Legal
Privacy
Policy.
Plain is committed to respecting and protecting the privacy of users of its services and visitors to its website.
Introduction
Plain ("Plain", "we", "us") is committed to respecting and protecting the privacy of users of its services and visitors to its website.
This Privacy Policy describes how we collect, use, store, and protect personal data, in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.
1. Data Controller
The controller responsible for the processing of personal data is Plain, headquartered at Rua Armindo Nogueira da Costa 96, 4470-248 Maia, Portugal, and contactable at hello@plain.pt.
2. Data Collected
We collect the following types of personal data:
- Contact data: name and email address, when submitted through the contact form;
- Usage data: information about how our websites and applications are used, including pages visited, session duration, and device used;
- Account data: for services that require registration, the data provided when creating an account.
3. Purposes of Processing
The personal data collected is used for the following purposes:
- Responding to requests sent through the contact form;
- Providing contracted or requested services;
- Improving our products and services based on anonymous or aggregated usage data;
- Complying with applicable legal obligations.
4. Legal Basis
The processing of personal data is based on the following legal grounds:
- Consent - for sending marketing communications, when explicitly authorized;
- Performance of a contract - for the provision of requested services;
- Legitimate interest - for analysis and improvement of our services;
- Legal obligation - where processing is required by law.
5. Data Retention
Personal data is retained for the period strictly necessary for the purposes that led to its collection, or for the minimum period required by law. Contact data is deleted within 12 months after the last interaction, unless a legal obligation requires otherwise.
6. Sharing Data with Third Parties
Plain does not sell or transfer personal data to third parties for commercial purposes. Data may be shared with technology service providers acting as processors, strictly within the scope of providing the contracted services and with contractual guarantees of adequate protection.
7. Data Subject Rights
Under the GDPR, data subjects have the following rights:
- Right of access to the personal data processed;
- Right to rectification of inaccurate or incomplete data;
- Right to erasure of data ("right to be forgotten");
- Right to restriction of processing;
- Right to data portability;
- Right to object to processing;
- Right to lodge a complaint with the Portuguese Data Protection Authority (CNPD).
To exercise any of these rights, the data subject should contact us at hello@plain.pt. We will respond within a maximum period of 30 days.
8. Security
We adopt appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or improper disclosure. Data is transmitted through encrypted connections (HTTPS).
9. Cookies
For information about the use of cookies on our websites, please refer to our Cookie Policy.
10. Changes to this Policy
This Privacy Policy may be updated periodically. Any relevant changes will be communicated through our website. The date of the last update is indicated at the top of this document.
11. Contact
For any question related to the processing of your personal data, contact us at hello@plain.pt.