Privacy policy

What personal data we process and why

  • Server access logs (IP address, date/time, requested URL, referrer, user-agent) — to ensure security, detect/prevent abuse, and troubleshoot availability. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).
  • Emails you send us (name, email, message, and any attachments) — to read and respond to your inquiry and keep necessary records. Legal basis: legitimate interests (handling inquiries); where your email requests information, the processing may also be pre-contractual (Art. 6(1)(b)). We may retain specific messages to comply with legal obligations (Art. 6(1)(c)).

Do we use cookies or trackers?

No. We do not use cookies, analytics, advertising pixels, or similar tracking technologies. Please note your browser or network may set their own technical artefacts; those are outside our control.

How long we keep data

  • Server logs: Logs kept by AWS as per their standard terms of use.
  • Emails: kept for the time necessary to handle your request and for a reasonable retention period (typically up to 24 months) for audit/legal defense, unless a longer period is required by law.

Who receives your data (processors/recipients)

  • Hosting provider (resold through an EU based reseller according to EEA standards) for secure operation of this site.
  • Email provider for inbound/outbound correspondence.

We do not sell personal data. We do not share with third parties except as required by law or to protect our rights.

International data transfers

We do not plan to transfer personal data outside the EEA. If a transfer becomes necessary (e.g., support escalation), we will use lawful safeguards such as the EU Standard Contractual Clauses.

Your rights

You have the right to access, rectify, erase, restrict processing, object to processing, and data portability, subject to conditions in the GDPR. To exercise your rights, contact contact@banditsandwich.eu

You also have the right to lodge a complaint with the Portuguese supervisory authority, CNPD – Comissão Nacional de Proteção de Dados (www.cnpd.pt).

Security

We implement technical and organizational measures appropriate to the risk, including restricted access and log retention controls. No method is 100% secure.

Changes to this Policy

We may update this Policy to reflect legal or operational changes. Material changes will be indicated on this page with a new “Last updated” date.

Last updated: 1 November 2025