Privacy Policy
Updated September 2025
1. Data Controller Information
Findmore Solutions Lda (“we,” “our,” or “us”) is the data controller responsible for your personal data processed through this website and our services.
Company Details
3500-733 Viseu, Portugal
Data Protection Officer (DPO): DPOFindmore-GDPR@findmore.eu
2. Personal Data We Collect
We collect and process the following categories of personal data:
Contact Information
- Full name (first and last name)
- Email address
- Phone number
- Company name and job title
- Business address
Business Information
- Company details (size, industry, revenue range)
- Business requirements and challenges
- Project specifications and technical requirements
- Assessment requests and consultation notes
Technical Information
- IP address (anonymized through Google Analytics)
- Browser type and version
- Device information
- Operating system
- Website usage data and analytics
- Pages visited and time spent on pages
- Referral source
Communication Data
- Email correspondence
- Form submissions
- Meeting notes and call recordings (with consent)
- Support requests and feedback
3. How We Collect Your Data
We collect your personal data through the following methods:
Directly From You
- Contact Forms: When you submit inquiries through our website contact forms
- Assessment Requests: When you request our free 2-week assessment
- ROI Calculator: When you use our interactive ROI calculator (data not stored)
- Email Communications: When you contact us directly via email
- Phone Calls: When you call us for business inquiries
- Meetings: During consultation meetings and project discussions
Automatically Through Our Website
- Google Analytics: Website usage analytics (with your consent)
- Cookies: Essential, analytics, and preference cookies
- Server Logs: Technical information for website functionality
From Third Parties
- Business Partners: When referred by Microsoft, HubSpot partners, or other business contacts
- Public Sources: Publicly available business information for B2B outreach
4. Why We Process Your Data
We process your personal data for the following business purposes:
Business Operations
- Respond to your inquiries and provide requested information
- Conduct free pre-sales assessments and consultations
- Prepare and deliver project proposals and quotes
- Manage client relationships and project delivery
- Provide customer support and technical assistance
- Process payments and maintain financial records
Marketing and Communication
- Send relevant business communications about our services
- Share industry insights and technical resources
- Invite you to relevant events, webinars, or training sessions
- Follow up on assessment requests and business opportunities
Website Improvement
- Analyze website usage to improve user experience
- Monitor website performance and technical issues
- Optimize content based on user interests and behavior
- Ensure website security and prevent fraud
Legal and Compliance
- Comply with legal obligations and regulatory requirements
- Establish, exercise, or defend legal claims
- Maintain records for tax and accounting purposes
- Ensure data protection and privacy compliance
5. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
| Processing Purpose | Legal Basis (GDPR Article 6) |
|---|---|
| Responding to inquiries and providing services | Legitimate Interest (6.1.f) – Business operations |
| Contract execution and client management | Contract Performance (6.1.b) |
| Website analytics and improvement | Consent (6.1.a) – via cookie banner |
| Marketing communications (existing clients) | Legitimate Interest (6.1.f) – Client relationship |
| Marketing communications (prospects) | Consent (6.1.a) – explicit opt-in |
| Legal compliance and record keeping | Legal Obligation (6.1.c) |
| Website security and fraud prevention | Legitimate Interest (6.1.f) – Security |
Important Note on Legitimate Interest
When we rely on legitimate interest as our legal basis, we have conducted a balancing test to ensure our legitimate business interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time.
6. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience and analyze website performance.
