Privacy Policy

Your privacy is important to us, so we have developed this Privacy Policy that sets out how we collect, disclose, transfer and use the data that you share with us, and which rights you have. Please take a moment to read through it.

We care about you and the protection of your personal data. It is Penthack's policy to respect your privacy regarding any information we may collect from you across our website, https://penthack.com, and other websites we own and operate. Thus, when providing a service to our users, we do it as safe and confidential as possible, safeguarding the privacy of communications and personal data thereof. This privacy policy establishes the ways of collecting, processing and using personal data, as well as the security safeguards adopted in this treatment for all services that we make available.

Please read this Privacy Policy carefully, because accessing our websites and providing your personal data implies knowledge and acceptance of the conditions covered. In other words, by making your personal data available, you are authorizing the collection, use and disclosure of such data, in accordance with the rules defined in this policy.

1. Who we are

“We”, “us” or “our” means ‘PENTHACK LDA’, with its registered office at Rua Conceição Fernandes, N.º 755, Salas B107 e B109, 4434-510 Vila Nova de Gaia, Porto, Portugal. We act as controller for the personal data we gather through your use of our website.

This Privacy Policy is solely intended to provide you with information in relation to the processing of personal data through your use of the website. For our privacy practices in relation to our services, we refer you to the agreement as may be concluded between us.

If you have any questions, concerns or complaints regarding this Privacy Policy or our processing of your personal data or you wish to submit a request to exercise your rights, you can contact us:

  • Via e-mail: [email protected]
  • By post: to Penthack Lda at Rua Conceição Fernandes, N.º 755, Salas B107 e B109, 4434-510 Vila Nova de Gaia, Porto, Portugal

This Privacy Policy was revised last on 31/10/2020

2. How we use your personal data (GDPR)

Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.

All personal data that the customer provides will be part of an automated personal file of which Penthack is responsible. The personal data collected will be kept only for as long as is necessary for the purpose for which they are collected, except for data which, by law, must be kept for a longer period.For the purposes of managing the contact provided by the customer, automated operations may be carried out, namely profile definition, ensuring, however, that they are carried out within the limits imposed by the applicable legislation. Your personal data may be communicated to other Group companies and to Penthack customers (in this case, limited to personal contact and identification data, for the purposes of access control and management of information requested by each customer). They may also be communicated to third parties for the purpose of complying with legal obligations, as well as to other entities deemed necessary for the purposes described above, namely insurers, banking institutions, computer service providers, regulators and inspectors, and document archives..

The personal data we collect, is collected and used for the purposes as listed hereunder:

  • In the event you use the support chat applet on our website, we will use your personal data in order to reply to your query via email.
  • In the event you create an account on our website or you provide us with transaction data, we collect your personal information and save it in order that we pay you bounties or contact you regarding your submissions.
  • In the event you register for our newsletter, your email address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organized by us.
  • We process your personal data for the purpose of supporting the website and enhancing your user experience, which includes ensuring the security, availability, performance, capacity and health of the website.
  • We process your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims.
  • We may also use your personal data to fulfill our obligations as set out by the applicable law.

The following categories of data can be distinguished:

  • Log data: when you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
  • Device data: We may collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
  • Personal data: We may ask for personal information, such as: name, date of birth; phone/mobile number, work address or payment information. This is information that is provided directly by you.


We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so. These legal bases depend on the services you use and how you use them, meaning we collect and use your information only when it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

3. Retention and storage of your data

Your personal information will not be kept for longer than is necessary for a specific purpose. However, considering it is not possible for us to specify a period in advance, the period of retention will be determined depending on the duration of an active submission, the type of data collected and the legal requirement for retaining the data.

While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

When you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place). In the event you withdraw your consent or you object to our use of your personal data, and such objection is successful, we will remove your personal data from our databases. Please note that we will retain the personal data necessary to ensure your preferences are respected in the future.

The foregoing will, however, not prevent us from retaining any personal data if this is necessary to comply with our legal obligations, in order to file a legal claim or defend ourselves against a legal claim, or for evidential purposes.

