Phi Wallet logo

Privacy Policy

Last updated: June, 9, 2022

1. Overview.

1.1 This document consists of the Privacy Policy of the company Phi Wallet, Unipessoal Lda., a limited liability company headquartered at Avenida da Liberdade, 262, r/c esquerdo, with the single registration and taxpayer number 516547186 (herein “Phi Wallet”, “we”, “us”, “our”).
1.2 It aims to explain the practices in regard to collected and processed personal data by us in connection with the use of, or in association with, our website with home pages located at phiwallet.com (herein “Site”), or otherwise through your interactions with us via mobile applications (hereafter “Phi Wallet App” and/or “App”), products, services, and social media pages, (collectively, the “Services”).
1.3 The data obtained is intended for the provision of the service requested or contracted by you, and personal data that is not necessary for this purpose or for which your consent has not been obtained will not be collected.
1.4 Please note that our Services, Site and App are not intended for children under the age of 18 and we do not knowingly collect data from children. By using the Services, Site and/or App, you represent that you are 18 years of age or older.
1.5 Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, Site and App, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Policy.

2. Definitions.

App” or “Phi Wallet App” means the mobile application software developed, owned and released by Phi Wallet and available for download for Android or Apple iOS, including all content and services listed in the Terms and Conditions (available in our website and App) and made available on or through it, and any and all updates, supplements, releases and versions thereof;
"Clause" means each numbered provision or section of this Privacy Policy;
PhiWallet” means the limited liability company, headquartered at Avenida da Liberdade, 262, left r/c, with the unique registration number and legal person 516547186;
Privacy Policy” shall have the meaning ascribed to the term in Clause 3.;
Services” means products, services, and social media pages;
"Site" means the website at www.phiwallet.com;
User(s)” means individuals who are authorised to use the Site, Services and/or App;
"We/Us/Our" means Phi Wallet, Unipessoal Lda and/or phiwallet.com;
"you/your" means the individual who is the user of Phi Wallet’s Site, Services and/or App Services.

3. Purpose.

3.1 The purpose of this Privacy Policy is to provide users of the Site, Services and/or App with important information about why and how Phi Wallet collects and processes personal data obtained with your consent.
3.2 This Privacy Policy is also intended to inform and enlighten users about their privacy rights and how they are protected by the provisions of the EU's General Data Protection Regulation ("GDPR").
3.3 It is important that you read this Privacy Policy together with any other notice or policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of why and how we are using your data. This Privacy Policy supplements other notices and policies and is not intended to override them.
3.4 Please note that when you are asked for certain personal data, it is because we are required by applicable law to collect this information or because the information is relevant for specific purposes of which you will be made aware.
3.5 If you choose not to provide certain information, Phi Wallet may not be able to provide you with all of its services and will not be responsible for any services that cannot or will not be fully provided to you.
3.6 The data provided by users shall be treated with the security and confidentiality guarantees required by the legal framework in force applicable to the protection of personal data.

4. About us.

4.1 Data Controllers:
4.1.1 Please note that the controller of your personal data is the legal entity that determines the "means" and "purposes" of any processing activities it carries out.
4.1.2 Phi Wallet as the controller of user data ensures that:
4.1.2.1 the processing of your personal data is carried out within the scope of the purposes for which it was collected or for purposes compatible therewith;
4.1.2.2 collects, uses and retains only such personal data as is necessary for the purposes for which it was collected or for purposes compatible therewith;
4.1.2.3 processes personal data for legally prescribed purposes or for the performance of services at your request.
4.2 DPO (Data Protection Officer):
4.2.1 Phi Wallet has appointed a Data Protection Officer who can be contacted via email at dpo@phiwallet.com.

5. Complaints.

5.1 If you have any questions or concerns about this Privacy Policy and/or how we process personal data, please send us an email at privacy@phiwallet.com.
5.2 All users from whom data has been collected have the right to lodge a complaint about the way in which the data is processed and to contact the data protection regulator in the country in which the user is based.
5.3 Should you have any complaints or claims regarding the collection and processing of your personal data, Phi Wallet is available to address your concerns before you approach a data protection regulatory authority, which is why we ask that you do not hesitate to contact us in the first instance.

