. To prevent fraud and misuse of the Website. Legal basis: iv. Legitimate interest of the Firm in ensuring the safe and efficient functioning of the Website, pursuant to Article 6(1)(f) of the GDPR, balanced against the rights of data subjects. b. Newsletter, event invitations or legal marketing communications Data processed: name, e-mail, organisation, area of interest, history of interactions with the communications sent. Purposes: i. Sending newsletters, legal alerts, invitations to conferences, training sessions or other events organised by the Firm; ii. Management of subscriber lists and respective preferences. Legal basis: iii. Consent of the data subject for the sending of direct marketing electronic communications (Article 6(1)(a) GDPR and Article 13 of Law 41/2004). iv. In relation to existing clients, the opt-out regime provided for in Law 41/2004 may apply, provided it relates to similar legal products or services and the right to object is ensured in each communication.
4. Cookies and similar technologies
What are cookies? a. Cookies are small text files placed on the user’s device through the browser when visiting the Website. They allow, among other things, improving browsing efficiency, saving preferences and obtaining aggregated statistical information on usage.
Legal framework for cookies a. The storage of cookies and access to information stored on the user’s device are subject to Article 5 of Law 41/2004 (as amended by Law 46/2012), which requires prior information and consent, except in the case of cookies strictly necessary for the provision of a service expressly requested by the user.
Types of cookies used on the Website a. Strictly necessary cookies Purpose: to ensure the proper functioning of the Website, security, session management and access to restricted areas. Legal basis: legitimate interest of the Firm in ensuring the provision of a functional and secure service; consent is not required under Law 41/2004 for strictly necessary cookies. b. Preference (functional) cookies Purpose: to save user choices (e.g. language), improving the browsing experience. Legal basis: user consent, when not strictly necessary. c. Analytical/statistical cookies Purpose: to obtain aggregated statistics on Website usage (e.g. most visited pages, traffic source), in order to improve content and services. Legal basis: user consent, given the potential for monitoring browsing behaviour. d. Marketing or third-party cookies Purpose: to enable third-party functionalities (e.g. embedded videos, maps, social media sharing buttons) and/or profiling, allowing the display of targeted advertising. Legal basis: user consent. These cookies are not strictly necessary for the functioning of the Website and should only be activated after explicit acceptance by the user.
How can you manage cookies? On the first visit to the Website, a cookie banner will be displayed allowing you to:
Accept all non-strictly necessary cookies;
Reject all non-strictly necessary cookies;
Configure, on a granular basis, the categories of cookies you wish to accept.
The user may change their preferences at any time. Additionally, most browsers allow you to control, through their settings, the acceptance, rejection or deletion of cookies. Please note that disabling strictly necessary cookies may affect the proper functioning of the Website.
5. Disclosure of data
Personal data collected through the Website may be disclosed to the following categories of recipients, strictly to the extent necessary: a. IT and hosting service providers that support the functioning of the Website and electronic communications (e.g. hosting, maintenance, security, newsletter sending platforms), acting as processors, bound by a written contract in accordance with Article 28 of the GDPR.
The Firm does not disclose data to third parties for those third parties’ own marketing purposes.
6. Data retention period
Personal data shall be retained only for the period strictly necessary for the purposes for which they are processed, namely: a. Browsing data: retained for the period necessary to ensure the security and integrity of the Website and for aggregated statistics, and subsequently anonymised or deleted. b. Data for newsletter/marketing purposes: retained until the data subject withdraws consent or exercises the right to object, without prejudice to longer periods if another legal basis for retention exists (e.g. proof of compliance with legal obligations).
Upon expiry of the periods indicated, data shall be deleted or anonymised, unless additional retention is legally required.
7. Data subject rights
Under the GDPR, the data subject has the following rights in relation to their personal data: a. Right of access: to obtain confirmation as to whether their data are being processed and, if so, to access them and complementary information. b. Right to rectification: to obtain the rectification of inaccurate data and the completion of incomplete data. c. Right to erasure: to request the erasure of data under the conditions set out in Article 17 of the GDPR. d. Right to restriction of processing: in the situations provided for in Article 18 of the GDPR. e. Right to object: to object, at any time, to the processing of data based on legitimate interest, on grounds relating to their particular situation. f. Right to data portability: to receive the personal data provided in a structured, commonly used and machine-readable format, and to transmit them to another controller, where the processing is based on consent or a contract and is carried out by automated means. g. Right to withdraw consent: where the processing is based on consent, it may be withdrawn at any time, without affecting the lawfulness of the processing carried out on the basis of consent previously given.
To exercise any of these rights, the data subject may contact the Firm through the contact details indicated in section 1.
Additionally, the data subject has the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the competent supervisory authority in Portugal (www.cnpd.pt).
8. Security of personal data
The Firm adopts appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of the processing, as well as the risks to the rights and freedoms of data subjects.
Such measures may include, among others: a. Logical and physical access controls; b. Encryption of communications and data at rest, where appropriate; c. Logging of access and relevant security events; d. Internal procedures for managing security incidents and personal data breaches.
9. Updates to this Policy
This Privacy and Cookies Policy may be updated to reflect legislative changes or changes in the processing of personal data carried out by the Firm.
Changes will be published on the Website with an indication of the date of the last update. Where changes are substantial or involve relevant modifications to the processing of personal data, new consent may be requested, where consent is the applicable legal basis.
Date of last update: 27.03.2026