Data Privacy Policy

Last updated: 15th January 2026

Introduction

metroluxhubis S.A. ("we", "us", "our") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website metroluxhubis.pro or use our restaurant menu optimization analytics services.

As a company registered in Portugal and operating within the European Union, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

The data controller for your personal information is:

• Company: metroluxhubis S.A.
• Registration Number: 613425978
• VAT Number: PT617485963
• Address: Rua Augusta 95, 1002-949 Lisbon, Portugal
• Email: privacy@metroluxhubis.pro
• Phone: +351 215130348

Data Collection

We collect different types of information depending on how you interact with our services. The data we collect includes:

Information You Provide Directly

• Contact details (name, email address, phone number) when you enquire about our services
• Restaurant information (business name, location, type of establishment) when requesting consultations
• Communication preferences and marketing consent
• Any other information you choose to provide in contact forms or communications

Information Collected Automatically

• Website usage data (pages visited, time spent, navigation patterns)
• Technical information (IP address, browser type, device information)
• Cookie data and tracking preferences
• Referral sources and website performance metrics

How We Use Your Information

We use your personal data for legitimate business purposes and only with appropriate legal basis. How we use your information depends on how you interact with our services:

Service Delivery

• Responding to enquiries and providing consultation services
• Delivering our restaurant analytics and optimization services
• Processing service agreements and managing client relationships
• Providing technical support and customer service

Communication

• Sending service-related communications and updates
• Providing marketing communications (with your consent)
• Sharing industry insights and analytical reports
• Notifying you of important changes to our services or policies

Business Operations

• Improving our website functionality and user experience
• Conducting market research and service development
• Ensuring security and preventing fraud
• Complying with legal obligations and regulatory requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications or cookie usage
• Contract: When processing is necessary for performing our services or preparing service agreements
• Legitimate Interest: For business operations, security, and service improvement, balanced against your privacy rights
• Legal Obligation: When required to comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following circumstances:

• With service providers who assist in delivering our services (under strict data processing agreements)
• When required by law or to comply with legal proceedings
• To protect our rights, property, or safety, or that of our clients or others
• In connection with business transfers, mergers, or acquisitions (with appropriate safeguards)

International Data Transfers

As we operate primarily within the European Union, most data processing occurs within the EU. Any transfers to countries outside the EU are conducted with appropriate safeguards in place, such as Standard Contractual Clauses or adequacy decisions.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• Contact enquiries: Retained for 3 years after initial contact
• Client data: Retained for the duration of the service relationship plus 7 years for legal and tax purposes
• Marketing data: Retained until you withdraw consent or request deletion
• Website analytics: Aggregated data retained for 2 years

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right of Rectification: Request correction of inaccurate or incomplete data
• Right of Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of processing under certain conditions
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing that relies on your consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection and security
• Incident response and breach notification procedures

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by sending you a notification. The date of the last update is shown at the top of this policy.

Contact Information

If you have any questions about this privacy policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

• Email: privacy@metroluxhubis.pro
• Phone: +351 215130348
• Post: Data Protection Officer, metroluxhubis S.A., Rua Augusta 95, 1002-949 Lisbon, Portugal

Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD).

Contact details for CNPD:

• Website: www.cnpd.pt
• Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
• Phone: +351 213 928 400