Data privacy statement l Clients

LegalsLegal and privacy

Data privacy statement l Clients

Forvis Mazars in Portugal takes the security of and our legal responsibilities around your personal data very seriously. This privacy statement sets out which personal data we collect from you through our interaction with you, how we process that personal data and provides information about your rights in relation to the processing of your personal data.
The information described in this statement applies to those who receive services from us or who are seeking to do so (“our Clients”), and to those who work for our Clients or who are otherwise connected to our Clients’ businesses in any other capacity.
The following information is for our obligations under the General Data Protection Regulation (EU) 2016/679.

Data Controller

Forvis Mazars in Portugal (designated by “we” or “us”), is currently composed by Forvis Mazars & Associados, SROC, SA; Forvis Mazars Contabilidade, SA; Forvis Mazars Advisory, SA; Forvis Mazars - Sociedade de Advogados, SP, RL.

The Forvis Mazars entity that provides you with a product or service will be responsible for the collection and processing of your personal data, when deciding which data is collected, the methods of processing, and the purposes for which the data is processed and/or used.

Additionally, each entity within the Forvis Mazars network in Portugal processes personal data as a Data Processor on behalf and according to the instructions of other responsible entities, in the context of our professional services.

In the context of this privacy statement, at times, we may refer to the handling, collection, protection, and retention of your personal data as "treatment" or "processing" of this personal information.

Data Subjects

We may collect and process personal data from:

  • our clients, suppliers, business contacts and potential clients (and / or from individuals associated with them);
  • individuals whose personal data we obtain in connection with providing professional services to our clients (e.g. employees, suppliers, family members, government agency contact persons, other advisors to the data subject).

In connection with our professional services, you may provide us with personal data of third parties (e.g. in cases described above). In this context, the individuals concerned may access this privacy notice through our Website and, whenever legally required, such third parties shall have the data processing rights arising from the applicable legislation."

What personal data do we process?

Depending on the nature of the services we provide, the legal obligations to which we are subject, our legitimate interests or the specific consent you grant us to that end, we may collect or obtain following categories of personal data (non-exhaustive examples):

  • basic information, such as your name, age, date of birth, gender, language, your relationship to a person (e.g. your marital status and family information)
  • your contact details (e.g. address, phone, email and other contact details)
  • your business activities
  • employment and education details (e.g. the organisation you work for, your job title and your education details)
  • identifiers documents (e.g. passport number, CC, Tax number)
  • financial and tax information (e.g. your bank account, income and tax)
  • Other categories of personal data provided by you in the course of the provision of services, as well as any other personal data you may voluntarily provide to us in connection with yourself, and any additional data necessary for the performance of the contracted services or for compliance with legal obligations.

For certain services or activities, and when required by law or with an individual's explicit consent, we may also collect special categories of personal data (e.g. health data).

How do we collect personal data?

To enable us to operate our website and deliver our services, we may collect your personal data from:

  • You directly.
  • Our network firms.
  • Law enforcement or similar agencies.
  • Our suppliers.
  • Third parties you authorise us to obtain your personal data from (e.g., our clients about their employees, customers, clients and other data subjects whose personal data they collect; other advisors to the data subject).

We will always only ask you to provide the minimum personal data necessary to fulfil any specific objective.  Where we ask you to provide us with certain data and you are unable or unwilling to do so it may affect how we are able to interact with you. In such an event, we will explain to you the impact of not providing the requested personal data.

Legal basis for processing

We process your personal data in accordance with the following legal bases:

  • Consent: In some situations, we will seek your consent to processing your personal data.
  • Contractual basis and/or our legitimate interests include: 
    • creating, developing and or managing our relationship with you;
    • meeting our administrative, accounting and corporate obligations;
    • maintaining the security of our IT systems, offices and team in accordance with our information security policies; and
    • developing our business and services. 
  • Legal Basis:  
    • Regulatorsin ensuring compliance with standards, obligations and the conduct of investigations.
    • Law enforcement in the prevention and detection of crime
    • Complying with legal requirements, regulations or any obligations construed through professional body of which we are a member:  We are subject to legal, regulatory and professional obligations.

We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. 

Use of personal data

We may process your personal data for the purposes outlined below, as the processing is necessary to (1) comply with our legal and regulatory obligations, (2) the performance of a contract to which you are party or to take action at your request prior to entering into a contract, and/or (3) the purposes of our legitimate interests relating to the provision of our services or the operation of our business.

