Petapilot Privacy Policy


By visiting this website and using our services, you agree to the processing of certain personal data. We take this as big responsibility and work hard to protect all data. Certain functions of the website and related services can trigger processing of personal data, which is why visitors shall be informed about the details of this processing, its purpose, and of course their personal rights. Every data processing process on this website occurs in accord with data protection law, including the Regulation guidelines (UE) 2016/679, of the European Parliament and of the Council of the 27TH of April of 2016- General Regulation on the Protection of Personal Data, and also to the assortment of the Portuguese laws which regulates the theme of the protection of personal data. Therefore an agreement for this data processing is obtained if there is no legal basis for an individual case of data processing.

In most circumstances, your data will only be processed within the UK or EEA. If for any reason we need to have your data processed elsewhere we will inform you of that, any privacy risks involved and what we have done to minimise those risks. In some circumstances, we would also seek your consent for that. Some of our data is stored, or otherwise processed for us, outside the UK/EU. In those circumstances we ensure that our contracts with those processors and their processing comply with UK/EU data privacy standards and rules.

You can at any time ask us to tell you what personal data relating to you we hold.
You also have the right to ask us to rectify your data if it is inaccurate, erase it or restrict the processing of it. In some circumstances, you can ask us to provide it to you in a format which would allow you to transfer it digitally to another.
Where we have requested and you have given us consent to process your data you may withdraw that consent at any time.
Were our business to be sold all your data would be transferred to the purchaser so that they could use it in the same way as we do now.
If you are at all concerned about our processing of your data please let us know by emailing [email protected]

Petapilot ensures that the data which is processed is:

- Object to illicit, loyal and transparent processing in regard to the Holder;
- Collected for specific purposes, explicit and legitimate, not being processed later in a incompatible way for those purposes;
- Suitable, relevant and limited to the required, relatively to the purposes to which they’re processed for;
- Exact and updated when needed, adopting appropriate measures so that the inaccurate data is deleted or rectified without delay, taking into account the purposes which they’re processed for;
- Preserved in a way that allows to identify the Holder, only during the required period for the purposes which they’re processed for;
- Processed in a manner that guarantees its safety, including protection against its unauthorised or illicit processing and against its loss, destruction or accidental damage, adopting the appropriate technical and organisational measures.

Personal Data

The usability and Personal Data information are named in the present Privacy Policy as “Personal Data”.
The current Personal Data Protection Policy applies exclusively to personal data treatment by Petapilot.

This Privacy Policy regulates the personal data treatment of the users (forwardly known as “User” or “Users”), gathered in the scope of the usage of the Petapilot website and services, by Petapilot, S.A., as accountable entity for personal data treatment. The availability of your personal data implies the knowledge and acceptance of this Privacy Policy’s conditions. The User may find detailed information in the following points:

Personal Data Processing and Collection

In the scope of concluding work contracts, service provision contracts in which he intervenes as a Supplier or Client, as well as in supplying of goods contracts, Petapilot may require different entities to make personal data available. This information provided allows us to identify and/or contact and that can be processed for that purpose. As a rule, Personal Data is requested when submitting applications, or contract handling, of both work, supplying of goods or service provision.

Petapilot may collect data directly from the Holder, through partner entities or third parties. Personal Data gathered may vary according to the reason which originates its collection. In the same way, the processing will also vary depending on the purpose of its destination, as well as the period of data preservation, which in any case, won’t exceed the maximum limit of 10 (ten) years. Petapilot is the Entity which is responsible for processing Personal Data and for the fulfilment of the present Privacy Policy.

Transmission of data is not legally or contractually obligated, and there is no other obligations for it. However, the transmission is required for completion of contracts provided by us, since we cannot complete our services without this transmission of data.

In addition to the general information about the Right to Revocation of an Agreement (see below), we inform you that you, at any time, have the possibility to revoke any collection, processing and/or usage of data transmitted to us. A revocation like this is not bound to a certain submission method and can therefore be submitted using your preferred mode of communication.

Your Rights

According to the GDPR and other applicable laws, the persons affected by data processing have the following rights:

Right to Information: Affected parties can request a confirmation of the processing of their personal data from the responsible parties. This includes information about the intent of the processing, the recipients or categories of recipients that receive the processed data, and, if possible, the planned duration of the criteria for setting the duration of data retention. It also includes the existence of a right to erasure or rectification of the data, the existence of a right to submitting complaints to the supervisory authorities, information about the origin of the data if it did not originate from the affected party, the existence of an automated decision making including profiling and, in these cases, the involved logic as well as the scope and the intended consequences, and finally, information regarding transmission of data into third-party countries or to an international organization in these cases. Affected parties also have the right to receive a copy of the processed data.

