OLSPS Privacy Policy
Effective Date: 01.01.2026
1. Introduction
This Privacy Policy describes how OLSPS INTERNATIONAL, UNIPESSOAL LDA and its group of companies under common control with OLSPS INTERNATIONAL (together, the “OLSPS Group”) process Personal Data in connection with the websites, software services, and related business operations operated under the OLSPS brand.
OLSPS INTERNATIONAL, UNIPESSOAL LDA acts as the lead entity within the OLSPS Group and establishes the overarching data protection framework applicable to the Group’s websites and services.
This Policy is intended to reflect compliance with applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation), and other applicable data protection legislation.
2. Definitions
“Controller” means the entity that determines the purposes and means of Processing.
“Customer” means a business entity that has entered into an agreement with OLSPS for the provision of Services.
“Data Processing Agreement” means a written agreement between OLSPS and a Customer that governs the Processing of Personal Data by OLSPS in its capacity as a Processor on behalf of the Customer, and that sets out the subject matter and duration of the Processing, the nature and purpose of the Processing, the types of Personal Data involved, the categories of Data Subjects, and the obligations and rights of the parties, in accordance with applicable data protection laws.
“OLSPS Group” means OLSPS INTERNATIONAL, UNIPESSOAL LDA and its group companies under common control with OLSPS INTERNATIONAL.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, restriction, or deletion.
“Processor” means an entity that Processes Personal Data on behalf of a Controller.
“Services” means the software solutions and related services provided by OLSPS.
3. Identity of the Controller
Where a member of the OLSPS Group acts as a Controller of Personal Data, the relevant Controller is the entity within the OLSPS Group that determines the purposes and means of the Processing activity in question.
Unless otherwise specified on a particular website, in a specific contractual arrangement, or in a separate privacy policy applicable to a specific OLSPS Group entity or service, the relevant Controller shall be the OLSPS Group entity that determines the purposes and means of the Processing activity in question.
For the avoidance of doubt, certain OLSPS Group entities may operate under dedicated privacy policies applicable to specific jurisdictions, sectors, or contractual arrangements. In the event of any inconsistency between this Privacy Policy and a dedicated privacy policy applicable to a specific OLSPS Group entity or service, the latter shall prevail in respect of the relevant Processing activity.
Where OLSPS INTERNATIONAL, UNIPESSOAL LDA acts as Controller, its details are as follows:
OLSPS INTERNATIONAL, UNIPESSOAL LDA
Company Registration Number: 513826920
Registered Office: Rua das Chagas 20 R/C E EQS 1200-107, Lisbon, Portugal
Email for Privacy Inquiries: privacy@olsps.com
OLSPS may be contacted using the details above regarding the processing of Personal Data or the exercise of applicable data protection rights.
4. Allocation of Responsibility within the OLSPS Group
The OLSPS Group operates through multiple legal entities. Depending on the specific website, service, or contractual relationship, a Group entity other than OLSPS INTERNATIONAL, UNIPESSOAL LDA may act as a Controller in relation to certain Processing activities.
Each Group entity acting as a Controller is responsible for compliance with applicable data protection laws in respect of the Processing it determines.
OLSPS INTERNATIONAL, UNIPESSOAL LDA oversees the Group’s data protection framework and establishes group-wide standards designed to ensure consistent compliance across the OLSPS Group.
Internal arrangements between Group entities govern data sharing, intra-group transfers, and allocation of responsibilities, in accordance with applicable data protection requirements.
5. When OLSPS Acts as a Data Processor
In relation to Personal Data submitted or made available by Customers in connection with the Services, including data relating to fishing operations, vessels, crew members, catch records, and geographic location data, OLSPS acts solely as a Processor.
In this context:
• The Customer is the Controller.
• OLSPS Processes Personal Data only on documented instructions from the Customer.
• OLSPS does not process such Personal Data for its own independent purposes.
• OLSPS does not use such data for analytics, benchmarking, product development, or commercial exploitation.
• OLSPS implements and maintains appropriate technical and organisational measures designed to protect such data.
• When OLSPS engages Sub-Processors, it shall do so under written agreements that impose appropriate data protection obligations.
Individuals seeking to exercise rights in relation to such Personal Data should contact the relevant Customer.
Processing of Customer Personal Data is governed by the Data Processing Agreement forming part of the applicable terms of use.
6. When OLSPS Acts as a Data Controller
OLSPS acts as a Controller in relation to Personal Data processed for its own business purposes, including:
• Website registration and account creation
• Customer account administration
• Billing and invoicing
• Customer support communications
• Security monitoring and system integrity
• Compliance with legal obligations
• Management of contractual relationships
7. Categories of Personal Data
Where OLSPS acts as a Controller, categories of Personal Data may include:
• Identification data such as name and job title
• Contact details such as email address and telephone number
• Account credentials
• Billing and financial data
• Technical data such as IP address, browser type, device information, and access logs
• Communication records
OLSPS does not intentionally collect special categories of Personal Data unless required by law or voluntarily provided.
