Criar Valor acknowledges the importance of privacy and is invested in protecting it’s user’s/client’s personal data, and in all occurrences regarding the use of personal data, we take responsibility to fully respect and follow the General Data Protection and Regulation (GDRP)
In the case of not agreeing with our Privacy Policy we advise you leave our website.

The website is property of “Criar Valor - Consultoria de Gestão, Lda”

This Privacy Policy advises the user on the data collection and usage, as well as the safeguarding and protective measures adopted in the use of these.

Your personal data will never be divulged or sold to third parties, whether these are private or businesses.

Data Collection

Whenever it is necessary to collect personal data or use this information, it will be carried out under the legislation applicable to the Policy of Protection of Personal Data, imposed by the General Data Protection Regulation (RGPD, UE, 2016/679).

All information collected is provided with online consent through the website (, by telephone, in writing or through the contact form available on the website. The “Criar Valor" website collects personal data, such as; names, e-mails, telephone numbers, but also other personal data, in case you make these available when completing the online form.
The entity responsible for the collection and processing of personal data is “Criar Valor" (DPO).

The Use of Collected Information

“Criar Valor” will comply with the rules of personal data treatment used in Portugal.

The data collected is exclusively for the use of “Criar Valor”, in order to follow the contacts made through the contact form available on the website or through another means of communication, ensuring the privacy and protection of user data.

Right to Access, Modification, Cancellation and Opposition

In accordance with the GDRP, EU, 2016/679, anyone can request access to their personal data, acknowledging its content, as well as requesting any rectification, update or request its removal, by written request addressed to “Criar Valor" to the e-mail:, or by letter to the following address:
Pimenteiras Street, Antélius Building, R / C LJ B
8125-473 Quarteira

Security and Data Protection

“Criar Valor" will comply and follow the necessary security measures to ensure the safeguarding of the personal data of the users against its possible misuse or unauthorised access.

Although “Criar Valor" is committed to ensuring the protection and security of the personal data to which it has access, it cannot guarantee the security of any information you disclose online, nor be liable for any loss or damage caused to you as a consequence of the loss of information confidentiality.


On the “Criar Valor" website users may find links that link to other websites outside the domain of, which may collect personal data or request personal information. This Privacy Policy does not apply to third-party websites, so you should read the Privacy Policy of third-party websites you visit, as we are not responsible for the content and information on those websites.

Privacy Policy Agreement

It is understood that the user accepts the conditions of this Privacy Policy when entering their data. Completion of the form assumes the consent of the user to the automated processing and use of the data in accordance with the privacy conditions described on this page.

Alterations to the Privacy Policy

“Criar Valor" reserves the right to update or revise this Privacy Policy at any time in order to adjust it to any changes in legislation and / or other constraints. Any changes made will be published on this page, so the user should visit this page frequently in order to be updated and informed about the Privacy Policy in force.
General Data Protection Regulation (GDPR) (EU) 2016/679

User Information

The General Regulation on Data Protection (GDPR) (EU) 2016/679 is a regulation of the European law on privacy and protection of personal data, applicable to all individuals in the European Union and European Economic Area. It also regulates the export of personal data outside the EU and EEA. The GDPR aims to give citizens and residents ways of monitoring their personal data and unifying the European regulatory framework.

The Regulation repeals the Personal Data Protection Directive 1995 (95/46 / EC) and contains clauses and requirements concerning the way in which personal information is processed in the EU and applies to all companies operating in the EEA, irrespective of their country of source. Business processes that process personal data are required to be designed from scratch and by default with measures that respect the principles of data protection by default and from their design, which means that the data must be stored using pseudonymization or complete anonymization and using the highest default privacy settings, so that data cannot be made available without explicit consent, and cannot be used to identify someone without additional information stored separately. The regulation does not allow the processing of any data outside the legal context specified in the regulation, except in the case that whoever controls the data has received explicit consent and expression of the will of the data owner. The owner also has the right to revoke this permission at any time.

The data controller must clearly state any data collection, state the legal framework for such data collection, the purpose of data processing, how long data will be stored and whether such data will be shared with third parties outside the European Union. Users have the right to require a copy of the data collected in a common format and the right to require that such data be deleted in certain circumstances. Public authorities and undertakings whose activity focuses on the regular or systematic treatment of personal data are required to have a data protection officer (DPO), which is responsible for ensuring that the treatment is in accordance with the GDPR. Companies are also required to report any data breach within 72 hours when this has any adverse effect on the user's privacy.

The regulation was adopted on April 14th 2016. After a transitional period of two years, it entered into force on the 25th of May 2018. Since the GDPR is a regulation, not a directive, it is not necessary for the Member States to adopt additional legislation, as so the Regulation is binding and applicable.

The regulation provides the following rights on the part of the user of this website:

- Right of access to your personal data (right to obtain access to your personal data that are processed and information about you, for example, what are the purposes of the treatment, what are the conservation periods, among others).

- Right of rectification (right to request rectification of your personal data that is out of date or request incomplete personal data to be complete.)

- Right to forget (right to request the removal of your personal data, as long as there are no valid grounds for its conservation, such as cases where “Criar Valor" has to keep the data to fulfill a legal obligation.)

- Right to portability (Right to receive the data you have provided us or to request the direct transmission of your data to another entity that becomes the new responsible for your personal data).

- Right to withdraw consent (Right to oppose or withdraw consent at any time to data processing).

- Right of limitation (right to request limitation of the processing of your personal data, in the form of: Suspension of processing, limitation of the scope of processing to certain categories of data or purposes of treatment).

- Right to complain (Right to submit a complaint to “Criar Valor", the (CNPD) National Data Protection Commission or (DPO) in charge of Data Protection).