1. Data controller
The controller responsible for processing personal data is Advanta Lda., with its registered office in Portugal, contactable at the email address privacidade@advanta.pt.
2. Personal data we collect
We collect the following personal data, according to the purpose of the processing:
2.1 Data provided by the user
- Identification data: full name, tax identification number (NIF), company name, registered office address;
- Contact data: email address, telephone number;
- Financial data: IBAN, information on submitted invoices, turnover and accounts receivable;
- Data of legal representatives: name, position and contact details of directors or managers.
2.2 Data collected automatically
- Browsing data: IP address, browser type, operating system, pages visited, duration of the visit;
- Cookies and similar technologies: as described in our Cookie Policy;
- Usage data: features used, frequency of access, interactions with the platform.
3. Purposes of processing
| Purpose | Legal basis |
|---|---|
| Provision of services | Performance of a contract (Art. 6(1)(b) GDPR) |
| Credit risk analysis | Legitimate interest (Art. 6(1)(f) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) |
| Platform improvement and statistical analysis | Legitimate interest (Art. 6(1)(f) GDPR) |
| Fraud prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
4. Data sharing
Personal data may be shared with the following categories of recipients, solely to the extent necessary for the purposes indicated:
- Partner financial institutions: for carrying out factoring and confirming operations;
- Service providers: cloud hosting, payment processing, electronic communication services, under confidentiality agreements;
- Public authorities: where required by law, regulation or court order.
We do not sell, rent or share personal data with third parties for direct marketing purposes without the data subject's consent.
5. International transfers
Personal data is, as a rule, processed within the European Economic Area (EEA). Where a transfer outside the EEA is necessary, we ensure that appropriate safeguards are in place, namely:
- Adequacy decisions of the European Commission;
- Standard contractual clauses approved by the European Commission;
- Other mechanisms provided for in the GDPR.
6. Retention periods
Personal data is retained only for the period necessary for the purposes for which it was collected:
- Contractual data: for the duration of the contract and up to 10 years after its termination, due to legal and tax obligations;
- Marketing data: until consent is withdrawn or an objection request is made;
- Browsing data: up to 26 months;
- Fraud prevention data: up to 5 years after the account is closed.
7. Rights of the data subject
Under the GDPR, the data subject has the right to:
- Access: obtain confirmation that their data is being processed and access it;
- Rectification: request the correction of inaccurate or incomplete data;
- Erasure: request the deletion of data, where applicable;
- Restriction: request the restriction of processing in certain circumstances;
- Portability: receive the data in a structured, machine-readable format;
- Objection: object to the processing of data, including for direct marketing purposes;
- Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacidade@advanta.pt. We will respond within a maximum of 30 days.
8. Complaints
The data subject has the right to lodge a complaint with the National Data Protection Commission (CNPD), the competent supervisory authority in Portugal, if they consider that the processing of their data infringes the GDPR.
9. Data security
Advanta implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorised access, namely:
- Encryption of data in transit (TLS/SSL) and at rest;
- Role-based access control;
- Continuous system monitoring;
- Periodic security audits;
- Staff training on data protection.
10. Minors' data
The Advanta platform is intended exclusively for companies and professionals. We do not intentionally collect personal data of minors under 18 years of age. If you become aware that a minor's data has been improperly collected, please contact us so that we can proceed with its immediate deletion.
11. Changes to the privacy policy
This policy may be updated periodically. Relevant changes will be communicated by email or notification on the platform. The date of the last update is always indicated at the top of this page.
12. Contact
For questions relating to the protection of your personal data:
- Email: privacidade@advanta.pt
- General email: diogo@advanta.pt