Política de Privacidade e Proteção de Dados

At Impacto Positivo, we process the personal data of our clients and collaborators in strict compliance with the rights and freedoms established by the principles of personal data protection set out in the General Data Protection Regulation (GDPR) and Law no. 58/2019.

Data protection and privacy are regarded by us as fundamental rights that must be safeguarded and preserved.

Through this Privacy and Data Protection Policy (hereinafter referred to as “PPDP”), we aim to present, in a clear and objective manner, the principles, purposes, and methods of personal data processing followed by our brand.

1. Key Definitions

Personal Data – Information relating to an identified or identifiable natural person (data subject). Examples: name, identification number, location data, etc.

Data Controller – A natural or legal person who determines the purposes and means of processing personal data.

Processing – An operation or set of operations performed on personal data, whether by automated means or not.

2. Who is the Data Controller?

Impacto Positivo is the data controller responsible for processing personal data collected through interactions with our websites and digital platforms.

3. Personal Data Processed / Purposes / Retention Periods and Legal Basis

At Impacto Positivo, we collect only the personal data strictly necessary to provide our services, namely consultancy for environmental projects, development, certification, and commercialization of carbon credits. For the purposes of this PPDP, these activities are collectively referred to as Client Management.

Most of the data processed relates to companies rather than individuals. Therefore, this PPDP applies specifically when referring to the processing of personal data of natural persons. Data may be collected directly, either in person or through the use of our platforms.

We may also receive personal data indirectly through our service providers acting on our behalf or through our partners.

The table below summarizes the purposes and legal bases that justify the processing of your personal data.

Table

4. How Do We Obtain Data?

Impacto Positivo only collects data that is necessary, relevant, and appropriate for the purposes defined at the time of collection.

Data is provided by the data subject through the completion of designated fields on our website or via our digital platforms.

5. Data Security

Impacto Positivo is committed to ensuring the confidentiality, protection, and security of personal data of its Clients and Collaborators by implementing appropriate technical and organizational measures to protect data against any form of unlawful or unauthorized processing, as well as against accidental loss or destruction. To this end, we have systems and teams dedicated to ensuring the security of personal data, continuously developing and updating procedures to prevent unauthorized access, accidental loss, and/or destruction of personal data. We are committed to complying with applicable data protection laws and to processing personal data solely for the purposes for which it was collected, ensuring appropriate levels of security and confidentiality.

6. What Are the Data Subjects’ Rights and How Can They Be Exercised?

Data subjects have the right to access the data concerning them and may, under certain circumstances, object to the processing of their personal information.

Under specific conditions established by law, data subjects may also request the deletion of their personal data, as well as the rectification or restriction of its processing.

To exercise these rights, data subjects may submit their request via email to: geral@impacto-positivo.pt
If you believe your data has been processed unlawfully, you may file a complaint with the supervisory authority: https://www.cnpd.pt

This PPDP may be reviewed and updated, with possible changes to its scope and conditions. Therefore, we recommend reviewing it regularly and paying attention to its latest version.

Last updated: 22/09/2025