GDPR Compliance
Last updated: November 8, 2025
Introduction
The General Data Protection Regulation (GDPR) is a European Union regulation that establishes guidelines for the collection and processing of personal information from individuals within the EU. At Wisely Lda, operator of Conte.pt, we take data protection very seriously and are fully committed to GDPR compliance.
Data Controller
Company: Wisely Lda
Address: Rua de S. Pedro n.º 12, 4720-092, Ferreiros – Amares, Portugal
Email: dpo@mail.conte.pt
Legal Representative: João Pedro Melo
Legal Basis for Processing
We process your personal data based on the following legal grounds:
Contract Execution
Processing necessary for the performance of our services to you.
Consent
Processing based on your explicit consent for specific purposes.
Legitimate Interests
Processing necessary for our legitimate business interests.
Legal Obligations
Processing necessary to comply with legal requirements.
Data Processing Activities
Categories of Personal Data
| Category | Purpose | Legal Basis |
|---|---|---|
| Identity Data | Account creation and management | Contract execution |
| Contact Data | Communication and support | Legitimate interest |
| Financial Data | Transaction tracking and reporting | Contract execution |
| Technical Data | Service improvement and security | Legitimate interest |
| Usage Data | Analytics and personalization | Consent |
Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request access to your personal data we process.
Right to Rectification
Request correction of inaccurate personal data.
Right to Erasure
Request deletion of your personal data.
Right to Restriction
Request restriction of processing your data.
Right to Portability
Receive your data in a portable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right to Complain
Lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact our Data Protection Officer at dpo@mail.conte.pt
Third-Party Data Processors
We work with the following third-party processors who handle data on our behalf:
| Processor | Service | Location |
|---|---|---|
| GoCardless | Open Banking API | EU |
| Auth0 | Authentication | EU |
| MongoDB Atlas | Database hosting | EU |
| Google Cloud | Infrastructure | EU |
| Google Drive | Document storage | EU |
All processors are GDPR compliant and have signed appropriate data processing agreements.
International Data Transfers
Your data is primarily processed within the European Economic Area (EEA). When transfers outside the EEA occur, we ensure appropriate safeguards:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries with equivalent data protection
- Binding Corporate Rules where applicable
Data Retention
We retain personal data for different periods depending on the type:
| Data Type | Retention Period |
|---|---|
| Account Data | Active account + 30 days |
| Transaction Data | 5 years (legal requirement) |
| Support Tickets | 2 years after resolution |
| Marketing Preferences | Until withdrawal of consent |
| Security Logs | 90 days |
Security Measures
We implement comprehensive technical and organizational measures:
- Encryption in transit and at rest
- Regular security audits and penetration testing
- Access controls and authentication
- Employee training on data protection
- Incident response procedures
- Regular backups and disaster recovery
- Secure development practices
- Data minimization principles
Data Breach Response
In the event of a data breach, we follow a strict response procedure:
- Immediate assessment and containment of the breach
- Notification to authorities within 72 hours when required
- Notification to affected users if there is high risk to their rights
- Documentation and implementation of measures to prevent future breaches
Privacy by Design
We implement privacy by design principles in all our operations:
- Data minimization - we only collect necessary data
- Purpose limitation - data is used only for stated purposes
- Privacy settings are set to maximum by default
- End-to-end encryption for sensitive data
Children's Data
Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.
Cookies and Tracking
We use cookies and similar technologies to provide and improve our services. Our use of cookies is detailed in our Cookie Policy.
For more information, see our Cookie Policy
Complaints
If you have concerns about our data processing, you have the right to lodge a complaint with the supervisory authority:
Authority: Comissão Nacional de Proteção de Dados (CNPD)
Website: www.cnpd.pt
Address: Av. D. Carlos I, 134 - 1º, 1200-651 Lisboa, Portugal
Phone: +351 21 392 84 00
Updates to This Notice
We may update this GDPR compliance notice periodically. Significant changes will be communicated via email or through our service. The last update date is shown at the top of this page.
Contact Us
For any GDPR-related queries or to exercise your data protection rights:
Data Protection Officer
Email: dpo@mail.conte.pt
Address: Wisely Lda, Rua de S. Pedro n.º 12, 4720-092, Ferreiros – Amares, Portugal