Privacy Policy

1. Data Controller

The data controller for personal data collected through our website and inspection services is InspectOS — a FAIRBANK Group company —, registered at Rua Salvador Martins 3A, 2740-315 Porto Salvo, Portugal, email hello@inspectos.pt.

For data protection enquiries, you may contact our Data Protection Officer (DPO) at hello@inspectos.pt.

2. Data We Collect

We collect the following categories of personal data:

• Identification and contact data: full name, email address, phone number.
• Property data: property address, type (apartment, house, commercial), estimated year of construction.
• Payment data: payment transaction references. We do not store full card details — these are processed directly by our PCI-DSS certified payment provider.
• Inspection data: photographs, measurements, notes, and observations collected during the inspection (technical data about the property, not personally identifying).
• Technical data: IP address, browser type and version, device type, pages visited, referral source, and session duration — collected automatically when you visit our website.
• Communications: records of emails, messages, and interactions with our team.
• Consent records: your choices regarding cookies and marketing communications.

3. How We Use Your Data

We use your personal data for the following purposes:

• Processing and confirming your inspection booking and managing scheduling.
• Carrying out the inspection and producing and delivering the inspection report.
• Issuing invoices and receipts and managing the payment process.
• Sending booking confirmations, status updates, and service-related notifications.
• Responding to your queries, complaints, or information requests.
• Complying with legal and regulatory obligations, including retaining technical reports as required by Portuguese law.
• Analysing website usage to improve our services and content (only where you have accepted analytics cookies).
• Managing our professional indemnity insurance and any legal claims.
• Sending marketing communications about our services (only with your explicit consent).

4. Legal Basis for Processing

We process your data on the following legal bases under Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)): processing your booking, carrying out the inspection, and delivering the report.
• Legal obligation (Art. 6(1)(c)): retaining technical reports for 10 years under Portuguese building law; fulfilling tax and accounting obligations.
• Legitimate interests (Art. 6(1)(f)): website analytics for service improvement; fraud prevention; internal business administration.
• Consent (Art. 6(1)(a)): analytics cookies; sending marketing communications. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

5. Data Sharing and Sub-processors

We do not sell your personal data to third parties. We share data only in the following circumstances:

• LNEC-certified inspectors: your name, contact details, and property information are shared with the inspector assigned to your booking under data sub-processing agreements.
• Cloud infrastructure provider: data is hosted on servers in the EU-West region (Paris/Ireland) under data processing agreements.
• Payment processing provider: minimum data required to process your payment. PCI-DSS certified.
• Email service provider: for sending booking confirmations and inspection reports.
• Google Analytics (only with your consent): website usage analytics, with IP anonymisation enabled and no use for advertising purposes.
• Public authorities: where required by law, court order, or competent regulatory authority.

6. International Data Transfers

Your personal data is stored and processed on servers located within the European Economic Area (EEA), specifically in the EU-West region (Paris, France and Ireland).

To the extent any sub-processor transfers data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms, in accordance with Chapter V of the GDPR.

7. Data Retention

We retain your personal data for the following periods:

• Inspection reports and associated photographs: 10 years (required by Portuguese building law, including DL 10/2024 and related regulations).
• Personal contact data (name, email, phone): 3 years after the end of our business relationship.
• Payment transaction references: 7 years (tax and accounting record-keeping obligations).
• Marketing consent records: until consent is withdrawn.
• Technical logs and analytics data: 14 months (Google Analytics default retention).
• Cookie consent records: 13 months from the date of consent.

Upon expiry of retention periods, data is securely deleted or anonymised.

8. Your Rights Under the GDPR

As a data subject, you have the following rights, exercisable at any time:

• Right of access (Art. 15): request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): ask us to correct inaccurate or incomplete data.
• Right to erasure — 'right to be forgotten' (Art. 17): request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18): ask us to pause processing while a dispute is resolved.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests or to direct marketing.
• Right to withdraw consent (Art. 7(3)): at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our DPO at hello@inspectos.pt. We will respond within one month, extendable by a further two months for complex or high-volume requests, with prior notification.

9. Security Measures

InspectOS implements appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit via TLS 1.2 or higher across all communications.
• Encryption at rest on all storage servers.
• Role-based access controls — only authorised personnel can access personal data.
• Exclusive EU storage (EU-West region).
• Periodic security reviews and vulnerability assessments.
• Confidentiality agreements with all staff and sub-processors.

10. Cookies

Our website uses cookies to ensure its operation, analyse usage, and store your preferences. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy at inspectos.pt/cookies.

11. Data Protection Officer

Our Data Protection Officer (DPO) can be contacted for any questions regarding the processing of your personal data or the exercise of your rights:

Email: hello@inspectos.pt · Post: DPO — InspectOS, Rua Salvador Martins 3A, 2740-315 Porto Salvo, Portugal.

12. Right to Lodge a Complaint with the CNPD

If you believe that InspectOS's processing of your personal data infringes the GDPR or Portuguese data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Comissão Nacional de Proteção de Dados (CNPD) · Rua de São Bento n.º 148-3.º, 1200-821 Lisboa · cnpd.pt · geral@cnpd.pt

13. Changes to This Policy

InspectOS may update this Privacy Policy periodically to reflect legal, operational, or service changes. Where the change is material, we will notify data subjects by email and/or by posting a prominent notice on our website.

The current version of this policy is always available at inspectos.pt/privacy. The 'Last updated' date at the top of this page indicates when it was most recently revised.