Privacy Policy

Last updated: 14.05.2026

1. About this policy

This Privacy Policy describes how Corpo Coffee Bar collects, uses, and protects your personal data. It applies to information collected through our website, enquiry form, email correspondence, and in the course of providing our services at your event.

Corpo Coffee Bar is operated by Matt Brett, an independent sole trader (Empresário em Nome Individual) based in Lisbon, Portugal. For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Portuguese Data Protection Law (Lei n.º 58/2019), Matt Brett is the data controller.

Contact for data protection matters: Matt Brett, Corpo Coffee Bar Email: hello@corpocoffeebar.com

2. Personal data we collect

When you submit an enquiry through our website, we collect:

  • Your name

  • Your email address

  • Your phone number (if you choose to provide it)

  • The date, type, and location of your event

  • Expected guest numbers

  • Any other details you choose to share about your event

When you become a client, we additionally collect:

  • Your billing address

  • Your NIF (tax identification number) or VAT number, where required for invoicing

  • Records of our correspondence with you

  • Booking confirmations, signed contracts, and invoices

  • Confirmation of payments received

At your event, we may take photographs of our cart, equipment, set-up, and the surrounding environment. These photographs may incidentally include identifiable individuals. See Section 6 for our photography policy.

3. How we use your data, and our legal basis

Purpose Legal basis under GDPR Responding to your enquiry and preparing a quote Steps taken at your request prior to entering a contract (Art. 6(1)(b)) Delivering services you have booked Performance of a contract (Art. 6(1)(b)) Issuing invoices and maintaining financial records Legal obligation under Portuguese tax law (Art. 6(1)(c)) Following up on past enquiries with information relevant to what you originally asked about (for example, availability for the following season) Our legitimate interest in maintaining business relationships (Art. 6(1)(f)). You can object at any time. Sending wider marketing communications, if introduced in future Your consent (Art. 6(1)(a)) Using event photography to promote our business Our legitimate interest in marketing the business (Art. 6(1)(f)), subject to the photography policy in Section 6

4. Communications and marketing

We will use the contact details you provide to:

  • Reply to your enquiry and discuss your event

  • Send quotes, contracts, invoices, and other documents relating to your booking

  • Keep you updated on matters relating to your specific booking

  • Occasionally follow up where we believe our services may still be relevant to you (for example, annual availability or similar events)

We do not currently send broad marketing newsletters or promotional campaigns. If we introduce these in the future, we will only send them to people who have opted in.

You can ask us to stop sending any non-essential communications at any time by emailing hello@corpocoffeebar.com.

5. Who has access to your data

Your data is held within our own systems and is shared only with the following categories of third parties, each of whom acts as a data processor or controller in their own right where required:

  • Google Ireland Limited (Google Workspace) — for email correspondence and storage of client records in Gmail and Google Sheets.

  • Squarespace Inc. — for hosting our website and processing enquiry form submissions.

  • Autoridade Tributária e Aduaneira (Portuguese Tax Authority) via Portal das Finanças — for issuing invoices and receipts as required by Portuguese tax law.

  • Our bank — for receiving payment of deposits and final balances.

  • Our professional advisors (for example, accountants and legal advisors) — where necessary and under appropriate confidentiality obligations.

We do not sell, rent, or trade your personal data.

6. Event photography

In the course of providing our services, we routinely take photographs of our cart, equipment, set-up, and the broader event environment. These photographs may be used on our website, social media channels, marketing materials, portfolios, and in correspondence with prospective clients.

We rely on our legitimate interest in marketing our business as the basis for photographs of our equipment and set-up.

Where photographs may include identifiable individuals (such as guests at a wedding or attendees at a corporate event), the basis for taking and using such photographs is set out in the booking contract between Corpo Coffee Bar and the event host. By engaging Corpo Coffee Bar, the event host confirms that they have the authority to grant this permission and that their guests have been, or will be, appropriately informed.

If you appear in one of our photographs and would like it removed from public-facing use, please contact us at hello@corpocoffeebar.com. We will remove it from materials within our control within 30 days. Specific alternative photography arrangements can be agreed in writing on a case-by-case basis.

7. International transfers

Some of our service providers, including Google and Squarespace, are based in the United States and may process data outside the European Economic Area. These transfers are protected by the EU–US Data Privacy Framework, which the European Commission has determined provides an adequate level of protection for personal data.

8. How long we keep your data

Type of data Retention period Enquiry data where no booking results 24 months from the date of enquiry Booking files, contracts, and related correspondence 5 years following the event date Invoices, receipts, and other financial documents 10 years (as required by Portuguese tax law) Marketing contact list, if and when introduced Until you withdraw consent Event photographs Indefinitely, subject to the right to request removal as described in Section 6

At the end of the applicable retention period, your data is either securely deleted or anonymised.

9. Your rights

Under GDPR and Lei n.º 58/2019 you have the right to:

  • Access the personal data we hold about you

  • Rectify any data that is inaccurate or incomplete

  • Erase your data in certain circumstances

  • Restrict our processing of your data in certain circumstances

  • Object to processing based on our legitimate interests

  • Receive your data in a portable format

  • Withdraw consent at any time, where consent is the legal basis we rely on

To exercise any of these rights, email hello@corpocoffeebar.com. We will respond within one month.

If you believe we have not handled your data correctly, you also have the right to lodge a complaint with the Portuguese supervisory authority:

Comissão Nacional de Proteção de Dados (CNPD) Av. D. Carlos I, 134 — 1.º, 1200-651 Lisboa Website: www.cnpd.pt Email: geral@cnpd.pt

10. Cookies and website tracking

Our website is built on Squarespace and uses cookies. These include:

  • Essential cookies required for the site to function correctly

  • Analytics cookies that help us understand how visitors use the site

You will see a cookie banner on your first visit allowing you to accept or reject non-essential cookies. You can change your preferences at any time through your browser settings.

11. Security

We take reasonable technical and organisational measures to protect your data, including two-factor authentication on our Google Workspace account, encrypted connections, and limiting access to client data to Matt Brett. As a small business we cannot guarantee absolute security, but we work to industry-standard practices.

12. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects when the most recent change was made. Material changes will, where appropriate, be communicated directly to current clients.

13. Contact

For any question relating to this policy or your personal data:

Matt Brett, Corpo Coffee Bar Email: hello@corpocoffeebar.com Lisbon, Portugal

New!