If the right to rectification, erasure or restriction is invoked, the affected can request to see who the processed data is transmitted to.

Right to lodge a complaint with a supervisory authority: Affected parties have the right to lodge a complaint with a supervisory authority if they hold the belief that the processing of data violated the GDPR.

Right to rectification: Affected parties can request the rectification of incorrect related user data. A rectification can also lie in the completion of relevant data.

Right to erasure (“right to be forgotten”): Affected parties can request the immediate erasure of personal data, if the data is currently irrelevant for the specified purpose, or, if the legal basis for data processing is the consent of the affected, if this consent is retracted and there is no other legal basis for the processing of data. Affected parties can request erasure if the they object according to GDPR Art. 21 §1 against the processing of data, and if there are no prioritised qualifying reasons, or if the affected objects according to GDPR Art. 21 §2. They can request erasure if the data is illegally processed, or if the erasure is necessary for fulfillment of a legal requirement according to union law or the law of the member state(s) of the affected, or if the data was upraised in relation to provided services of the information society according to GDPR Art. 8 §1. The requirement to erasure does not apply to the affected if the processing occurs for exercising the right to free speech and information, if the processing occurs to fulfill a legal obligation that is required according to union law or law of the member state(s) of the affected, for realization of an obligation in public interest, for reasons of public interest in the area of public health, for archival reasons in public interest, for scientific or historic research purposes or for statistical purposes according to GDPR Art. 89 §1, as far as the right to erasure hinders the realization of these goals or makes them unattainable, or as far as it is required for the enforcement or defending of legal claims.

Right to restriction of processing: Affected parties can request a restriction of processing from the responsible parties, if the correctness of the personal data is contested by the affected. This right is exercised for a time period which allows for the affected to verify the correctness of the data, and subsequently if the processing of the data would be unlawful. The affected can also exercise the right to restriction of processing if the processing of data is unlawful and, instead of erasure of personal data, request restriction of processing of personal data. The right can also be exercised if the responsible party does no longer need personal data for purposes of data processing, or if the affected has objected to the processing according to GDPR Art. 21 §1, as long as it is unclear whether the reasoning of the responsible parties outweighs those of the affected parties. In case the right to restriction of processing is exercised, the data can only be processed with consent of the affected parties, or for reasons of enforcement or defense of legal claims from an important public interest of the union or the member states. The affected parties are to be informed about annulment of the restriction.

Right to Data Portability: Affected parties can request their personal data that is available to the responsible parties be provided in a structured, common, and machine-readable format. They have a claim that this data is transmitted to another responsible party without interruptions, if the processing occurs on the basis of a mutual agreement or for purposes of contract fulfillment, and if it happens using automated processes. The direct transmission to another responsible party can be requested as far as it is feasible technically.

Right to Object: Affected parties can object against the processing of related personal data at all times, if the processing is required for the realization of a duty in public interest, or the enforcement of public interest is required by the responsible parties, or if the processing is required for preservation of the stated interests of the responsible parties or other affiliated third parties and as far as the interests or basic rights and freedoms of protection of personal data do not outweigh it. This also applies to data-based profiling. Processing has to be omitted when not compelling, protection-worthy reasoning that outweighs the interests, rights and freedoms of the affected can be produced for the processing of data, or when the processing serves the enforcement or defence of legal claims.

Affected parties can object at all times if the processing takes place for purposes of direct advertising. This also applies for profiling (for more details, see below), as far as it is related to such direct advertising. In such cases, further processing of data is not allowed.

The right to object can be exercised regardless of the guidelines 2002/58/EG via automated processes, for which technical specifications are in use. The affected can only object against the processing that occurs because of scientific or historical research purposes according to GDPR Art. 89 §1 if the processing is not required for fulfilling a task in public interest.

Automatic individual decision-making, including profiling: Affected parties can demand to not be subjected to a decision that is based exclusively on automated processing (including profiling) that may have legal consequences or other significant impairments, unless it is for contract conclusion or fulfillment, or if it is required due to legal regulations of the union or member state(s) of the responsible parties, and these regulations include appropriate measures for preservation of the rights and freedoms as well as the justified interests of the affected, or if the automated processing occurred with consent of the affected.

