Privacy Policy

SALMON & CIA LDA, (hereinafter referred to as SALMON) is committed to ensuring the privacy and protection of the personal data of all those who relate to it, taking into account the General Regulation on Data Protection (2016/679) – RGPD.

We are committed to respecting the best practices in the field of security and protection of personal data, having approved a demanding program for this purpose, capable of safeguarding the protection of the data made available to us by all those who in any way relate to us.

This Privacy Policy arises because we intend to make known the general rules of privacy and treatment of your personal data, which we collect and process in strict respect and compliance with national legislation for the protection of personal data and our sector of activity.


How can you contact our personal data controller?

The responsibility for the processing of personal data lies with:

SALMON – Rua Cova da Moura, nº 2 – 6º, 1399-033 Lisboa, Portugal Tel: +351 213 920 130; Fax: +351 213 920 189


You can directly contact our person responsible for personal data (RPD) via email:


How do we collect your personal data?

Within the scope of SALMON’s activity, the collection, registration, organization, conservation, use and consultation of personal data takes place. Other operations or set of operations may also occur which, under the terms of the General Data Protection Regulation in force, are called “personal data processing”.

We process your personal data whenever you contact us or whenever you show interest in our products or services. Thus, we process your data, for example, when you hire our services or place orders requesting quotes or making payments, or even when you approach us for recruitment or partnership purposes.

We may also process personal data that we may lawfully acquire through sources in the public domain (for example, debtor lists, cadastral records) or that are legally transmitted to us by other SALMON partner organizations or Joint-Ventures, or even third parties (for example, in the administrative, commercial sector, supplier networks and commercial credit agencies).


What relevant data do we process?

    • Those resulting from the fulfillment of our contractual obligations, such as billing data or meeting scheduling or product delivery data;
    • Personally identifiable and contact details (such as title, name, address, date of birth, email address, telephone number);
    • Payments (for example, bank account details such as IBAN);
    • Those about your online behavior and preferences (e.g. IP addresses, mobile end device identification capabilities, data about accessing our websites and apps);
    • Those related to communication with SALMON (for example, through our administrative services, by phone, letter, email or website);
    • Advertising and sales (for example, information about consents you have given or objections you have filed);
    • In some cases, we may also process authentication data (eg identification data), registrations, new locations, residence data and audiovisual data (eg video surveillance material, recordings of your calls);
    • Information about your financial situation (eg, credit history data).

For what purpose and legal basis do we process your data?

For the fulfillment of contractual obligations and for pre-contractual measures, at your request (Article 6(1)(b) of the EU GDPR). Examples:

    • in the case of contracts with customers: various communications, sending invoices, credit documents, etc.;
    • in the case of employee contracts: recruitment and selection records, salary data files, driving license information, training records, etc.;
    • in the case of contracts with suppliers: various communications, reminders, data for payment of invoices, etc.

For more details, we suggest consulting the relevant contractual documents and the Terms and Conditions of our services.

For legitimate interest (Article 6(1) f) EU GDPR)

In this case, the processing of data that we carry out protects our legitimate interests or those of third parties, unless your interests in the context of the protection of personal data prevail. Examples:

    • Maintenance and management of the business relationship between the parties, for example, to process the provision of services, for the collection of payments, calculation and collection of debts, or for accounting purposes;
    • Advertising of SALMON’s services, as part of an effort to win back/loyalty, market research and public opinion polling;
    • Data analysis to create semi-automated valuations, for example as a basis for price adjustments;
    • Ensure the security of Information Technologies (IT) and IT operations;
    • Prevention, investigation and resolution of conflicts, execution of existing contracts or legal actions for the purposes of compliance, exercise and defense of legal rights;
    • Information about new or complementary products from SALMON, as well as from partners or Joint-Ventures of SALMON and availability of newsletters;
    • Maintenance of SALMON Certification;
    • Conducting stakeholder surveys, marketing campaigns and market analyses;
    • Maintenance and protection of the security of our products and services, of our web pages, through the prevention and detection of security risks, fraudulent procedures or other criminal acts or intentional intent, as well as by analyzing the content.

Through your consent (Article 6, Paragraph 1, a) of the EU GDPR)

We may process your data for specific purposes (for example, for advertising campaigns), provided that you have given your consent to do so. Consent can be withdrawn at any time. Withdrawal of consent is only effective for the future and does not affect the legitimacy of data processing until the date of revocation.

Based on legal requirements (Article 6(1)(c) of the EU GDPR) If, legally, SALMON has a duty to process your personal data.

