SoxBrand

Privacy Policy

Version 1.0 — March 2026

SoxBrand is committed to protecting customers' personal data in accordance with the GDPR and applicable Portuguese and European legislation.

1. Data Controller

SoxBrand operates the platform available at soxbrand.com.

For privacy-related questions or requests, please contact: info@soxbrand.com.

2. Data Collected

We collect the data provided by the user during registration and the order process: name, email, phone number, address, tax identification number, company name, and graphic files submitted for customization. Technical access data may also be collected automatically, including IP address, browser information, and session data.

3. Purpose and Legal Basis

Data is processed for the following purposes:

  • Managing registration and customer accounts - legal basis: contract performance (Article 6(1)(b) GDPR);
  • Processing, production, and delivery of orders - legal basis: contract performance;
  • Invoicing and compliance with tax obligations - legal basis: legal obligation (Article 6(1)(c) GDPR);
  • Sending communications related to the order - legal basis: contract performance and legitimate interest;
  • Platform security and improvement - legal basis: legitimate interest (Article 6(1)(f) GDPR).

4. Data Retention

Data is retained for the duration of the business relationship and for the period required by law: 10 years for tax and invoicing data, and 3 years for other data after account closure.

5. Data Sharing

Data is not sold or transferred to third parties for commercial purposes. It is shared only with service providers required to operate the platform, including hosting, transactional email, and database providers, and with the carriers selected by the customer for delivery purposes. All such parties are bound by confidentiality and GDPR compliance obligations.

6. Security

SoxBrand applies appropriate technical and organizational measures to protect personal data, including encrypted transmission (HTTPS), secure authentication, and access control. We do not store credit card data - card payments are processed by PCI-DSS certified providers.

7. Cookies

We use only technical cookies that are essential for the operation of the platform, including authentication and session cookies. We do not use tracking, advertising, or third-party cookies. Consent is not required for these cookies.

8. Data Subject Rights

The data subject has the right to access, rectify, erase, restrict, or object to the processing of their data, as well as the right to data portability. To exercise these rights, please contact: info@soxbrand.com. The data subject also has the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at www.cnpd.pt.

9. Changes

This Privacy Policy may be updated. Any relevant change will be communicated by email at least 30 days in advance. The updated version will always be available at www.soxbrand.com.

© 2026 SoxBrand. All rights reserved.