FINDER IBERIA, UNIPESSOAL LDA.
Privacy and Personal Data Protection Policy
In compliance with the General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 and Portuguese Law No. 58/2019 of 8 August
Last updated: February 2026
The entity responsible for the processing of your personal data is Finder Iberia, Unipessoal Lda. (hereinafter referred to as "FINDER" or "we"), a single-member limited liability company, with registered office at Rua de Aveiro, 340, Zona Industrial das Barrosinhas, Apartado 439, 3750-909 Águeda, registered with the Commercial Registry under the single registration and legal person number 518999262.
FINDER is a subsidiary of Finder Yangın Güvenlik Elektronik Sistemleri A.Ş., headquartered in Antalya, Türkiye, which acts as the parent company and, in certain circumstances described in this policy, as a data processor.
For any questions regarding the processing of your personal data or to exercise your rights, you may contact us through:
E-mail: info@finderiberia.com
Address: Rua de Aveiro, 340, Zona Industrial das Barrosinhas, Apartado 439, 3750-909 Águeda
Telephone: +351 967 308 933
This Privacy and Personal Data Protection Policy aims to inform data subjects about how FINDER collects, processes, stores, and protects personal data, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "GDPR"), Portuguese Law No. 58/2019 of 8 August (National Implementing Law of the GDPR), and all other applicable legislation on the protection of personal data in Portugal.
This policy applies to all personal data collected through our website (finderiberia.com), our customer service channels, commercial and contractual relationships, and any other means of interaction with FINDER.
FINDER is committed to processing your personal data in accordance with the following fundamental principles set forth in Article 5 of the GDPR:
Lawfulness, fairness and transparency: Data is processed lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose limitation: Data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation: Data collected is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
Accuracy: Data is accurate and kept up to date where necessary.
Storage limitation: Data is kept only for as long as necessary for the purposes for which it is processed.
Integrity and confidentiality: Data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
In the course of its activities, FINDER may collect and process the following categories of personal data:
Full name, tax identification number (NIF), identity document number, address, telephone number, e-mail address.
Company or organisation, position, billing information, order history and contracted services.
Records of contacts made by telephone, e-mail or website forms, including the content of messages exchanged and requests made.
IP address, browser type, pages visited, time spent, cookie data and similar technologies (see section 10).
As a rule, FINDER does not request or process any special categories of personal data (sensitive data) within the meaning of Article 9 of the GDPR. Should such processing exceptionally become necessary, the explicit consent of the data subject will always be obtained, or another legal basis under Article 9(2) of the GDPR will be ensured.
Your personal data is processed for the following purposes, with the respective legal bases under Article 6(1) of the GDPR:
|
Purpose |
Legal Basis (GDPR) |
|
Execution and management of contracts for the supply of fire safety and electronic security systems |
Performance of a contract (Art. 6(1)(b)) |
|
Responding to requests for information and quotations |
Pre-contractual measures (Art. 6(1)(b)) |
|
Invoicing and fulfilment of tax and accounting obligations |
Legal obligation (Art. 6(1)(c)) |
|
Sending commercial and marketing communications |
Consent (Art. 6(1)(a)) |
|
Improvement of our services and user experience on the website |
Legitimate interest (Art. 6(1)(f)) |
|
Management of complaints and exercise of data subject rights |
Legal obligation (Art. 6(1)(c)) |
|
Compliance with legal and regulatory obligations regarding fire safety |
Legal obligation (Art. 6(1)(c)) |
Where processing is based on consent, the data subject has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent given prior to its withdrawal.
Your personal data will be retained only for the period strictly necessary for the purposes that motivated its collection, unless there is a legal obligation to retain it for a longer period. In particular:
Contractual data: retained for the duration of the contract and for the applicable legal limitation period after its termination (as a general rule, 20 years under the Portuguese Civil Code for real actions, or shorter periods as applicable).
Tax and accounting data: retained for a minimum period of 10 years, in accordance with Portuguese tax legislation.
Marketing data: retained until the data subject withdraws their consent.
Browsing data: retained for the period defined in the cookie policy (see section 10).
Upon expiry of the applicable retention period, personal data will be erased or irreversibly anonymised.
For the purposes of centralised management of information systems and operational support, your personal data may be transferred to Türkiye, where the parent company, Finder Yangın Güvenlik Elektronik Sistemleri A.Ş., is headquartered and ensures the storage and processing of data on servers located in that country.
Important: As of the date of this policy, Türkiye does not have an adequacy decision from the European Commission under Article 45 of the GDPR. Therefore, the transfer of personal data to Türkiye is carried out on the basis of the following appropriate safeguards under Article 46 of the GDPR:
Explicit consent of the data subject, pursuant to Article 49(1)(a) of the GDPR, after having been informed of the possible risks that such a transfer may entail due to the absence of an adequacy decision and appropriate safeguards.
The data subject has the right to obtain a copy of the appropriate safeguards used for the transfer of their data by contacting us through the means indicated in section 1.
Your personal data may be disclosed or shared with the following categories of recipients, to the extent strictly necessary for the purposes indicated:
Parent company: Finder Yangın Güvenlik Elektronik Sistemleri A.Ş. (Türkiye), for the purposes of centralised management and operational support, as described in section 7.
Service providers: companies providing services on behalf of FINDER, namely accounting services, legal consultancy, web hosting, IT maintenance and logistics, bound by sub-processing agreements that ensure compliance with the GDPR.