6. Changes to the Privacy Policy.

6.1 We keep our Privacy Policy under regular review.
6.2 This version was last updated on the date above written and thus replaces all previous disclosures we may have provided to you about our information practices with respect to the Services, Site and/or App.
6.3 We reserve the right, at any time, to modify, alter and/or update this Privacy Policy.
6.4 To keep up to date, please check from time to time for new versions of the Privacy Policy, provided that changes made are effective as of the date of posting, with express reference to the date of update.
6.5 Notwithstanding your duty to check for changes that may have been made to the Privacy Policy, we will inform you of material changes to this Privacy Policy in order to effectively bring them to your attention.
6.6 Please note that it is important that the personal data we hold about you is accurate and up to date. Should your personal data change during your relationship with us, you need to inform us as soon as possible and provide us with the new information and documentation.
6.7 Your continued use of the Services, Site and/or App following the posting of any revised and/or modified Privacy Policy shall constitute your acknowledgement of the modified Privacy Policy.

7. Third-party links, websites and services.

7.1 This Privacy Policy applies exclusively to the sites and services under Phi Wallet’s responsibility.
7.2 The Site and any applicable web browser, the App or application programming interface required to access the Services, under the responsibility of Phi Wallet, may include links to third-party websites, plug-ins and applications (“Third-Party Sites”), including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business, all within the scope of the services provided.
7.3 Please note that by clicking on those links or enabling those connections may allow third parties to collect or share data about you. In such case, you are not covered by this Privacy Policy as it does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services.
7.4 The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith, thus we encourage you to read the privacy notice or policy of every third-party Site you visit or use.

8. Data collected.

8.1 Personal data
8.1.1 We collect personal data/information from our users.
8.1.2 This data/information relates to and identifies, describes and/or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
8.1.3 In addition to the aforementioned, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data which is not considered as personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this policy.
8.1.4 Please note that there might be different pieces of information that when collected and put together can lead to the identification of a particular person. This also constitutes personal data. It will not include data where the identity has been removed, also known as anonymous data.
8.1.5 Depending on whether and how you use our Services, Site and/or App, we will collect, use, store and transfer different kinds of personal data about you such as the following, but not limited to:
8.1.5.1 Identity, Social and Profile Data: visual image of your face; name; title; date of birth; gender; biometric data; nationality; identification documents; group and/or company data; behavioural data; risk and compliance assessment; username and password; identification number as our user; information on whether you have Phi Wallet App account and the email associated with your account; requests by you for products or services;
8.1.5.2 Contact data: residence, billing and delivery details; email address and telephone number(s); proof of address documentation;
8.1.5.3 Financial Data: bank account; payment card details; virtual currency accounts; stored value accounts; amounts associated with accounts; external account details; source of funds and related documentation;
8.1.5.4 Transactional Data: details about payments (to and from you); other details of any transactions you enter into using the Services, Site or App.
8.1.5.5 Technical and Usage Data: login data; IP address; browser type and version; language data; device type, category and model; application version and SDK version; operating system and platform; information about how you use the Site, the Services, mobile applications and other offerings made available by us;
8.1.5.6 Marketing and Communications Data: your preferences in receiving marketing from us and/or third parties.
8.1.6 Certain types of sensitive personal data are subject to additional protection under the legislation applicable to you, known as “special categories” of personal data.
8.1.7 Please be aware that we will only use special categories of personal data for a specific purpose and if:
(i) you have given explicit consent;
(ii) processing relates to personal data which are manifestly made public by you;
(iii) processing is necessary for the establishment, exercise of defence of legal claims;
(iv) processing is necessary for reasons of substantial public interest based on EU or EU Member State law.
8.1.8 Please note that Phi Wallet is a Portuguese based company and as such is subject to Portuguese Law and EU Anti-Money Laundering Directives, which require us to process for instance information from your ID documents including a photographic picture of you and a visual image of your face (the so called “liveness check”).
8.2 Refusal to provide personal data
8.2.1 Please note that by law and/or under the terms of a contract in which we and you might engage, we might be obliged to collect your personal data. If you refuse to provide us with the necessary data, we may not be able to perform the contract we have or are trying to enter into with you and might be forced to cancel a product/service you have with us. We will notify you if this is the case at the time.

