Privacy Policy

Purpose of this Privacy Policy

This Privacy Policy explains how Btq — Boutique de Eventos, Lda ("BTQ", "we", "us", or "our") collects, uses, stores, and protects personal data in connection with our corporate and private event production services in Portugal.

This Policy applies to:

• All services provided through our website (btq.pt),
• Email, telephone, WhatsApp and other communications,
• Offline agreements and contracts relating to event production and planning,
• All interactions with clients, guests, suppliers, and business partners.

We process personal data in accordance with:

• Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR), and
• Lei n.º 58/2019, which implements and complements GDPR under Portuguese law.

Data Controller Identification

• Company Name: Btq — Boutique de Eventos, Lda
• Registered Address: R. Faisões 131, bloco RC/C, 2750-005 Cascais, Portugal
• NIF (Tax Identification Number): 517199041
• Administrative Contact: +351 934 488 982
• Privacy Contact Email: info@btq.pt

Responsible Contact for Data Protection

BTQ has appointed an internal Privacy Officer responsible for data protection matters.

For any questions regarding this Privacy Policy or your personal data, please contact: info@btq.pt

We process personal data based on the following legal grounds under Article 6 GDPR:

2.1 Contractual Necessity — Art. 6(1)(b)

Processing necessary to:

• Plan, coordinate, and execute corporate and private event production services;
• Manage bookings with venues and vendors;
• Communicate logistics and timelines;
• Administer contracts and payments.

Without this data, we cannot perform the agreed services.

2.2 Legal Obligation — Art. 6(1)(c)

Processing required to comply with Portuguese law, including:

• Tax and accounting obligations under the Portuguese Tax Code (retention of invoices and accounting records);
• Cooperation with Portuguese authorities where applicable.

2.3 Legitimate Interests — Art. 6(1)(f)

Processing necessary for:

• Service improvement and quality management;
• Fraud prevention and security;
• Managing professional relationships with suppliers and partners;
• Defending legal claims.

We ensure that such processing does not override your fundamental rights and freedoms.

2.4 Consent — Art. 6(1)(a)

We rely on consent for:

• Direct marketing communications (newsletters, promotional updates);
• Use of event photographs or media for promotional purposes;
• Processing of special category data (see below).

Consent may be withdrawn at any time.

To ensure the safety and success of your event, we may process Special Categories of Personal Data, including:

• Dietary requirements (which may reveal health or religious information);
• Cultural practices or preferences relevant to the event.

Legal Basis

Such data is processed strictly on the basis of your explicit consent under Article 9(2)(a) GDPR.

By voluntarily providing this information, you agree to its processing solely for event coordination purposes (e.g., informing catering partners about allergies or arranging specific cultural accommodations).

Protection Measures

• Shared strictly on a need-to-know basis with relevant vendors (e.g., catering companies).
• Subject to heightened internal security controls.
• Deleted immediately after the event unless legal retention is required.

You may withdraw consent at any time; however, this may impact our ability to meet specific health or dietary requirements.

4.1 Personal Identification Data

Full name, nationality, date of birth, passport or ID number (where required for venue or logistics procedures), company name and position (for corporate clients).

4.2 Contact Information

Email address, telephone number, postal address, emergency contacts.

4.3 Event-Related Information

Event date and location, guest lists, vendor preferences, accommodation arrangements, event logistics, technical requirements, programme details.

4.4 Financial Data

Billing address, transaction details, payment method (processed via secure payment gateways). We do not store full payment card data; this is handled by PCI-DSS compliant providers.

4.5 Technical Data

When using our website: IP address, browser type and version, device information, usage data collected through cookies and analytics tools.

4.6 Client Portal Data

If you register for our client portal (btq.pt/portal), we additionally collect: login credentials (email and hashed password), portal activity logs, documents uploaded or shared through the portal, event planning preferences and selections saved within the portal, and communication history within the portal messaging system. Authentication is managed via Supabase. We do not store plaintext passwords.

4.7 Photographic and Media Data

Photos or videos from events may be used for promotional purposes only with separate, explicit consent.

We collect and process personal data in order to:

• Plan and execute corporate and private event production services in Portugal;
• Coordinate vendors (venues, catering, AV/technical production, entertainment, photographers, transport, décor);
• Provide access to a secure client portal for event planning collaboration, document sharing, and real-time project updates;
• Communicate with clients and guests;
• Issue invoices and comply with accounting obligations;
• Conduct marketing communications (with consent).

