Privacy Policy

 

At Continuous Quality Management, we are committed to protecting your privacy and ensuring your personal information is handled in a safe and responsible manner. This policy outlines how we collect, use, and safeguard your data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws.

1. Information We Collect

We collect Personal Identifiable Information (PII) to provide our services and fulfill legal obligations.

  • Contact Forms: We collect your name, email address, and any information provided in your message.

  • Order & Scheduling Information: When you book via Acuity Scheduler, we collect your name, contact details, and service preferences.

  • Invoicing Data: To comply with Portuguese tax law, we collect your VAT number (if applicable), billing address, and payment details.

2. How We Use and Store Your Data

We follow the principle of Data Minimization; we only collect what is necessary for our business operations.

  • Automation: Order data from Acuity Scheduler is automatically exported to our secure Google Workspace (Google Sheets and Google Calendar) for service fulfillment and scheduling management.

  • Legal Compliance: In accordance with Portuguese law (Decree-Law no. 198/2012), data related to financial transactions and invoicing must be maintained for 10 years for tax and audit purposes.

  • General Retention: Non-financial data (such as general inquiries) is maintained for 2 years following our last contact, unless you request earlier deletion.

3. Sharing with Third Parties

We do not sell, rent, or trade your personal data. We only share information with the following trusted third parties for specific business functions:

  • Google Workspace: For data storage, scheduling, and internal operations.

  • Certified Invoicing Software: To generate legally compliant invoices as required by the Portuguese Tax and Customs Authority (AT).

  • Accounting Firm: A third-party accounting partner has access to financial records to ensure tax and regulatory compliance.

  • Legal Necessity: We may disclose data if required by law or to protect our legal rights.

4. Your Rights (GDPR & CCPA)

Under the GDPR and CCPA, you have significant rights regarding your data:

  • Right of Access: You may request a copy of the personal data we hold about you.

  • Right to Rectification: You can request that we correct inaccurate information.

  • Right to Erasure ("Right to be Forgotten"): You may request that we delete your data, provided it is not required for legal or tax compliance.

  • Right to Object: You can opt out of any marketing communications (CAN-SPAM Act compliance).

To exercise these rights, please email us at: info@continuousqualitymanagement.com. We will respond to your request within 30 days.

5. Children's Privacy (COPPA)

Our services are directed to professionals and adults. We do not knowingly collect or solicit personal information from children under the age of 13 (or 16 in certain EU jurisdictions). If we learn that we have inadvertently collected such data, we will delete it immediately.

6. Fair Information Practices & CAN-SPAM

To align with Fair Information Practices, we will notify you via email within 7 business days should a data breach occur. In compliance with the CAN-SPAM Act:

  • We will not use false or misleading subjects or email addresses.

  • We will include our physical business address in our communications.

  • We will honor opt-out/unsubscribe requests promptly.

7. PCI Compliance

All payments are processed through PCI-DSS Level 1 certified secure processors. We do not store your full credit card information on our internal servers.

Contact Us

If you have questions about this Privacy Policy, please contact:

Continuous Quality Management

Email: info@continuousqualitymanagement.com

Location: Portugal

 

Last Updated: February 24, 2026