Privacy Policy

Graphenest, S.A., (hereafter “Graphenest, SA”, “us”, “we”, or “our”) owns and operates the website website (the “Service” or “Website”). We are a public limited liability company, with registered office at Lugar de Estação, Edificio VougaPark, 3740-070 Paradela do Vouga, and with share capital of € 119.553,60, with tax identification number n. º 513542850, registered at the Commercial Registry of Lisbon, under the same number, and acts as a controller for the processing of personal data of data subjects who are users of our page (hereinafter referred to as “User” or “Users”).

This page informs you of our policy regarding the collection, use, and disclosure of personal data when you use our Website and the choices you have associated with that data.

Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from

The right to privacy and the protection of personal data is very important to us.

Your personal data will be processed internally in a strictly confidential way and in accordance with the data protection applicable legislation, including, inter alia, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or “GDPR”) and Law no. 58/2019, of 8 August.

This Privacy Policy is only applicable to our Website and not to websites owned by third parties even if there is a direct link on the Website to such websites. We cannot be held responsible for the content of websites other than our Website. For more information on the processing of personal data by other websites, please read their privacy policies.

We want to ensure that all Users whose data we process are duly informed about how the processing of their data is carried out.

After reading our Privacy Policy, if you still have any questions or you would like any clarification, please contact us at:

Graphenest, S.A.

Lugar de Estação, Edificio VougaPark, 3740-070 Paradela do Vouga




Personal Data

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Usage Data

Usage Data is data collected automatically either generated by the use of the Website or from the Website infrastructure itself (for example, the duration of a page visit).


Cookies are text files with small amounts of information that are stored on your computer or mobile device each time you visit a website through a browser. On each subsequent visit, the browser sends these cookies to the website that generated them or to another website.

Cookies thus enable websites to store certain information in order to allow Users to navigate online in a simple and fast way, eliminating the need to repeatedly enter the same information.

Cookies themselves do not identify the individual User, but only the device used.

Cookies are widely used by website owners to enable their websites to function effectively, or more efficiently, and to report information to them. Cookies help us understand how the Service is being used and improve user’ experience.

Cookies set by website owners (i.e. Graphenest, S.A) are called “first-party cookies”.

Cookies set by parties other than the website owner are called “third-party cookies”.

Third-party cookies are able to provide features or functionalities (such as interactive content and analytics) on or through the website.


Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

For the purpose of this Privacy Policy, we act as a Controller of your Personal Data.

Processor (or Service Providers)

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.

We may use the services of various Service Providers in order to process your data more effectively.

Data Subject (or User)

Data Subject is any living individual who is using our Website and is the subject of Personal Data.


Information Collection and Use

We collect several different types of information for various purposes to provide and improve the Service.

Types of Data Collected

Personal Data

While using our Website, we may ask you to provide us with certain Personal Data, which may include:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Cookies and Usage Data

If you consent, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

Usage Data

We may also collect information how the Website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Website and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Website.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Website;
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings;
  • Security Cookies. We use Security Cookies for security purposes;
  • Analytical / performance cookies: to monitor and analyse Users’ behaviours on our Website; and
  • Marketing cookies: cookies used to deliver advertisements relevant to Users’ interests.


We may use Service Providers to monitor and analyze the use of our Website.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:

For more information about the way we use cookies, please check our Cookies Policy.


Purposes of our Processing of Personal Data

Graphenest, S.A. uses the collected data for various purposes:

  • To provide and maintain our Website;
  • To notify you about changes to our Website;
  • To allow you to participate in interactive features of our Website when you choose to do so;
  • To provide customer support;
  • To gather analysis or valuable information so that we can improve our Website;
  • To monitor the usage of our Website;
  • To prevent fraud and other prohibited or illegal activities;
  • To protect the security of our Website, including personal data of all Users;
  • To detect, prevent and address technical issues;
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.


Grounds of Lawfulness for Data Processing

Graphenest, S.A., processes personal data of its Users based on at least one of the following grounds of lawfulness:

  1. Consent: when we have obtained your prior express consent – in writing, orally or through the validation of an option –and such consent is freely given, informed, specific and unambiguous;
  2. Performance of a contract or pre-contractual procedures: whenever the processing of personal data is necessary for the conclusion, performance or management of the contract entered into with Graphenest, S.A., such as for the management of contacts/claims, invoicing/billing/payments;
  3. Compliance with a legal obligation: whenever the processing of personal data is necessary to fulfil a legal obligation to which Graphenest, S.A. is subject to, such as reporting to administrative, judicial and/or law enforcement agencies;
  4. Legitimate interest: whenever the processing of personal data is necessary to safeguard a legitimate interest of Graphenest, S.A., or of third parties and it’s not overridden by your rights, such as the improvement of the quality of the Website or the detection of fraud.


Data Retention

Graphenest, S.A. will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data for a specific period in order to comply with applicable laws, resolve disputes, and enforce our legal agreements and policies).