Types of Cookies We Use
| Cookie Type | Purpose | Consent Required | Retention Period |
|---|---|---|---|
| Essential Cookies | Website functionality, security, form submissions | No (strictly necessary) | Session / 1 year |
| Analytics Cookies | Google Analytics – website usage statistics | Yes (explicit consent) | 26 months |
| Preference Cookies | Remember your cookie choices and preferences | No (privacy protection) | 1 year |
Google Analytics Configuration
Our Google Analytics implementation includes the following privacy protections:
- IP Anonymization: Your IP address is anonymized before processing
- Data Retention: Analytics data is automatically deleted after 26 months
- Google Consent Mode: Analytics only activate after explicit consent
- No Advertising Features: Remarketing and advertising reports are disabled
- No Cross-Device Tracking: User ID tracking is disabled
Managing Your Cookie Preferences
You can manage your cookie preferences in the following ways:
- Cookie Banner: Use our consent management system on first visit
- Browser Settings: Configure your browser to block or delete cookies
- Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on
- Contact Us: Email our DPO to modify your preferences
Important: Essential Cookies
Some cookies are essential for our website to function properly. Disabling these cookies may affect website functionality, including contact forms, security features, and basic navigation.
7. Data Sharing and Recipients
We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients under strict confidentiality agreements:
Service Providers and Processors
- Google (Analytics): Website analytics and performance monitoring
- Email Service Providers: For business communications (not marketing automation)
- Hosting Providers: Website hosting and data storage services
- IT Service Providers: Technical maintenance and security services
Business Partners (Limited Circumstances)
- Microsoft: When delivering joint solutions or seeking technical support
- HubSpot: When implementing HubSpot solutions for clients
- Subcontractors: For specific project requirements under data processing agreements
Legal Requirements
We may disclose your data if required by:
- Legal obligations or court orders
- Regulatory authorities or tax agencies
- Law enforcement agencies (with valid legal request)
- Protection of our legal rights or preventing fraud
Data Processing Agreements
All third parties who process personal data on our behalf are bound by data processing agreements that ensure GDPR compliance, including appropriate technical and organizational security measures.
8. International Data Transfers
Your personal data is primarily processed within the European Economic Area (EEA). However, some of our service providers may process data outside the EEA:
Google Analytics (United States)
- Adequacy Decision: Transfers are covered by the EU-U.S. Data Privacy Framework
- Additional Safeguards: Google has implemented Standard Contractual Clauses (SCCs)
- Data Minimization: IP addresses are anonymized before transfer
Safeguards for International Transfers
When transferring data outside the EEA, we ensure adequate protection through:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the EU
- Binding Corporate Rules where applicable
- Additional technical and organizational measures
Your Rights Regarding Transfers
You have the right to obtain information about international transfers and the safeguards in place. You can also object to specific transfers that are not necessary for our service provision.
9. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Prospect inquiries (no engagement) | 12 months from last contact | Legitimate interest / Consent withdrawal |
| Client project data | 7 years after project completion | Legal obligation (tax/accounting) |
| Assessment data | 24 months from assessment | Business relationship development |
| Email communications | 3 years from last interaction | Business records and legal protection |
| Website analytics data | 26 months (Google Analytics setting) | Consent-based processing |
| Cookie consent records | 5 years from consent | Legal obligation (GDPR compliance) |
| Financial/invoicing data | 10 years from transaction | Legal obligation (Portuguese law) |
Automated Deletion
We have implemented automated systems to:
- Delete prospect data after 12 months of inactivity
- Anonymize old analytics data beyond retention periods
- Purge expired consent records and cookie data
- Archive inactive client data according to legal requirements
Early Deletion Requests
You can request early deletion of your data at any time, subject to our legal obligations to retain certain records. We will assess each request individually and delete data where legally permissible.
10.Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights regarding your personal data:
Right of Access (Article 15)
Request a copy of the personal data we hold about you, including processing purposes, categories of recipients, and retention periods.
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Article 17)
Request deletion of your personal data under certain circumstances, including withdrawal of consent.
Right to Restrict Processing (Article 18)
Request limitation of processing activities while we verify accuracy or assess your objection.
Right to Data Portability (Article 20)
Receive your personal data in a structured, machine-readable format or transfer it to another controller.
Right to Object (Article 21)
Object to processing based on legitimate interests, including marketing communications and profiling.
