Atlantic logo

Data and Privacy Policy

Last updated: 16/06/2025

1. Who We Are

This Policy explains how FREE ATLANTIC LDA, legally registered at:
Rua do Esmeraldo, nº 53–57,9000‑051Funchal, Madeira, Portugal
NIF: 51713974
(hereinafter “Company”, “we”, “our services”) collects, processes, and protects
your personal data.

2. What Data We Collect

We may collect the following categories of personal data:
- Full name
- Email address
- Mailing address / country of residence
- IP address, browser data, logs
- Limited payment data (via Stripe/banking gateways)
- Data stored by the client on hosting infrastructure

3. Purpose of Processing

Your data is processed strictly for lawful and legitimate purposes such as:
- Account registration
- Order processing and invoicing
- Technical support
- Security assurance of our infrastructure
- Legal compliance (e.g., tax or accounting obligations)

4. Legal Grounds (Art. 6 GDPR)

Processing is based on:
- Contractual necessity
- Legal obligations
- User consent (for non-essential processing or marketing)
- Legitimate interest (e.g., system security, abuse prevention)

5. Who Has Access

We do not sell your data. Access may only be granted to:
- Our staff for maintenance or support
- Contractors and subprocessors (e.g., data centers, payment providers) bound by Article 28 GDPR
- Legal authorities upon lawful request

6. Data Retention

- Personal data is retained while your account remains active and up to 5 years
afterward for compliance reasons.
- Access logs are stored for up to 6 months.
- Hosted data is deleted after service termination or upon written request.

7. Your Rights (GDPR)

You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Receive your data in portable format
- File a complaint with CNPD (Portuguese data protection authority)

To exercise your rights, contact us at:
office@atlantic.cloud

8. Security Measures

- Encryption (HTTPS, TLS), access controls, backups, and incident monitoring are
in place.
- All data is hosted in ISO/IEC 27001-compliant data centers.
- All subprocessors have signed Data Processing Agreements.

9. Cookies

Our site uses only strictly necessary cookies (authentication, session, security).

Optional cookies for analytics/marketing require your separate consent via cookie banner.

10. Changes to This Policy

We may update this Policy. Significant changes will be published on our website
and, when required, notified via email.