Privacy Notice

Last update: 14 February 2026

READY Portugal (the “Company”), as the entity responsible for processing your personal data, is committed to protecting your privacy and your personal information. In this privacy notice, we explain which personal data we process, for what purposes, and how we share it, as well as your rights regarding your data and who you can contact for more information.
Below you can find the more detailed sections of this notice:

Who it applies to and what it covers

The Company collects and processes personal data in strict compliance with the personal data protection legislation in force at any given time, including Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, applicable from 25 May 2018 (hereinafter the “GDPR”).

This privacy notice explains how we collect, handle, store, and protect your personal data when:

we are providing you with services;
you use “our website”; or
you carry out any other actions within the scope of our activity, as described below.

When we refer to “our website” or “this website” in this policy, we mean the specific pages at www.readyportugal.pt.

Through this privacy notice, we also explain when we share your personal data with third parties (for example, our partners and suppliers).

Within the scope of this privacy notice, your information may be referred to as “personal information” or “personal data”. Sometimes, we may collectively refer to the handling, collection, protection, and retention of your personal data as the “processing” of this personal information.

What are personal data?

Personal data are any information, of any nature and regardless of the format, including sound and image, relating to an identified or identifiable natural person.
A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, electronic identifiers, or to one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity.

How we process your personal data

Use of personal information to provide services to our clients

We use your personal data to provide services to you or to our clients. For this reason, we may use your personal information in the course of correspondence exchanged as part of service delivery. Such correspondence may involve you, our clients, suppliers, partners, regulators, or competent authorities. We may also use your personal data to confirm, verify, and assess the quality of our services.

Since we provide different types of services, the way we use personal data may vary. For example, we may use personal data:

From the legal representatives, employees, and customers of a client during a training service delivered to that client;
From the legal representatives, employees, and customers of a client during a consultancy engagement.

Use of personal information for other business purposes

In the course of our business, we may use your personal data for the following purposes:

Compliance with applicable legal or regulatory requirements (for example, for anti–money laundering compliance);
Responding to requests and communications from competent authorities;
Creating a client file and for other administrative purposes;
Financial accounting, invoicing, and risk analysis;
Client relationship management, including: (i) sending communications or details about our services that we believe may be of interest to you; (ii) contacting you to collect feedback about our services; and (iii) contacting you for market research or survey purposes. In these cases, you may opt out of our invitations, communications, or requests at any time. In specific situations, if necessary, for example, if you have never been our client, we may ask for your consent before sending marketing materials or other promotional requests.
Recruitment and business development (for example, interviews with a client’s professionals may be used as part of our recruitment and business development materials with that professional’s authorization);
Protection of our rights and the rights of our clients.

Use of personal information collected through our website

In addition to the purposes described above, we may also use the data collected through our website to:

manage and improve our website;
personalize the content on our website to provide a more tailored experience and draw your attention to information about our services that may be of interest to you;
manage and respond to any request you submit through our website.

What are the legal grounds for processing your personal data?

We use your personal data based on the following legal grounds:

(a) to fulfil the contract for the provision of our services to you, to our clients, or to our suppliers, as applicable;

(b) to comply with the legal and regulatory obligations to which we are subject;

(c) to pursue our legitimate interests in the effective and lawful operation of our business, provided that such interests are not overridden by your own interests.

The processing of your sensitive data for any of the purposes described above will be carried out on the basis of:

(i) your explicit consent to process such data;

(ii) a legal obligation to collect personal data for compliance with anti–money laundering laws (or other legal obligations imposed on us);

(iii) compliance with our obligations in the field of labour law, social security, or social protection;

(iv) the establishment, exercise, or defence of legal claims; or

(v) data that you have made public.

The personal data we process when providing certain marketing content will only be shared after obtaining your explicit, freely given, informed, and unambiguous consent, whenever such consent is required by law. In each marketing communication, you may click the unsubscribe option (opt-out) or cancel your subscription by replying to the email or address provided, as applicable.

With whom may we share your personal data, if necessary?

For the purposes described in the section “How we process your personal data?”, we may disclose information about you to: third parties who provide services to us; competent authorities (including courts and regulators); your employer and/or advisors; consultants; or other entities that require access to personal data relating to you.

Our website hosts various blogs, forums, wikis, and other social media applications or services that allow content to be shared with other users (collectively, “Social Media Applications”). It is important to note that any personal information you contribute to these Social Media Applications may be read, collected, and used by other users of the application. As we do not control these other users, we cannot guarantee that any personal information you contribute to these applications will be handled in accordance with this privacy notice.

Some of the recipients of your personal data mentioned above may be located in third countries whose laws may not offer the same level of data protection. In such cases, we will ensure that a data transfer agreement is executed with the recipient, based on Standard Contractual Clauses approved by the European Commission for transfers of personal data to third countries.

Further details about the transfers described above and the appropriate safeguards used by READY (including copies of relevant agreements) can be requested through the contact form available on our website.

In certain circumstances, we are required to disclose your personal data due to a legal requirement, regulator request, or in the course of legal proceedings.

Conversely, we may share non‑personal information, including anonymized, masked, or aggregated data, for various purposes, including data analysis, research, studies, and promotional purposes.

How do we ensure the security of your personal data?

We use physical, electronic, and management security measures to ensure the confidentiality and protection of your personal data. These measures include:

Relevant training for Deloitte professionals to ensure compliance with privacy obligations when handling personal data;
Administrative and technical controls to limit access to personal data;
Technological security measures, including firewalls, encryption, and antivirus software;
Physical security measures.

Although we use appropriate security measures once we receive your personal data, please remember that the transmission of data over the Internet (including by email) is never completely secure. We strive to protect your personal data, but we cannot guarantee the security of data you transmit to us or that we transmit through these means.

How long do we retain your personal data?

We retain your personal data for the longest of the following periods:

(i) as long as necessary for the provision of the relevant services and for the minimum period agreed;

(ii) for the retention periods required by law or by the applicable retention and archiving policy in the course of our business activity (for example, invoices issued will be kept for a period of 10 years after their issuance, in accordance with Article 52(1) of the VAT Code); or

(iii) until the conclusion of any litigation or investigation related to the underlying relationship.

In situations where the legal basis for processing your personal data is your consent, the data will be retained only until that consent is withdrawn.

What are your rights as a data subject?

Among the broad set of rights you have regarding the processing of your personal data, we highlight in particular the right to:

Access your personal data and request a copy of it;
Request the update, correction, or modification of your data that you believe to be incorrect or incomplete;
Request the deletion of your personal data or limit the way we process it;
Withdraw your consent for processing (to the extent that such processing is based on consent);
Receive a copy of your data in a structured format, when applicable, as well as the right to data portability (when processing is based on consent or a contract);
Object to the processing of your personal data.

To exercise any of your rights, or if you have any other questions or complaints about the processing of your personal data, please contact us through the contact form available on our website.

If you wish to lodge a complaint regarding matters related to the processing of your personal data, you may do so with the Comissão Nacional de Proteção de Dados (CNPD), the competent supervisory authority in Portugal. For more information, visit www.cnpd.pt.

How can you learn about any changes to this privacy notice?

This privacy notice may be updated over time. To keep you informed of any changes, we will update the revision date at the top of this page. The new privacy notice applies from the revision date onward. We encourage you to review this notice periodically on our website to stay informed.