4. Disclosure of data to third parties

In order to provide you with our website, we work with service providers to process and store your personal data. These providers enable us to offer a better experience online. Therefore we may disclose information to (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;our employees, contractors and/or related entities; sponsors or promoters of any competition we run; credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you; courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you; and third parties to collect and process data.

We shall also disclose your personal data in the event such disclosure is necessary in order to fulfil a legal obligation. We may also disclose personal data in order to protect your vital interests or the vital interest of another natural person.

5. Your rights

This article lists your principal rights under data protection law. To exercise any of your rights, please send us a written request in accordance with article 1 of this Privacy Policy. We will answer your request without undue delay, but in any event within one month of the receipt of the request. In the event of an extension of the term to respond or in the event we do not take action on your request, we will notify you.

  • The right to consent

By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.
  • The right to access and data portability

You have the right to confirmation as to whether or not we process your personal data and, in the event we do so, you have the right to access such personal data, together with certain additional information that you also find listed in this Privacy Policy.
You may request details of the personal information that we hold about you. You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
  • The right to rectification

If the personal data we hold about you is inaccurate, incomplete, irrelevant or misleading, please contact us using the details provided in point 1 of this Privacy Policy. We will take reasonable steps to correct it. You have the right to have this information rectified or, taking into account the purposes of the processing, completed.
  • The right to to be forgotten and notified

In some circumstances, you have the right to the erasure of your personal data without undue delay. You can also unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details in section 1 or opt-out using the opt-out facilities provided in the communication.
On the other hand, we have the commitment to notify you if any security breach happens that can compromise the disclosure of your personal information. We will comply with the laws applicable to us in respect of any data breach and you will be the first to know about it.
  • The right to object and protest

You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, or for the performance of a task carried out in the public interest or in the exercise of any official authority vested in us.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
  • The right to complain to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Portugal, you can submit a complaint to the CNDP Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.

All personal data that the customer provides will be part of an automated personal file of which Penthack is responsible. The personal data collected will be kept only for as long as is necessary for the purpose for which they are collected, except for data which, by law, must be kept for a longer period.For the purposes of managing the contact provided by the customer, automated operations may be carried out, namely profile definition, ensuring, however, that they are carried out within the limits imposed by the applicable legislation. Your personal data may be communicated to other Group companies and to Penthack customers (in this case, limited to personal contact and identification data, for the purposes of access control and management of information requested by each customer). They may also be communicated to third parties for the purpose of complying with legal obligations, as well as to other entities deemed necessary for the purposes described above, namely insurers, banking institutions, computer service providers, regulators and inspectors, and document archives..

The personal data we collect, is collected and used for the purposes as listed hereunder:
  • In the event you use the support chat applet on our website, we will use your personal data in order to reply to your query via email.
  • In the event you create an account on our website or you provide us with transaction data, we collect your personal information and save it in order that we pay you bounties or contact you regarding your submissions.
  • In the event you register for our newsletter, your email address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organized by us.
  • We process your personal data for the purpose of supporting the website and enhancing your user experience, which includes ensuring the security, availability, performance, capacity and health of the website.
  • We process your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims.
  • We may also use your personal data to fulfill our obligations as set out by the applicable law.

6. International transfers of data

The personal information we collect is stored and processed in Portugal, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

When we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.

7. Cookies

Our website makes use of cookies. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, to enable us to deliver a better online experience. For further information relating to our use of cookies, we refer you to our Cookie Policy: https://penthack.com/cookies

8. Amendments to the privacy policy

From time to time, we may need to modify this Privacy Policy. Any changes that may occur to this Privacy Policy will be announced on this page so that the user is always aware of the new rules established Also, every time we make a significant modification, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.

9. Legislation

The processing of user personal data by Penthack, as well as the sending of commercial communications by electronic means are in conformity with the existing national and Community legislation, in particular with the recent EU Regulation 2016 / 679 (General Regulation on Data Protection).

By continuing to browse the site, you expressly agree that cookies will be stored on your computer to help measure statistics of visits.

Learn More Accept