Privacy Policy

Your data.
Handled with care.

Art. 13
Transparency obligation
30d
Subject request response
EU
All data stored in EU
CNPD
Portuguese supervisory authority
01

Who We Are

BlueWave IT is a managed IT services provider registered in Portugal, operating from Portimão, Algarve. We provide IT support, cybersecurity, cloud management, backup, and consulting services to businesses across the Algarve and Portugal.

Data controller contact:
BlueWave IT · Av. 25 de Abril 6, 8500-511 Portimão, Algarve, Portugal
Email: [email protected]

This policy applies to personal data collected through our website (bluewaveit.pt), contact forms, and enquiry communications. It does not cover data we process on behalf of clients as a data processor — that is governed by our client Data Processing Agreements (DPAs).

02

What Data We Collect

We collect the minimum data needed to respond to enquiries and deliver our services.

Data categoryExamplesSource
Contact informationName, email address, phone number, company nameContact form, email, phone
Enquiry contentMessage text, service interest, team sizeContact form
Technical dataIP address, browser type, pages visited, visit timestampsServer logs, Cloudflare
CommunicationsEmail correspondence, consultation notesEmail, calls
ℹ️

We do not collect special-category data (health, biometric, political views, etc.) through our website. We do not use automated decision-making or profiling.

03

Legal Basis for Processing

Processing activityLegal basisGDPR Article
Responding to contact form enquiriesLegitimate interests (pre-contractual communication)Art. 6(1)(f)
Delivering contracted managed IT servicesPerformance of a contractArt. 6(1)(b)
Sending service updates to existing clientsLegitimate interestsArt. 6(1)(f)
Compliance with legal obligations (tax, audit)Legal obligationArt. 6(1)(c)
Website analytics and security loggingLegitimate interestsArt. 6(1)(f)
04

How We Use Your Data

Respond to your enquiry

We use the information you submit to reply to your message, book a consultation, or provide the information you requested.

Deliver managed IT services

For clients, we use contact and account information to manage service delivery, communicate about incidents, and fulfil our contractual obligations.

Improve our website and services

We review aggregated and anonymised usage data to understand how the site is being used and where we can improve the experience.

Meet legal obligations

We may retain certain records for tax compliance, audit purposes, or other legal requirements under Portuguese and EU law.

⚠️

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for advertising.

05

Data Retention

Data typeRetention periodReason
Enquiry / contact form data24 months from last contactLegitimate interest in follow-up; deleted on request
Client account and service recordsDuration of contract + 5 yearsLegal obligation (Portuguese tax law, audit requirements)
Email correspondence3 years from last communicationLegitimate interest; business continuity
Server and security logs90 daysSecurity monitoring and incident investigation

After the applicable retention period, data is securely deleted or anonymised. You can request earlier deletion at any time — see Section 6.

06

Your Rights

Under GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Access

Art. 15

Request a copy of the personal data we hold about you.

Rectification

Art. 16

Ask us to correct inaccurate or incomplete data.

Erasure

Art. 17

Request deletion of your data where there is no legal reason to retain it.

Restriction

Art. 18

Ask us to pause processing while a dispute or objection is considered.

Portability

Art. 20

Receive your data in a portable format where processing is based on consent or contract.

Object

Art. 21

Object to processing based on legitimate interests at any time.

⏱️

We respond to all data subject requests within 30 calendar days. There is no charge for reasonable requests. You also have the right to lodge a complaint with the CNPD at any time.

07

Cookies

Our website uses a minimal set of cookies. We do not use advertising cookies, tracking pixels, or third-party analytics platforms that build user profiles.

CookiePurposeDuration
Cloudflare (security)Bot detection, DDoS protection, Turnstile verificationSession / up to 1 year
cf_clearanceCloudflare challenge result — avoids repeated challenges30 minutes to 1 year
Theme preferenceStores your dark/light mode preference (client-side only)Session

We do not use Google Analytics, Meta Pixel, or any advertising network cookies. If this changes, this policy will be updated and, where required, we will seek your consent before placing non-essential cookies.

08

Third-Party Services

We use the following third-party services in connection with our website. Each operates under its own privacy policy.

ServicePurposePrivacy policy
CloudflareCDN, security, bot protection, Turnstile CAPTCHAcloudflare.com/privacy
NetlifyWebsite hosting and form submission handling (USA — EU-US DPF)netlify.com/privacy
Google FontsWeb font delivery (fonts loaded from Google servers)policies.google.com/privacy
09

Security

We implement technical and organisational measures appropriate to the sensitivity of the data we process. These include TLS encryption in transit, access controls limiting who can access submitted data, and regular security reviews of our systems and third-party providers.

No system is completely immune to risk. In the event of a data breach affecting your personal data, we will notify you and the CNPD in accordance with our obligations under Articles 33–34 GDPR. See our GDPR page for full details of our security measures and breach response procedures.

10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the "Last revised" date at the top of this page. We encourage you to review this policy periodically.

If we make a material change that affects how we use personal data you have already provided, we will take reasonable steps to notify you directly.

Last revised: January 2026 · Governed by: GDPR (EU) 2016/679 · Lei n.º 58/2019 (Portugal)

11

Contact

✉️

BlueWave IT — Privacy
Email: [email protected]
Post: Av. 25 de Abril 6, 8500-511 Portimão, Algarve, Portugal

Please mark the subject line "Privacy Request" or "Data Subject Rights" for prompt handling. We acknowledge all requests within 2 business days.

Questions about how we handle your data?

Get in touch and we'll respond clearly and promptly — no jargon, no delay.