Privacy policy

1. General Framework

This Privacy Policy governs the collection and processing of personal data of users of the website https://www.pigmentco.com, in strict compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 - GDPR) and other applicable legislation in Portugal.

2. Data Controller

Pigment & Co is a brand created and managed by Proposta de Charme Lda, which is the entity responsible for processing the personal data collected on this website.


Proposta de Charme Lda
NIPC: PT516616480
Head Office: Avenida São Miguel das Encostas 249, Office 13, 2775-750 Carcavelos


3. Data Collected

We collect the following data through forms, cookies, and interactions with the site:

  • Name, email, and phone number (for example, in contact requests or newsletter subscriptions)
  • Address and billing information (for purchases)
  • Purchase and browsing history
  • Marketing preferences
  • IP address, browser type, and device (for analytical purposes)

4. Purposes of Processing

We process your data in order to:

  • Process and deliver orders
  • Manage customer registration and accounts
  • Send transactional and promotional communications (with prior consent)
  • Comply with legal and tax obligations
  • Improve browsing experience and personalize content
  • Prevent fraud and ensure store security

5. Legal Basis

Your data is processed based on:

  • Performance of a contract (online purchases)
  • Consent (e.g., newsletter)
  • Legitimate interest (security, service improvement)
  • Compliance with legal obligations (e.g., invoicing)

6. Data Sharing

Data may be shared with:

  • Payment platforms
  • Shipping services
  • Technical and analytical service providers
  • Legal and tax authorities, when required by law

7. International Data Transfers

If data transfers occur outside the European Economic Area, we ensure that appropriate measures are adopted, namely standard contractual clauses approved by the European Commission.

8. Retention Period

Data will be retained for:

  • The time necessary to fulfill the stated purposes
  • Legal retention periods (e.g., 10 years for billing data)
  • Until consent is withdrawn (in applicable cases)

9. Data Subject Rights

The user may, at any time, exercise their rights:

  • Access, rectification, and erasure of data
  • Restriction and objection to processing
  • Data portability
  • Withdrawal of consent
  • Lodging a complaint with the CNPD (www.cnpd.pt)

10. Security Measures

We adopt appropriate technical and organizational measures to protect your data, including encryption, access controls, and restricted access policies.


 

 


Last updated: June 2025