Last updated: 14 May 2026
This Policy describes how Diogo Valente Unipessoal Lda (“we”, “Hidden Porto”), a company established in Portugal, collects, uses, stores and protects the personal data of visitors and customers of the Hidden Porto website, in compliance with Regulation (EU) 2016/679 (“GDPR”) and Portuguese Law 58/2019 of 8 August (implementing the GDPR). Portuguese law applies to this Policy.
1. Data Controller
Diogo Valente Unipessoal Lda
VAT no. 519035402
Rua Ferreira de Castro, 41, 4445-435 Ermesinde, Portugal
Email: diogovalente.lda@gmail.com
For any question relating to the processing of your personal data, including the exercise of your GDPR rights, you can contact us at the email address above.
2. What data we collect
We collect only the data strictly necessary for the purpose of the service:
- Contact and billing data — name, email and, where applicable, VAT number, supplied by the customer at the time of purchasing the ebook.
- Payment data — card and transaction details are processed directly by IfThenPay, Lda (a payment institution authorised by the Bank of Portugal, registration no. 8707) and never reach our servers. We only receive confirmation of the transaction status.
- Technical data — IP address, browser type, operating system, pages visited and visit duration, collected automatically by our servers and via cookies, for security and aggregate analytics purposes.
3. Purposes and lawful bases
| Purpose | Lawful basis (GDPR) |
|---|---|
| Completing the ebook purchase and digital delivery | Art. 6(1)(b) — performance of a contract |
| Issuing invoice/receipt | Art. 6(1)(c) — legal obligation (Portuguese VAT Code) |
| Responding to contacts/support | Art. 6(1)(b) or (f) — performance of a contract or legitimate interest |
| Functional cookies | Strictly necessary for the website to operate — no consent required |
| Analytics/marketing cookies | Art. 6(1)(a) — prior, explicit consent |
4. Data retention
- Transaction and billing data: retained for 10 years, as required by Article 123(1) of the Portuguese Corporate Income Tax Code and Article 52 of the Portuguese VAT Code.
- Contact data without purchase: deleted after 12 months, unless you expressly ask us to keep it.
- Technical logs: retained for 6 months for security purposes.
5. Recipients of the data
Your data may be shared with:
- IfThenPay, Lda (payment processor) — to execute the transaction;
- Autoridade Tributária e Aduaneira (Portuguese Tax Authority) — when required by law;
- Hosting provider (UpWeGo / cPanel host) — solely for technical hosting of the website;
- Transactional email platform — to deliver the ebook after payment is confirmed.
We do not sell, rent or otherwise transfer your data to third parties for commercial purposes.
6. International transfers
We do not transfer data outside the European Economic Area. If any technical provider subcontracts services outside the EEA, we will ensure that standard contractual clauses approved by the European Commission are in place.
7. Your rights
Under the GDPR, you have the right to:
- Access — obtain confirmation of which data we hold about you;
- Rectification — correct inaccurate or incomplete data;
- Erasure (right to be forgotten) — request deletion, subject to any legal retention obligations;
- Restriction — request temporary suspension of processing;
- Portability — receive your data in a structured, machine-readable format;
- Object — object to processing based on legitimate interest;
- Withdraw consent — at any time, without retroactive effect.
To exercise any of these rights, send a request to diogovalente.lda@gmail.com together with a copy of your identification document. We will respond within 30 days.
You also have the right to lodge a complaint with the competent supervisory authority:
Comissão Nacional de Proteção de Dados (CNPD) (Portuguese Data Protection Authority)
Av. D. Carlos I, 134 – 1.º, 1200-651 Lisboa, Portugal
geral@cnpd.pt · www.cnpd.pt
8. Cookies Policy
We use cookies to ensure the website works correctly and to improve your experience. You can control the use of non-essential cookies via the banner shown on your first visit.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
pll_language | Functional | Remember the language you selected (Polylang) | 1 year |
cookie_notice_accepted | Functional | Remember your consent to the banner | 1 year |
woocommerce_* | Functional | Keep your shopping cart | Session |
wp_* | Functional | User session, where applicable | Session |
We do not currently use analytics cookies (such as Google Analytics) or advertising cookies. If we add them in future, we will update this Policy and request your prior consent.
You can also disable or delete cookies through your browser settings.
9. Security
We implement appropriate technical and organisational measures, including: HTTPS/TLS encryption on every page, encrypted passwords, regular software updates, and segregation of payment credentials (handled exclusively by IfThenPay).
10. Changes to this Policy
We reserve the right to update this Policy at any time. The version currently in force is the one published on this page, with the date of the last update shown at the top.