Graphenest, S.A. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer time periods.

Personal Data Transfers

Graphenest, S.A. will take all steps reasonably necessary to ensure that your data is processed securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information and in full compliance with Chapter V of the GDPR.


Disclosure of Data

Disclosure for Law Enforcement

Under certain circumstances, Graphenest, S.A. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Legal Requirements

Graphenest, S.A. may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation;
  • To protect and defend the rights or property of Graphenest, S.A.;
  • To prevent or investigate possible wrongdoing in connection with the Website;
  • To protect the personal safety of Users of the Website; or
  • To protect against legal liability.

Data Security

The security of your personal data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Graphenest, S.A., will employ all reasonable technical and organizational security measures to ensure that data subjects’ personal data is used securely. For example, we use cryptographic technologies for data confidentiality, protection mechanisms to prevent attacks, and access control mechanisms to permit only authorised access to your personal data. We also provide training on security and privacy protection for employees to raise their awareness on personal data protection.

Graphenest, S.A. will make all reasonable efforts to minimize the processing and retention time for your personal data. 


“Do Not Track” Signals

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. 


Your Data Protection Rights Under General Data Protection Regulation (“GDPR”)

As a data subject, you have certain data protection rights under GDPR. Graphenest, S.A. aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

As data subjects’, Users may, at any time, exercise the following rights:

  1. Right of access – the right to obtain confirmation as to which of your personal data is processed and information about them; for instance, what are the purposes of the processing and what are the retention periods, amongst others;
  2. Right to rectification – right to obtain the rectification of your personal data which is inaccurate or incomplete;
  3. Right to erasure or ‘right to be forgotten’ – right to obtain the erasure of your personal data, unless there are valid grounds for storing your data. For example, Graphenest, S.A. is required to keep the data to comply with a legal obligation or because judicial proceedings are ongoing;
  4. Right to data portability – right to receive the data you have provided in a commonly used and machine-readable digital format, as well as the right to directly transmit such data, if technically possible;
  5. Right to object – right to object to the processing of your personal data based on a legitimate interest, unless compelling legitimate grounds for the processing prevail over your interests, rights and freedoms, or for the defense of a right during judicial proceedings;
  6. Right to restriction of processing – right to obtain restriction of the processing of your personal data, in the form of: (i) suspension of processing, or (ii) limitation of the scope of processing to certain categories of data or purposes of processing;
  7. Right to withdraw the consent – if the processing of your personal data is subject to obtaining your consent, you have the right to withdraw it, without such withdrawal of consent affecting the lawfulness of processing based on consent before its withdrawal.

In order to exercise your rights as a data subject’, please contact Graphenest, S.A., at and specify the right(s) you wish to exercise. The exercise of your rights is free of charge, unless the request is manifestly unfounded or excessive, in which case Graphenest, S.A., may charge a reasonable fee considering the costs.

Please note that we may ask you to verify your identity before responding to such requests.

The data subjects also have the right to lodge a complaint with CNPD ( if they consider that Graphenest, S.A., has breached the applicable data protection legislation.


Children’s Privay

Our Website does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from any data subject under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Direct Marketing

As a controller, Graphenest, S.A., will not send direct marketing communications to data subjects’ unless it has obtained their explicit consent for such direct marketing. Data subjects’ must also be able to withdraw their consent. Such consent must be:

  1. Explicit and unambiguous: Graphenest, S.A., will include appropriate consent notices on the particular web page or form that collects their consent specifically for direct marketing communications;
  2. Opt-in and not opt-out: Data subjects should provide their consent through a clear affirmative action. Indirect consent such as via pre-ticked boxes or first seeking consent via opt-out notices in the first marketing communication is not used by Graphenest, S.A.;
  3. Easy to withdraw: Data subjects should be made aware of the means through which they can withdraw their consent and thus stop receiving direct marketing messages from Graphenest, S.A., unless they provide their explicit consent to receive such marketing again.

Graphenest, S.A., will not buy email lists or any list containing data regarding data subjects’ (whether anonymized or not). This includes contact information with the aim of sending direct marketing communications to data subjects’, without ensuring that the data subjects’ consent is part of the communication they receive, including opt-outs.


Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Website, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on our Website.

Disclaimer, Last updated: July 24, 2023 | The information contained on website (the "Service" or "Website") is for general information purposes only. Graphenest, S.A. assumes no responsibility for errors or omissions in the contents on the Website. In no event shall Graphenest, S.A. be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Website or the contents of the Website. Graphenest, S.A. reserves the right to make additions, deletions, or modification to the contents on the Website at any time without prior notice. Graphenest, S.A. does not warrant that the Website is free of viruses or other harmful components. External links disclaimer: website may contain links to external websites that are not provided or maintained by or in any way affiliated with Graphenest, S.A. Please note that the Graphenest, S.A. does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites