Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Where this policy refers to BAUF/we/us/our, it means BAUF HOME, UNIPESSOAL LDA.

This policy applies to users in the EU/EEA, the United Kingdom, the Republic of Moldova, Georgia, and the Kyrgyz Republic. Processing is carried out under GDPR and applicable national data protection laws.

2. What Data We Collect

2.1 Data You Provide Directly

• Contact and enquiry forms: name, email address, company name, phone number, message content.
• Job applications: name, email address, LinkedIn profile URL, CV/resume.
• Partner and reseller registration: company details, contact information, and trade references where submitted.
• Newsletter subscription: email address.

2.2 Data Collected Automatically via Cookies and Similar Technologies

Certain technical values are used to enrich form submissions with neutral context:

• referrer_url — entry referrer URL, stored in browser sessionStorage only after consent for form-visit context.
• landing_url — first visited page URL in your session, stored in browser sessionStorage only after consent for form-visit context.
• NEXT_LOCALE — language preference selected in the language switcher (NEXT_LOCALE).
• app_mode — selected application/UI mode where applicable (app_mode).

2.3 Server Log Data

• IP address (anonymised), browser type/version, operating system, visited pages, and access date/time. Logs are retained for 30 days, then deleted.

3. Legal Basis for Processing

Where processing is based on legitimate interests (Art. 6(1)(f)), you may object at any time.

4. Data Sharing and Processors

We share personal data only where necessary and in compliance with GDPR. Processors acting on our behalf are bound by Data Processing Agreements under Art. 28 GDPR.

4.1 Parent company

• Bauf Home GmbH (Heilbronn, Germany) may receive data for operational coordination and application handling. Germany is in the EU, so no additional transfer mechanism is required.

4.2 Customer relationship platform (CRM)

We use Bitrix24 (1C-Bitrix LLC and affiliates) for managing enquiries. Submitted communication data and optional technical context from Section 2.2 may be transmitted for organisation and retention.

Bitrix24 may process data outside the EU/EEA. Where relevant, transfers rely on Standard Contractual Clauses (SCCs) and/or the applicable Bitrix24 Data Processing Agreement.

4.3 Internal alerts

We use Telegram for internal enquiry alerts to authorised staff. Alert content is limited to what is reasonably required (typically contact identifiers and a short excerpt).

Telegram and affiliates may process data outside the EU/EEA. Safeguards from Section 5 apply where relevant.

4.4 Hosting and IT infrastructure

• Our website is hosted by OVH SAS (France), with infrastructure located in the EU/EEA.

4.5 Analytics

• Analytics providers such as Google Analytics process anonymised usage data subject to your cookie consent and configured IP anonymisation.

We do not sell personal data to third parties.

5. International Transfers

Where recipients process data outside the EU/EEA, we implement safeguards under GDPR.

• European Commission Standard Contractual Clauses (Art. 46(2)(c) GDPR), where applicable.
• European Commission adequacy decisions (Art. 45 GDPR), where applicable.

You may request a copy of the applicable transfer safeguard by contacting it@bauf-home.pt.

6. Retention Periods

• Enquiries and CRM records: up to 24 months after last substantive contact, unless legal obligations or active matters require otherwise.
• Application data: 6 months after recruitment process completion, unless you consent to longer retention.
• Newsletter data: retained until you unsubscribe.
• Server logs: deleted after 30 days.
• Internal alert copies: removed within 30 days unless temporary legal retention is required.

7. Your Rights

Under GDPR, you have enforceable rights regarding your personal data.

• Right of access (Art. 15 GDPR).
• Right to rectification (Art. 16 GDPR).
• Right to erasure (Art. 17 GDPR).
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object to processing based on legitimate interests (Art. 21 GDPR).
• Right to withdraw consent at any time (Art. 7(3) GDPR).

To exercise your rights, contact it@bauf-home.pt. We respond within one month, extendable by up to two additional months for complex or multiple requests with prior notice.

8. Right to Lodge a Complaint

The lead supervisory authority for BAUF HOME, UNIPESSOAL LDA is CNPD in Portugal.

• EU member states: your national data protection authority (EDPB member list).
• Germany: LfDI Baden-Wuerttemberg.
• United Kingdom: Information Commissioner's Office (ICO).
• Republic of Moldova: National Centre for Personal Data Protection.
• Georgia: Personal Data Protection Service.
• Kyrgyz Republic: relevant competent authority under local personal data law.

9. Security

We implement technical and organisational safeguards including SSL/TLS encryption, role-based access controls for authorised tools, and periodic security reviews.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updated versions are published on this page with a revised effective date. For material changes, we take reasonable steps to notify users.