Privacy Policy

Privacy Policy

1. INTRODUCTION           

a) Your privacy and the protection of your personal data is very important to TELLES;

b) This is a mission that we take with the utmost seriousness because we know that we have a legal duty to protect the personal data we handle, whether they belong to the users of our website, our employees, service providers, suppliers and customers;

c) This duty of ours is therefore a daily priority in the exercise of our activity, and we comply and enforce the terms of the General Data Protection Regulation of 27 April 2016 with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), rectified on 23 May 2018 (Official Journal of the EU L 127/2) and corrected on 12 October 2020 (Council of the European Union), and also Law 58/2019, of 8 August, which implements the GDPR in the Portuguese legal order;

d) If you have any questions, comments or suggestions to make about our Privacy Policy, please contact us using the contact details set out below.


TELLES de Abreu e Associados - Sociedade de Advogados, SP, RL, (hereinafter TELLES) holder of tax number 502 790 652, with registered office at Avenida do Marechal Gomes da Costa, 1131, 4150-360 Porto, is the controller for the processing of your personal data.


a) In the scope of your relationship with us, namely when you access our website, when you provide us with your personal data or interact in a way that we can collect them, namely through the forms we make available, we would like to emphasize that you are accepting this Privacy Policy, and your personal information will be processed in accordance with the rules and concepts informed herein, including any changes that may be made in the future.

b) This policy is based on the following structural principles, which are essential and guiding for us:

i) In TELLES only duly authorized persons process data that is strictly necessary for specific and legitimate purposes;

ii) Security regarding the treatment of your data is a constant priority for us, which we periodically review according to technological innovation and in which we periodically invest

iii) We are aware that personal data is not ours, but belongs to its owners, and we are only responsible for its processing in accordance with the legal rules in force, respecting and enforcing their rights, having implemented the necessary technical and organizational measures

iv) We promote and disseminate internally good practices in the areas of Privacy, Data Protection and Information Security, which we review regularly because we believe that we are part of a process of continuous improvement, in which we know that it is always possible to do more and better.


a) Within the scope and for the purposes of this policy, we follow the definitions set forth in Article 4 of the General Data Protection Regulation, namely those indicated below and without excluding compliance with the other definitions indicated therein:

i) Personal Data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

ii) Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

iii) Consent - of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

(iv) Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

(v) processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


a) In order to provide our services, we collect several categories of personal data, namely identification data, data related to academic qualifications and navigation data.

b) We collect only the data that is strictly necessary, in strict obedience to the principle of minimization, namely:

(i) name

ii) email address

iii) telephone number

iv) nationality

iv) IP addresses, operating system, access device, language and other

information collected by cookies

v) Personal data, namely qualifications, certifications, positions held, employer data, all resulting from Curriculum Vitae, if submitted by you.


a) Your personal data may be collected:

(i) when you subscribe to the TELLES newsletter, by email or via our website;

ii) When you complete the "Contact us" form on our website;

iii) When you request enrolment or participate in one of the events organized by TELLES;

iv) When you send an application to collaborate with TELLES by email or through the form on our website

v) When we receive applications through recruitment agencies.

b) The personal data we collect is subject to computerized processing and stored in databases in strict compliance with current European and national legislation on Privacy, Data Protection and security of processing.

c) We shall only process your personal data in accordance with a specific and legitimate purpose or purposes, determined at the time of collection, and such data shall not be further processed in a manner incompatible with those purposes, except for archiving purposes in the public interest, scientific or historical research or for statistical purposes. In these cases, under the terms of the RGPD, the aforementioned incompatibility does not occur.

d) Should we collect and process special categories of personal data ("sensitive data"), this processing shall only be carried out in accordance with the exceptions provided for in Article 9, paragraph 2 of the RGPD and

e) In case these aforementioned data are collected from the data subject and the processing is carried out on the basis of his/her consent, we will inform him/her of his/her right to withdraw this consent.

f) Please note that under the legal terms provided for in the GDPR, if you withdraw your consent, the lawfulness of the processing based on consent previously given shall not be affected.


a) We process your personal data in accordance with the following purposes:

 (i) management and performance of the contractual relationship, including:

- Provision of the contracted legal services:

-Invoicing and payment of services;

-Communicating changes in the conditions of the contracted services;

-Communication to public entities for legal reasons;

-Communication to insurance companies for the execution of insurance contracts.