For any of the purposes mentioned above, we process personal data in accordance with the General Data Protection Regulation (EU) and the Personal Data Protection Legislation, versions in force in Portugal.


Who are the recipients of the personal data processed by us?

Internally, in our organization, the departments with access to your data are the ones necessary for the fulfillment of the respective commitments and our contractual and legal obligations.

Our employees, service providers designated by us and SALMON partners may also receive data.

In certain circumstances, personal data may also be forwarded to public departments (eg tax authorities, employment centers), judicial and law enforcement authorities (eg police, courts), lawyers, notaries and accredited accountants.

As we are a Certified Company, the Certifying and Accrediting Bodies may also have access to your personal data, within this scope and for this purpose only.


To whom do we transmit data in third countries?

We transmit personal data to organizations outside the European Economic Area during our processing activity, for example to:

    • Microsoft Inc., Silicon Valley, CA, USA
    • Apple Inc., CA, USA

The transmission of your personal data to the USA is carried out in accordance with the relevant data protection regulations in Portugal (EU GDPR) and only for the purpose of performing our contracted services.

This is ensured by implementing the following measures:

    • Details of adequacy decisions in effect;
    • Adoption of adequate safeguards, such as binding rules for the public sector and for companies, standard clauses approved by the European Commission for this purpose, if the country to which the data can be transferred does not have legislation equivalent to the European Union standards in terms of data protection;
    • International agreements.

What is the retention period for your personal data?

The legal retention obligations derive, in particular, from the Portuguese Commercial Code, the Portuguese Tax Regime, the legislation related to our activity, the requirements of our Certification and the contractual rules.

We delete your personal data when the processing purpose expires, all mutual claims are fulfilled and there are no longer any legal retention obligations or legal basis to justify retention. To the extent necessary, for example, to guarantee evidence, the data are stored until the expiry of the statutory period of prescription.


What are your data protection rights?

In accordance with the statutory provisions, you have the following data protection rights:

    • Right of access to information about your data stored in SALMON – Article 15 of the EU GDPR,
    • Right to rectification – Article 16 of the EU GDPR,
    • Right to be forgotten – Article 17 of the EU GDPR,
    • Right to limitation of processing – Article 18 of the EU GDPR,
    • Right to data portability – Article 20 of the EU GDPR,
    • Right of Opposition – Article 21 of the EU GDPR.

Additionally, you have the right to appeal to the responsible supervisory authority – the National Data Protection Commission (CNPD) – access in


Do you have an obligation to provide us with your data?

As part of our contractual relationship, you must provide us with the personal data necessary to initiate, execute and terminate a commercial/contractual relationship and to fulfill the respective contractual obligations or those data that we are required by law to collect. Without this data, generally speaking, we will not be able to enter into and enforce a contract with you.

If the processing of data is based on Article 6(1)(a) of the GDPR (EU) or Article 9(2)(a) of the GDPR (EU) ), you may exercise your right to withdraw consent at any time, without compromising the lawfulness of the treatment carried out on the basis of the consent previously given.


What are the automated individual decisions that are made?

We do not use automated decision-making processes, within the scope of article 22 of the GDPR (EU), to establish and execute business relationships.

We may eventually take semi-automated decisions, namely in pre-contractual matters when budgeting a service.



As a rule, we do not use or carry out so-called profiles. This means that we do not systematically process your data to assess personal aspects.

However, in some cases, we may eventually define profiles, namely when consulting our website or social networks. This means that we process your data to assess certain personal aspects. This is an activity that fundamentally aims to improve the way in which personalized communication and advertising, market research and opinion polls are possible.


final notes

Whenever this document is updated, a new version will be made available immediately after its approval.

Compliance with this Policy will be monitored through our internal controls and/or audits (internal or external), at regular intervals or when significant changes occur.

Know that you can exercise your right of opposition:

Right to object in individual cases

You have the right to object to the processing of your personal data at any time, for reasons related to your particular situation, if the processing is carried out on a legal basis in Art. EU GDPR (public interest processing) and Article 6(1)(f) of the EU GDPR (data processing based on legitimate interest).

If you object, we will no longer process your personal data, with the exception of cases where we can prove justified reasons for the need for processing, which nullify your interests, rights and freedoms, or the processing serves to assert, exercise or defense of legal claims.

Right to object to the processing of data for the purpose of direct advertising

In individual cases, we may process your personal data for the purpose of direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising.

You can send us your objection with the subject “Objection”, mentioning your name, address and identification card number, to: