Privacy Policy

Date of last update: 03.12.2025

This Privacy Policy describes how Boloarte (hereinafter referred to as “we”, “our” or “store”) collects, uses and protects users’ personal data when visiting or making purchases on the boloarte.pt website.

We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring the security and confidentiality of your data.

1. Responsible for Data Processing

The entity responsible for processing personal data is:

  • Name/Company: Arraial Empolgante Unipessoal Lda
  • NIF: 517855291
  • Address: Portugal, Lisbon
  • Email: [email protected]

2. What Data Do We Collect?

When using our online store, we may collect the following categories of data:

  1. Purchase Information: Name, billing address, shipping address, telephone number, NIF (for billing) and email address. This data is essential to process your order.
  2. Payment Details: We do not store your credit card details. Transactions are processed by secure payment gateways (e.g. [Stripe / PayPal / Ifthenpay]). We only receive payment confirmation.
  3. Account Data: If you create a customer account, we save your order history and preferences.
  4. Browsing Data (Cookies): IP address, type of device, browser and pages visited (used for statistics and operation of the shopping cart).

3. Purpose of Processing (What do we use the data for?)

We use your personal data for the following legitimate purposes:

  • Order Processing: To ship products, issue invoices and communicate delivery status.
  • Customer Support: To answer questions, exchanges or returns.
  • Legal Obligations: To comply with tax obligations before the Tax Authority (invoicing).
  • Marketing (Optional): Only if you have given your explicit consent (e.g. subscribing to the newsletter), we will send emails about news, special teas or promotions. You can unsubscribe at any time.

4. Data Sharing with Third Parties

We do not sell your data to third parties. However, to ensure the operation of the store, we share what is strictly necessary with trusted service providers:

  • Transporters: (Ex: CTT, DPD) – To deliver the order to your address.
  • Payment Processors: – To validate financial transactions.
  • Accounting/Invoicing Services: – For the legal issuance of certified invoices.

5. Conservation Periods

We only keep your data for as long as necessary:

  • Billing Data: Retained for 10 years, as required by Portuguese tax law.
  • Marketing Data: Until the user unsubscribes or requests to be forgotten.
  • Inactive Accounts: If there is no activity on the account for an extended period (e.g. 3 years), the data may be deleted.

6. Your Rights

Under the GDPR, you have the right to:

  1. Access: Request a copy of the data we hold about you.
  2. Rectification: Correct incorrect or incomplete data.
  3. Forgetfulness (Deletion): Request the deletion of your data (except if conservation is required by law, as in the case of invoices already issued).
  4. Portability: Receive your data in a structured format.

To exercise any of these rights, simply send an email to [email protected].

7. Cookies

Our website uses “cookies” (small text files) to improve your browsing experience.

  • Essential Cookies: Necessary for the shopping cart to function.
  • Analytical Cookies: (Ex: Google Analytics) They help us understand how the website is used, anonymously.

You can manage or disable cookies in your browser settings.

8. Security

We implement technical measures (such as site-wide SSL/HTTPS certificate) to protect your data against unauthorized access, loss or alteration.

9. Complaints

If you consider that your data is not being processed correctly, you have the right to lodge a complaint with the national supervisory authority: CNPD – National Data Protection Commission.