Fortune Residence
Privacy Policy
Last updated:
Fortune Molecule LDA, operating under the Fortune Residence brand, takes the protection of personal data seriously. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you have under the EU General Data Protection Regulation (GDPR) and Portuguese data protection law.
This policy applies to fortuneresidence.com and to all interactions with us through email, phone, WhatsApp, WeChat, and in-person meetings.
1. What data we collect
When you visit the site
Browsing the site does not require you to submit personal data. We do automatically collect technical usage information — IP address, browser type, pages visited, timestamps, referring URL, and device identifiers — to operate the site, prevent abuse, and improve user experience.
When you contact us
When you call, write, WhatsApp, WeChat, or submit a form, we collect the information you choose to share — typically name, email, phone, and the content of your message. If you request our weather-conditions report or another lead magnet, we collect your email and the identifier of the resource requested.
When you become a client
Engagement of our design-build services requires additional data — postal address, contract details, payment information, identification documents where required by law, and the specifics of your project.
2. Why we process your data and on what legal basis
- Responding to your enquiries — performance of pre-contractual measures (GDPR Art. 6(1)(b)) or our legitimate interest (Art. 6(1)(f)).
- Delivering services under a signed contract — contract performance (Art. 6(1)(b)).
- Sending you the requested lead magnet (e.g. the weather report) — your consent (Art. 6(1)(a)).
- Measuring site traffic via Google Analytics — your consent (Art. 6(1)(a)), only if you accept analytics cookies.
- Showing relevant content via Google advertising — your consent (Art. 6(1)(a)), only if you accept marketing cookies.
- Preventing form spam via Cloudflare Turnstile — our legitimate interest (Art. 6(1)(f)).
- Complying with tax, accounting, and anti-money-laundering obligations — legal obligation (Art. 6(1)(c)).
3. Who receives your data
We do not sell personal data. We share it only with the following categories of recipients and only as needed to deliver the purpose for which it was collected:
- HubSpot, Inc. (CRM) — to manage client and prospect contact details. Data may be transferred to the US under the EU-US Data Privacy Framework and Standard Contractual Clauses.
- Cloudflare, Inc. (site hosting and Turnstile bot protection) — service operation. Cloudflare's EU data centres are used where possible.
- Google LLC (Google Tag Manager and Google Analytics 4) — only with your consent.
- Our architects, contractors, lawyers, and accountants — strictly when needed to deliver your project or comply with the law.
- Public authorities — only where legally required.
4. International transfers
Some of our processors (HubSpot, Google, Cloudflare) operate globally. Where data is transferred outside the European Economic Area, we rely on EU-approved safeguards: the EU-US Data Privacy Framework, Standard Contractual Clauses, and (where applicable) supplementary measures such as encryption in transit and at rest.
5. How long we keep your data
- Website usage logs — up to 6 months.
- Contact-form and lead-magnet submissions where no engagement follows — up to 24 months from last contact.
- Client records (during and after a contract) — 10 years from end of contract, as required by Portuguese tax and accounting law.
- Cookies — see Section 8 below and our Cookie Policy for category-by-category retention.
6. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase data ("right to be forgotten") in the situations the law allows.
- Restrict processing while a request is being considered.
- Receive your data in a portable, machine-readable format.
- Object to processing based on our legitimate interest.
- Withdraw consent at any time without affecting prior lawful processing.
- Lodge a complaint with the Portuguese supervisory authority — Comissão Nacional de Proteção de Dados (CNPD), www.cnpd.pt.
7. How to exercise your rights
Write to gdpr@fortunemolecule.com from the email address we hold for you, or by registered post to the address above. We will respond within 30 days. If we cannot identify you from your request, we may ask for proof of identity.
8. Security
We apply technical and organisational measures to protect your data — HTTPS in transit, encrypted storage, role-based access, regular review of suppliers. No method of transmission over the internet or electronic storage is 100% secure; we cannot guarantee absolute security.
9. Automated decision-making
We do not make decisions about you on a purely automated basis with legal or similarly significant effect on you.
10. Changes to this policy
We may update this policy from time to time. The "last updated" date above always reflects the current version. Material changes are highlighted at the top of the page for at least 30 days.