Privacy Policy

Privacy Policy – Poltex (Neves Pereira e Silva,

Lda)

Last Updated: [June 2025]

Poltex – Neves Pereira e Silva, Lda (“Poltex”, “we”, “us” or “our”) is committed to protecting your

personal data with due care and in accordance with the law , including the EU General Data

Protection Regulation (GDPR). This Privacy Policy explains what personal data we collect, how we use

and protect it, and your rights in relation to your data. We aim to be transparent and use clear, plain

language in line with GDPR requirements .

1. Data Controller and Contact Details

Data Controller: The entity responsible for your personal data is Poltex – Neves Pereira e Silva, Lda, a

company based in Guimarães, Portugal (Travessa do Séquito B – Lote 12/13, Zona Industrial de Brito,

4805-034 Guimarães, Portugal).

No DPO Appointed: Poltex is not legally required to appoint a Data Protection Ofcer , so we have

not designated a DPO. However, we take privacy seriously – for any questions or requests regarding

your personal data, you can contact us directly.

Contact for Privacy Inquiries: If you have any questions about this policy or wish to exercise your data

rights, please contact us by email at privacy@poltex.com. You may also write to us at the postal

address above, Attn: Privacy Team.

2. Personal Data We Collect

We limit our collection of personal data to what is necessary, relevant, and adequate for the purposes

set out in this policy (data minimization principle ). The personal information we collect and process

may include:

Name – For example, your frst and last name.

Email Address – For example, your email used for subscribing to updates or contacting us.

We obtain this information directly from you – for instance, when you fll out a form on our website,

subscribe to our newsletter, or communicate with us via email or phone. We do not collect any

payment or fnancial information, as we do not process online payments, and we do not collect

login credentials (our website does not require user accounts or passwords). We also do not collect

any sensitive personal data (such as health, racial/ethnic origin, or political opinions) in the ordinary

course of business.

3. Purposes of Processing and Legal Bases

Poltex only uses your personal data for specifed, explicit, and legitimate purposes, and we always have

a lawful basis under the GDPR for our processing . Below we describe what we use your name and

email for and the legal justifcation for doing so:

Marketing Communications (Newsletters & Updates): If you have subscribed or consented,

we will use your name and email to send you our newsletter, product updates, or promotional

ofers about Poltex’s textile products and services. Legal Basis: Consent – We will only send you

marketing emails if you have given us clear consent, such as by signing up on our website (per

GDPR Article 6(1)(a)). You can withdraw your consent at any time (see Section 8 below on Your

Rights). For individuals who are existing customers or have shown interest in our products, we

may also rely on legitimate interests to inform you about similar products or services, as GDPR

Recital 47 acknowledges direct marketing can be a legitimate interest . In all cases, we will

honor any opt-out requests immediately.

Responding to Inquiries and Sales Requests: If you contact us with questions, requests for

quotes, or other sales-related inquiries, we will use your name and email to communicate with

you and provide the requested information or support. Legal Basis: This processing is necessary

for taking steps at your request prior to entering into a contract (GDPR Article 6(1)(b)) or is

within our legitimate interests to efectively respond to prospective customers and business

contacts. We consider this use expected and benefcial for both you and Poltex (and we ensure it

does not override your rights). You are in control of whether to provide your data for these

purposes.

No Additional Uses: We will not use your personal data for any purposes that are incompatible with

the above. In particular, we do not engage in automated decision-making or profling with your

personal data that produces legal or similarly signifcant efects (GDPR Article 22). If we ever need to

process your data for a new purpose, we will update this policy and, if required, seek your consent.

4. Data Sharing and Disclosure to Third Parties

Poltex respects the confdentiality of your personal information. We do not sell, rent, or share your

personal data with third-party companies for their own marketing or other independent purposes .

Your data is used solely for Poltex’s internal purposes as described above.

In certain cases, we may share your data with trusted service providers or partners who process data

on our behalf, but only to the extent necessary to fulfll the purposes listed in this policy. For example,

this could include an email delivery service to send out our newsletters. When we engage such

processors, we remain responsible for your data and ensure they are contractually obliged to handle it

securely and in compliance with GDPR (acting under our instructions and not using your data for any

other purpose).

Legal Disclosures: The only other instances in which we might disclose personal data are if we are

required to do so by law, regulation, or a legal process (e.g., a court order or governmental request), or

to establish or defend our legal rights. In summary, aside from service providers acting for us (and

bound to confdentiality) or legal obligations, no other parties receive your personal data.

