Privacy Policy
Last updated: January 19, 2026
Modernize Business Experts Unipessoal LDA, operating under the brand Elevate Accounting ("we", "us" or "our"), is committed to protecting the personal data of its clients, website users and event participants. This Privacy Policy explains how we collect, use, store and protect personal data in the context of our accounting, tax and business advisory services, our website https://elevateaccounting.pt, and events such as webinars.
This Privacy Policy is drafted in accordance with:
Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
Law no. 58/2019 of 8 August (implementation of the GDPR in Portugal)
Lei Geral Tributária
Law no. 83/2017, of 18 August (Anti-Money Laundering and Counter-Terrorist Financing)
Applicable professional secrecy obligations governing accounting and tax professionals in Portugal
1. Data Controller
The data controller for the purposes of the GDPR is:
Modernize Business Experts Unipessoal LDA
Brand name: Elevate Accounting
Registered office: Urb. Melody 16, 8600-110 Luz
NIPC: 517889264
Email: support@elevateaccounting.pt
2. Categories of Personal Data Processed
Depending on the nature of the relationship with us, we may process the following categories of personal data:
a) Clients and their representatives
Identification data (e.g. name, date of birth)
Tax and fiscal data (e.g. NIF, tax residency, tax declarations)
Accounting and financial information
Employment and payroll data
Company, shareholder and beneficial ownership information
Banking details (e.g. IBAN, payment references)
Compliance and due diligence data collected for AML purposes
b) Website users and event participants
Name and contact details (e.g. email address)
Professional or business-related information
Webinar or event registration data
Technical data (e.g. IP address, browser type, cookies)
Although not classified as "special categories of data" under Article 9 GDPR, much of the above information is of a highly confidential nature and is treated accordingly.
3. Purposes and Legal Bases for Processing
We process personal data strictly within the limits permitted by law and only where a lawful basis exists.
a) Provision of accounting, tax and advisory services
Including bookkeeping, tax compliance, payroll, reporting and related professional services.
Legal bases:
Performance of a contract (Article 6(1)(b) GDPR)
Compliance with legal obligations (Article 6(1)(c) GDPR)
Relevant legislation includes, inter alia:
Lei Geral Tributária
Código do IRS, Código do IRC and Código do IVA
b) Compliance with legal and regulatory obligations
Including obligations relating to:
Tax audits and inspections
Reporting duties to the Autoridade Tributária and Social Security
Statutory record-keeping obligations
Legal basis: Legal obligation (Article 6(1)(c) GDPR).
c) Anti-money laundering and counter-terrorist financing
Client identification, verification and ongoing monitoring as required by law.
Legal basis: Legal obligation (Article 6(1)(c) GDPR), pursuant to Law no. 83/2017.
d) Website operation and security
To ensure the security, functionality and continuous improvement of our website.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
e) Events and webinars
To manage registrations, send access links, reminders and event-related communications.
Legal basis: Consent (Article 6(1)(a) GDPR).
4. Professional Secrecy and Confidentiality
All personal data processed in the context of accounting and tax services is subject to strict professional secrecy and confidentiality obligations, in accordance with Portuguese law.
We ensure that:
Access to personal data is limited to authorised personnel
All staff and collaborators are bound by confidentiality obligations
Personal data is used exclusively for lawful professional purposes
5. Data Retention
Personal data is retained only for the period required by law or strictly necessary for the purposes for which it was collected, including:
Accounting and tax records: minimum of 10 years, in accordance with Portuguese tax legislation
Payroll and employment data: as required by labour and social security law
AML-related data: minimum of 7 years, pursuant to Law no. 83/2017
Event and marketing data: until consent is withdrawn or the purpose ceases
6. Data Sharing
Personal data may be disclosed only where necessary and lawful, namely:
To the Autoridade Tributária, Social Security or other competent public authorities, where legally required
To service providers acting as data processors (e.g. software providers, email or webinar platforms), under GDPR-compliant contracts
To auditors or legal advisors, subject to professional secrecy
We do not sell, rent or share personal data for commercial or marketing purposes.
7. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure compliance with Articles 44–49 GDPR, including the implementation of:
European Commission adequacy decisions
Standard Contractual Clauses
Additional safeguards where required
8. Data Subject Rights
Under the GDPR and Portuguese law, data subjects have the right to:
Access their personal data
Request rectification of inaccurate or incomplete data
Request erasure, where legally permissible
Request restriction of processing
Object to processing
Request data portability
Withdraw consent at any time, where processing is based on consent
Please note that certain rights may be limited where the processing of data is required to comply with legal obligations (e.g. tax or AML requirements).
Requests may be submitted to support@elevateaccounting.pt.
9. Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Portuguese supervisory authority:
Comissão Nacional de Proteção de Dados (CNPD)
Website: www.cnpd.pt
10. Cookies
Our website uses cookies that are strictly necessary for its operation and, where applicable, analytical cookies to improve performance and user experience. Further information is available in our Cookie Policy.
11. Data Security
We implement appropriate technical and organisational measures in accordance with Article 32 GDPR to ensure a level of security appropriate to the risk, including:
Access controls and authentication mechanisms
Secure storage and regular backups
Confidentiality agreements with staff and service providers
Ongoing monitoring and risk assessment
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, regulatory or operational changes. Any updates will be published on this page with the revised date.
13. Contact
For all matters relating to the protection of personal data, please contact:
Rua Gomes Vinagre 14 Unit 4b, 8600-315, Lagos
