Privacy Policy
Effective date: 10 April 2026 | Last updated: 10 April 2026
NunoIT (“we”, “us”, “our”) is a technology services company based in Portugal. We are committed to protecting your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Portuguese data protection law.
1. Who We Are
Data Controller: NunoIT, Portugal
Email: info@nunoit.pt
Website: https://www.nunoit.pt
2. What Personal Data We Collect
We collect personal data only when there is a legitimate purpose. This includes: contact details (name, email, phone, company) when you contact us or become a client; billing information (invoice address, VAT number) for contracted services; website visitor data (IP address, pages visited) when you use our website.
We do not collect special category data, payment card numbers, or data from children under 16.
3. Legal Basis for Processing
We process your data under the following legal bases: performance of a contract (service delivery, invoicing); legal obligation (tax record retention); legitimate interests (security monitoring, responding to enquiries); and consent (analytics cookies, where applicable).
4. How We Use Your Data
To deliver IT services, issue invoices, communicate about your services, comply with legal obligations, and protect the security of our systems. We do not sell or share your data with third parties for marketing.
5. How Long We Retain Your Data
| Data type | Retention period |
|---|---|
| Client contact and contract records | Business relationship + 7 years |
| Financial records (invoices) | 10 years (Portuguese tax law) |
| Website access logs | 90 days |
| Security audit logs | 1 year |
6. Who We Share Your Data With
Vultr (cloud hosting, London UK) under a Data Processing Agreement. We do not share your data with any other third party unless required by law.
International transfers: Our servers are in London, United Kingdom. The UK has adequacy status under GDPR.
7. Cookies
We use strictly necessary cookies (session management, CSRF protection) that do not require consent. We will ask for your consent before setting any analytics cookies. You can withdraw consent by clearing your browser cookies.
8. Security
We protect your data using TLS 1.3 encryption in transit, VPN-protected server access, role-based access controls in our applications, automated security patching, and GPG-encrypted backup transfers.
9. Your Rights
Under GDPR you have the right to: access your data, correct inaccurate data, request erasure (subject to legal obligations), restrict processing, data portability, and object to processing. To exercise these rights, contact us at info@nunoit.pt. We will respond within 30 days.
You may also lodge a complaint with the Portuguese data protection authority:
CNPD — https://www.cnpd.pt — geral@cnpd.pt
10. Contact
For any questions about this policy: info@nunoit.pt