Contact Us

Privacy Notice

(Last updated: October 2025)

1. Introduction

This Privacy Notice explains how Nexia CPLA & Associados, SROC, Lda. and Nexia CPLA II – Advisory Services, Lda. (“Nexia CPLA”, “we”, “our”, or “us”) collect, use, store, and protect personal data.

It also sets out your rights under applicable data-protection legislation, including the EU General Data Protection Regulation (GDPR) and Portuguese data-protection law.

This notice applies to personal data collected through our website and through communications or interactions with Nexia CPLA in connection with our professional services.

2. Entities covered by this Notice

This Privacy Notice applies to:

  • Nexia CPLA & Associados, SROC, Lda., a statutory audit firm registered in Portugal; and
  • Nexia CPLA II – Advisory Services, Lda., a related company providing tax and advisory services.

Each entity is legally independent and acts as a separate data controller. This Notice covers both entities collectively as “Nexia CPLA”.

Nexia CPLA is a member firm of Nexia International, a leading, global network of independent accounting and consulting firms. Nexia International itself does not deliver services or control member-firm data processing.

3. What information we collect

We may collect personal data when you:

  • contact us via email, telephone, or online forms;
  • request or receive professional services from us;
  • visit our website; or
  • engage with us through Nexia International referrals or events.

The types of personal data we may collect include:

  • Identification and contact details (such as name, job title, company, email address, and phone number);
  • Professional information (employer, role, or area of responsibility);
  • Financial and tax information when required for professional engagements;
  • Technical information (IP address, browser type, operating system, and website usage data); and
  • Any other information you voluntarily provide.

We do not intentionally collect sensitive personal data unless it is strictly necessary and provided voluntarily for a specific engagement.

4. How we use your information

We process personal data for the following purposes:

  • To provide audit, tax, accounting, and advisory services to our clients;
  • To manage our client relationships and respond to enquiries;
  • To comply with statutory obligations, including anti-money-laundering and professional-conduct requirements;
  • To operate, maintain, and improve our website and IT systems;
  • To send administrative or regulatory communications; and
  • To manage billing, internal reporting, and risk management.

We do not use personal data collected through this website for automated decision-making or profiling.

5. Legal bases for processing

We process personal data only where one or more of the following applies:

  • Performance of a contract: to provide professional services you have requested;
  • Legal obligation: to comply with statutory or regulatory duties, including those arising from professional-body rules;
  • Legitimate interests: to operate and improve our business, provided such interests are not overridden by your rights; or
  • Consent: where required (for example, optional marketing communications).

6. Sharing your information

We may share personal data with:

  • Other Nexia CPLA entities and authorised staff who require access for legitimate business purposes;
  • Nexia International member firms involved in cross-border engagements, subject to confidentiality and data-transfer safeguards;
  • External professional advisers or service providers (such as IT, payroll, or compliance support) who act under contractual confidentiality obligations; and
  • Regulatory or governmental authorities, when required by law or professional regulation.
  • We do not sell or rent personal data to third parties.

7. International transfers

Where personal data must be transferred outside the European Economic Area, we ensure an adequate level of protection through one of the following mechanisms:

  • the destination country has been deemed adequate by the European Commission; or
  • standard contractual clauses approved by the European Commission are in place with the recipient.

Cross-border exchanges within the Nexia International network follow the same safeguards.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, or disclosure.

These include:

  • restricted-access controls on a “need-to-know” basis;
  • encryption and secure data-transfer methods;
  • network and system monitoring; and
  • staff training on data-protection responsibilities.

While we maintain high security standards, no system can guarantee absolute protection of data transmitted over the internet.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law or professional regulations.

For enquiries received through the website, personal data will generally be kept for up to 24 months unless further retention is justified.

10. Your rights

Under the GDPR, you have the right to:

  • access and obtain a copy of your personal data;
  • request correction of inaccurate or incomplete data;
  • request erasure of data (“right to be forgotten”) where legally permissible;
  • restrict or object to processing;
  • withdraw consent (where processing is based on consent); and
  • request data portability where applicable.

To exercise these rights or raise any privacy-related question, please contact us at privacy@nexia.pt.

You also have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD) – www.cnpd.pt.

11. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect legal, regulatory, or operational changes.

When we do so, the revised version will be published on this page with an updated “last updated” date.
We encourage visitors to review this page periodically to stay informed about how we protect personal information.