5. International Data Transfers

All personal data we collect is stored and processed within the European Union. We do not transfer

your personal data outside the EU or EEA . This means your name and email are kept on servers

located in the EU, or with service providers who ensure data remains in EU territory. If in the future we

need to transfer data outside the EU (for example, to a cloud service provider in another region), we will

only do so in compliance with GDPR transfer safeguards (such as using EU Commission approved

Standard Contractual Clauses or transferring to jurisdictions with an adequacy decision). However, at

present no international transfers occur.

6. Data Retention

Poltex will retain your personal data only for as long as necessary to fulfll the purposes we collected

it for, and to comply with applicable laws . We do not keep personal data indefnitely “just in case” –

once we no longer need your information, we will securely delete or anonymize it.

In practice, this means:

If you have given consent for marketing emails, we will retain your name and email for as long

as you remain subscribed. If you withdraw consent or opt-out (unsubscribe), we will promptly

remove your contact from our marketing list. (We may keep a record of your email on a

suppression list to ensure we honor your no-contact request.)

If you are a customer or you contacted us for an inquiry, we will retain your contact details for

the duration of our relationship with you and for a reasonable period afterward. This allows us to

maintain necessary business records and follow up as needed. For instance, if you request a

quote, we may keep your information while that quote is active. We may also retain

correspondence or contact information for a certain time (e.g. up to a few years) in case you

have follow-up questions, to maintain records of our communications, or as required for legal

purposes (such as proof of consent or transactions).

In all cases, we periodically review the data we hold. When the retention period has been reached, or if

we determine we no longer need the data, we either irreversibly anonymize it or securely delete it from

our systems. For example, we do not store your data longer than necessary for the purposes

described . If any law requires us to keep data for a certain period (for example, tax or accounting

rules), we will only retain the data for that legal duration and strictly for that purpose.

7. Data Security Measures

We take the security of your personal data very seriously and implement appropriate technical and

organizational measures to protect it . While no system can be 100% secure, we follow industry

best practices to safeguard information against unauthorized access, alteration, disclosure, or

destruction. Our security measures include:

Secure Infrastructure: Personal data is stored on secure servers with up-to-date protection. We

use frewalls and network security measures to prevent unauthorized access. Physical access to

our systems is restricted. 

Encryption: Whenever personal data is transmitted (for example, when you submit a form on

our website), we use encryption protocols like HTTPS/TLS to protect the data in transit. We also

employ encryption or password protection for data at rest where appropriate .

Access Control: Personal data at Poltex is accessible only to personnel who need to know it for

the purposes described (e.g., our sales/marketing team). These individuals are trained on data

protection and bound by confdentiality. We maintain authentication controls to prevent

unauthorized employee access.

Organizational Policies: We have internal policies and procedures to ensure personal data is

handled safely and in line with GDPR. This includes regular review of our data practices, and if

applicable, agreements with any service providers to ensure they equally commit to protecting

your data.

Despite our safeguards, please note that no internet or email transmission is ever completely secure.

We continuously monitor and improve our security practices to adapt to new threats. In the unlikely

event of a data breach that poses a risk to your rights (for example, a security incident leading to

accidental or unlawful loss or disclosure of personal data), we will notify you and the relevant

authorities as required by GDPR (Articles 33 and 34).

8. Your Rights Under GDPR

As an individual (“data subject”) in the EU, you have robust rights regarding your personal data. Poltex is

committed to respecting these rights and enabling you to exercise them easily . Under the GDPR,

you have the following rights (subject to the conditions and exceptions set out in applicable law):

Right to Access: You have the right to request confrmation of whether we are processing your

personal data, and if so, ask for a copy of the data we hold about you . This allows you to

know and verify the information we have.

Right to Rectifcation: If any of your personal data we hold is inaccurate or incomplete, you

have the right to have it corrected or updated without undue delay . For example, if your

email address changes, you can ask us to update it.

Right to Erasure: You have the right to request that we delete your personal data, in certain

circumstances . This is also known as the “right to be forgotten.” We will erase the data upon

your valid request, provided we do not have a compelling legal reason to continue processing it

(for instance, we may need to retain some information to comply with a legal obligation).

Right to Restrict Processing: You can ask us to restrict or pause the processing of your

personal data in certain situations . For example, if you contest the accuracy of the data or

object to our processing, you can request a restriction while the issue is being resolved. When

processing is restricted, we will still store your data but not use it until the restriction is lifted.

Right to Object: You have the absolute right to object to your personal data being used for

direct marketing at any time . If you object, we will stop using your data for marketing

purposes immediately. You also have the right to object to other types of processing based on

our legitimate interests, on grounds relating to your particular situation. In such cases, we will

stop the processing unless we have compelling legitimate grounds that override your interests

or it’s needed for legal claims.

