Privacy Policy

Privacy Policy

This Privacy Policy applies to the following commercial companies, which act as Data Controllers for the personal data they collect and process within the scope of their activities:

SYNERE GROUP, LDA., with registered office at Rua da Zona Industrial, No. 420, 4580-565 Lordelo, Portugal, registered under the single registration and corporate identification number 509413692;

BOLDMAQ, S.A., with registered office at Rua da Zona Industrial, No. 420, 4580-565 Lordelo, Portugal, registered under the single registration and corporate identification number 518231135.

These companies are part of SYNERE (hereinafter referred to as SYNERE GROUP).

1. Framework

This Privacy Policy establishes the commitment of all companies within the Group to the protection of personal data. For the purposes of the GDPR, the Data Controller is the company that collects the data (the legal entity whose website or service you are using), except where the Group acts as Joint Controller (see section “Data Sharing within the Group”).

SYNERE aims to strengthen and consolidate the relationship of trust and proximity it has with its stakeholders (e.g., customers, employees, suppliers, shareholders and investors), through clear and transparent communication about what it does with such data, what rights it recognizes for data subjects, and how these rights may be exercised.

SYNERE acts in strict compliance with the principles described in this policy, with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and with the applicable data protection legislation, in all personal data processing activities for which it is responsible.

This Privacy Policy is part of SYNERE’s internal framework for personal data protection, which includes rules and procedures for managing the security and privacy of personal data. SYNERE processes personal data through various operational and technical means to support its business processes.

SYNERE shares personal data among its companies, identified above, when this is necessary for the pursuit of its legitimate interests. SYNERE has a legitimate interest in managing its activities in an efficient and centralized manner, ensuring corporate cohesion and service quality.

A. Objectives

The Privacy Policy, as a communication instrument, has the following main objectives:

  • To strengthen and consolidate the relationship of trust and proximity between SYNERE GROUP and all its stakeholders;
  • To demonstrate transparency regarding the purposes and legal grounds for the processing activities carried out by SYNERE, as well as the retention periods for the personal data involved;
  • To inform data subjects of their rights regarding the protection of their personal data and how these rights can be exercised;
  • To inform data subjects about who within SYNERE is responsible for addressing requests related to the exercise of their rights or clarifying how their personal data is processed.

B. Scope of Application

This Privacy Policy applies exclusively to the processing of personal data carried out by SYNERE within the context of the purposes described.

For the purposes of this policy, personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identification number or to one or more specific elements of their physical, physiological, genetic, mental, economic, cultural or social identity.

C. Maintenance, Communication and Implementation of the Policy

This Privacy Policy must be reviewed annually whenever there is a change in circumstances and whenever legislative changes occur, in order to ensure that it remains current and compliant with applicable regulations and laws. Proposals for revisions and supervision of the policy’s implementation and compliance are the responsibility of SYNERE’s competent management body.

This policy must be made known to all SYNERE employees and made available to its stakeholders whenever the processing of their personal data is involved, through appropriate channels, namely on the SYNERE website.

2. Privacy Policy Content

A. Our Privacy Commitment

SYNERE operates on the basis of trust and transparency. This commitment extends to our daily relationships with customers, employees, suppliers and other stakeholders. The privacy and security of the data you entrust to us are a priority.

We are committed to collecting, storing, processing, transmitting or deleting your personal data only in a transparent manner and only when necessary for the relationship maintained.

We will inform you how and for what purposes we use your personal data, ensuring that we collect, share and store your personal data in accordance with best practices in security and data protection.

Whenever your personal data is collected, stored, processed, transmitted or deleted by subcontracted entities, we require those entities to maintain the same level of privacy and security.

We want you to feel confident that your personal data is safe with us, as we remain committed to protecting your privacy and take our responsibilities regarding personal data protection very seriously.

If you have any questions about how we use your personal data, we will be available to assist you through the email marketing@synere.pt.

B. Who Is Responsible for Your Personal Data

The company SYNERE GROUP, LDA., identified above, is the Data Controller of your personal data for the purposes of centralized Group management, in accordance with the General Data Protection Regulation and the complementary data protection legislation in force in the countries where it operates.

Each of the companies identified above forms part of SYNERE. Therefore, your personal data may be transmitted and processed by any company belonging to the Group for internal administrative purposes and based on the legitimate interest of the Group.

