Atlantic Cloud

Data and Privacy Policy

Last Updated: 8/5/2026

1. Who We Are

This Privacy Policy explains how FREE ATLANTIC LDA, operating under the trading name Atlantic.cloud, collects, uses, stores, and protects personal data of website visitors, users, and customers.

FREE ATLANTIC LDA

Trading name: Atlantic.cloud

NIPC / VAT Number: 517132974

Registered office: Rua do Esmeraldo, nº 53-57, 9000-051 Funchal, Madeira, Portugal

Website: https://atlantic.cloud

Main contact: [email protected]

Support: [email protected]

In this Policy, the words "Company", "we", "us", and "our" refer to FREE ATLANTIC LDA / Atlantic.cloud.

2. Personal Data We May Collect

Depending on how you use our website or services, we may collect and process the following categories of personal data:

  1. full name;
  2. company name, if the customer acts as a legal entity;
  3. email address;
  4. country of residence or registration;
  5. postal address or billing address;
  6. tax number / VAT number, where required for invoicing;
  7. IP address;
  8. browser, device, and session technical data;
  9. access logs, system logs, and security logs;
  10. order, service, invoice, and payment information;
  11. limited payment data processed through our payment provider;
  12. data that the customer stores or processes through our hosting services.

We do not intentionally request or collect special categories of personal data, such as health data, political opinions, religious beliefs, biometric data, or other sensitive data, unless this is necessary in a specific case and permitted by law.

3. Purposes of Processing

We may process personal data for the following purposes:

  1. creating and managing customer accounts;
  2. accepting and processing orders;
  3. providing hosting, server, cloud, and other IT services;
  4. invoicing, accounting, and tax compliance;
  5. payment processing;
  6. providing technical support;
  7. communicating with customers about services, invoices, technical matters, or service changes;
  8. ensuring the security of our infrastructure;
  9. detecting and preventing fraud, malware, spam, phishing, DDoS attacks, unauthorized access, and other abuse;
  10. complying with legal obligations;
  11. protecting the rights, interests, and property of FREE ATLANTIC LDA, its customers, and third parties;
  12. improving our website, services, and user experience.

4. Legal Bases for Processing

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Portuguese data protection laws.

The legal bases for processing may include:

  1. performance of a contract - where processing is necessary to provide ordered services;
  2. compliance with legal obligations - for example, accounting, tax, or regulatory requirements;
  3. user consent - for example, for optional cookies, marketing, or other optional processing;
  4. legitimate interests - for example, infrastructure security, fraud prevention, abuse prevention, service stability, and protection of the Company’s rights.

5. Payments and Payment Provider

We use Revolut Bank UAB - Sucursal em Portugal as our payment provider for processing online payments.

Payments made through our website are processed via Revolut’s payment infrastructure and/or credited to the Revolut account of FREE ATLANTIC LDA.

FREE ATLANTIC LDA does not store full bank card details. Payment data is processed by Revolut in accordance with its own security standards, privacy policy, and applicable law.

6. Who May Access Personal Data

We do not sell users’ personal data.

Access to personal data may be granted only to the extent necessary for the relevant purpose, including to:

  1. employees or authorized representatives of FREE ATLANTIC LDA;
  2. technical contractors, administrators, data centers, cloud providers, or network providers;
  3. payment providers;
  4. accountants, auditors, legal advisers, or other professional advisers;
  5. public authorities, courts, regulators, or law enforcement authorities where required by law.

Where required under the GDPR, we use appropriate contractual, technical, and organizational measures to protect personal data when working with contractors or subprocessors.

7. Customer Data Hosted on Our Infrastructure

FREE ATLANTIC LDA provides hosting and infrastructure services. Customers may store, transmit, or process data through their servers, virtual machines, websites, applications, or other services.

In such cases, the customer will generally act as the controller of the data that it stores or processes through our services, and FREE ATLANTIC LDA may act as a processor or subprocessor within the scope of providing technical infrastructure.

The customer is responsible for the lawfulness of the data it stores, processes, or transmits through our services.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or for as long as required by applicable law.

In particular:

  1. account data may be retained for the duration of the customer account;
  2. accounting, tax, and invoice data may be retained for the periods required by law;
  3. technical logs and security logs may be retained for a limited period necessary for security, diagnostics, incident investigation, or protection of rights;
  4. data hosted by customers on servers is deleted or becomes unavailable after termination of the relevant service in accordance with the applicable terms, technical procedures, and backup cycle.

In some cases, immediate deletion may not be possible due to legal obligations, technical backup processes, open disputes, security investigations, or the need to protect legitimate interests.

9. International Data Transfers

We aim to process personal data within the European Union or the European Economic Area whenever possible.

If personal data is transferred outside the EU/EEA, such transfer will take place only where an appropriate legal basis and safeguards exist, such as an adequacy decision, standard contractual clauses, or other mechanisms provided by the GDPR.

10. Cookies

Our website may use cookies and similar technologies.

Necessary cookies may be used for website operation, security, sessions, authentication, and basic functionality.

Optional cookies, including analytics or marketing cookies, are used only where the relevant user consent has been obtained, if such consent is required by law.

Users may manage cookies through their browser settings or through the cookie banner, where available on the website.

11. Data Security

FREE ATLANTIC LDA applies reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction.

Such measures may include:

  1. HTTPS / TLS encryption;
  2. access controls;
  3. role-based access restrictions;
  4. infrastructure monitoring;
  5. security logging;
  6. backup procedures;
  7. protection against abuse and unauthorized access.

However, no system of data transmission or storage can be guaranteed to be absolutely secure.

12. Your Rights Under the GDPR

Under the GDPR, users may have the following rights:

  1. the right of access to their personal data;
  2. the right to rectification of inaccurate or incomplete data;
  3. the right to erasure of data;
  4. the right to restriction of processing;
  5. the right to data portability;
  6. the right to object to processing;
  7. the right to withdraw consent where processing is based on consent;
  8. the right not to be subject to a decision based solely on automated processing, where applicable;
  9. the right to lodge a complaint with the competent data protection authority.

To exercise your rights, you may contact us at:

[email protected]

If your request concerns technical information or your customer account, you may also contact:

[email protected]

13. Complaints to a Data Protection Authority

If you believe that the processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to lodge a complaint with the competent data protection authority.

In Portugal, the competent authority is CNPD - Comissão Nacional de Proteção de Dados.

Before lodging a complaint, we recommend contacting us first so that we can review your concern and try to resolve it directly.

14. Voluntary Provision of Data

Providing personal data is generally voluntary. However, in some cases, without certain data we may be unable to create an account, provide services, issue invoices, process payments, or comply with legal obligations.

15. Changes to This Policy

FREE ATLANTIC LDA may update this Privacy Policy from time to time.

The current version of the Policy is published on our website. In the event of significant changes, we may provide additional notice to users where required by law or appropriate in view of the nature of the changes.