Privacy Policy

Last updated: April 20, 2026

1. Who We Are

Bast.ia ("we", "us", "our") is a strategic intelligence and AI marketing company. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our services, in accordance with the EU General Data Protection Regulation (GDPR), the Portuguese Data Protection Law (Lei n.o 58/2019), and other applicable legislation.

2. Data Controller

Bast.ia is the data controller for personal data collected through this website. For any privacy-related queries, contact us at: info@bastia.org

3. What Data We Collect

We may collect the following categories of personal data:

• Identity data: name, job title, company name
• Contact data: email address, phone number
• Technical data: IP address, browser type, device information, pages visited, time spent on pages
• Usage data: information about how you use our website and services
• Assessment data: responses to our strategic intelligence assessment quiz
• Marketing data: preferences for receiving marketing communications

4. How We Collect Your Data

We collect data through: direct interactions (forms, email, phone), automated technologies (cookies, analytics), and third-party sources (business partners, publicly available sources).

5. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

• Consent: You have given explicit consent for a specific purpose (e.g., marketing emails, assessment report delivery)
• Contractual necessity: Processing is necessary for the performance of a contract with you
• Legitimate interest: Processing is necessary for our legitimate business interests, provided your rights do not override those interests
• Legal obligation: Processing is necessary to comply with a legal obligation

6. How We Use Your Data

We use your personal data to: provide and improve our services, send you relevant intelligence reports and marketing communications (with your consent), personalize your website experience, analyze website usage, comply with legal obligations, and protect our legitimate business interests.

7. Data Sharing

We do not sell your personal data. We may share your data with: service providers who assist in delivering our services (e.g., hosting, analytics, email delivery), professional advisors, and regulatory authorities when required by law. All third-party processors are bound by data processing agreements in compliance with GDPR Article 28.

8. International Transfers

If we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Contact data collected via forms is retained for a maximum of 24 months unless you engage with our services.

10. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time
• Lodge a complaint with the Portuguese Data Protection Authority (CNPD) or your local supervisory authority

To exercise any of these rights, contact us at info@bastia.org.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including encryption, access controls, and regular security assessments.

12. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact:
Bast.ia — Data Protection
Email: info@bastia.org