CRM Crédito
Schedule Demo

Privacy Policy

Last updated: April 2026

1. Data Controller

The controller of personal data collected through the website crmcredito.pt is Além do Código, Unipessoal Lda., based in Portugal.

  • Email: geral@alemdocodigo.pt
  • Phone: (+351) 967 015 157

2. Personal Data Collected

When using this website and the CRM Crédito platform, we may collect the following personal data:

  • Full name
  • Email address
  • Phone number
  • Company or professional activity
  • Selected subject and free-text message submitted through the legal support form — concerning credit intermediary licensing, trademark registration, RCBE, registration changes, CRM platform conditions or other related legal and regulatory matters
  • Navigation data: IP address, browser type, operating system, pages visited and visit duration (collected through Google Analytics cookies, subject to consent)

We apply the data minimisation principle: we only collect data strictly necessary for the purposes described in the following section.

3. Purposes of Processing

The personal data collected is used for the following purposes:

  • Scheduling demos of the CRM Crédito platform
  • Responding to contact and information requests
  • Legal support for credit intermediary licensing — analysis, diagnosis and assistance with licensing processes before the Bank of Portugal, trademark registration, RCBE, registration changes and legal compliance, delivered together with the legal partner identified in section 6
  • Provision of contracted services (access to the CRM platform)
  • Sending relevant service-related communications
  • Statistical analysis of website usage for continuous improvement

4. Legal Basis

The processing of personal data is carried out based on:

  • Consent of the data subject, given by completing and submitting the contact form (Art. 6(1)(a) GDPR)
  • Performance of a contract or pre-contractual steps at the request of the data subject (Art. 6(1)(b) GDPR)
  • Legitimate interest of the controller in improving and securing the site (Art. 6(1)(f) GDPR)
  • Compliance with legal obligations applicable to the activity (Art. 6(1)(c) GDPR)

5. Retention Periods

Personal data is retained only for as long as necessary for the purposes for which it was collected:

  • Contact or legal support requests not resulting in a contractual relationship: 36 months from the last contact
  • Active clients: for the duration of the contractual relationship and, after it ends, for 5 years to comply with legal retention obligations (tax, accounting, professional)
  • Navigation data (Google Analytics): kept for the period configured in the service (maximum 26 months)
  • Technical server logs (access, errors): up to 30 days

After these periods, data is irreversibly deleted or anonymised.

6. Recipients and Data Sharing

Personal data is not sold, rented or transferred to third parties for marketing purposes. It may be shared with the following entities, in accordance with applicable legal and contractual terms:

6.1. Legal partner

Data submitted through the legal support form (name, email, phone, subject and message content) is shared with our external legal partner:

  • DireitoLegal — Dra. Maria Amador (maria.amador@direitolegal.pt)

The legal partner acts as a processor under Art. 28 GDPR, bound by professional secrecy and a data processing agreement. Data is used exclusively for the analysis, diagnosis and response to the data subject's request.

6.2. Technology sub-processors

We use the following providers for the operation of the site and communications, all bound by a Data Processing Agreement (DPA):

  • Vercel Inc. — website hosting and form processing. Server infrastructure located in the European Union.
  • Resend — transactional email notifications. Processing on European Union servers.
  • Google LLC (Google Analytics) — statistical navigation analysis (only upon user consent). Data is anonymised (IP masking) and may be processed by Google in the United States under the EU-US Data Privacy Framework and the Standard Contractual Clauses approved by the European Commission.

6.3. Competent authorities

Data may also be shared with public, administrative or judicial authorities when legally required.

7. International Transfers

Data submitted through the legal support form is processed and stored exclusively on servers located in the European Union. It is not transferred to third countries.

The only exception is the collection of navigation data by Google Analytics, as described in section 6.2, always with legally recognised safeguards.

8. Cookies

This site uses cookies to improve the browsing experience:

  • Essential cookies: required for the website to function (no consent required)
  • Analytics cookies: Google Analytics, enabled only upon consent
  • Third-party cookies: from integrated services (e.g. TidyCal for scheduling)

You can manage or withdraw your cookie preferences at any time in your browser settings.

9. Automated Decisions and Profiling

No automated decisions, including profiling, that produce legal effects or significantly affect the data subject are taken.

10. Rights of the Data Subject

Under the GDPR, the data subject has the right to:

  • Access their personal data
  • Rectification of incorrect or incomplete data
  • Erasure of data (right to be forgotten)
  • Restriction of processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent previously given

To exercise any of these rights, contact us at geral@alemdocodigo.pt. We will respond within 30 days, in accordance with Art. 12(3) GDPR.

11. Security

We adopt appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or alteration, including:

  • Encryption in transit (SSL/TLS) across all communications
  • Hosting on European Union infrastructure
  • Restricted access controls to personal data
  • Internal incident-response procedure, with CNPD notification within 72h when applicable (Art. 33 GDPR)

12. Complaints

Without prejudice to any other remedy, the data subject has the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD)www.cnpd.pt.

13. Changes to this Policy

This privacy policy may be updated periodically to reflect legal, technical or operational changes. The date of the last update appears at the top of this page. We recommend reviewing this policy regularly.