8. Purposes of Processing and Legal Basis
Where OLSPS acts as a Controller, Personal Data may be processed for:
• Provision of Services and account management. Legal Basis: Performance of a contract
• Billing, invoicing, and financial administration. Legal Basis: Performance of a contract and compliance with legal obligations
• Security monitoring, fraud prevention, and system protection. Legal Basis: Legitimate interests in ensuring system integrity and preventing unauthorised access
• Compliance with applicable legal and regulatory requirements. Legal Basis: Legal obligation
Where Processing is based on legitimate interests, OLSPS has conducted an assessment to determine that such interests are not overridden by the rights and freedoms of individuals, taking into account reasonable expectations.
9. Data Sharing and Sub-Processors
Personal Data may be disclosed to:
• Cloud infrastructure providers
• Payment processors
• IT and technical service providers
• Professional advisors
• Regulatory authorities where required by law
Service providers are engaged under written agreements requiring appropriate confidentiality, security, and data protection obligations. OLSPS conducts reasonable due diligence prior to engagement.
A current list of Sub-Processors is available upon request.
Personal Data may also be shared between entities within the OLSPS Group where necessary for operational, administrative, security, compliance, or service delivery purposes. Such intra-group sharing shall be carried out in accordance with applicable data protection laws and subject to appropriate internal safeguards and governance arrangements.
10. International Data Transfers
Personal Data may be transferred to and processed in jurisdictions outside the individual’s country of residence.
Where such transfers occur and where required under applicable law, OLSPS relies on legally recognised transfer mechanisms and implements contractual and organisational safeguards designed to provide an appropriate level of protection consistent with applicable data protection requirements.
Where Personal Data is transferred between entities within the OLSPS Group located in different jurisdictions, such transfers shall be carried out in accordance with applicable data protection laws and subject to appropriate legal mechanisms and safeguards, including intra-group arrangements where required.
11. Data Retention
Personal Data processed as Controller is retained for as long as reasonably necessary to fulfil the purposes for which it was collected, including to satisfy contractual, legal, regulatory, accounting, or reporting obligations.
Retention periods are determined based on applicable legal requirements, contractual commitments, and legitimate business needs.
Personal Data processed as Processor is retained in accordance with Customer instructions and contractual terms.
Upon termination of Services, Personal Data is returned or deleted in accordance with contractual obligations and applicable law.
12. Data Security
OLSPS implements and maintains appropriate technical and organisational measures designed to protect Personal Data against unauthorised access, loss, misuse, alteration, or disclosure, taking into account the nature of the data processed, the risks involved, and the state of the art.
Such measures may include role-based access controls, encryption in transit where appropriate, logging and monitoring, internal policies governing data access, and vendor due diligence procedures.
While OLSPS applies reasonable safeguards, no method of transmission over the internet or method of electronic storage is entirely secure. Accordingly, OLSPS cannot warrant absolute security.
Security measures are periodically reviewed and updated as appropriate to address evolving risks.
13. Data Subject Rights
Where OLSPS acts as a Controller, individuals may have the right, subject to applicable law, to:
• Request access to their Personal Data
• Request rectification of inaccurate data
• Request erasure
• Request restriction of Processing
• Object to Processing based on legitimate interests
• Lodge a complaint with a competent supervisory authority
OLSPS will assess and respond to requests in accordance with applicable law. In certain circumstances, OLSPS may limit or decline a request where permitted by law.
Where OLSPS acts as a Processor, individuals should contact the relevant Customer.
14. Cookies and Tracking Technologies
The relevant website or application may use cookies and similar technologies for functionality, security, and analytics purposes. Where required by law, appropriate consent mechanisms are implemented. Additional information may be provided in a Cookie Policy or similar notice applicable to the relevant website or application.
15. Children’s Data
The Services are not directed to children within the meaning of applicable data protection laws. OLSPS does not knowingly collect Personal Data from children.
16. Changes to This Policy
OLSPS may update this Privacy Policy from time to time. The updated version will be published on the website with a revised effective date.
17. Contact
For privacy-related inquiries concerning the OLSPS Group or any of its websites and services, individuals may contact:
OLSPS INTERNATIONAL, UNIPESSOAL LDA
Email: privacy@olsps.com
Address: Rua das Chagas 20 R/C EQS 1200-107, Lisbon, Portugal
Where another entity within the OLSPS Group acts as the Controller for a specific Processing activity, inquiries may also be directed to the relevant Group entity as identified on the applicable website or contractual documentation.
Individuals located in the European Union may also contact the competent supervisory authority in their country of residence.