We use personal data for the following purposes:

  • Assessment and acceptance of a client, conclusion, and execution of contract/agreements with a client: To commence and continue working with our clients, we are legally required to take certain steps (e.g. AML). We will have to process personal data about our clients, their ultimate beneficial owners and the client representatives.
  • Providing professional services to our (potential) clients: we provide a diverse range of professional services (for information on our services, click here). We process personal data in order to deliver those services to our (potential) clients.
  • Development and improvement of products and/or services: we process personal data to run our relationship with our clients, comply with our administrative, accounting and corporate obligations, maintaining and using our IT systems, developing our businesses and services, e managing our systems and applications. We also process personal data about our suppliers, subcontractors and individuals associated with our suppliers and subcontractors to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.
  • Security, quality, and risk management: Personal data may be processed in the context of protecting our information and our clients' information, as well as for internal quality analysis and risk management, and in information security certification processes.
  • Compliance with legal, regulatory, and professional requirements: we are subject to legal, professional, and regulatory obligations. For this purpose, it is necessary to collect some data, including some personal data, to demonstrate that our services are provided in accordance with the obligations to which we are subject.
  • Protection of our rights and in accordance with them and the rights of our clients. 

Who do we disclose personal data to?

On occasion we may transfer or disclose your personal data to other entities of the Forvis Mazars network (globally and locally), or to third parties for any of the purposes listed above, that include governmental and professional agencies and contracted parties who perform services on our behalf, such as IT providers, billing and Client management.

When we disclose your personal data to third parties who perform services on our behalf, we ensure that such service providers use your data only in accordance with our information security policies, and they are not authorized to use or disclose personal data, except when strictly necessary and when authorized to do so in order to provide services on our behalf or to comply with applicable legal obligations.

We may also disclose your personal data to third parties where we are required to do so by law, our regulators or for the purposes of, or in connection with any legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights.

We may share personal data with other Forvis Mazars network firms where necessary for administrative purposes and to provide professional services to our clients.

Owing to the global nature of our operations, we may transfer your personal data outside the European Economic Area (EEA) to countries whose data protection laws may not be as extensive as those in the EU, and in accordance with the GDPR regarding international data transfers.  

When we transfer data outside the EEA, UK or our jurisdiction, we will only transfer such personal data (i) to a country which the European Commission considers to have adequate data protection laws; or (ii) where we have put in place an appropriate data transfer mechanism, such as Standard Contractual Clauses EU, to ensure that your personal data are adequately protected.   

Data Subject rights

  • Accessing the personal data we hold about you;
  • Asking us to update, correct or change your personal data we hold which are inaccurate;
  • Request to have your personal data deleted;
  • Withdrawing consent to our processing of your personal data (where we process your personal data based on consent).
  • Putting in place restrictions on our processing of your personal data;
  • Objecting to our processing of your personal data;
  • Asking us to transfer your data to another controller (data portability).

Requests to exercise your rights as a data subject, in accordance with the requirements of applicable privacy legislation, will be reviewed and processed, taking into account the purpose for which we obtain your data.

If you wish to exercise any of your data subject rights or have any questions about this statement, please use the following email: rgpd.pt@forvismazars.com.

If you wish to exercise any of your rights, but we only act as a Data Processor in the relationship with our client, we will inform you accordingly and you should address your requests to our client.

Data retention

We will retain your personal data on our systems for the following periods:

  1. Purpose-Based Retention: As long as necessary to fulfill the purpose for which it was collected.
  2. Legal Requirements: For the duration mandated by applicable laws and regulations (e.g., tax, accounting, or compliance obligations).
  3. Liability Period: Until the conclusion of any ongoing legal claims, litigation, or associated investigations.

In general, personal data is retained for a period ranging from one (1) to ten (10) years, depending on the nature of the data and the applicable legal requirements. However, if legal or regulatory obligations require a longer retention period, we will comply with such requirements. Once the retention period has expired, personal data will be securely deleted or anonymized.

Data Security

We ensure appropriate technical and organisational controls are in place to protect your personal data from loss, misuse, alteration and unintentional destruction in accordance with its information security policies, such as the use of anti-virus, firewalls, secure servers, hard disk encryption software, password protection, physical access controls, two-factor authentication, intrusion and anomaly detection.

Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data.  They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion. 

Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data.  They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion. 

Children and our website

Forvis Mazars in Portugal understands the importance of protecting children's privacy, especially in an online environment. We do not knowingly collect or maintain information about individuals under the age of 16. If you are under 16, please do not share any personal data, even if requested. If you believe you have shared your personal data inadvertently, please ask your parents or guardians to notify us so that we can proceed with its deletion.

Changes to this privacy statement 

This privacy statement was updated in November 2025. We may amend it from time to time. Any changes will be published on this website, and we recommend you check here regularly.

Questions and complaints

Should you have any questions or complaints regarding this privacy statement or the way we collect and process your personal data, please contact us at by email: rgpd.pt@forvismazars.com

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you, you may take the matter to the Portugal Data Protection Authority: National Data Protection Commission - CNPD.

For more information, please visit the website www.cnpd.pt.

Contact us

+351 21 721 01 80
Meet our local team
Discover our offices
Or use our contact form