Privacy Policy

1) Who is the data controller

The controller of the personal data collected through this website is the entity operating the “IMT Portugal” service and handling contact/legal assessment requests.

IMT and Stamp Duty Portugal

2) What data we collect

When you submit the form, we may collect:

• Contact data: name, email and phone (if provided).
• Request data: area of interest, message/question and additional details.
• Optional context data: estimated property value, location (text), property use (HPP/secondary), age and tax residence country.
• Technical and usage data: IP address, IP country, user-agent (device/browser), page URL, referrer and campaign parameters (UTM/gclid/fbclid), when available.
• Analytics data, only after consent: website browsing and usage information collected through Google Analytics / Google tag, such as pages viewed, interactions, approximate traffic source, device/browser and statistical usage data.

Anti-spam: we use Cloudflare Turnstile to prevent automated submissions. This mechanism may process/evaluate technical signals necessary for security and abuse prevention.

Important: non-essential analytics technologies are only activated after your positive choice in the cookie banner/preferences.

3) Purposes and legal bases

• Responding to your request and providing professional contact — pre-contractual steps at the data subject’s request and/or contract performance (when applicable).
• Preliminary assessment of your eligibility based on the submitted information — pre-contractual steps and/or legitimate interest in providing an appropriate response.
• Security and fraud/abuse prevention (e.g., anti-spam, rate limiting) — legitimate interest.
• Compliance and record-keeping of communications (when necessary) — compliance with legal obligations and/or legitimate interest.
• Statistical measurement and analysis of website use through Google Analytics / Google tag — consent, only after acceptance of non-essential cookies.

4) Who we share data with (processors)

We may use service providers that process data on our behalf, including:

• Cloudflare (infrastructure/security) to operate the form, protect the website and store request records.
• Mailgun to send notifications.
• Google / Google Analytics for statistical measurement and website usage analytics, only after consent for analytics cookies.

Access is limited to what is necessary for the service and subject to confidentiality and security obligations.

5) International transfers

Data may be processed by providers with internationally distributed infrastructure. Where applicable, appropriate safeguards (e.g., Standard Contractual Clauses) are used to protect personal data.

6) Retention periods

We retain data for the period necessary to handle the request and comply with legal or record-keeping requirements.

• Requests/leads: typically up to 12 months after the last contact, unless longer retention is required by law or for case record-keeping.
• Technical logs (security/anti-abuse): variable periods, generally limited to what is necessary for protection and auditing.
• Analytics data: retained in accordance with the retention settings applicable to the analytics tool in use and only where valid consent for non-essential cookies exists.
• Cookie preference records: may be retained to document your choice and manage future visits to the website.

These periods may be adjusted depending on the nature of the request, the applicable technical configuration and legal/professional requirements.

7) Data subject rights

Under the GDPR, you may exercise the following rights: access, rectification, erasure, restriction, objection and portability (where applicable).

Where processing is based on consent, including analytics purposes, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal. You may do so through the cookie preferences available on the website or by consulting our Cookie Policy.

To exercise your rights, contact: [email protected]

You also have the right to lodge a complaint with the competent supervisory authority, including the CNPD — Portuguese Data Protection Authority, without prejudice to any other administrative or judicial remedy.

8) Security and confidentiality

We apply appropriate technical and organisational measures to protect data (e.g., access controls, logging and monitoring, anti-spam and abuse protection).

Where the request is handled by legal professionals, confidentiality and professional secrecy duties may apply under applicable law.

9) Changes to this policy

We may update this Privacy Policy to reflect service improvements or legal/operational changes. The “last update” date will be revised accordingly.