ii) Recruitment, when the user/data subject applies by sending spontaneous applications or within the scope of recruitment processes we initiate, under the terms of which we may receive applications from recruitment agencies;

iii) Sending information of interest and communications within the scope of the activity we carry out;

iv) Clarifications regarding requests for information that you request from us;

v) The response we provide to manage and respond to your requests or complaints;

vi) For compliance with legal obligations to which we are subject;

vii) For the purpose of exercising or defending rights within the scope of legal proceedings, regardless of their nature;

viii) To monitor the security of our website, optimize your visit, navigability and personalization;

ix) To set and manage events organized by us or jointly with other entities.


a) We only process your personal data in strict compliance with the principle of lawfulness.

b) Depending on the circumstances, the processing of your personal data may be carried out on the following legal grounds:

(i) performance of a contract to which the data subject is a party or or in order to take steps at

the request of the data subject prior to entering into a contract

ii) for compliance with a legal obligation to which we are subject

iii) our legitimate interests or a third-party;

iv) your free, specific, informed and unambiguous consent, when consent is the basis of the lawfulness of the processing, a for one or more specific purposes;

(v) the protection of your vital interests.


a) We do not collect or intend to collect, as a matter of principle, personal data from children, given the recipients of the services we provide;

b) In accordance with article 8 of the RGPD, children's personal data may only be processed on the basis of consent provided for in article 6.1.a) of the RGPD and in relation to the direct offer of information society services when they have reached the age of 13.

c) In the event that we collect personal data of children on a voluntary basis, we will take care to comply with the legislation in force on this matter, namely by obtaining parental consent prior to the processing of personal data to be carried out, in which case we will resort, if possible, to means of secure authentication, as provided for in Law 58/2019 of 8 August.


a) TELLES will not, as a general rule, communicate your data to any third parties, except for the purposes described in this policy.

b In particular, personal data may be transferred to comply with legal obligations to which we are subject and which are applicable at any given time or if the provision of our services so requires, as well as for the purpose of sending newsletters or other communications which you have consented to.

c) Where we use processors to process your data on our behalf, which involves them accessing your data, we take appropriate steps, by entering into the contract required by law, to ensure that such processors provide sufficient and adequate guarantees to perform technical and organisational measures and that they will act only on our documented instructions, process the data only for the purposes intended and are instructed to delete or return the data TELLES at the end of the service provision.

d) These processors are subject to prior assessment as regards the evaluation of their degree of compliance with the data protection rules and are subject to periodic audits, which are provided for in the contract signed

e) In the event that TELLES transfers your personal data to third countries (outside the European Union or the European Economic Area), within the scope of the purposes indicated, and in the absence of an adequacy decision adopted by the European Commission, we ensure that appropriate security and legal measures will be taken to protect your personal data, in compliance with the legislation in force.


a) The length of time for which data is stored and retained varies according to the purpose for which the information is processed, for example, we will retain your spontaneous application for one year, to ensure that your rights as a data subject are protected.

b) There are legal requirements that oblige us to keep the data for a minimum period of time, in which case we will apply this period, namely for tax purposes.

c) If there is no legal term of conservation, the data will be stored and conserved in a way that allows the identification of the owners of the data only for the period necessary for the purposes for which they are processed, period after which they will be adequately treated, destroyed in a safe way or anonymized.


a) Under the provisions of the GDPR we guarantee you, through internal organisational measures that we have implemented and periodically review, the exercise of your rights as a data subject, within the deadlines and complying with the legal obligations provided.

b) Your rights as a data subject:

i) Right of Access - you have the right to request from us, among others, information regarding whether or not your data is being processed, what data we process and for what purposes. If you wish you may request a copy of the personal data being processed, and the provision of further copies may be subject to the payment of a reasonable fee, based on the administrative costs. Where the request is in electronic form, unless you indicate otherwise, the information will be provided by us in a commonly used electronic format.

