Web, Video, IT
Privacy Policy
Effective Date: October 18, 2021
Last revised date: January 7, 2025
Este Contrato é celebrado a 13/Mar/2025, enter:
Billing Name (hereinafter referred to as CLIENT)
Billing Address
Billing Phone
Email: Billing Email
AND
CHOB Unip. Ltd (hereinafther referred to as CHOB)
Rua Brito Camacho, 2975-320, Quinta do Conde, PT
1. Introduction
CHOB Unipessoal Lda (“we”, “us”, or “our”) is committed to protecting the privacy of personal data. This Privacy Notice explains how we collect, use and protect personal data in the context of our services as a web development and hosting company. This notice applies to data we process as a data controller (for our own business purposes) and, more commonly, as a data processor on behalf of our clients. When we act as a data processor, we process personal data strictly in accordance with our clients’ instructions.
2. Who we are
Legal name: CHOB Unipessoal Lda
NIF: 516639951
Registered address: 2975-320 Quinta do Conde, Portugal
Privacy Officer: Claudio Barata (privacy@chob.pt)
3. Data we process
We may process the following categories of personal data:
Website analytics data (on our website)
When you visit our website (chob.pt), we collect data such as IP addresses (which may be anonymized or pseudonymized), browser type, operating system, device information, referring URLs, pages visited, time spent on pages and other website usage statistics. This data is typically collected through cookies, web beacons and similar technologies.
Contact form data (on our website)
If you contact us through forms on our website, we collect the information you provide to us, such as your name, email address, telephone number and any other information you include in your message.
Customer website data (as Data Processor – for web development and hosting services)
As an essential part of our business, we provide web development and hosting services to clients. This often involves processing personal data on behalf of the Client.
The types of data to which CHOB has access depend on the specific services explicitly contracted for each client and their specific needs. This may include:
- Website Analytics Data: Data collected on client websites similar to what we collect on our own website.
- Contact form data: Information submitted via contact forms on customer websites.
- E-commerce data: Data relating to online transactions on customers' e-commerce websites (e.g. customer names, addresses, order details).
- User account data:
- Data relating to user accounts on customer websites (e.g. usernames, passwords, email addresses).
Other data
Depending on the client’s activity, we may have access to other types of personal data necessary for the provision of our services. This is always done under the client’s instructions.
Backup data
To ensure business continuity for our customers, we create and store encrypted backups of customer websites and associated data, which may include any of the data categories mentioned above.
Business contact details
We collect and process contact information (names, email addresses, telephone numbers, job titles, company information) of our customers, potential customers and business partners.
4. Purpose and legal basis of processing
We process personal data for the following purposes and under the following legal bases as defined by the General Data Protection Regulation (GDPR):
Statistical data (on our website)
Purpose: To analyse website traffic, understand user behaviour, improve website performance and personalise user experience. Legal basis: Legitimate interests (our legitimate interest in improving our website and providing a better user experience).
Contact form details (on our website)
Purpose: To respond to requests for information and provide information about our services. Legal basis: Legitimate interests (our legitimate interest in responding to requests for information and managing customer relationships) or Contract (if the request for information leads to a contractual agreement).
Customer website data (Data Processor role – for web development and hosting services)
Objective: To provide the contracted web development and hosting services, including:
- Website development, maintenance and updates.
- Technical support and troubleshooting.
- Ensure the security and performance of the website.
- Implementation of changes and functionalities requested by the client.
- Creating and maintaining backup copies for disaster recovery.
- Legal basis: Contract (processing is necessary for the performance of contracts with customers).
Data present in backup copy
Purpose: To ensure that websites and customer data can be restored in the event of data loss, system failure or other unforeseen events, ensuring business continuity for our customers. Legal basis: Contract (creating and maintaining backups is part of our contractual obligations to our customers).
Business contact details
Purpose: To manage customer relationships, communicate about projects and services and carry out business development activities. Legal basis: Legitimate Interests (our legitimate interest in managing our business and communicating with customers and partners) or Contract (if related to a contractual agreement).
5. Data sharing and transfers
Hosting service provider
We use OVH Cloud as our hosting provider. They provide the server infrastructure for our website and many of our customers’ websites. They process data in accordance with their own privacy policies and security measures.
Other third party suppliers (customer context)
When acting as a data processor for our customers, we may occasionally interact with other third-party providers on their behalf (for example, when opening support tickets for third-party software or services used by the customer). In these cases, we act on our customers’ instructions and do not share data independently.
We do not transfer personal data outside the European Economic Area (EEA).
6. Data security
We are committed to protecting the personal data we process. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include:
Encryption
All connections to servers are secured using encrypted protocols such as HTTPS and SSH. Backups are encrypted using Plesk's encryption feature.
Infrastructure Security
We use OVH Cloud's robust security infrastructure, including datacenter firewalls, DDoS mitigation systems, server-level firewalls, and encrypted MariaDB connections.
Access Control
Access to servers, backups and other sensitive systems is strictly limited to authorized personnel, using strong passwords and appropriate access control mechanisms.
Regular Security Updates
We actively monitor and apply security patches and updates to all server software, operating systems and website code.
Vulnerability Scanning and Testing: We perform regular security scans, including daily and weekly malware scans, email flow testing, and vulnerability assessments for common web vulnerabilities such as XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgery).
Incident Response Plan
We have a documented incident response plan to deal with potential security breaches or data incidents. The details of the plan are kept confidential for security reasons but will be shared with the appropriate authorities upon request and with the appropriate reasoning.
7. Data Retention
Statistical data (on our website)
We retain website analytics data for as long as necessary to analyze website traffic and improve our website, typically up to 1 year.
Contact form data (on our website)
We keep the contact form data for as long as necessary to respond to your request and manage our communication with you.
Customer website data (as a Data Processor)
We keep backup copies of customer data according to the schedule agreed with each customer, typically:
- Daily backups for 7 days
- Weekly backups for 1 month
- Monthly backups for 1 year
- Annual backups going back to 2021.
Business Contact Details
We retain business contact data for as long as necessary to maintain our business relationships. After these retention periods, the data is securely deleted.
8. Your rights
If we process your personal data as a data controller (e.g. data collected on our website), you have the right to access, rectify, erase, restrict processing and data portability. To exercise these rights, please contact us at privacy@chob.pt.
If we process your personal data as a data processor on behalf of one of our clients, you should contact the respective client (the data controller) to exercise your data subject rights.
9. Contacting us
If you have any questions about this Privacy Notice or our data processing practices, please contact us at the following address
Email: privacy@chob.pt