For all matters relating to the processing of your personal data and the exercise of your rights, you may contact us through:

Email: marketing@synere.pt
Address: Rua da Zona Industrial, No. 420, 4580-565 Lordelo, Portugal

C. Personal Data We May Collect

In this Privacy Policy, the term “Personal Data” refers to the set of information relating to you that allows us to identify you, directly or indirectly. Your personal data may include, for example, your name, tax identification number and your contact details (physical and/or electronic).

We may also receive your personal data from other companies, namely when they collect, process or store such data within the scope of a service agreement entered into with us.

D. How and Why We Use Your Personal Data and the Legal Basis

We use your personal data only for the following specific purposes and based on the respective legal grounds provided for under the GDPR:

  • Contractual and Commercial Management (e.g., order processing, invoicing, delivery of goods/services);
  • Direct Marketing Communications (e.g., sending newsletters and communications);
  • Recruitment and Human Resources Management (e.g., processing applications, payroll management);
  • Compliance with Legal Obligations;
  • Improvement of our services and Fraud Prevention.

SYNERE may centralize certain services or business functions (such as Human Resources Management, Customer Support or Marketing). In such cases, the company providing the centralized service (which may be any company within SYNERE) acts as a Data Processor on behalf of the other Group companies, always ensuring the application of the security and confidentiality measures required by the GDPR.

E. How Long We Retain Your Personal Data

We retain your personal data only for the period necessary to fulfill the purposes defined within the relationship maintained and to comply with any legal obligations.

Once the maximum retention period has been reached, your personal data will be securely anonymized or destroyed/deleted.

F. With Whom We May Share Your Personal Data

In some cases, we may disclose your personal data to other entities within the scope of services provided by them. In such cases, we require these entities to have appropriate security measures in place to protect your personal data, namely through a data processing agreement.

When required by law, we may have to disclose your personal data to authorities or third parties (e.g., Tax Authority, Courts).

In the event of transfer or access to your personal data by companies belonging to SYNERE or by suppliers/service providers located outside the European Union (EU) or the European Economic Area (EEA), we ensure that your personal data is processed in accordance with appropriate security and protection measures. These transfers will only be carried out if:

  • The country in question has an Adequacy Decision from the European Commission; or
  • We use Standard Contractual Clauses approved by the European Commission to guarantee a level of data protection equivalent to the GDPR.

G. How You Can Exercise Your Data Protection Rights

Under certain circumstances, you have the right to access or request, at any time and in writing, through the email marketing@synere.pt:

  • Access to additional information about how we use your personal data;
  • Rectification of your personal data;
  • Erasure of your personal data (“right to be forgotten”);
  • Objection to the processing of your personal data (e.g., objection to marketing);
  • Restriction of the way we use your personal data while we correct or clarify any issues;
  • Portability of your personal data so that you may transmit it to another entity, if technically possible;
  • Withdrawal of the consent you have given for the use of your personal data.

The exercise of these rights may be limited when your personal data is used to safeguard the public interest, namely in cases of crime detection and prevention, or when such data is subject to professional secrecy or legal retention obligations.

Regardless of which SYNERE company is processing your data, you may exercise your rights through the email marketing@synere.pt.

If you are dissatisfied with how we use your personal data or with our response to your request regarding the exercise of your rights, you may lodge a complaint with the Portuguese Data Protection Authority (CNPD). Contact details are available at www.cnpd.pt.

H. How We Protect Your Personal Data

SYNERE has implemented a variety of information security measures aligned with national and international best practices in order to protect your personal data. We implement technological controls, administrative, technical and physical measures, as well as procedures that ensure the protection of your personal data, preventing misuse, unauthorized access or disclosure, loss, improper or accidental alteration, or unauthorized destruction.

In matters of information security, we adopt the same commitment to continuous improvement that guides our daily activities.

Among other measures, we highlight the following:

  • Restricted access to your personal data only by those who need it for the purposes described above;
  • Secure storage and transfer of personal data;
  • Protection of information systems through mechanisms that prevent unauthorized access;
  • Implementation of mechanisms that safeguard the integrity and quality of your personal data;
  • Continuous monitoring of information systems to prevent, detect and stop misuse;
  • Equipment redundancy to avoid loss of availability.

I. Updates to this Privacy Policy

This Privacy Policy may be updated from time to time. Any updates will be communicated through appropriate channels, namely on the SYNERE website. The date of the latest update will appear at the end of the document.

Last Updated: 13/03/2026