Compliance with personal data protection legislation and respect for the rights of data subjects interacting with The MAD Kitchen is a priority. Clients, employees, suppliers and anyone occasionally interacting with The MAD Kitchen (including website visitors) can expect a high level of protection and respect for their rights. To that end, we have adopted a wide range of technical and organisational measures.
Personal data refers to any information relating to an identified or identifiable natural person (the “data subject”) – a person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, identification number, location data, online identifier), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This page aims to provide information on how The MAD Kitchen processes personal data (any operation involving personal data, including access, collection, storage, organisation, and use up to deletion), in accordance with the General Data Protection Regulation (GDPR), available at: https://eur-lex.europa.eu/legal-content/PT/ALL/?uri=celex%3A32016R0679
-
What personal data is collected from Clients by The MAD Kitchen and where does it come from? The MAD Kitchen does not collect, record, store, use, or communicate Client personal data by automated and/or non-automated means — including creating databases or profiling.
Information and personal data in our possession are used solely to provide our contracted services, as detailed in signed service agreements. These data are retained for the duration of the contractual relationship or longer if required by law or legitimate interest. The MAD Kitchen may also process personal data from non-clients, as detailed below.
Categories of Client data include:
-
Identification data: Full or abbreviated name, gender, date of birth/age, marital status, ID/passport numbers, nationality, academic titles, images of IDs, signatures, and photographs.
-
Family data: Names and contact details of family members or household composition.
-
Contact data: Address, phone number, email address.
-
Employment data: Sector, role, current/past employers, work address and contacts.
-
Qualification data: Academic and professional training records.
-
Financial data: Home address, bank account number.
These are treated with strict confidentiality, and The MAD Kitchen has implemented technical and organisational safeguards to prevent misuse by third parties. Data is primarily obtained from the Client during the commercial relationship.
-
Is there a legal obligation to provide personal data to The MAD Kitchen? To establish a contractual relationship, the Client must provide essential personal data. Failure to do so may prevent contract execution. Other data sharing remains voluntary.
For non-clients, providing personal data is optional and has no legal consequence.
-
Why does The MAD Kitchen process personal data, and on what legal basis? The MAD Kitchen is legally authorised to:
-
Process data necessary for contract execution or pre-contractual steps at the Client’s request;
-
Process data required to comply with legal obligations.
Other processing activities require the Client’s explicit consent, which may be withdrawn at any time.
Processing purposes and legal bases include:
-
Contract execution (e.g. using contact details to manage contractual communications);
-
Legal compliance (e.g. due diligence obligations under anti-money laundering laws);
-
Legitimate interests (e.g. marketing communications, tax documentation, obtaining Client benefits);
-
Consent (e.g. storing contact info for marketing or contacting potential Clients).
Processing purposes also include:
-
Client onboarding
-
Investigations and fraud prevention
-
Physical and IT security
-
Recruitment and employment management
-
Health and safety compliance
-
Legal claims
-
Financial management
-
Marketing and prospecting
-
Product and service governance
-
Website and app operations
-
IT system management
-
Who has access to personal data? Access is restricted to employees who need it for their roles, and appropriate measures ensure minimal and secure access.
Data may be shared with legal authorities (e.g., tax authorities, law enforcement) when legally required.
Data may also be transmitted to third parties to execute contracts or instructions, under confidentiality agreements and, when possible, using anonymisation.
Examples include outsourced services for physical and electronic data storage or cloud service providers.
-
How long is personal data retained? Data is retained for as long as needed for its processing purpose or legal requirement. Some data may be retained in secure backup systems even after deletion from active systems, in accordance with security and business continuity policies.
Commercial relationships are typically indefinite; therefore, relevant data may be retained for the entire duration of the contract. In Portugal, the legal limitation period is 10 years, and records may be kept accordingly.
-
What are the Clients’ data protection rights? Clients may:
-
Withdraw consent at any time, in writing.
-
Object to processing based on legitimate interests.
-
Object to direct marketing communications.
-
Access, update, or correct their personal data.
-
Request data portability in a structured, commonly used format.
-
Request deletion of personal data in certain circumstances.
-
Request restriction of processing in legally defined situations.
The MAD Kitchen will respond within 30 days of receiving a request. Requests are generally free, but a fee may apply if requests are excessive or unfounded.
-
Contact For questions or requests related to personal data protection, contact: info@themadkitchen.pt
