Privacy Policy
1. Introduction
Point Conception Capital (“we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with us through our website at www.pointcc.com or by email correspondence.
This policy has been prepared in accordance with Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR), Lei n.º 58/2019 of 8 August (the Portuguese data protection framework law implementing the GDPR), and Directive 2002/58/EC — the ePrivacy Directive, as transposed into Portuguese law. By using our website or contacting us, you acknowledge that you have read and understood this policy.
2. Data Controller
Point Conception Capital is the data controller responsible for your personal data. We determine the purposes and means by which your personal data is processed. Our registered address is set out in the Contact Us section below.
For any data protection matters, you may contact our data protection lead at the details set out below. Where a formal Data Protection Officer (DPO) appointment is required under Article 37 of the GDPR, we will update this section accordingly with the DPO's contact details:
Point Conception Capital
Website: www.pointcc.com
Privacy enquiries: privacy@pointcc.com
3. Personal Data We Collect
We collect only the minimum personal data necessary to communicate with you and provide our advisory services. This may include:
Your name and professional title
Your email address and other contact information you provide
Your company or organisation name
The content of your messages and correspondence with us
Technical data such as IP address, browser type, device information, and data collected through cookies and similar tracking technologies when you visit our website (please refer to the Cookies and Tracking Technologies section below)
We do not collect sensitive personal data (as defined under Article 9 of the GDPR). We do not engage in automated decision-making or profiling as referred to in Article 22 of the GDPR, including any processing intended to evaluate personal aspects relating to you.
4. Legal Basis for Processing
We process your personal data only where we have a valid legal basis to do so under the GDPR. The legal bases we rely upon are:
Consent (Art. 6(1)(a)): when you subscribe to our communications or contact us voluntarily
Contractual necessity (Art. 6(1)(b)): when processing is required to perform services you have requested
Legitimate interests (Art. 6(1)(f)): to operate and improve our website, and to maintain professional relationships
Legal obligation (Art. 6(1)(c)): where we are required to comply with applicable law
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to ensure its proper functioning and to analyse website usage, in accordance with Directive 2002/58/EC (the ePrivacy Directive) as transposed into Portuguese law. Cookies are small text files stored on your device when you visit our website. We use the following categories of cookies:
Strictly necessary cookies: These are essential for the operation of our website and cannot be disabled. They do not require your consent.
Analytics cookies: These help us understand how visitors interact with our website by collecting information anonymously. We use these cookies on the basis of your consent.
You may manage your cookie preferences at any time through your browser settings or through the cookie consent mechanism on our website. Disabling certain cookies may affect the functionality of the website. For further information on the cookies we use, please contact us at privacy@pointcc.com.
6. How We Use Your Data
Your personal data is used exclusively for the following purposes:
Responding to enquiries and correspondence
Managing our professional and client relationships
Sending relevant updates or communications where you have consented
Complying with legal and regulatory obligations
Improving the performance and usability of our website
We will never use your data for purposes incompatible with those stated above without first seeking your consent.
7. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:
With trusted service providers who support our operations (e.g. email hosting, website infrastructure), under strict data processing agreements
Where required by law, regulation, or a court order
With your explicit consent
Any third-party processors we engage are required to handle your data in compliance with the GDPR and to implement appropriate technical and organisational security measures.
8. International Data Transfers
We do not transfer your personal data outside the European Economic Area (EEA). All personal data collected and processed by us is stored and processed exclusively within the EEA. In the event that any such transfer becomes necessary in the future, we will update this policy accordingly and ensure that appropriate safeguards are in place in accordance with Articles 44 to 49 of the GDPR prior to any such transfer.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are determined by reference to the nature of the data, the purposes of processing, and our legal and regulatory obligations (including, without limitation, obligations arising under applicable tax legislation, anti-money laundering regulations, and financial services law). In practice:
Contact and correspondence data is retained for up to 5 years from the last interaction
Data held for legal or regulatory compliance purposes is retained for the period required by law
Website analytics data is typically retained for 26 months
When data is no longer required, it is securely deleted or anonymised.
10. Your Rights Under GDPR
As a data subject under the GDPR, you are entitled to the following rights. You may exercise any of these rights at any time by contacting us at privacy@pointcc.com.
Right of Access: Request a copy of the personal data we hold about you (Art. 15).
Right to Rectification: Ask us to correct inaccurate or incomplete data (Art. 16).
Right to Erasure: Request deletion of your data where there is no compelling reason for its continued processing (Art. 17).
Right to Restriction: Ask us to restrict processing of your data in certain circumstances (Art. 18).
Right to Data Portability: Where processing is based on your consent or on the performance of a contract and is carried out by automated means, receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller (Art. 20).
Right to Object: Object to processing based on legitimate interests or for direct marketing (Art. 21).
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.
Right Regarding Automated Decision-Making: Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22).
Right to Lodge a Complaint: Contact the CNPD or another supervisory authority if you believe your rights have been infringed.
We will respond to all legitimate requests within one month. In complex cases, this may be extended by a further two months, with prior notice provided to you.
11. Data Concerning Minors
Our services are not directed at individuals under the age of thirteen (13) years, in accordance with Article 16 of Lei n.º 58/2019. We do not knowingly collect or process personal data from minors. If we become aware that we have inadvertently collected personal data from a minor without appropriate parental or guardian consent, we will take reasonable steps to delete such data without undue delay. If you believe that we may have collected data from a minor, please contact us immediately at privacy@pointcc.com.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include, among others, secure communications, access controls, and regular review of our data processing practices. Where appropriate, we carry out data protection impact assessments in accordance with Article 35 of the GDPR.
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours, and you directly without undue delay, as required under Articles 33 and 34 of the GDPR.
13. Supervisory Authority
The competent supervisory authority in Portugal is the Comissão Nacional de Proteção de Dados (CNPD). If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the CNPD:
CNPD — Comissão Nacional de Proteção de Dados
Website: www.cnpd.pt
Rua de São Bento, 148-3º, 1200-821 Lisboa, Portugal
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legal requirements. The current version will always be available at www.pointcc.com/privacy. We encourage you to review this page periodically.
Material changes will be communicated to known contacts by email where appropriate.
15. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:
Data Protection Enquiries
Point Conception Capital, Sociedade Unipessoal limitada
Rua Castilho, 14C, 5º Andar
1250-069 Lisboa
Portugal