Public authorities: when required by applicable law or regulation, namely the Tax and Customs Authority, the National Civil Protection Authority, or courts.
FINDER does not sell, lease or transfer your personal data to third parties for commercial or marketing purposes without your prior and explicit consent.
Under the GDPR and Portuguese Law No. 58/2019, data subjects have the following rights:
a) Right of access (Article 15 GDPR): the right to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, the right to access your personal data and the information provided for in that article.
b) Right to rectification (Article 16 GDPR): the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you, as well as the right to have incomplete personal data completed.
c) Right to erasure ("right to be forgotten") (Article 17 GDPR): the right to obtain the erasure of your personal data without undue delay where one of the grounds provided for in that article applies.
d) Right to restriction of processing (Article 18 GDPR): the right to obtain restriction of processing where one of the situations provided for in that article applies.
e) Right to data portability (Article 20 GDPR): the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller. Under Portuguese Law No. 58/2019, this right applies only to data provided by the data subject and, wherever possible, portability must be carried out in an open format.
f) Right to object (Article 21 GDPR): the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on the legitimate interest of the controller. The data subject also has the right to object to processing for direct marketing purposes.
g) Right not to be subject to automated individual decision-making (Article 22 GDPR): the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
h) Right to withdraw consent: where processing is based on consent, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given prior to its withdrawal.
To exercise any of these rights, you should send your request in writing to the contacts indicated in section 1. FINDER will respond to your request within a maximum period of 30 days, which may be extended by a further 60 days in the event of complexity or a high volume of requests, with the data subject being informed of such extension. The exercise of these rights is free of charge, except in the case of manifestly unfounded or excessive requests, in accordance with Article 12(5) of the GDPR.
The website finderiberia.com uses cookies and similar technologies. Cookies are small text files stored on your device when you visit our website.
Under Article 5 of Portuguese Law No. 41/2004 of 18 August, and the GDPR, the storage of information and access to information stored on your equipment is only permitted with your prior informed consent, except where:
a) The sole purpose of the storage is to carry out the transmission of a communication over an electronic communications network; or
b) It is strictly necessary for the provision of an information society service expressly requested by the user.
The types of cookies used on our website include:
Strictly necessary cookies: essential for the operation of the website. They do not require consent.
Analytical cookies: allow us to analyse the use of the website for continuous improvement. They require consent.
Marketing cookies: used to display relevant advertising. They require consent.
You may manage your cookie preferences at any time through the cookie banner displayed on the website or through your browser settings.
FINDER implements appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or damage, in accordance with Article 32 of the GDPR. These measures include, among others:
a) Encryption of data in transit (SSL/TLS);
b) Access controls based on the need-to-know principle;
c) Regular backups;
d) Training of staff on data protection matters;
e) Periodic assessment of the effectiveness of implemented security measures.
In the event of a personal data breach that may result in a risk to the rights and freedoms of data subjects, FINDER will notify the Portuguese Data Protection Authority (CNPD) within a maximum of 72 hours after becoming aware of the breach, in accordance with Article 33 of the GDPR.
If the personal data breach is likely to result in a high risk to your rights and freedoms, you will also be notified without undue delay, in accordance with Article 34 of the GDPR.
Under Article 8 of the GDPR and Article 16 of Portuguese Law No. 58/2019, where processing is based on consent in the context of the direct offer of information society services, the processing of personal data of children under the age of 13 is only lawful if and to the extent that consent is given or authorised by the holders of parental responsibilities, through a secure means of authentication.
Under Article 17 of Portuguese Law No. 58/2019, the protection of personal data extends to the processing of special categories of personal data of deceased persons, as well as data relating to privacy, image and communications. The corresponding rights may be exercised by the person designated by the deceased for that purpose or, in the absence thereof, by their heirs.
Should FINDER use video surveillance systems at its premises in Portugal, the resulting data processing will be carried out in compliance with the GDPR and applicable national legislation. Video surveillance cameras may not be directed at public roads, interior spaces reserved for clients or workers (such as bathrooms, waiting rooms and changing rooms), nor may they be directed at ATMs in such a way as to capture the keyboard, in accordance with Portuguese Law No. 58/2019.
Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with the competent supervisory authority if they consider that the processing of their personal data infringes the GDPR or national data protection legislation.
The competent supervisory authority in Portugal is:
Comissão Nacional de Proteção de Dados (CNPD)
Rua de São Bento, n.º 148, 3.º
1200-821 Lisboa
Telephone: +351 213 928 400
E-mail: geral@cnpd.pt
Website: www.cnpd.pt
FINDER reserves the right to amend this Privacy Policy at any time, in accordance with applicable legislation. Any significant changes will be communicated through our website. We recommend that you regularly consult this policy to stay informed about how we protect your personal data.
This policy is governed by the following legislation:
a) Constitution of the Portuguese Republic (Articles 26, 34 and 35);
b) Regulation (EU) 2016/679 (General Data Protection Regulation);
c) Portuguese Law No. 58/2019 of 8 August (National Implementing Law of the GDPR);
d) Portuguese Law No. 41/2004 of 18 August (Protection of personal data and privacy in electronic communications);
e) Portuguese Law No. 59/2019 of 8 August (Processing of data for the purposes of prevention and criminal investigation);
f) All other applicable national and European legislation on the protection of personal data.
Finder Iberia, Unipessoal Lda.
Privacy and Personal Data Protection Policy
Last updated: February 2026
PT