Privacy Policy

Last updated: (05/01/2026)

This Privacy Policy explains how Tourak Unipessoal Lda (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you access or use the ACYCA website, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Portuguese law.

1. Identity of the Data Controller

The data controller responsible for the processing of personal data is:

Tourak Unipessoal Lda
Sociedade Unipessoal por Quotas
NIPC / VAT Number: 518939901
Registered Office:
Rua Das Musas N5-2B
1990-165 Lisboa
Portugal

Contact email: support@acyca.com

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data collected through:

  • The ACYCA website

  • Customer accounts

  • Online checkout and payment processes

  • Customer support and contact forms

  • Marketing communications (where permitted)

  • Cookies and similar technologies

3. Categories of Personal Data We Collect

3.1 Identification and Contact Data

  • First and last name

  • Email address

  • Telephone number

3.2 Account Data

  • Login credentials (stored in encrypted form)

  • Account preferences and settings

3.3 Transaction and Order Data

  • Products purchased

  • Order history

  • Payment status

  • Invoices, refunds, and returns

3.4 Billing and Delivery Data

  • Billing address

  • Shipping address

3.5 Technical and Usage Data

  • IP address

  • Browser type and version

  • Device and operating system information

  • Log files

  • Cookie identifiers

3.6 Communication Data

  • Messages sent via contact forms or email

  • Customer support requests, feedback, and complaints

4. Purposes of Processing

Personal data is processed only where legally permitted and for the following purposes:

  • To create and manage customer accounts

  • To process orders, payments, deliveries, returns, and refunds

  • To provide customer support and respond to inquiries

  • To comply with legal, tax, and accounting obligations

  • To prevent fraud, abuse, and unauthorized access

  • To ensure website security and functionality

  • To improve website performance and user experience

  • To send transactional communications

  • To send marketing communications only where legally permitted or with explicit consent

5. Legal Bases for Processing (GDPR)

Processing of personal data is based on one or more of the following legal grounds:

  • Performance of a contract (Article 6(1)(b) GDPR)

  • Compliance with a legal obligation (Article 6(1)(c) GDPR)

  • Legitimate interests pursued by the Company, such as security, fraud prevention, and service improvement (Article 6(1)(f) GDPR)

  • Consent of the data subject, where required (Article 6(1)(a) GDPR)

6. Comments and Spam Detection

When visitors leave comments on the website, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string, to help detect spam.

An anonymized string (hash) created from the visitor’s email address may be provided to the Gravatar service to check whether the visitor uses it.
The Gravatar service is operated by Automattic Inc. and its Privacy Policy is available at:
https://acyca.com/privacy-policy/

After approval, the comment and profile picture (if applicable) may be visible to the public.

7. Media Uploads

If users upload images to the website, they should avoid uploading images with embedded location data (EXIF GPS).
Visitors to the website may be able to download and extract location data from images published on the site.

8. Cookies and Similar Technologies

We use cookies and similar technologies to ensure website functionality, improve performance, analyze usage, and support marketing activities where permitted.

WordPress Cookies

  • When visitors leave comments, they may opt in to saving their name, email address, and website in cookies for convenience. These cookies last for one year.

  • If a user visits the login page, a temporary cookie is set to determine whether the browser accepts cookies. This cookie contains no personal data and is discarded when the browser is closed.

  • When users log in, cookies are set to save login information and screen display preferences. Login cookies last for two days, and screen option cookies last for one year.

  • If “Remember Me” is selected, login persists for two weeks.

  • If a user edits or publishes content, an additional cookie is saved indicating the post ID of the edited content. This cookie expires after one day.

For more information, please refer to our Cookie Policy (EU).

9. Embedded Content from Other Websites

Pages or articles on this website may include embedded content (such as videos, images, maps, or articles).

Embedded content from other websites behaves in the same way as if the visitor had visited the external website. These third-party websites may collect data about visitors, use cookies, embed additional third-party tracking, and monitor interactions with embedded content, particularly if the visitor has an account and is logged in to that website.

10. Data Sharing and Recipients

We do not sell personal data.

Personal data may be shared strictly on a need-to-know basis with:

  • Payment service providers

  • Logistics and delivery partners

  • IT, hosting, analytics, and security service providers

  • Public authorities, courts, or regulators where required by law

All third parties are required to process personal data in accordance with applicable data protection laws.

11. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are applied, such as:

  • Adequacy decisions by the European Commission, or

  • Standard Contractual Clauses (SCCs)

12. Data Retention

Personal data is retained only for as long as necessary to:

  • Fulfil the purposes described in this Privacy Policy

  • Comply with legal, tax, and accounting obligations

Once no longer required, data is securely deleted or anonymized.

13. Data Subject Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate or incomplete data

  • Request erasure (“right to be forgotten”), where applicable

  • Restrict processing in certain circumstances

  • Object to processing based on legitimate interests

  • Request data portability

  • Withdraw consent at any time (where processing is based on consent)

Requests may be sent to: support@acyca.com

14. Password Reset and Security

If you request a password reset, the IP address used to request the reset may be included in the reset email for security purposes.

Visitor comments may also be checked through an automated spam detection service to protect the website and users from abuse.

15. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

However, no system can be guaranteed to be completely secure.

16. Marketing Communications

Where legally permitted, we may send marketing communications by email.

You may opt out at any time by:

  • Clicking the unsubscribe link in any marketing email, or

  • Contacting us at support@acyca.com

17. Complaints and Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority, including the Portuguese Data Protection Authority (CNPD).

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

The most current version will always be published on this page.

19. Contact

For any questions regarding this Privacy Policy or our data protection practices, please contact:

📧 support@acyca.com