The Portugal Post Logo

Privacy Policy

Effective Date: 30 June 2025

1. Who We Are

ThePortugalPost is a digital news outlet owned and operated by PostMedia Group (“we”, “us”, “our”). We are established in Malta and focus primarily on news and features relevant to readers in Portugal, but our content is accessible worldwide.

Registered address: Malta

Website: https://theportugalpost.com

Privacy inquiries: use the contact form at https://theportugalpost.com/contact and add the word “Privacy” in the subject line.

Because the scale and nature of our data-processing activities are limited, we are not required to appoint a Data Protection Officer under Article 37 of the General Data Protection Regulation (“GDPR”).

2. Scope of this Policy

This policy explains what personal data we collect when you browse or otherwise interact with ThePortugalPost, why we collect it, how long we keep it, whom we might share it with, what safeguards we rely on if data crosses borders, and what rights you have. It applies to you whether you reside in Portugal, elsewhere in the European Economic Area (EEA), or outside the EU.

3. What Data We Collect

3.1 Usage and technical data
When you access our site, limited information is generated automatically by your device and our servers (for example your IP address, browser type and version, operating system, the URL that referred you to us, pages viewed, and the date and time of each request).

3.2 Analytics data
We use Google Analytics 4 (“GA4”) to understand how visitors use the site so we can improve speed, navigation, and editorial priorities. GA4 sets first-party cookies that assign a random identifier to your browser. We configure GA4 to:

anonymise IP addresses before they are stored;

disable advertising features and ad-personalisation signals;

respect your browser’s Do-Not-Track setting when enabled.

We do not collect names, e-mail addresses, payment information, or any special-category data such as political opinions or health information, because our site has no registration, comment, or subscription functions.

4. Legal Bases for Processing

Under Article 6 GDPR we rely on:

Consent – GA4 cookies are placed only after you actively opt in via the cookie banner shown on your first visit; you can withdraw consent at any time through the “Cookie Settings” link in the footer or by clearing cookies in your browser.

Legitimate interest – we retain short-term server logs that are necessary to protect the site, detect fraud, and diagnose technical problems. We believe our interest in maintaining a secure, reliable service is not overridden by your privacy interests; logs are minimised and deleted as soon as operationally feasible.

5. Retention Periods

Google Analytics data: retained for 14 months (the shortest option GA4 currently allows) and then automatically deleted or aggregated.

Essential server logs: stored securely for up to 12 months to assist with security investigations, then deleted or irreversibly anonymised.

We do not store any other personal data.

6. International Transfers

GA4 may transmit usage data to Google servers located outside the EEA, including the United States. To safeguard such transfers, Google relies on Standard Contractual Clauses approved by the European Commission, and we enable built-in privacy controls (IP anonymisation, encryption in transit and at rest). We do not otherwise transfer personal data to third countries.

7. Data Sharing

We do not sell, lease, or otherwise disclose personal data to marketers, ad networks, social media platforms, or any other third parties. The only external recipient of raw usage data is Google Ireland Limited as our analytics processor, operating under a data-processing agreement that incorporates the measures described above.

8. Security Measures

We follow generally accepted industry standards to protect the information we hold, including:

TLS/HTTPS encryption on every page;

firewalls and intrusion-prevention systems at the hosting provider;

operating-system and application updates applied at least monthly;

strict, role-based access limited to the two staff members who require it;

quarterly internal audits of access logs and configuration settings.

9. Your Rights

You have the following rights under the GDPR, subject to the conditions and exceptions set out in the law:

Access – obtain a copy of the personal data we hold about you;

Rectification – correct inaccurate or incomplete data;

Erasure – request deletion of data that we no longer need or are processing unlawfully;

Restriction – limit the way we process your data under certain circumstances;

Objection – object to processing carried out on the basis of legitimate interest;

Portability – receive your personal data in a structured, commonly used, machine-readable format;

Withdraw consent – revoke GA4 cookie consent at any time, without affecting processing performed before withdrawal.

To exercise any right, please submit a request via https://theportugalpost.com/contact. We will respond within one month, as required by Article 12 GDPR. If your request is unusually complex, we may extend this period by a further two months but will always inform you in advance.

10. Right to Lodge a Complaint

If you believe we have infringed your data-protection rights, you may lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD) in Portugal or with your local supervisory authority in the EEA.

11. Children

ThePortugalPost is not directed at children under 16, and we do not knowingly process children’s personal data. If you are a parent or guardian and believe your child has provided personal data, please contact us so we can remove it promptly.

12. External Links

Our articles may link to external websites. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to read their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this policy to reflect legal, technical, or business developments. When we do, we will:

Post the revised policy with a new Effective Date at the top of this page; and

Display a prominent banner on our homepage for at least 30 days or until you acknowledge it.

Continued use of the site after an update becomes effective constitutes acceptance of the revised policy.


Last reviewed: 30 June 2025