GDPR — Data Protection

Adjunto is the platform responsible for processing personal data collected through its services, under Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR).

Personal data processing is carried out based on: • Contract performance – to provide and manage platform services • Consent – when explicitly requested for specific purposes • Legitimate interest – for continuous platform improvement and service security • Legal obligation – when required by law In the case of sensitive data, particularly health data, processing is carried out only with explicit consent or when necessary for the sports and clinical management of athletes, in the club context.

• Identification data: name, email, phone contact, tax ID • Minors' data: processed only with consent from guardians • Sports data: position, attendance, statistics, season history • Health data: clinical information strictly relevant to sports practice

Personal data is retained only for the period necessary for the purposes for which it was collected, or while there is a relationship with the club, without prejudice to applicable legal obligations.

Under GDPR, the data subject has the right to: • Access – obtain confirmation and access to your data • Rectification – correct inaccurate or incomplete data • Erasure – request deletion of data ("right to be forgotten") • Restriction – restrict the processing of data • Portability – receive data in a structured format • Objection – object to the processing of data

Adjunto may use subcontractors for technical services (such as hosting, communications or support), ensuring they fully comply with GDPR. Data is stored on servers located in the European Union. If transfer outside the European Economic Area is necessary, appropriate safeguards will be applied, under GDPR terms.

To exercise your rights or clarify any question related to data protection, you can contact: suporte@adjunto.pt

The data subject has the right to file a complaint with the National Data Protection Commission (CNPD), if they consider that the processing of their data violates GDPR.