Privacy Policy
Last updated: 27 June 2026
DataIONT S.A. ("DataIONT", "we", "us"), the company that operates the Nortech.ai website under its "Nortech AI" brand, is committed to protecting your personal data. This Policy explains how we process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Portuguese Law no. 58/2019 of 8 August.
1. Data Controller
DataIONT S.A., with registered office at Largo Heróis de Naulila, 16 e 17, sala 07, 2500-107 Caldas da Rainha, Portugal, registered with the Commercial Registry of Caldas da Rainha under sole registration and legal-person number (NIPC) 517613484. Privacy contact: privacy@nortech.ai. General contact: info@nortech.ai. We have not appointed a Data Protection Officer; for any privacy matter, please contact privacy@nortech.ai.
2. Personal Data We Collect
- Contact data you provide through our contact form: name, company, telephone, email and the content of your message.
- Recruitment data, where you apply for a role (sent to career@nortech.ai).
- Technical and usage data collected automatically: IP address, device/browser information and pages visited, through cookies and similar technologies (see Section 9).
We do not knowingly collect special categories of data. Industrial and sensor/PLC telemetry processed within our products and services relates to equipment, not identified individuals, and is generally not personal data; where it is handled on behalf of a customer, we act as a processor under that customer's instructions and a separate data-processing agreement. Providing the data requested in our forms is voluntary; however, without it we cannot respond to your enquiry or consider your application.
3. Purposes and Legal Bases
- Responding to enquiries and providing requested information — our legitimate interest in replying to you (Art. 6(1)(f)).
- Managing a business relationship and providing our services — performance of a contract (Art. 6(1)(b)).
- Recruitment — our legitimate interest in assessing your application; any retention in a talent pool beyond that point is based on your consent (Art. 6(1)(f)/(a)).
- B2B communications and website/IT security — our legitimate interest (Art. 6(1)(f)).
- Non-essential cookies and marketing communications — your consent (Art. 6(1)(a)).
- Invoicing, accounting and tax obligations — compliance with a legal obligation (Art. 6(1)(c)).
You may withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand.
4. Retention
We keep personal data only as long as necessary for the purposes above: contact/enquiry data for up to 24 months after our last interaction; recruitment data for up to 12 months unless you consent to a longer period; and accounting data for the legally required period (in general, 10 years, under Article 40 of the Portuguese Commercial Code). Cookie lifetimes are set out in our consent tool.
5. Recipients and Processors
We do not sell your personal data. We share it only with service providers acting as processors on our behalf — including hosting and cloud infrastructure, email (Google Workspace) and website-analytics providers — bound by Article 28 GDPR agreements, and with public authorities where legally required.
6. International Transfers
Where a processor is located outside the European Economic Area, we ensure an adequate level of protection through a European Commission adequacy decision — including the EU–US Data Privacy Framework, where applicable (e.g. Google services) — or appropriate safeguards under Article 46 GDPR, such as the Standard Contractual Clauses. A copy of the relevant safeguards may be requested at privacy@nortech.ai.
7. Your Rights
You have the right to access, rectify, erase, restrict and object to the processing of your personal data, the right to data portability and the right to withdraw consent. To exercise these rights, contact privacy@nortech.ai. We will respond within the time limits set by the GDPR. We do not carry out automated individual decision-making, including profiling, that produces legal or similarly significant effects.
8. Supervisory Authority
If you believe your data-protection rights have been infringed, you may lodge a complaint with the Portuguese supervisory authority: Comissão Nacional de Proteção de Dados (CNPD) — Av. D. Carlos I, 134, 1.º, 1200-651 Lisboa. Telephone +351 213 928 400. Email geral@cnpd.pt. Website www.cnpd.pt.
9. Cookies
We use essential cookies necessary for the website to function and — only with your consent — preference, statistics and marketing cookies, including Google Analytics 4. In accordance with Article 5 of Portuguese Law no. 41/2004 of 18 August, no non-essential cookie or script is loaded before you consent. You can give, refuse or change your choices at any time through the cookie-settings panel on the website. Essential cookies do not require consent.
10. Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration.
11. Changes
We may update this Policy. The version in force is identified by the "last updated" date above; material changes will be signalled on this page.