Magic Beans’ Website Privacy Policy

Magic Beans (“Magic Beans”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of users of our website. This Privacy Policy outlines how we collect, use, disclose, and protect personal data in accordance with applicable data protection laws. By accessing or using our website or services, you acknowledge and agree to the practices described in this Privacy Policy.

1         Introduction

This Privacy Policy sets out Magic Beans’ commitment to safeguarding the privacy and personal data of users of our website and services. It reflects our compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Portuguese Law No. 58/2019, the Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”), the Belgian Data Protection Act of 30 July 2018, and other applicable international data protection and privacy laws.

2         Scope

This Privacy Policy applies to personal data collected through our main website (https://magicbeans.pt), its subdomains, and in the context of interactions related to our cloud services and offerings (“Services”).
This Privacy Policy applies primarily to users from Portugal, Spain, Belgium, and other countries where Magic Beans operates or provides services. For residents of the European Union, Magic Beans complies with the General Data Protection Regulation (GDPR) and applicable national data protection laws, including Portuguese, Spanish, and Belgian legislation.

Visitors from countries other than those where Magic Beans operates are also covered by this Privacy Policy; however, we encourage you to review your local data protection laws for additional rights and protections.
This Privacy Policy does not apply to third-party websites, services, or applications that we do not control, even if accessed via links on our website.

3         Personal Data We Collect

We collect the following types of personal data:

Data you provide directly: name, email address, phone numbers (mobile and landline), postal address, and other contact or identifying details submitted via forms, account creation, subscriptions, or customer support requests.

Technical and usage data: IP address, browser type and version, language, timestamps of access, and other technical data collected automatically through cookies and similar technologies.

Cookies and tracking technologies: We use cookies and web beacons to improve our services, analyse website traffic, and track marketing campaign effectiveness.

4         Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds, in line with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national laws such as Portuguese Law No. 58/2019, Spanish Organic Law 3/2018 (“LOPDGDD”), and the Belgian Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data:

• Performance of a contract: to provide and maintain the services you have requested.
• Legal obligation: to comply with applicable legal requirements, including national tax, employment, and consumer protection laws.
• Consent: where you have given explicit consent, such as for receiving marketing communications.
• Legitimate interests: to improve our services, prevent fraud, and ensure security, provided these do not override your fundamental rights and freedoms.

5         Purposes of Processing

We process your personal data for these specific purposes:

1. Provision and Maintenance of Services: Account creation, customer support, service delivery, and billing.
2. Service Improvement: Monitoring usage, diagnosing technical issues, and enhancing our offerings.
3. Marketing Communications: Sending newsletters, updates, and promotional materials (with your consent).
4. Security and Compliance: Protecting our platform, detecting fraud, and complying with legal requirements.
5. Transaction Processing: Handling purchases, orders, and payment processing.
6. Personalisation: Tailoring content and recommendations to your preferences.

6         Sharing of Personal Data

We do not sell or rent your personal data to third parties. We may share data only in these cases:

• With trusted service providers who process data on our behalf under confidentiality and GDPR obligations.
• When required to comply with legal obligations or court orders.
• To protect legal rights, prevent fraud, or address security threats.

7          International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your data. Such safeguards may include Standard Contractual Clauses approved by the European Commission or Binding Corporate Rules, where applicable. These measures guarantee that your personal data receives an adequate level of protection in line with EU data protection standards.

8         Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described, or as required by law. Typically:

• Account and transactional data: retained for up to 6 (six) years after last interaction for tax and legal compliance.
• Marketing consent and preferences: retained until withdrawal or inactivity for 3 (three) years.
• Technical and usage data: retained for up to 2 (two) years for analysis and security.

After these periods, data is securely deleted or anonymised.

9         Your Rights

Under the GDPR and national data protection laws, you have the right to:

• Access your personal data held by us.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”), where applicable.
• Restrict or object to processing, including for marketing purposes.
• Data portability: receive your data in a structured, commonly used format.
• Withdraw consent at any time without affecting the lawfulness of prior processing.
• Lodge a complaint with the relevant supervisory authority:
  • Portugal: Comissão Nacional de Proteção de Dados (CNPD) – www.cnpd.pt
  • Spain: Agencia Española de Protección de Datos (AEPD) – www.aepd.es
  • Belgium: Autorité de protection des données / Gegevensbeschermingsautoriteit (APD/GBA) – www.autoriteprotectiondonnees.be

To exercise your rights, please contact us using the details in Section 13.

10  Cookies and Tracking Technologies

We use cookies to enhance your experience. You can manage cookie preferences via your browser settings or our cookie banner. The categories include:

• Strictly necessary cookies: essential for website operation.
• Performance cookies: collect anonymous data on website usage.
• Functional cookies: remember your preferences.
• Marketing cookies: track visitors for advertising purposes.

More details are available in our separate Cookie Policy.

11   Security Measures

We implement appropriate technical and organisational security measures, including encryption, access controls, secure servers, and regular security assessments, to protect your personal data from unauthorised access, loss, or disclosure.

12   Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our practices. We will notify you of significant changes via our website or email before they take effect.

13  Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer (DPO) at:

• Email: dpo@magicbeans.pt
• Postal address: Magic Beans, R. Dr. António Cândido, 10 – 1º, 1050-076 Lisbon, Portugal.

For users resident in Portugal, Spain, Belgium, or other countries where Magic Beans operates, the DPO contact above is the primary point of contact. Alternatively, you may also contact your respective national data protection authority as listed in Section 9.

Last Updated: May 2025