We use cookies to improve your experience. Click Accept to continue.

Privacy policy Acceptdone

Privacy Policy

Introduction

NUTSOFT is committed to protecting the personal data of its customers and users. This Privacy Policy has been drawn up to reflect the company’s commitment to respecting and complying with data protection rules.

When this policy refers to NUTSOFT, it means Nutsoft, Unipessoal Lda., with registered office at Tv Fróis 34 1FT, 2000-145 Santarém, Portugal, taxpayer no. 510898750.

This Privacy Policy sets out the general rules regarding the processing of personal data, collected and processed in compliance with the applicable legislation, namely the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the applicable Portuguese data protection laws.

Contacts for data protection matters

  • Telephone: +351 914 744 189
  • Address: Tv. Frois 34 1º FT, 2000-145 Santarém, Portugal
  • Email: service@nutsoft.pt

As the data controller, NUTSOFT has implemented appropriate technical and organisational measures to ensure the protection of personal data.

NUTSOFT has not appointed a Data Protection Officer (DPO). However, all questions relating to the processing of personal data and the exercise of rights may be addressed through the contacts above.

Personal data collected and processed

Personal data means any information that makes it possible to identify the customer/user, such as:

  • name, address, tax identification number, telephone number and email address;
  • customer account data (login details, order history, preferences);
  • payment-related information (limited to data necessary to identify and confirm the payment – full card data are processed directly by the payment provider);
  • information relating to access to the website (IP address, date and time of access, device and browser information, pages visited, cookies and similar technologies);
  • communications carried out with NUTSOFT (letters, emails, chats, calls, social networks).

Personal data is collected and processed only to the extent necessary and appropriate for the purposes described in this Privacy Policy and based on one or more lawful bases provided for in the GDPR.

Purposes of processing personal data

Personal data may be used for the following purposes:

  • supply of products and provision of services;
  • creation and management of customer accounts and customer areas;
  • contacting the customer regarding orders, deliveries or services;
  • customer support and management of requests for information;
  • accounting and invoicing purposes, including compliance with tax and accounting obligations;
  • management of disputes or complaints;
  • website administration, security and fraud prevention (including access logs and incident management);
  • statistical analyses, improvement of services and website performance;
  • marketing, remarketing and retargeting (subject to prior consent, where required);
  • direct marketing via telephone, SMS, newsletters, social networks or applications (subject to prior consent, where required by law).

Legal bases for processing personal data

NUTSOFT processes personal data on the basis of the lawful grounds provided for in the GDPR, namely:

  • Performance of a contract (Art. 6(1)(b) GDPR): when processing is necessary to enter into and perform a contract with the customer, including:
    • processing and fulfilment of orders;
    • management of customer accounts and customer areas;
    • customer support directly related to the products or services purchased.
  • Compliance with a legal obligation (Art. 6(1)(c) GDPR): when processing is necessary to comply with legal obligations to which NUTSOFT is subject, including:
    • tax and accounting obligations (e.g. retention of invoices and accounting records);
    • obligations arising from consumer, commercial or other applicable laws.
  • Legitimate interests (Art. 6(1)(f) GDPR): when processing is necessary for the purposes of the legitimate interests pursued by NUTSOFT or by third parties, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, including:
    • website and system security (e.g. access logs, prevention and detection of fraud and abuse);
    • management and improvement of services and website performance;
    • management of disputes and legal proceedings.
  • Consent (Art. 6(1)(a) GDPR): when the customer/user has given free, specific, informed and unambiguous consent, including:
    • sending newsletters and SMS marketing;
    • use of non-essential cookies and similar technologies for analytics, remarketing and advertising;
    • other marketing communications not based on a contractual relationship or legitimate interest.

When processing is based on consent, the customer/user may withdraw consent at any time, without affecting the lawfulness of the processing carried out up to that point.

Direct Marketing

SMS Marketing

Customers/users may receive SMS messages containing information and offers, provided they have given their express consent, where required by applicable law.

Consent may be obtained through double confirmation (double opt-in): when providing their telephone number, the user receives an SMS with a confirmation link.

At the time of subscription, NUTSOFT records the IP address, date and time, or, alternatively, collects the number in-store, with a signed document.

Certain data relating to the use of SMS may be analysed (e.g. delivery, opening or interaction) in order to adapt communications to the user’s interests. If the user cancels their subscription, the data used for this purpose is deleted or anonymised, unless its retention is required for the establishment, exercise or defence of legal claims.

NUTSOFT considers cancellation of the subscription as withdrawal of consent.

Newsletters

The newsletter is only sent to users who:

  • have provided a valid email address; and
  • have voluntarily subscribed to the newsletter (with confirmation of the subscription).

Subscription may be made on the website, when creating an account or in the customer area. A confirmation email will always be sent to validate the subscription (double opt-in).

At the time of subscription, NUTSOFT records the IP address, date and time. This data is used exclusively for security purposes and to prevent misuse.

Subscription may be cancelled at any time in the customer area, in any newsletter (via the “unsubscribe” link) or through NUTSOFT contact channels.

Newsletters may contain tracking pixels, which allow analysis of open rates, clicks and the effectiveness of campaigns. If the user cancels the subscription, the data collected for this purpose is deleted or anonymised, unless its retention is required for the establishment, exercise or defence of legal claims.