We retain personal data only as long as necessary:

After expiration of retention periods, data is securely deleted or anonymized.

We share data only when necessary for service delivery.

7.1 Vendors and Service Providers

Including: hotels and venues, catering companies, AV and technical production partners, photographers and videographers, entertainment providers, transportation providers, décor and floral suppliers.

All partners are contractually bound by confidentiality and GDPR-compliant obligations.

7.2 Legal and Administrative Authorities

Tax authorities and other relevant Portuguese authorities as required by law.

7.3 Payment Processors

Secure financial service providers ensuring PCI-DSS compliance.

To provide efficient planning services, we use recognized cloud-based services, including: Google Workspace, WhatsApp, Supabase (client portal authentication and database), CRM systems, secure cloud storage platforms.

Data Location

Your data may be transferred to and stored on servers outside the European Economic Area (EEA), including the United States.

Safeguards

We rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR),
• The EU–U.S. Data Privacy Framework, where applicable.

These mechanisms ensure an equivalent level of protection to that provided within the EU.

By using our services and communicating via these platforms, you acknowledge such transfers as necessary for contractual performance.

You have the following rights:

• Right of Access
• Right to Rectification
• Right to Erasure
• Right to Restriction of Processing
• Right to Object
• Right to Data Portability
• Right to Withdraw Consent

Requests may be submitted to: info@btq.pt

We will respond within 30 days, as required by GDPR.

What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us understand how you use our site, improve performance, and deliver relevant content.

Cookie Consent

In accordance with GDPR and the ePrivacy Directive, we request your consent before placing any non-essential cookies. When you first visit our website, a cookie consent banner will appear. No analytics or marketing cookies are loaded until you actively click "Accept." If you click "Decline," only strictly necessary cookies will be used.

Your preference is stored in a cookie called cookie_consent which expires after 12 months. You may change your preference at any time by clearing your browser cookies and revisiting the site.

Categories of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be switched off. They include:

Analytics Cookies (require consent)

These cookies help us understand how visitors interact with our website by collecting anonymous usage data.

Analytics data is collected via Google Analytics 4 (GA4), loaded through Google Tag Manager (GTM). GA4 uses IP anonymization by default. Data is processed by Google LLC under Standard Contractual Clauses (SCCs) and the EU–U.S. Data Privacy Framework.

Marketing Cookies (require consent)

If we run advertising campaigns (e.g., Google Ads), the following cookies may be set after consent:

These cookies are only loaded if you have accepted analytics/marketing cookies via the consent banner.

Google Tag Manager

We use Google Tag Manager (GTM) as a tag management system. GTM itself does not collect personal data, but it manages the loading of other tags (such as GA4 and Google Ads) which may collect data. GTM tags are only activated after you provide cookie consent.

How to Manage Cookies

You can control cookies through:

• Our cookie consent banner — displayed on your first visit and accessible by clearing your cookies
• Browser settings — most browsers allow you to block or delete cookies (refer to your browser's help section)
• Google Analytics opt-out — install the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout

Third-Party Cookies

Some cookies are set by third-party services embedded on our site. We do not control these cookies. Please refer to the respective providers' privacy policies:

• Google Privacy Policy: policies.google.com/privacy
• Cloudflare Privacy Policy: cloudflare.com/privacypolicy

Cookie Retention

Cookie retention periods vary from session-based (deleted when you close your browser) to a maximum of 2 years, as detailed in the tables above.

Updates

This cookie information may be updated when we add or remove services. The latest version will always be available within this Privacy Policy.

We implement robust technical and organizational safeguards:

• SSL/TLS encryption in transit
• Encrypted storage where applicable
• EU-based secure servers
• Restricted access to authorized personnel only
• Regular software updates
• Staff GDPR training
• Vendor confidentiality agreements

For privacy matters:

• Email: info@btq.pt
• Postal Address: Btq — Boutique de Eventos, Lda, R. Faisões 131, bloco RC/C, 2750-005 Cascais, Portugal

Right to Lodge a Complaint

If you believe your data is not processed in accordance with applicable law, you have the right to lodge a complaint with:

Online complaint forms ("Participações") are available on the CNPD website.

We encourage you to contact us first so we can address your concerns promptly and transparently.

This Privacy Policy may be updated periodically to reflect legal, operational, or regulatory changes.

The latest version will always be available on our website.

Last updated: March 2026