top of page

Privacy Policy

REDOSPREY - SOCIEDADE DE ADVOGADOS, SP, LDA (hereinafter "RedOsprey") is strongly committed to protecting the privacy and personal data of its clients, partners, and website users. This Policy aims to communicate clearly and transparently how we process your personal data and your rights as a data subject.

1. The Data Controller The entity responsible for processing personal data is:

  • Company Name: REDOSPREY - SOCIEDADE DE ADVOGADOS, SP, LDA

  • VAT Number (NIPC): 519389638

  • Headquarters: Edifício ICON Douro, na Rua do Passeio Alegre, nº 20, Aldoar, Foz do Douro e Nevogilde, 4150-570 Porto

  • Privacy Contact: geral@redospreylaw.com

2. Personal Data Collected and Purposes Within the scope of its activity, RedOsprey collects and processes personal data strictly necessary for providing its services and managing its relationships with clients and third parties. We process data for the following purposes:

  • Provision of Legal Services: Opening of files, legal representation, legal advice, and associated diligence.

  • Billing and Administrative Management: Compliance with accounting and tax obligations.

  • Institutional Communications and Marketing: Sending newsletters, legal flashes, and event invitations (subject to prior consent or legitimate interest).

  • Recruitment: Receiving and analyzing spontaneous applications or responses to selection processes (e.g., internships).

3. Lawfulness of Processing RedOsprey's processing of personal data is based on the following legal grounds:

  • Performance of a Contract or pre-contractual steps: Essential for providing the requested legal services.

  • Compliance with a Legal Obligation: Necessary to respond to legal, tax, or regulatory requirements (including those arising from the Portuguese Bar Association Statute).

  • Legitimate Interest: For the development and protection of the firm's activity, ensuring service quality.

  • Consent: Requested freely, specifically, and on an informed basis, namely for newsletter subscriptions or institutional communications.

4. Retention Periods RedOsprey retains personal data only for the period necessary for the purposes that motivated its collection, plus the applicable prescription and expiration periods or retention periods required by law (for example, 10 years for billing data and tax obligations, or up to 20 years for civil and professional liability purposes).

5. Data Sharing and Transfer In the exercise of its activity, RedOsprey may transmit personal data to third parties, namely:

  • Courts, registry offices, notaries, and other public authorities.

  • Service providers (e.g., IT and accounting service providers), acting as data processors bound by strict confidentiality and security obligations.

RedOsprey does not transfer personal data outside the European Economic Area (EEA) unless strictly necessary for the mandate and with the appropriate legal safeguards.

6. Your Rights Under applicable legislation (GDPR and Law No. 58/2019), the data subject has the right to request from RedOsprey:

  • Access to their personal data.

  • Rectification of inaccurate or incomplete data.

  • Erasure of their data ("right to be forgotten"), where applicable.

  • Restriction of or objection to processing.

  • Data portability.

  • Withdrawal of consent at any time, without affecting the lawfulness of processing based on consent previously given.

You may exercise these rights by sending a written request to the contacts provided in Point 1. You also have the right to lodge a complaint with the National Data Protection Commission (CNPD).

bottom of page