Privacy Policy

Last updated: 1st January 2026

1. Introduction

Xorvinta Lda. ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you visit our website, use our services, or interact with us in any way.

This Privacy Policy applies to all personal data we collect through our website, in-person consultations, phone calls, emails, and any other interactions with Xorvinta. By using our services, you agree to the data collection and use practices described in this policy.

2. Data Controller Information

The data controller responsible for your personal data is:

Xorvinta Lda.
Avenida dos Aliados 216
4744-708 Braga, Portugal
Registration Number: 954632817
VAT Number: PT958231467
Email: privacy@xorvinta.top
Phone: +351 251 228 382

3. Data We Collect

The data we collect depends on how you interact with our services. We collect personal data through various means including website visits, contact forms, phone calls, email communications, and in-person consultations.

3.1 Information You Provide Directly

  • Contact information (name, email address, phone number, postal address)
  • Communication preferences and enquiry details
  • Device preferences and technical requirements
  • Purchase history and service requests
  • Feedback and correspondence with our support team

3.2 Information Collected Automatically

  • Website usage data and analytics information
  • IP address, browser type, and device information
  • Pages visited, time spent on site, and referral sources
  • Cookie data and tracking preferences

4. How We Use Your Information

We process your personal data for various legitimate business purposes. How we use your information depends on the services you use and your interaction with our business.

4.1 Primary Uses

  • Responding to your enquiries and providing customer support
  • Processing orders and delivering products or services
  • Providing device consultations and technical assistance
  • Maintaining customer records and service history
  • Improving our services and customer experience

4.2 Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: To fulfil our contractual obligations when you purchase products or services
  • Legitimate Interests: To operate our business, improve services, and maintain customer relationships
  • Consent: For marketing communications and non-essential cookies (where required)
  • Legal Compliance: To comply with applicable laws and regulations

5. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our business
  • Legal Requirements: When required by law, court order, or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of business assets
  • Consent: When you have provided explicit consent for specific sharing purposes

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Customer Records: Maintained for the duration of our business relationship and up to 7 years thereafter for legal and tax purposes
  • Website Analytics: Typically retained for 26 months in accordance with Google Analytics default settings
  • Marketing Communications: Until you withdraw consent or unsubscribe from our communications
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

8. Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another organisation
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month of receipt.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Secure data transmission using encryption protocols
  • Access controls and authentication measures
  • Regular security assessments and updates
  • Staff training on data protection and privacy practices
  • Secure storage and backup procedures

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

10. International Data Transfers

As our business is based in Portugal within the European Union, your personal data is primarily processed within the EU. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules or certification schemes

11. Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

Privacy Officer
Xorvinta Lda.
Avenida dos Aliados 216
4744-708 Braga, Portugal
Email: privacy@xorvinta.top
Phone: +351 251 228 382
Business Hours: Monday - Friday, 9:00 - 18:00

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados - CNPD) if you believe we have not handled your personal data in accordance with applicable law.

14. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Portugal and the European Union, including the General Data Protection Regulation (GDPR). Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the Portuguese courts.