Privacy Policy

SurgeX, Unipessoal Lda. ("SurgeX", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website at surgex.pt or engage with our services.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Portuguese Law No. 58/2019 on the protection of personal data. By using our website or services, you acknowledge that you have read and understood this policy.

We collect personal data that you voluntarily provide to us, including: your name, email address, phone number, and company name when you fill out a contact form or request a consultation; project details and business information you share during our collaboration; and billing information necessary to process payments.

We also collect limited technical data automatically when you visit our website, including your IP address (anonymized), browser type and version, device type, pages visited, and time spent on our site. This data is collected through Vercel Analytics, which is privacy-focused and does not use cookies for tracking.

We use your personal data for the following purposes: to respond to your inquiries and provide you with information about our services; to deliver and manage the AI solutions, websites, automations, and chatbots we build for you; to process invoices and payments; to send you project updates and relevant communications; and to improve our website and services based on aggregated, anonymized usage data.

We do not use your personal data for automated decision-making or profiling. We will never sell your personal data to third parties or use it for purposes unrelated to our business relationship with you.

We process your personal data under the following legal bases as defined by Article 6 of the GDPR: contractual necessity — processing is necessary to perform or prepare a contract with you when you engage our services; legitimate interest — we have a legitimate interest in understanding how visitors use our website so we can improve it, and in communicating with prospective clients who reach out to us; legal obligation — we may need to process and retain certain data to comply with Portuguese tax and accounting requirements; and consent — where you have given us explicit consent, such as opting in to receive marketing communications.

You may withdraw your consent at any time by contacting us at contact@surgex.pt. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties, solely to the extent necessary to deliver our services: Vercel Inc. (website hosting and privacy-focused analytics — data may be processed in the US under Standard Contractual Clauses); payment processors for handling invoices and transactions; and Portuguese tax authorities when required by law.

We do not use Google Analytics or any other third-party tracking services. All third-party processors we work with are contractually bound to handle your data in compliance with the GDPR and to implement appropriate security measures.

As a data subject, you have the following rights under the GDPR, which you can exercise at any time by contacting us at contact@surgex.pt:

Right of access — You can request a copy of the personal data we hold about you. Right to rectification — You can ask us to correct any inaccurate or incomplete data. Right to erasure — You can request that we delete your personal data where there is no compelling reason for us to continue processing it. Right to data portability — You can request that we provide your data in a structured, commonly used, machine-readable format. Right to object — You can object to processing based on legitimate interest, and we will stop unless we have compelling legitimate grounds. Right to restrict processing — You can ask us to suspend processing of your data in certain circumstances.

We will respond to all legitimate requests within 30 days. If your request is particularly complex, we may extend this by a further 60 days, and we will notify you accordingly. You also have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados — CNPD) at www.cnpd.pt.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Contact form submissions and inquiry data are retained for up to 12 months after our last communication, unless a business relationship is established. Client project data is retained for the duration of our contract and for up to 5 years afterward to comply with Portuguese legal and tax obligations.

Anonymized analytics data, which cannot be linked back to any individual, may be retained indefinitely for statistical purposes. When personal data is no longer needed, we securely delete or anonymize it.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS/SSL), access controls limited to authorized personnel, secure hosting infrastructure through Vercel, and regular review of our data handling practices.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. If you become aware of any security breach, please contact us immediately at contact@surgex.pt.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us at: SurgeX, Lisbon, Portugal. Email: contact@surgex.pt. Phone: +351 915 109 181.

You can also reach out to the Portuguese Data Protection Authority (CNPD) if you believe your data protection rights have not been adequately addressed.