This policy describes the processing of personal data carried out by Ferraz & Aguiar Soares, Sociedade de Advogados, SP RL in connection with the defesalegal.pt website and the provision of legal services to its clients.
1 · Data controller
Ferraz & Aguiar Soares, Sociedade de Advogados, SP RL NIPC 514 793 430 Head office: Rua de Vilar, 235, 2.º Esq.º, S01 to 03 · 4050-626 Porto Email: support@defesalegal.pt Telephone: +351 222 084 267
For any question regarding data protection, the data subject may contact the controller through the channels above.
2 · Categories of data processed
The following categories of personal data are processed in general:
- Identification and contact — name, address, tax identification number, email, telephone.
- Professional and financial — where relevant to the matter (employment situation, income, real estate, corporate data).
- Family and civil status — marital status, parentage, descent, where the case requires (citizenship, immigration, succession, family).
- Communication data — content of messages exchanged with the firm.
- Technical data — IP address, session identifier, browser type, site access logs.
In specific matters, special categories of data (for example health or criminal record data) may be processed only to the extent strictly necessary to the engagement and on a compatible legal basis.
3 · Purposes
Data are processed for:
- the provision of contracted legal services;
- preparing fee proposals and formalising the engagement;
- compliance with legal, tax and professional obligations;
- communicating with the client about the status of the matter;
- administrative, accounting and archiving management.
4 · Legal basis
Processing is based, depending on the case, on:
- performance of a contract or pre-contractual steps (GDPR art. 6(1)(b));
- compliance with a legal obligation to which the controller is subject (art. 6(1)(c)) — including client identification, professional secrecy and archiving duties;
- legitimate interests of the controller (art. 6(1)(f)), in particular the defence of its rights in court;
- consent of the data subject (art. 6(1)(a)) where required.
5 · Retention
Data are kept for the period necessary for the purposes indicated and, in addition, for the period required by law or by the Statute of the Portuguese Bar Association — namely limitation periods and professional archiving requirements. After those periods, data are deleted or anonymised.
6 · Recipients and transfers
Data are processed by the firm and by its staff bound by professional secrecy. They may be disclosed to:
- Portuguese public authorities, in the scope of the engagement (AIMA, Civil Registries, Tax Authority, courts);
- technical service providers (hosting, email, accounting) under processing agreements that ensure the level of protection required by the GDPR.
Transfers outside the European Economic Area are avoided. Where strictly necessary to the case, they are made with the safeguards provided for in the GDPR (adequacy decision, standard contractual clauses or another appropriate basis).
7 · Data subject rights
The data subject is entitled, under applicable law, to:
- access their data;
- rectify inaccurate data;
- request erasure, where applicable;
- restrict processing in certain situations;
- object to processing on legitimate grounds;
- data portability, in the cases provided for in the GDPR;
- withdraw consent, where the processing is based on it;
- lodge a complaint with the Portuguese Data Protection Authority (CNPD).
Requests may be sent by email to support@defesalegal.pt.
8 · Cookies
The website uses a minimal set of cookies — strictly necessary for technical functioning (session, language, security). No behavioural advertising or user-profiling cookies are used. Any analytics cookies will be activated only with prior consent and identified in additional information made available on the site.
9 · Changes
This policy may be updated to reflect legal or organisational changes. The version in force is the one published on this page. Last revised: May 2026.