Privacy Policy

Cerisol – Isoladores Cerâmicos S.A. (hereinafter “Cerisol”), with registered office at Rua Norton de Matos, n.º 570, 4410-537 Vila Nova de Gaia, registered under number 507019660, is committed to protecting the personal data of all individuals, including both the processing carried out in the context of its operations and that resulting from the use of its website.

This Privacy Policy explains how Cerisol collects, processes and protects personal data through this website, in accordance with the General Data Protection Regulation (GDPR) – Regulation (EU) No. 679/2016, Law No. 58/2019, of August 8, and other applicable legislation.

Cerisol adopts high standards of transparency, lawfulness and responsibility, ensuring that data is processed lawfully, fairly and transparently, and that the rights of data subjects are fully respected.

  1. Data Controller
    Cerisol is responsible for the processing of personal data collected through this website.
  1. Personal Data Collected and Purposes

    Cerisol collects personal data within the scope of its activity, always providing information on the purpose and method of processing this data.
    The main means of collection include:

  • Contact forms and requests: Name, email, professional data, message or comment content are collected.
  • Technical browsing data: IP address, visited pages, browsing time and other information collected automatically through cookies and similar technologies are collected.
  1. Cookies and Similar Technologies used on this Website
    When using the website, personal data is collected in forms, contact requests and other digital interactions, specifically browsing data, identification and preferences, and other data collected by cookies.

The website uses cookies to ensure proper functioning, improve platform performance and user experience, personalise the user experience, and carry out digital marketing actions. To learn how we use cookies, please see our Cookie Policy. Users can configure their cookie preferences in the website’s home banner or in their browser settings, and may accept or refuse their use as they wish.

  1. Categories of Data Subjects
    Within the scope of its activity, Cerisol processes personal data from different categories of individuals, namely:
  • Employees: individuals who work at Cerisol, with or without a contractual relationship.
  • Representatives of suppliers and partners: individuals who represent entities that supply goods or services to Cerisol or collaborate with it.
  • Customer representatives: administrative, financial or commercial contacts of companies with a commercial relationship with Cerisol.
  • Persons who interact with Cerisol: individuals who contact the company, including to exercise rights under the GDPR.
  • Users of digital platforms: individuals who interact with Cerisol websites or forms, including by consenting to data collection through cookies.
    1. Purposes 
      At Cerisol, personal data is processed based on defined, lawful and transparent purposes, in compliance with the GDPR. Data processing is carried out when necessary, in a proportionate manner and with respect for data subjects, and is not used for other purposes without adequate legal basis.

    This data is used for the following purposes:

    • Commercial Management;
    • Marketing Management;
    • Supplier and Partner Management;
    • Product and Process Management;
      1. Legal Bases for Processing
        The processing of your personal data is carried out on the basis of the following legal bases:
      • Explicit consent, where applicable (e.g. marketing).
      • Execution of contract or pre-contractual measures (e.g. requests for quotes).
      • Compliance with legal obligations.
      • Legitimate interest of Cerisol, provided that it does not prejudice the rights of data subjects (e.g. website security).
        1. Data Recipients and Subcontractors
          Cerisol may share personal data with subcontractors and partners, ensuring that they are bound by contracts that guarantee the protection and confidentiality of personal data, including clauses on the responsibilities of the parties, security measures and incident notification. Whenever Cerisol uses subcontractors, it ensures that they are assessed in advance for security and compliance with data protection. Contracts require compliance with Cerisol’s instructions, security measures, incident notification and a prohibition on unauthorised subcontracting. Cerisol monitors compliance with these requirements through regular audits and assessments.
        1. International Transfers of Personal Data
          As part of its activities, Cerisol may transfer personal data to countries outside the European Economic Area (EEA). In such cases, it takes the necessary contractual measures to ensure that the data maintains a level of protection equivalent to that required by the GDPR. This includes entering into agreements with the recipient entities that ensure the application of appropriate security measures and compliance with GDPR-compliant data protection standards. Where applicable, Cerisol uses standard contractual clauses approved by the European Commission, ensuring that personal data transferred outside the EEA benefits from the same level of protection as it would within this area.
        1. Data Retention
          The data collected on the website are only kept for as long as necessary to fulfil the purposes indicated or in accordance with applicable legal obligations. After this period, the data is deleted or anonymised.

        The data may be kept for longer when processed for public record, research or statistical purposes, provided that safeguards such as minimisation and pseudonymisation are applied, in accordance with the law.

        1. Rights of Data Subjects
          In accordance with the GDPR, data subjects have the following rights:
        • Right of access, rectification, erasure and limitation of processing;
        • Right to data portability;
        • Right to object to processing, including profiling;
        • Right to withdraw consent at any time, without prejudice to the lawfulness of the previous processing;
        • Right to file a complaint with the National Data Protection Commission (CNPD).
          1. Data Security
            Cerisol implements appropriate technical and organisational measures to protect the personal data collected against unauthorised access, loss, alteration or improper disclosure, ensuring the confidentiality, integrity and availability of the data. Whenever possible, it uses encryption, anonymisation and access control and review.
          1. Contacts and Complaints
            Without prejudice to direct contact with Cerisol through the means available at https://cerisol.com/contacts/, the data subject may also file a complaint with the National Data Protection Commission (www.cnpd.pt), using the communication channels provided by this authority.
          1. Changes to the Privacy Policy
            This Policy may be updated from time to time to reflect legal, technological or practical changes by Cerisol. Updates are published on the website and take effect from the date of publication.

          It is recommended that you consult this Policy regularly.

          Last update date: 21 October 2025.