Right to Revocation: The possibility to revoke any agreement for the processing of personal data without naming of any reasons exists at all times and without a specified form. A revocation merely has to be declared to the responsible parties or towards a representative of any of the responsible parties.


In the Framework of processing Personal Data, Petapilot may hire third parties, which are subcontracted, to proceed to the processing of Personal Data on our behalf, and in accordance to our instructions, in compliance with the law and the present Privacy Policy.
These subcontracted entities cannot transmit Personal Data to other entities or contract other entities without prior written authorization.
Petapilot is commited to subcontract only the entities which present sufficient guarantees in executing appropriate technical and organizational measures, to ensure the defence of rights.
Petapilot also uses the service of subcontracted workers for the development of some specific projects. In these scenarios Petapilot assumes to regulate and communicate to those people, the object and the length of the process, the nature and purpose of the processing, the type of personal data, the categories of the holders given and the rights and duties of those parts.
When collecting personal data, we provides the User with information about the categories of the subcontracted entities that, in the actual case, may process data on our behalf.

Data treatment responsible

The responsible entity for personal data treatment and gathering is Petapilot who in its context, decides what data to be gathered, the treatment means to be used, the conservation period and what they’re used for.

Why do we gather your data?


We process your data to enable us to contact you in your role within your organisation and in order to record any information that you provide to us. That contact may include sending you a newsletter or marketing material but only if they are relevant to your role. We may also need to use it in order that we can recommend you or the goods and services of your organisation to others.

Legitimate Interest

We have a legitimate interest in using your data for those purposes. We do not need your consent. You can however at any time tell us that you do not wish for us to contact you again at all, or that you do not wish to receive marketing material. Those with whom we share it. Some of our data, which could include your personal data, is stored off site by third parties. We may, in connection with a project on which we are working with your organisation, provide it to others working on the same project. We may also provide it to third parties seeking our recommendation of your organisation or someone like you.


Your contact and other data will only be held for as long as you retain your role in your organisation or, if it was relevant to a project, for so long as we retain the records of that project. Why we need your data. Your data is needed principally so that we can contact you and otherwise for the purpose set out above.

Security of your personal data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.


When visiting our Website, you will be asked to give your consent to create and save a text file (Cookie) in your computer. This file will allow to access the site/application in an easier and quick way, as well as to customize it according to your preferences. Most of the browsers accept these files (Cookies) but the Holder may delete them or automatically define its blocking. In the menu “Help” of the browser, you will find how to make the settings. However, if the use of cookies isn’t allowed, there may be some functionalities from the site/application that you cannot use.

If the user does not agree to the usage of cookies, they have the option to disable usage of cookies via their web browser, as well as to delete already created cookies. When not using cookies, the correct display and functionality of the website cannot be assured.

Cookies are exclusively used for enabling security features by our service provider Cloudflare.

Statistics, Display, Co-operation with federal authorities

We may collect anonymous data for statistical porpuses which gives us information on the behaviour of our Users in our website so that we may work to give more valuable content in the future.

Policy amendments

This privacy policy may be updated occasionally by posting a new version on our website. We will take appropriate measures to inform you about them.

Image rights

Each time the Holder participates in an event promoted by Petapilot, namely conferences, parties, sport activities or any other, and without prejudice to the right of honour, intimacy and own image, as well as the applicable law that Petapilot is obliged, it’s considered that the processing and collection of the Holder’s image is legal, as they correspond to a legitimate interest of commercial disclosure sustained by Petapilot (the Holder’s image may be collected, according to normal use, in the scope of marketing activities, promotion and team building, including photos, images and sound), if the Holder has given his consent.
Also within the legitimate interest of commercial disclosure, Petapilot may use this data in photos or videos that are shown in its own means of communication, namely on Internet pages, Facebook pages, LinkedIn pages or other social media, projectors and LCD’s installed in Petapilot’s facilities, etc. The Holder has the right to oppose using his image in the legal terms applied and to ask us to remove his images from its communication means.
In case he doesn’t consent Petapilot using his image, the Holder cannot participate in any events referred above, since we cannot ensure that the Holder’s image isn’t collected.

Third-party websites

The website contains links to other websites. This privacy policy does not apply to these third-party websites or applications that are accessible from, or referenced on, our website.


If you have any questions about this privacy policy or our treatment of your personal data, please contact us or write to us at Petapilot, S.A., Praça General Humberto Delgado, nº 309, 1º, 4000-288 Porto, Portugal.