Right to Data Portability: Where we process your data based on your consent or a contract

with you, and the processing is carried out by automated means, you have the right to request

to receive your personal data in a common, machine-readable format and/or have it transmitted

to another data controller where technically feasible . In simple terms, this allows you to take

your data to another service.

Right to Withdraw Consent: If we rely on consent as our legal basis for processing your data

(for example, sending marketing emails), you have the right to withdraw that consent at any time . Withdrawing consent will not afect the lawfulness of any processing we did based on

your consent before withdrawal, but it means we will stop the specifc activity that you previously

consented to. For instance, if you unsubscribe from our newsletter, we will stop sending it.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you

have the right to fle a complaint with a supervisory authority in the EU . Poltex is

established in Portugal, so our lead supervisory authority is the Portuguese Data Protection

Commission (Comissão Nacional de Proteção de Dados – CNPD, website: www.cnpd.pt). You can

contact the CNPD or your local EU data protection authority. We encourage you to contact us

frst, and we will do our best to address your concerns.

No Fee Usually Required: You can exercise your rights free of charge. In rare cases, if a request is

manifestly unfounded or excessive, we are permitted by law to charge a reasonable fee or refuse the

request, but we will explain the reasons if that situation arises.

9. How to Exercise Your Data Rights

We understand that you might be unsure how to go about exercising your data rights. We have a

simple procedure in place:

Submit a Request: To exercise any of your rights described above (access, correction, deletion,

etc.), please send us a request. The easiest way is by emailing us at privacy@poltex.com. You

can also mail a request to our postal address (see Section 1). Please clearly state what right you

wish to exercise and any relevant details. For example, you might write, “I am requesting a copy of

all personal data you have about me” (Right of Access) or “Please delete the personal data you have

about me that I provided when signing up for newsletters” (Right of Erasure).

Identity Verifcation: For your security, we may need to verify your identity before fulflling a

data request. This is to ensure we don’t disclose or modify your data based on a request from

someone else. We will let you know what information is needed (such as confrming some basic

details we already have on fle). You do not have to provide more personal data than necessary

for verifcation. Any information you provide for verifcation will only be used to confrm your

identity and will be deleted afterward.

Our Response Time: We will respond to your request without undue delay and at the latest

within one month of receiving it . In most cases, we will respond much sooner. If your

request is complex or if you have made multiple requests, we are allowed to extend this period

by up to two further months, but we will inform you within the frst month if an extension is

needed and explain why. Our response will normally include either the information you

requested or confrmation that the action you asked for has been completed, or we will provide

an explanation if we cannot fully comply with your request (for instance, if an exemption

applies).

Result of the Request: If you exercised your right of access, we will provide your data (along

with information required by law about how we use it). If you asked for rectifcation, we will

confrm that we have corrected the data. For erasure or restriction, we will confrm your data has

been deleted or fagged as restricted (and will no longer be processed). For objections, we will

confrm that we have stopped the processing in question (especially in the case of marketing

objections, we will remove you from our lists immediately). If you withdrew consent, we will

confrm that we have noted your withdrawal and ceased the related processing

We aim to make this process as straightforward as possible for you. If you need any assistance in

formulating your request, please just ask – we are here to help. Remember, your privacy rights are

important, and Poltex wants to ensure you can exercise them fully.

10. Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time, to refect changes in our practices or for

legal, regulatory, or operational reasons. If we make signifcant changes, we will notify you either by

posting a prominent notice on our website or by contacting you directly (e.g., via email) if appropriate.

We always indicate the “Last Updated” date at the top of the policy. We encourage you to review this

policy periodically to stay informed about how we are protecting your information.

11. Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy or how Poltex handles

your personal data, please do not hesitate to reach out:

Email: privacy@poltex.com

Postal Address: Travessa do Séquito B – Lote 12/13, Zona Industrial de Brito, 4805-034

Guimarães, Portugal (Attn: Privacy Team)

Telephone: +351 [example phone] (Available Mon–Fri during business hours)

We will be happy to assist you. Your trust is very important to us, and we will do our utmost to address

any privacy-related questions or issues.

Thank you for reading our Privacy Policy. By engaging with Poltex or using our website, you

acknowledge that you have been informed about how we handle personal data. We hope this policy has

clearly explained our practices. If anything remains unclear, please contact us and we will clarify it.

Your privacy is our priority, and we are committed to ensuring the security and lawful handling of

your personal information at all times.