Cookies and similar technologies

The NUTSOFT website uses cookies and similar technologies to ensure its proper functioning, measure its performance and, with the user’s consent where required, personalise content and advertising.

  • Strictly necessary cookies: essential for the website to function and to provide requested services (e.g. login, shopping cart). These cookies do not require consent.
  • Analytics cookies: help understand how the website is used and improve its performance, subject to the user’s consent where required.
  • Advertising / remarketing cookies: used to display relevant offers and advertising, subject to the user’s consent where required.

When required by law, non-essential cookies will only be placed on the user’s device after the user has given consent through the cookie banner or settings. The user can manage cookie preferences at any time via the browser settings or the cookie management tool available on the website.

Contacting NUTSOFT

Contact may be made by telephone, email, online form, chat or social networks (Facebook, WhatsApp, Instagram, TikTok, X.com, among others).

If the user provides personal data when making contact, this data will only be stored for the purpose of responding or following up the request and for managing the relationship with the user. The data will not be shared with third parties for purposes other than those strictly necessary to handle the request, unless required by law.

Storage and security of data

Data is stored on servers located in the European Union, managed by contracted service providers, in accordance with the highest security standards and in compliance with applicable legislation.

NUTSOFT adopts technical and organisational measures appropriate to the risk, including access controls, encryption where appropriate, backup procedures and mechanisms to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

Access logs and security records may be kept for a reasonable period in order to detect, prevent and respond to security incidents and fraud.

International transfers of personal data

As a rule, personal data is processed within the European Economic Area (EEA). If NUTSOFT or its service providers transfer personal data to countries outside the EEA, such transfer will only take place:

  • to countries for which the European Commission has adopted an adequacy decision; or
  • based on appropriate safeguards, such as standard contractual clauses approved by the European Commission, together with additional measures where necessary.

The user may request additional information on international transfers and copies of the applicable safeguards using the contact details provided above.

Data retention period

Personal data is retained only for as long as necessary for the purposes for which it was collected, or for the period required by law.

As a general rule and without prejudice to specific legal obligations, NUTSOFT applies the following retention criteria:

  • Customer and order data: for the duration of the contractual relationship and up to 5 years after the last interaction, unless a longer period is required for the establishment, exercise or defence of legal claims.
  • Accounting and invoicing data: for the period required by tax and accounting laws (which may be up to 10 years after the relevant financial year).
  • Marketing data (newsletters, SMS, campaigns): until the user withdraws consent or objects to processing, and for a limited period thereafter to document the management of the request.
  • Website logs and security data: for a period that does not exceed what is necessary for the purposes of security and incident management, normally up to 12 months, unless a longer period is required in the context of investigations or legal proceedings.

Sharing of data with third parties

NUTSOFT may share data with:

  • government authorities, police and regulators, in compliance with the law;
  • technical service providers (email marketing, SMS, hosting and IT support, analytics, security);
  • payment processing companies (please refer to the privacy policy of the chosen payment provider);
  • professional advisers (e.g. lawyers, accountants), to the extent necessary for the purposes of advice and representation.

All service providers process personal data on behalf of NUTSOFT and according to its documented instructions, and are contractually obliged to ensure appropriate security and confidentiality and to comply with the GDPR.

Rights of data subjects and how to exercise them

Under the law, the customer/user has the right to:

  • Access: obtain a copy of their personal data and verify lawful processing;
  • Rectification: request the correction of inaccurate or outdated data;
  • Erasure: request the deletion of data (“right to be forgotten”), provided that there is no overriding legal basis for retention;
  • Restriction: request the restriction of processing in certain circumstances;
  • Objection: object to the processing of data based on legitimate interests, including profiling, and object at any time to processing for direct marketing purposes;
  • Portability: receive their data in a structured, commonly used and machine-readable format and transfer it to another controller, where technically feasible and when processing is based on consent or contract and carried out by automated means;
  • Withdraw consent: at any time, when processing is based on consent, without affecting the lawfulness of prior processing;
  • Lodge a complaint with the supervisory authority (CNPD – Portuguese Data Protection Authority).

To exercise any of these rights, the customer/user may contact NUTSOFT using the contacts indicated in this Privacy Policy, preferably in writing and indicating “Data Protection” in the subject. In certain cases, NUTSOFT may request additional information to confirm the identity of the requester.

NUTSOFT will respond to requests within a maximum period of one month from their receipt, which may be extended by a further two months in the case of particularly complex or multiple requests, in which case the user will be informed of the reasons for the delay.

Automated decision-making and profiling

NUTSOFT may use certain data (such as purchase history, pages visited and interactions with communications) to create segments or profiles that allow it to adapt offers and marketing communications to the interests of users (remarketing and retargeting), subject to applicable consent requirements.

NUTSOFT does not carry out automated decision-making that produces legal effects concerning the user or similarly significantly affects them within the meaning of the GDPR. The user has the right to object at any time to profiling for direct marketing purposes and may withdraw consent where the processing is based on consent.

Changes to the Privacy Policy

NUTSOFT may update this Privacy Policy from time to time. Whenever there are relevant changes, users will be notified by email or via a notice on the website. The updated version will be published on the website and will indicate the date of the last update.

Last updated: 23 November 2025