This Data Protection Policy describes how Direct Hit — Prestação de Serviços de Apoio a Empresas, Lda processes the personal data collected through the website delegadodeprotecciondedatos.eu, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable national law.
Last updated: 13 June 2026.
1. Data controller
- Identity: Direct Hit — Prestação de Serviços de Apoio a Empresas, Lda.
- Tax number (NIF): PT 504526146.
- Registered office: Apartado 43062, Rua Sousa Lopes, 65, 5.º Esquerdo, 1601-301 Lisboa · Portugal.
- Phone: (+351) 213 243 750 · E-mail: office@directhit.eu.
- Institutional website: www.directhit.eu.
2. Data Protection Officer
- The controller has a Data Protection Officer, available for any matter relating to processing and the exercise of rights, at secretariado@delegadodeprotecciondedatos.eu and through the compliance platform directhit.complianceofficer.eu.
3. Data we process
- Identification and contact data you provide through the forms (name, organisation, e-mail, phone and the content of your message).
- Navigation and technical data (IP address, device and session identifiers), collected through cookies and server logs.
4. Purposes of processing
- To respond to your contact, information and proposal requests.
- To manage the service relationship and the provision of contracted services.
- To send the newsletter, where you subscribe.
- To ensure the security, operation and improvement of the website.
5. Lawful basis
- Your consent, for the forms, the newsletter subscription and analytics cookies (Art. 6(1)(a) GDPR).
- The performance of pre-contractual steps or of the contract, for proposal requests and service provision (Art. 6(1)(b)).
- The legitimate interest in the security and proper functioning of the site (Art. 6(1)(f)).
6. Recipients
- Data are not disclosed to third parties, except where legally required. Service providers necessary for the operation of the site and the forms (the form platform and the hosting provider) act as processors, processing data under our instructions and Article 28 GDPR.
7. International transfers
- The forms are processed through the JotForm platform. Where processing involves a transfer of data outside the European Economic Area, it relies on appropriate safeguards — an adequacy decision or standard contractual clauses — under Chapter V GDPR.
8. Retention period
- Data are kept for as long as necessary to handle your request and, where applicable, for the duration of the relationship and the applicable statutory limitation periods. Data processed on the basis of consent are kept until withdrawal.
9. Your rights
- You may exercise the rights of access, rectification, erasure, restriction, portability and objection, and withdraw consent at any time, by contacting secretariado@delegadodeprotecciondedatos.eu, evidencing your identity.
- You have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD), www.aepd.es, and, where applicable, with the supervisory authority of your country of residence.
10. Security
- The controller applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk, under Article 32 GDPR.
11. Changes to this policy
- This policy may be updated to reflect regulatory or operational changes. The current version is always available on this site.
Detailed policy
The controller's detailed privacy and data protection policy is available on the compliance platform: directhit.complianceofficer.eu/policies