9. Data recollection.

9.1 We use different methods to collect information from and about you, such as, but not limited to:
9.1.1 Directly from user - identity, social identity, contact, financial, marketing and communications data:
(i) register/create an account;
(ii) apply for and use the Services;
(iii) visit our Site and/or App;
(iv) request marketing be sent to you;
(v) enter a competition, promotion or survey;
(vi) give us feedback or contact us.
9.1.2 Automated technologies or interactions - Technical Data about your equipment, browsing actions and patterns, by using cookies, server logs and other similar technologies; Transactional Data; Investment Data and Usage Data; Technical Data and Marketing and Communications Data about you if you visit other websites employing our cookies (please go to our cookie policy for more).
9.1.3 Public Databases and Service Providers - ML/FT (“AML”) and KYC obligations; customer referral; public blockchain; publicly available information on the Internet; fraud and crime prevention agencies; criminal history; credit history; other information to help validate your identity.

10. Data usage.

10.1 We collect and process your personal data for business and commercial purposes.
10.2 Below some examples of the purposes and usages that might be given to the data/information collected:
10.2.1 Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying your information, and processing payments;
10.2.2 Communicating with you by email, mail, telephone, and other methods of communication, about products, services, and information tailored to your requests or inquiries;
10.2.3 Payment/financial information, including information for anti-money laundering (“AML”) and know-your-client (“KYC”) compliance purposes;
10.2.4 Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
10.2.5 Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
10.2.6 Debugging to identify and repair errors that impair existing intended functionality;
10.2.7 Undertaking activities to verify or maintain the quality or safety of the services and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us;
10.2.8 Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law;
10.2.9 Enforcing our Terms and Conditions and other policies;
10.2.10 As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
10.3 The personal data collected will not be applied or used for materially different, unrelated, or incompatible purposes. Should that be the case it will not be done so without providing you with notice and obtaining your consent.
10.4 Phi Wallet platforms rely in part on automated decision-making as part of our application process, including an automated screening as required by KYC, economic sanctions, anti-terrorist financing and AML laws.
10.5 We may use criteria such as your Identity Verification Information to validate your identity against public records on an automated basis or without human/manual intervention as it is necessary for us to enter into a contract with you. If you fail to meet these criteria, your application to use Phi Wallet’s Site, Services and or App will be rejected.

11. Lawful basis.

11.1 We will only use your personal data when the applicable legislation allows us to do so. Use of personal data under the data protection laws must be justified under one of a number of legal bases and we are required to set out the grounds in respect of each use in this Privacy Policy.
11.2 The most common usage of your personal data will be under the following circumstances, though there might be others that are not contemplated hereafter:
11.2.1 Performance of a contract: we may process personal data to take steps at your request before entering into, or perform our obligations under, a contract between us; we use this basis for provision of our Services;
11.2.2 Legitimate interests: we may process personal data for our legitimate interests, or those of a third party, and these interests outweigh any prejudice to or override your data protection rights;
11.2.3 Compliance with legal and regulatory obligations: we may process personal data to comply with the law and legal and regulatory obligations we may be subject to;
11.2.4 Consent (yours): We may process personal data where you have specifically and unequivocally consented to our use of your information: freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you; under specific circumstances this consent should be explicit.

12. Purposes for personal data usage.

12.1 Please find below a description of the ways your personal data will be used and the legal bases for such usage. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below:
Purpose and/or activity
Categories of personal data
Lawful basis for processing
To register you as a new customer/user
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Performance of a contract
To carry out and comply with anti-money laundering requirements
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Compliance with a legal obligation
To process and deliver our Services and any App features to you, including to execute, manage and process any instructions or orders you make
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Technical Data
- Marketing and Communications Data


- Performance of a contract
To prevent abuse of our Services and promotions
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Technical Data
- Marketing and Communications Data
- Legitimate interests
To manage our relationship with you which will include asking you to leave a review, take a survey or keeping you informed of our company's business and product development
- Identity Data
- Contact Data
- Profile Data
- Transactional Data
- Marketing and Communications Data








- Performance of a contract
- Consent, if required
To keep our records updated and to study how customers use our products / services
- Identity Data
- Contact Data
- Profile Data
- Transactional Data
- Marketing and Communications Data
- Legitimate interests
- Consent, if required
To manage, process, collect and transfer payments, fees and charges, and to collect and recover payments owed to us
- Identity Data
- Contact Data
- Financial Data






- Performance of a contract
To ensure good management of our payments, fees and charges and collection and recovery of payments owed to us
- Identity Data
- Contact Data
- Financial Data






