This Privacy Policy regulates, within the scope of, the use of the websiteshttps://www.bluebioalliance.pt/ (hereinafter, “Websites”), the processing of personal data of respective users (hereinafter “User” or “Users”), which are collected by BBA – Associação Nacional Para Os Biorecursos Marinhos e Biotecnologia Azul, with its registered office at Edifício ECOMARE, Universidade de Aveiro, Estrada do Porto de Pesca Costeira, 3830-565 Gafanha da Nazaré, Portugal (hereinafter, the “Controller”).
Respect for Users’ privacy and compliance with applicable legal obligations in this regard are a priority for the Controller. Thus, the Controller guarantees Website Users respect for their privacy, taking the necessary measures to protect their personal data.
The provision of personal data implies knowledge of the conditions set out in this Privacy Policy.
- 1. What personal data do we process and for what purposes?
- 2. How long does the Controller keep personal data?
- 3. With whom may the Controller share personal data?
- 4. Does the Controller carry out international data transfers?
- 5. How does the Controller protect personal data?
- 6. Cookies
- 7. User rights
- 8. Complaints
- 9. Changes to the Privacy Policy
1. What personal data do we process and for what purposes?
Users’ personal data is collected and processed by the Controller in the context of managing the browsing experience of the Websites and supporting its customers, in order to provide high-quality services as well as tools and infrastructure throughout the contracting process, both during and after its completion.
Personal data, purposes and grounds
| Purposes | Legal basis | Personal Data |
|---|---|---|
| Sending newsletters and communications | Consent of the data subject | Identification data, contact details and data relating to your professional occupation |
| Management of online contact requests for information about products and services | Performance of a contract to which the data subject is party or to take steps at the request of the data subject before entering into a contract; Legitimate interests pursued by the Controller | Identification data, contact details, the message you have sent us and any data you have made available through it |
| Pre-sales online support | To take steps at the request of the data subject prior to entering into a contract; Legitimate interests pursued by the Controller | Identification data, contact details, and any data you have made available through the request |
| Online support during the sale | Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract; Legitimate interests pursued by the Controller | Identification data, contact details, and any data you have made available through the sale |
| Online support after the sale | Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; Legitimate interests pursued by the Controller | Identification data, contact details, and any data you have made available after the sale |
| Membership of partners and associates | Performance of a contract to which the data subject is party or to take steps at the request of the data subject before entering into a contract; Consent of the data subject; Legitimate interests pursued by the Controller | Identification data, contact details and data relating to your professional occupation/activity of the entity and its employees |
| Billing | Compliance with a legal obligation to which the Controller is subject | Identification and contact details; information regarding services provided and payment details used |
| Submission of recruitment application | To take steps at the request of the data subject before entering into a contract | Identification data, data relating to your academic and professional background, contact details |
BBA – Associação Nacional para os Biorecursos Marinhos e Biotecnologia Azul
NIPC: 513625089
Edifício ECOMARE | Universidade de Aveiro
Estrada do Porto de Pesca Costeira, 3830-565 Gafanha da Nazaré, Ílhavo
2. How long does the Controller keep personal data?
The personal data collected is processed in strict compliance with applicable legislation. Personal data will be kept for as long as necessary to fulfil the respective purposes and in compliance with the applicable legal deadlines.
3. With whom may the Controller share personal data?
The Controller may use other reputable entities to provide certain services, which may involve these entities accessing Users’ personal data. These entities, acting as subcontractors of the Controller, process personal data exclusively in accordance with the instructions and for the purposes established by the Controller, complying with legal provisions regarding personal data protection, information security, and all other applicable legal provisions.
The Controller may also communicate personal data to third parties when it deems such data communications necessary or appropriate: (i) in light of applicable law, (ii) in compliance with legal obligations/judicial or administrative orders and/or for the exercise of rights in this context, (iii) of deliberations or decisions by supervisory authorities or (iv) to respond to requests from public or governmental authorities.
4. Does the Controller carry out international data transfers?
Yes. The Controller may transfer personal data to service providers located outside the country, including cloud storage, analytics, and communication service providers. Such transfers are conducted in compliance with applicable data protection legislation, ensuring adequate levels of data protection through contractual clauses and other appropriate safeguards.
5. How does the Controller protect personal data?
The Controller protects personal data by storing it on secure servers and using cybersecurity and organisational measures to protect personal data and reduce the risk of loss, misuse, unauthorised access, disclosure, and alteration.
The Controller implements, in particular, firewalls and physical access security to data centres and information access security.
Notwithstanding the measures implemented by the Controller, it is not possible to guarantee the complete security of personal data. In this regard, Users shall be responsible for maintaining the confidentiality of passwords that allow access to restricted areas of the Websites and for ensuring and guaranteeing that the devices and equipment used to access the Websites are adequately protected against harmful software, computer viruses and worms.
6. Cookies
The Websites use cookies. To find out more, please see our Cookie Policy, available at https://www.bluebioalliance.pt/cookies-policy/.
7. User rights
Under the terms of the applicable legislation, the User may exercise, at any time and under the terms provided for by law, the rights relating to personal data concerning him/her:
- Right of Access: the right to obtain confirmation as to whether or not the User’s personal data is being processed by the Controller, as well as the right for the User to access their personal data and certain information, including obtaining a copy of the personal data being processed.
- Right to Rectification: the right of the User to request the rectification of their personal data when such data is inaccurate, as well as the right to request the completion of personal data that is incomplete.
- Right to Erasure: the right of the User to request the erasure of their personal data in certain cases, namely if their personal data is no longer necessary for the purpose for which it was collected or processed. This right does not prejudice compliance with the legal obligations of personal data retention incumbent on the Controller.
- Right to Restriction of Processing: the right of the User to request the restriction of the processing of their personal data in certain cases, namely if the processing is unlawful and if they oppose the erasure of the data, requesting instead the restriction of its use.
- Right to Data Portability: the right of the User to receive the data they have provided to the Controller in a structured, commonly used and machine-readable format, including the right to have their data transmitted directly to another controller.
- Right to Object: the right of the User to object, in certain cases, on grounds relating to their particular situation, to the processing of their data.
Under the terms provided for by law, the User is also guaranteed the right to withdraw their consent to the processing of data, whenever the processing is carried out based on consent, without, however, invalidating the processing carried out up to that date based on the consent previously given.
To exercise any of the above rights, and in accordance with the legally applicable conditions, the User must submit a written request to the following contact:
Email: privacy@bluebioalliance.pt
8. Complaints
Without prejudice to any other administrative or judicial remedy, the User has the right to submit a complaint to the competent supervisory authority, in accordance with the law, if they believe that the Controller’s processing of their personal data infringes the legal regime in force at any given time.
9. Changes to the Privacy Policy
The Controller may, at any time, without prior notice and with immediate effect, amend, add to or revoke, in whole or in part, this Privacy Policy. Any changes relevant to the User will be immediately disclosed on the home page of the Websites.
Date of last update: 9th of January 2026