(ii) Right to Rectification - you have the right to have inaccurate personal data concerning you rectified without undue delay and incomplete data completed, including by means of providing a supplementary statement.

iii) Right to erasure (‘right to be forgotten’) - also called right to be forgotten - you may request, in certain circumstances, that your personal data is deleted from our records without undue delay where any of the grounds set out in the GDPR apply.

iv) Right to Object - you have the right to object, on grounds relating to your particular situation, to certain types of data processing provided for in the GDPR, such as processing for the purposes of direct marketing, in which case we will cease processing for that purpose.

v) Right to Data Portability - you have the right to have your personal data that we hold transferred to another organization or received in a structured and commonly used, machine readable format;

vi) Right to Limitation of Processing - the right to obtain the limitation of the processing of your personal data where you wish, for example, to contest the accuracy of your personal data for a period of time that permits us to verify their accuracy, where the processing is unlawful, where we no longer need the personal data for the purpose of the processing, but they are required by you for the establishment, exercise or defence of legal claims or where you have lodged a right to object.

vii) Right to lodge a complaint with a supervisory authority - in Portugal the supervisory authority is the CNPD- Comissão Nacional de Proteção de Dados (

(viii) Right to compensation and liability- if you have suffered material or non-material damage as a result of an infringement of the GDPR you shall have the right to receive compensation from the controller or processor for the damage suffered;

ix) Right not to be subject to automated decisions - you have the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;

x) Right to Withdraw Consent, in an easy way.

c) For the exercise of these rights, please refer to point “Contacts” of this Privacy Policy, below.

d) After you have sent us by email or otherwise expressed your wish to exercise any or some of the rights indicated, we will act accordingly by sending you without delay, and for the exercise of your rights provided in points i) to vi) and point ix), our "Data Subject Exercise of Rights Form".

e) Within the legal deadline of 30 (thirty) days you will receive a duly justified communication from us.

f) The legal deadline referred to in the previous paragraph may be extended to 60 (sixty) days, due to the number or complexity of the requests.

g) Should the requests made by the data subject be manifestly unfounded or excessive, namely due to their repetitive nature, we may:

(i) charge a reasonable fee considering the administrative costs of providing the information or communication, or taking the requested action;


(ii) refuse to act on your request.


a) We have adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risk, which we periodically review and improve, aimed at ensuring the security and protection of your personal data in terms of their availability, authenticity, integrity and confidentiality, as well as those aimed at preventing their loss, misuse, alteration, unauthorized processing or access, and any other form of unlawful processing.

b) Our commitment to the security of your personal data is permanent, a commitment that involves a set of measures aimed at safeguarding and mitigating the risk of violation of such data, including the measures provided for in Article 32 of the RGPD, depending on the risk, context and purposes, which should be highlighted:

i) the pseudonymisation and encryption of personal data;

ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

c) The level of security we have implemented considers the risks presented by the processing, considering in particular the risks of destruction, loss, accidental or unlawful alteration, disclosure or unauthorized access, of personal data transmitted, stored or subject to any other type of processing.

d) Please note that despite all the efforts we make in matters of security, it is not possible for us to guarantee the full and absolute inviolability of the information received, given the insecure nature of open networks such as the Internet.


a) Our website may contain links which may lead you to other websites.

b) TELLES is not responsible for, does not approve or in any way endorse or support the content of those sites or their policies, including any websites linked to or referred to from them.

c) In order for you to be properly informed, we advise you to read the privacy policies of any other website that is linked to the TELLES website.


Should we communicate your personal data to third countries or international organizations we will strictly comply with applicable legal provisions and determine the suitability of the country or organization concerned with regard to the requirements applicable to such transfers or apply appropriate safeguards to enable data subjects to enjoy enforceable rights and effective legal remedies under the GDPR.

To learn more about cookies and how we use them on our website please see our Cookie Policy.


We understand that the human factor is crucial when it comes to compliance with applicable standards, which is why we train all our employees, initially and successively, ensuring that uniformly all know the applicable rules and best practices aimed at protecting their personal information.


a) If you have any doubts or questions about the way we collect and process personal data you can contact us, we will respond in compliance with the applicable legal deadlines:



Morada:Telles de Abreu e Associados - Sociedade de Advogados, SP, RL
Avenida do Marechal Gomes da Costa, 1131, 4150-360 Porto.


b) In order to protect your privacy, and if necessary, we will take steps to verify your identity by requesting additional information limited to that which is strictly necessary for the purpose of that identification.

c) If you wish to exercise your rights, and without prejudice to any limits that may apply to your exercise of these rights, please use the contacts indicated and we will immediately send you our "Data Subject Exercise of Rights Form", which you should return to the email or address indicated above.

d) All responses provided will comply with the legally prescribed deadlines.


We reserve the right to change the contents of our Privacy Policy without notice, provided that we inform you of and publish the changes on our website, such changes becoming an integral part of the Privacy Policy.



Version 1: June 2018

Version 2: March 2022

Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.