- Legitimate interests
To manage risk and crime prevention including performing anti-money laundering, counter terrorism, sanction screening, fraud and other background checks, detect, investigate, report and prevent financial crime in broad sense, obey laws and regulations which apply to us and response to complaints and resolving them
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Technical Data
- Transactional Data
- Investment Data
- Sensitive Data (a.k.a. Special Categories Data) data that you give us directly or that we receive from third parties and/or publicly available sources: - data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers); - data that is incidentally revealed by photographic ID although we do not intentionally process this personal data


















- Compliance with a legal obligation
- We may also process such data in connection with these purposes if it is necessary for the performance of our contract with you
- In addition to our legal obligations, we may process this personal data based on our legitimate interest in ensuring that we are not involved in dealing with the proceeds of criminal activities and do not assist in any other unlawful or fraudulent activities, as well as to develop and improve our internal systems for dealing with financial crime and to ensure effective dealing with complaints
- For Special Categories Data, it is necessary for reasons of substantial public interest under EU Anti-Money Laundering Directives and the relevant EU Member States’ laws implementing them, as well as under the anti-money laundering legislation of the UK
To enable you to partake in a prize draw, competition or complete a survey
- Identity Data
- Contact Data
- Profile Data
- Usage Data
- Marketing and Communications Data
- Performance of a contract
- Consent, if required
To gather market data for studying customers' behaviour including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business
- Identity Data
- Contact Data
- Profile Data
- Usage Data
- Marketing and Communications Data






- Legitimate interests: understanding our customers and improving our products and services
To administer and protect our business, our Site, App(s) and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data
- Identity Data
- Contact Data
- Financial Data
- Technical Data
- Transactional Data
- Investment Data




- Legitimate interests: to run our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
- Identity Data
- Contact Data
- Profile Data
- Technical Data
- Usage Data
- Marketing and Communications Data





- Legitimate interests: to study how customers use our products/services, to develop them, to grow our business and to form our marketing strategy
- Consent, if required
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
- Technical Data
- Usage Data















- Legitimate interests: to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to form our marketing strategy
- Consent, if required
To make suggestions and recommendations to you about goods or services that may be of interest to you
- Identity Data
- Contact Data
- Technical Data
- Usage Data
- Profile Data
- Investment Data
- Marketing and Communications Data
- Legitimate interests: to develop our products/services and grow our business
- Consent, if required
To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes
- Technical Data
- Usage Data












- Consent
To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies, which will use the personal data they receive for their own purposes in their capacity of independent controllers
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Investment Data
- Technical Data
- Usage Data
- Legitimate interests: to conduct our business activities on the market of financial services, to participate actively in the prevention of crime and fraud
To record voice calls for compliance, quality assurance and training purposes
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data






- Legitimate interests: to comply with the industry standards and requirements in payments services, to ensure quality of our service, including by proper training of our personnel

13. Marketing and Third-party marketing.

13.1 You may receive marketing communications from us, if you have requested information from us and consented to receive marketing communications, and/or have not opted out of receiving such communications. We will use your Marketing and Communications Data for our respective activities.
13.2 We may use your Identity Data, Contact Data, Technical Data, Transactional Data, Investment Data, Usage Data, Logging and Analytical Tools, Cookies, Technical Information, Website Usage Information, Location Information and Profile Data for marketing purposes.
13.3 However, when and if we share your personal data with third parties for marketing purposes, we will separately and clearly obtain your consent. You can exercise your right to prevent such processing by not checking certain boxes on our marketing consent form. You can also exercise the right at any time by contacting us as set out below.
13.4 You can request to stop receiving marketing messages at any time by following the opt-out links on any marketing message sent to you.
13.5 Where you opt out of receiving marketing messages, this will not apply to service messages which are directly related to the use of our Site, Services and/or App.

14. Cookies.

14.1 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Site may become inaccessible or not function properly. For more information about the cookies we use, please review the Cookie Preferences.

15. Change of purpose.

15.1 Your personal data will be used for the purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
15.2 If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@phiwallet.com.
15.3 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
15.4 Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Policy, where this is required or permitted by law.

16. Sale or transfer of business.

16.1 We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise.
16.2 We may also need to process and disclose your data to any potential or actual third-party acquirers in connection with or during the negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving all or a part of our shares, business or assets. Your data may be among the transferred assets and this will be based on our legitimate interests in carrying out such transactions, or to meet our legal obligations.

17. No tracking.

17.1 We may use analytics systems and providers that process personal data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We do not process or comply with any web browser’s “do not track” signal or similar mechanisms.

