Access to and use of this website is governed by the “
Privacy Policy
” e “
Cookies Policy
“, and users are responsible for reading the content of these documents. If they have not done so, or do not agree with the terms of the agreement, users should refrain from visiting the website.

This site may contain links to other sites, and CATERINGPOR is not responsible for the protection and privacy of any information you provide when browsing third party sites.

  1. Controller of personal data
    1. Your personal data will be processed by Cateringpor – Catering de Portugal, S.A., legal person number 502822112, with registered office at Edifício 59 da Rua C do Aeroporto de Lisboa, freguesia dos Olivais, 1749 – 036, Lisboa, (hereinafter “CATERINGPOR“), which is the entity responsible for the website [ (hereinafter referred to as the “Website“), also acting as controller pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “General Data Protection Regulation” or “GDPR“); i.e. is the entity that determines the purposes and means of processing personal data, both by virtue of the use of the Website and of other relationships between data subjects (even if the collection of the data does not take place through the Website) and CATERINGPOR.
    2. This document (hereinafter, the “Privacy Policy“) contains information on the processing of personal data for which CATERINGPOR acts as data controller, without prejudice to more detailed information that may be contained in other documents.
    3. Users of the Site should also consult the
      Cookies Policy
      for information on the technology stored on their devices.
  1. Definitions and legal bases
    1. In accordance with the GDPR, and for the purposes of this Privacy Policy:
      1. Personal data is all information relating to a identified natural person or identifiable (holder of the data), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a specific data subject. identifier, such as a name, an identification number, data of location, identifiers by electronically or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
      2. Processing of personal data means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, conservation, the adaptation or amendment, the recovery, the consultation, the use, the dissemination by transmission, broadcasting or any other shape from availability, the comparison or interconnection, the limitation, erasure or destruction.
    1. The processing of personal data for a specific purpose must meet one of the legal grounds set out in the GDPR. CATERINGPOR may process personal data on the following grounds, pursuant to the General Data Protection Regulation:
      1. Consent to the processing of personal data for one or more specific purposes (Article 6(1)( a));
      2. If processing is necessary for the performance of a contract to which the data subject is party, or for pre-contractual steps at the request of the data subject (Article 6(1)( b));
      3. If the processing is necessary for compliance with a legal obligation to which CATERINGPOR is subject (Article 6(1)( c));
      4. If processing is necessary for the purposes of the legitimate interests pursued by CATERINGPOR or by a third party, except where the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail (Article 6(1)( f)).
  1. Details about data processing
    1. CATERINGPOR processes the personal data of users of the Website or other data subjects, in accordance with the GDPR, for the purposes described below.
    2. Where it is mandatory to provide personal data as a result of a legal or contractual obligation, or a requirement necessary to enter into a contract, the consequence of not providing this information may be that the service is not provided/ the contract is not concluded.
    3. Personal data will be processed in compliance with the principle of lawfulness – one of the above-mentioned grounds always being met, which are identified below – and will be kept in a form that allows the identification of the data subject only for the period necessary for the purposes for which they are processed, the periods corresponding to each purpose being referred to below.


Legal Basis

Conservation period

Recruitment – data transmitted

in the context of an application, by whatever means (application via the Website and/or spontaneous, sent by other means)

Pre-contractual procedures at the request of the data subject (Article 6(1)(b))

One year after sending the application, without prejudice to (i) the personal data of employees who are admitted, which will be kept during the periods that will be subsequently communicated to them and (ii) the elements that will be kept for five years, in order to comply with the provisions of paragraph 1 of article 32 of the Labor Code.

Complaints or requests for information sent through the contacts provided on the Website, suggestions or complaints regarding the services provided.

Pre-contractual procedures at the request of the data subject (Article 6(1)(b)) Legitimate interest (Article 6(1)(f))

One year after the closure of the issue or complaint

Contract management

Performance of contract (Article 6(1)(b))

Legitimate interest (Article 6(1)(f))

Ten years for compliance with tax and accounting obligations, and ten years after the end of the contract in other cases.

Management of invoicing, collection and legal actions and compliance with obligations of a tax or accounting nature

Compliance with legal obligation (Article 6(1)(c))

Legitimate interest (Article 6(1)(f))

Legal time limit applicable to each obligation and, where there is none, ten years

Compliance with legal obligations and response to judicial, regulatory and supervisory bodies

Compliance with legal obligation (Article 6(1)(c))

Legal deadline applicable to each obligation

Sending unsolicited communications (direct marketing)

Consent (Article 6(1)(c) and Article 13a(q) of Law 41/2004 of 18 August)

Two years from collection of consent

Sending unsolicited communications following a prior relationship between the data subject and CATERINGPOR.

Legitimate interest (“soft opt-in” or “opt-out”) (Article 6(1)(f) and Article 13a(3) of Law 41/2004 of 18 August)

One year since the last unopposed interaction

  1. Security
    1. CATERINPOR adopts security measures to prevent unauthorized access to personal data.
    2. It is, however, the responsibility of users to ensure that access to the Site is carried out on a secure device whose operating system is properly updated and protected against harmful software or computer viruses. Users are solely responsible for ensuring their safety and security when accessing the Site.
    3. In this respect it is recommended that users ((i) do not use computers or other public devices to enter personal data, (ii) safeguard the confidentiality of personal data, including passwords, (iii) always use an up-to-date antivirus on your device, (iv) update the appropriate operating system, and make the necessary security updates to the devices they use, (v) use firewall and similar measures to reduce the risk of third parties improperly accessing your data.

1st version: 06 July 2023