Legal

Privacy
Policy

Last updated: May 2026

1. Who we are and who controls your data

Your personal data is controlled by MYDBM Unipessoal Lda, trading as Indico Innovation, incorporated in Portugal, NIPC 518 067 459, Porto (the "Controller").

This Policy explains how we collect, use, store and protect personal data when you visit indicoinnovation.com or contact us about our services. It complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Portuguese Law No. 58/2019.

2. Data we collect and why

2.1 Website usage data

When you browse this website we collect standard server logs and, if analytics are enabled, aggregated behavioural data (pages visited, time on page, device type, approximate geographic region). This data is processed on the legal basis of legitimate interest (Art. 6(1)(f) GDPR) to understand how our website is used and to improve it. No individual profiling is performed.

2.2 Data you send us voluntarily

When you contact us via email, WhatsApp or any other channel, you may share personal data such as your name, email address, phone number and information about your company or project. This data is processed on the legal basis of pre-contractual measures (Art. 6(1)(b) GDPR) to respond to your enquiry and, where applicable, to prepare a service proposal.

2.3 Business relationship data

If you become a client, we will process the personal data necessary to deliver our services and fulfil our contractual and legal obligations (Art. 6(1)(b) and 6(1)(c) GDPR).

3. How we use your data

We use personal data only for purposes that are compatible with why it was collected:

  • To respond to enquiries and provide our services.
  • To send relevant updates about your project or engagement (no unsolicited marketing).
  • To comply with legal and regulatory obligations.
  • To improve the quality and performance of our website and services.

We do not sell your personal data to third parties. Ever.

4. Who we share data with

We may share data with trusted service providers that help us operate our business (e.g., cloud infrastructure providers, communication tools). These processors are bound by data processing agreements and may only use your data as instructed by us.

We may also disclose data when required by law, court order or to protect the rights and safety of our company or third parties.

5. International transfers

Some of our service providers are based outside the European Economic Area (EEA), including in Brazil and the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place — typically Standard Contractual Clauses approved by the European Commission.

6. How long we keep your data

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law. Enquiry data with no follow-up is deleted after 12 months. Client data is retained for the duration of the engagement plus any mandatory accounting and legal retention periods (typically 10 years under Portuguese law).

7. Your rights

Under the GDPR, you have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your data where there is no legitimate reason for us to continue processing it.
  • Restriction — ask us to limit how we use your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at contact@indicoinnovation.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Portuguese data protection authority, the CNPD (cnpd.pt).

8. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration or destruction. These include encrypted data transmission (HTTPS), access controls and regular security reviews.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but we take our obligations seriously and will notify affected individuals and the CNPD in the event of a breach as required by law.

9. Cookies

This website may use cookies and similar tracking technologies to improve the browsing experience and collect usage statistics. Strictly necessary cookies are set automatically. Where we use analytics or preference cookies, we will ask for your consent. You can manage or disable cookies through your browser settings at any time.

10. Changes to this policy

We may update this Privacy Policy periodically. Material changes will be communicated via a notice on the website. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related questions or to exercise your rights, contact us at contact@indicoinnovation.com or write to MYDBM Unipessoal Lda, Porto, Portugal.