Right to Withdraw Consent (Article 7)
Withdraw your consent for analytics cookies or marketing communications at any time.
Right to Lodge a Complaint (Article 77)
File a complaint with the Portuguese data protection authority (CNPD) if you believe we’ve violated your rights.
How to Exercise Your Rights:
To exercise any of these rights, please:
- Contact our DPO: Email DPOFindmore-GDPR@findmore.eu with your request
- Include Required Information: Your full name, email address, and specific right you wish to exercise
- Identity Verification: We may request additional information to verify your identity
- Response Timeline: We will respond within 30 days (extendable to 90 days for complex requests)
Free of Charge
Exercising your GDPR rights is free of charge. We may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, or provide you with the requested information or communication in a commonly used electronic form.
Portuguese Data Protection Authority
If you’re not satisfied with our response or believe we’ve violated your privacy rights, you can lodge a complaint with:
CNPD – Comissão Nacional de Proteção de Dados
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Technical Measures
- Encryption: Data encryption in transit (TLS/SSL) and at rest
- Access Controls: Multi-factor authentication and role-based access
- Secure Hosting: EU-based hosting with security certifications
- Regular Backups: Encrypted backups with secure storage
- Firewall Protection: Network security and intrusion detection
- Security Updates: Regular system and software updates
Organizational Measures
- Staff Training: Regular GDPR and data protection training
- Access Policies: Strict need-to-know access principles
- Confidentiality Agreements: All staff bound by confidentiality clauses
- Incident Response Plan: Procedures for data breach detection and response
- Regular Audits: Internal and external security assessments
- Vendor Management: Due diligence on all data processors
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms:
- We will notify the CNPD within 72 hours of discovery
- We will inform affected individuals without undue delay if high risk
- We will document all breaches and remedial actions taken
- We will conduct post-incident reviews to prevent recurrence
Report Security Concerns
If you discover or suspect a security vulnerability related to our website or services, please report it immediately to our DPO at DPOFindmore-GDPR@findmore.eu.
12. Children's Privacy
Our website and services are designed for businesses and professionals. We do not knowingly collect personal data from children under 16 years of age.
Age Verification
- Our services are intended for business use only
- We assume all users are adults acting in a professional capacity
- Our content and forms are designed for B2B interactions
- We do not target or market to minors
Parental Rights
If you believe we have inadvertently collected data from a child under 16:
- Contact our DPO immediately at DPOFindmore-GDPR@findmore.eu
- We will investigate and delete the data promptly
- We will implement additional safeguards if necessary
Portuguese Law Compliance
Under Portuguese law (Lei 58/2019), the age of digital consent is 13 years. However, given our B2B focus, we maintain a policy of not knowingly processing data from anyone under 16 without explicit parental consent.
13. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations.
Notification of Changes
- Material Changes: We will notify you by email or website banner for significant changes
- Minor Updates: Will be posted on this page with an updated “Last Modified” date
- Legal Changes: Updates due to legal requirements will be implemented immediately
- Advance Notice: Where possible, we provide 30 days’ notice for material changes
Version Control
We maintain records of all policy versions, including:
- Date of each revision
- Summary of changes made
- Reason for the update
- Notification methods used
Continued Use
Your continued use of our website and services after policy changes constitutes acceptance of the updated terms. If you disagree with changes, you may exercise your right to withdraw consent or request data deletion.
14. Contact Information
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
Privacy and Data Protection Inquiries
Business Inquiries
3500-733 Viseu, Portugal
Response Times
- Privacy Rights Requests: Within 30 days (may extend to 90 days for complex requests)
- General Privacy Questions: Within 5 business days
- Data Breach Reports: Immediate acknowledgment, full response within 72 hours
- Business Inquiries: Within 24 hours during business days
Language Support
We can handle privacy requests in Portuguese and English. For other languages, we will arrange appropriate translation services to ensure you fully understand your rights and our responses.