Privacy Policy

Evity Labs — Portugal.

Registered office and full company details available on request.

Email: info@evitylabs.com

The competent supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD) — www.cnpd.pt.

Identification and contact data: name, NIF (when invoicing as a Portuguese taxpayer), email, telephone, billing and shipping address.

Order and payment data: products purchased, amounts, payment confirmation. Full card data is processed by Shopify Payments and the bank; it never reaches our servers.

Communications: messages you send via email or contact forms.

Technical and usage data: IP address, browser, device, language, pages visited, referrer — collected through cookies and analytics only when you have given consent.

To process and fulfil your orders, including invoicing and customer support — performance of a contract (GDPR Art. 6(1)(b)).

To comply with tax, accounting and consumer-protection obligations under Portuguese and EU law, including issuing AT-compliant invoices and retaining them for the period required by the Código do IVA and the General Tax Law — legal obligation (Art. 6(1)(c)).

To secure the site, prevent fraud and analyse aggregated usage — legitimate interest (Art. 6(1)(f)).

To send commercial communications and to set analytics or marketing cookies — your prior, free, informed and unambiguous consent (Art. 6(1)(a) GDPR and Art. 13-A of Law 41/2004 on electronic communications).

We share personal data only with processors strictly necessary to operate the site and fulfil orders: Shopify Inc. (e-commerce platform, hosting and payments), payment institutions licensed in the EU/EEA, carriers and logistics partners, certified accounting and tax-filing partners, and the Portuguese Tax Authority (AT) and other public authorities where legally required.

Every processor is bound by a data-processing agreement compliant with Article 28 of the GDPR.

Some processors (e.g. Shopify) may transfer data outside the European Economic Area. Such transfers rely on European Commission adequacy decisions or, where these do not exist, on Standard Contractual Clauses approved by the Commission, complemented by additional safeguards where appropriate.

Invoicing and accounting data: 10 years, as required by the Código do IVA and the LGT.

Order and customer-support data: 5 years after the last interaction, to handle warranty and consumer-protection obligations.

Marketing data: until you withdraw your consent.

Analytics data: a maximum of 14 months.

You may request access, rectification, erasure, restriction of processing, data portability, and you may object to processing based on legitimate interest. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out beforehand.

To exercise these rights write to info@evitylabs.com. We will respond within one month, in accordance with Article 12 of the GDPR.

You also have the right to lodge a complaint with the CNPD (www.cnpd.pt) if you believe your rights have been infringed.

We use strictly necessary cookies for the cart and checkout to operate — these do not require consent. Analytics and marketing cookies are only installed after you give explicit consent through the cookie banner, in line with Law 41/2004 and the CNPD's cookie guidelines. You may withdraw your consent at any time by clearing site data in your browser.

We apply technical and organisational measures appropriate to the risk: HTTPS, encrypted databases, role-based access control, and audited processors. No system is 100% secure; in the event of a personal data breach likely to result in a risk to your rights and freedoms we will notify the CNPD within 72 hours and, where required, the affected data subjects without undue delay.

We may update this Privacy Policy to reflect legal, technical or business changes. The date at the top of the page indicates the latest version. Material changes will be highlighted on the site.