CLS is open daily
contato@cls-ebooks.com
938322683
en
Cart
0
0.00 €

Privacy Policy

CLS e-books Privacy Policy

Last update data: 12/02/2026
Data Controller responsible for processing: CLS e-books
Main Contact: privacy@cls-ebooks.com 
Address: Mação, Santarém - Portugal

Data protection officer contact not applicable.

This policy explains how we handle the customer and visitors personal data when they visit our website: request information, place orders, or interact with us. 

We apply Regulation (EU) 2016/679 (GDPR) and the applicable national legislation (Portuguese).

1) Personal data we process

We may collect and process the following categories:

  • Identification and contact data (name, email, phone, address - necessary for billing, communications, and delivery of works);
  • Transactional data - items ordered, language of the work, quantity, price, dates, and proof of payment (without storing your card details);
  • Technical and website usage data - shortened/anonymous IP address when possible, date, time, pages visited (cookies and similar technologies);
  • Communications, responses to FAQs, support requests, and messages sent through forms;
  • Special categories - CLS does not intentionally request or process special categories (Art. 9 GDPR) for the purposes described below.

2) Purposes and legal grounds

We process data only for specific and legitimate purposes:

a. Order management and contract performance (creating invoice/receipt, sending PDF e-books after purchase) legal basis for contract performance (Art. 6/1-b GDPR).

b. Customer service (responding to requests and FAQs) legal basis, legitimate interest (Art. 6/1-f GDPR) - to ensure efficient and quality service, balanced with the customer or visitors rights.

c) Legal obligation (tax and accounting obligations) legal basis - compliance with a legal obligation (Art. 6/1-c GDPR).

d) Optional direct marketing (news, discounts, promotions) only with your consent, given at the time of the order or through subscription. Legal basis - consent (Art. 6/1-a GDPR) and electronic communications regulations.

e) Website security and improvement (measuring performance, preventing fraud/abuse) legal basis - legitimate interest (Art. 6/1-f GDPR) with minimization and, when applicable, consent for non-essential cookies.

Note - when processing is based on consent it may disabled.

3) Data protection principles

We apply the principles of lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/compliance, and accountability (Art. 5 GDPR).

4) Retention and records

  • Invoicing and records: statutory tax/accounting periods applicable in Portugal.
  • Account/record and medium: while maintaining an active account or up to 2 years after the last useful contact, unless otherwise required by law.
  • Marketing: until consent is withdrawn or opposition is exercised; we will keep minimal records to prove preferences.

We apply internal retention policies with deletion or anonymization when the period expires (Art. 5/1-e) GDPR.

5) Sharing and Recipients

We share data only when necessary:

  • Service providers (e.g., billing, hosting, email, payments) under subcontracting agreements and contractual measures (Articles 28-29 GDPR).
  • Authorities when required by law (Article 6/1-c, GDPR).

We keep records of processing activities (ROPA) with the categories of data, purposes, recipients, retention periods, and security measures available to the authority upon request (Article 30 GDPR).

6) International transfers:

If any supplier is outside the EEA, we only transfer data with appropriate safeguards (e.g., adequacy decision or Standard Contractual Clauses), and clear information at the time of collection (Chapter V GDPR; Articles 44-49).

7) Data security:

We adopt appropriate technical and organizational measures to protect against unauthorized access, accidental loss, or destruction (Article 32 GDPR). Examples: encryption in transit, access controls, audit logs, and environment separation.

8) Your rights

You have the following rights, under the conditions of Articles 12-22 of the GDPR:

  • Access to your data (Article 15);
  • Rectification (Article 16);
  • Erasure - right to be forgotten (Article 17);
  • Restriction of processing (Article 18);
  • Data portability (Article 20);
  • Objection (Article 21), including at any time for direct marketing;
  • Automated decisions and profiling (Article 22) where applicable.

To exercise your rights, contact us through the channels indicated above. If you consider that your rights have not been respected, you can file a complaint with the CNPD or another EEA supervisory authority (Articles 77-79 GDPR).

9) Minors

Our services are intended for individuals over 18 years old. When we offer information society services directly to children, we will comply with Article 8 of the GDPR and the applicable national law.

10) Cookies and similar technologies:

  • We use strictly necessary cookies for the functioning of the website.
  • Non-essential cookies (analytics/marketing) are only activated with your consent, which you can manage through our banner/preferences center.
  • You must be able to withdraw consent as easily as you gave it (Article 5(3) of the e-Privacy Directive and national transposition rules, in parallel with the GDPR).

We provide clear information on the banner about purposes, duration, third parties, and whether there are international transfers (Articles 12-14 GDPR) - transparency.

11) Territorial scope and scope of application:

The GDPR applies to processing carried out by CLS e-books in the context of its activities in the EU. It will also apply when we offer goods/services to individuals in the EEA or monitor their behavior in the EEA (Art. 3 GDPR).

12) Changes to this Policy:

We may update this Policy to reflect legal or operational changes. We will indicate the most recent update and, if the changes are material, we will provide prominent notice on the website before they take effect (principle of transparency, Articles 12-14 GDPR).

13) Contacts:

  • Privacy issues (privacy@cls-ebooks.com)
  • Exercise of rights  on Page contact.
  • Data protection officer (not available)

Compliance note and regulatory context:

- Consolidated text and structure of the GDPR chapters on:

  1. Principles (Art. 5);
  2. Lawfulness (Art. 6);
  3. Rights (Art. 12-22);
  4. Security (Art. 32);
  5. Records (Art. 30);
  6. Transfers (Art. 44-49)
  • Transparency in information (EDPB/WP29 Guidelines): content, layers, clear language, and timing of communications to data subjects.
  • e-Privacy (cookies): prior consent for non-essential cookies and complementary rules to the GDPR.
  • Regulatory trend: EDPB's 2026 focus on transparency and the quality of privacy notices - it is advisable to keep this Policy clear, specific, and up-to-date.
CLS e-books

2026