18. Data disclosure.

18.1 Your personal data may be routinely disclosed with our third-party service providers, agents, subcontractors and other associated organisations, our group companies, and affiliates (as described below) in order to complete tasks and provide the Services and use of the Site and/or App to you on our behalf. When using third party service providers, they are required to respect the security of your personal data and to treat it in accordance with the law.
18.2 We may pass your personal data to the following entities, but not limited to under the applicable laws and regulations:
18.2.1 companies within our group;
18.2.2 third-parties we use to help deliver our products and services to you;
18.2.2 third-parties we use to help deliver our products and services to you;
18.2.3 other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
18.2.4 third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers;
18.2.5 credit reference agencies;
18.2.6 our insurers, brokers, and our bank[s];
18.2.7 companies and organisations that assist us in processing, verifying or refunding transactions/orders you make and in providing any of the Services that you have requested;
18.2.8 identity verification agencies to undertake required verification checks;
18.2.9 fraud or crime prevention agencies to help fight against crimes including fraud, money-laundering and terrorist financing;
18.2.10 anyone to whom we lawfully transfer or may transfer our rights and duties under the relevant terms and conditions governing the use of any of the Services;
18.2.11 any third party because of any restructure, sale or acquisition of our group or any affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
18.2.12 regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law allows or requires us to do so.
18.3 Please note that usually, information will be anonymized but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations
18.4 Also note that we only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
18.5 We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

19. Data security and protection.

19.1 While there is an inherent risk in any data being shared over the internet, we use commercially reasonable and appropriate physical, technical, and organisational safeguards designed to promote the security of our systems and to prevent your personal data from being accidentally lost, used, damaged, or accessed in an unauthorised or unlawful way, altered, or disclosed.
19.2 Those safeguards may include, but are not limited to, staff training and policy development; physical protection of data, pseudonymization and encryption of personal data where we deem appropriate; ensuring appropriate back-ups of personal data are held; and periodic testing, assessment, and evaluation of the effectiveness of our safeguards
19.3 In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
19.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.
19.5 However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilising the Services, Site or App is or will be secure.

20. Data retention.

20.1 We retain personal data for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose, as well as to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.
20.2 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
20.3 Your personal data will not be kept in a form that allows you to be identified for any longer than we reasonably consider necessary to accomplish the purposes for which it was collected or processed, or as permitted or required by applicable laws related to data retention.
20.4 Your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed. Please note that under certain condition(s), you can ask us to delete your data: see your legal rights below for further information. We will honour your deletion request ONLY if the condition(s) is met.
20.5 Thereafter, as a general matter, your personal data will be archived and stored to be used and otherwise processed in the event of legal or regulatory requirements, statutes of limitations, disputes, or actions, and will be stored and, if applicable, used and otherwise processed until reasonably after the end of any such requirement, limitation, dispute, or action, including any potential periods of review or appeal.

21. Your legal rights.

21.1 You have certain rights regarding the collection and processing of personal data. The rights available to you depend on our reason for processing your personal data and you may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Policy, or by following instructions provided in this Privacy Policy or in communications sent to you.
21.2 Your rights vary depending on the laws that apply to you, but may include:
21.2.1 request access to your personal data;
21.2.2 request rectification of your personal data by asking us to rectify information you think is inaccurate and to complete information you think is incomplete;
21.2.3 request erasure of your personal data;
21.2.4 object to the processing of your personal data;
21.2.5 require that decisions be reconsidered if they are made solely by automated means, without human involvement;
21.2.6 request restriction of processing your personal data;
21.2.7 withdraw your consent, where processing of personal data is based on your consent;
21.2.8 complain to any relevant authority, located in the jurisdiction of your habitual residence, place of work, or where an alleged violation of law occurred, about any perceived violation and to seek compensation for damages in the courts.
21.3 Your exercise of these rights is subject to certain exemptions to safeguard the public interest and our interests. Please note that we may request that you provide some details necessary to verify your identity to validate your request to exercise a legal right regarding your personal data.
21.4 If you exercise any of these rights, we will check your entitlement and respond in most cases within a month, which is the statutory period under GDPR for us to reply to a legitimate request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
21.5 For individuals located in EEA to exercise any of the rights above, please contact us.

22. Applicable Law and Competent Court.

22.1 This Privacy Policy shall be governed and interpreted in accordance with Portuguese law and applicable European legislation. The court of the Lisbon area has jurisdiction, to the exclusion of any other, to settle any disputes arising from the interpretation and application of this Privacy Policy.