Contents
Who We Are
BlueWave IT is a managed IT services provider registered in Portugal, operating from Portimão, Algarve. We provide IT support, cybersecurity, cloud management, backup, and consulting services to businesses across the Algarve and Portugal.
Data controller contact:
BlueWave IT · Av. 25 de Abril 6, 8500-511 Portimão, Algarve, Portugal
Email: [email protected]
This policy applies to personal data collected through our website (bluewaveit.pt), contact forms, and enquiry communications. It does not cover data we process on behalf of clients as a data processor — that is governed by our client Data Processing Agreements (DPAs).
What Data We Collect
We collect the minimum data needed to respond to enquiries and deliver our services.
| Data category | Examples | Source |
|---|---|---|
| Contact information | Name, email address, phone number, company name | Contact form, email, phone |
| Enquiry content | Message text, service interest, team size | Contact form |
| Technical data | IP address, browser type, pages visited, visit timestamps | Server logs, Cloudflare |
| Communications | Email correspondence, consultation notes | Email, calls |
We do not collect special-category data (health, biometric, political views, etc.) through our website. We do not use automated decision-making or profiling.
Legal Basis for Processing
| Processing activity | Legal basis | GDPR Article |
|---|---|---|
| Responding to contact form enquiries | Legitimate interests (pre-contractual communication) | Art. 6(1)(f) |
| Delivering contracted managed IT services | Performance of a contract | Art. 6(1)(b) |
| Sending service updates to existing clients | Legitimate interests | Art. 6(1)(f) |
| Compliance with legal obligations (tax, audit) | Legal obligation | Art. 6(1)(c) |
| Website analytics and security logging | Legitimate interests | Art. 6(1)(f) |
How We Use Your Data
Respond to your enquiry
We use the information you submit to reply to your message, book a consultation, or provide the information you requested.
Deliver managed IT services
For clients, we use contact and account information to manage service delivery, communicate about incidents, and fulfil our contractual obligations.
Improve our website and services
We review aggregated and anonymised usage data to understand how the site is being used and where we can improve the experience.
Meet legal obligations
We may retain certain records for tax compliance, audit purposes, or other legal requirements under Portuguese and EU law.
We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for advertising.
Data Retention
| Data type | Retention period | Reason |
|---|---|---|
| Enquiry / contact form data | 24 months from last contact | Legitimate interest in follow-up; deleted on request |
| Client account and service records | Duration of contract + 5 years | Legal obligation (Portuguese tax law, audit requirements) |
| Email correspondence | 3 years from last communication | Legitimate interest; business continuity |
| Server and security logs | 90 days | Security monitoring and incident investigation |
After the applicable retention period, data is securely deleted or anonymised. You can request earlier deletion at any time — see Section 6.
Your Rights
Under GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Access
Art. 15Request a copy of the personal data we hold about you.
Rectification
Art. 16Ask us to correct inaccurate or incomplete data.
Erasure
Art. 17Request deletion of your data where there is no legal reason to retain it.
Restriction
Art. 18Ask us to pause processing while a dispute or objection is considered.
Portability
Art. 20Receive your data in a portable format where processing is based on consent or contract.
Object
Art. 21Object to processing based on legitimate interests at any time.
We respond to all data subject requests within 30 calendar days. There is no charge for reasonable requests. You also have the right to lodge a complaint with the CNPD at any time.
Cookies
Our website uses a minimal set of cookies. We do not use advertising cookies, tracking pixels, or third-party analytics platforms that build user profiles.
| Cookie | Purpose | Duration |
|---|---|---|
| Cloudflare (security) | Bot detection, DDoS protection, Turnstile verification | Session / up to 1 year |
| cf_clearance | Cloudflare challenge result — avoids repeated challenges | 30 minutes to 1 year |
| Theme preference | Stores your dark/light mode preference (client-side only) | Session |
We do not use Google Analytics, Meta Pixel, or any advertising network cookies. If this changes, this policy will be updated and, where required, we will seek your consent before placing non-essential cookies.
Third-Party Services
We use the following third-party services in connection with our website. Each operates under its own privacy policy.
| Service | Purpose | Privacy policy |
|---|---|---|
| Cloudflare | CDN, security, bot protection, Turnstile CAPTCHA | cloudflare.com/privacy |
| Netlify | Website hosting and form submission handling (USA — EU-US DPF) | netlify.com/privacy |
| Google Fonts | Web font delivery (fonts loaded from Google servers) | policies.google.com/privacy |
Security
We implement technical and organisational measures appropriate to the sensitivity of the data we process. These include TLS encryption in transit, access controls limiting who can access submitted data, and regular security reviews of our systems and third-party providers.
No system is completely immune to risk. In the event of a data breach affecting your personal data, we will notify you and the CNPD in accordance with our obligations under Articles 33–34 GDPR. See our GDPR page for full details of our security measures and breach response procedures.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the "Last revised" date at the top of this page. We encourage you to review this policy periodically.
If we make a material change that affects how we use personal data you have already provided, we will take reasonable steps to notify you directly.
Last revised: January 2026 · Governed by: GDPR (EU) 2016/679 · Lei n.º 58/2019 (Portugal)
Contact
BlueWave IT — Privacy
Email: [email protected]
Post: Av. 25 de Abril 6, 8500-511 Portimão, Algarve, Portugal
Please mark the subject line "Privacy Request" or "Data Subject Rights" for prompt handling. We acknowledge all requests within 2 business days.
Questions about how we handle your data?
Get in touch and we'll respond clearly and promptly — no jargon, no delay.