Data privacy statement l Website

LegalsLegal and privacy

Data privacy statement l Website

Forvis Mazars in Portugal takes the security of and our legal responsibilities around personal data seriously. This statement explains relevant information about our processing of personal data collected via this website.
The following information is for visitors to our site and to our obligations to you under the General Data Protection Regulation (EU) 2016/679.

Data Controller

Forvis Mazars in Portugal (designated by “we” or “us”), is currently composed by Forvis Mazars & Associados, SROC, SA; Forvis Mazars Contabilidade, SA; Forvis Mazars Advisory, SA; Forvis Mazars - Sociedade de Advogados, SP, RL.

Each Forvis Mazars Firm indicated above is the data controller for the personal data you provide to us via this website. 

On occasion we may be acting as a data processor to our clients or other third parties.

What personal data do we process?

The personal data we process as a result of you visiting our website depends on the data you provide to us. In general, we collect the following categories of personal data through our website (non-exhaustive examples):

  • Basic information, Name, Surname, email address, postal address, telephone number, preferences, interests;
  • Company name, business address;
  • Employment and education details. Where you submit an employment application (e.g. the organisation you work for, your job title, history, responsibilities, experience, education details);
  • Cookies based usage and interaction with our website (see ‘Cookies’ for more info);
  • your IP address;
  • Other any personal data that you provide to us.

If you access our site but do not interact further with us, we will only process the data contained in cookies (see ‘Cookies’ for more info).  Should you decide to interact with us by, for example, submitting a request form we will process the data you provide for the purposes stated on the form.  Some fields are mandatory as without them we will be unable to make further contact with you to answer your request.

When you contact us, we make certain fields of data mandatory to enable us to process your request. You may choose to provide us with additional personal data, including Special Category Personal Data.  If you choose to provide us with any special category personal data, we will seek your explicit consent for us to process those personal data for the purpose of investigating and responding to your enquiry. 

By providing us with your personal data for a requested service, we process it as necessary to provide you with that service (e.g., on a contractual or pre-contractual steps basis).

Should you provide us with business contact details we may also use those contact details in pursuit of our legitimate interests in promoting and developing our business which includes sending you marketing material. You have the right to object to this processing for marketing purposes at any time by contacting us at rgpd@mazars.pt or using unsubscribe mechanisms provided in our communications.

How do we collect personal data?

To enable us to operate our website and deliver our services, we may collect your personal data from:

  • You directly.
  • Our network firms.
  • Law enforcement or similar agencies.
  • Our suppliers.
  • Third parties you authorise us to obtain your personal data from.

We will always only ask you to provide the minimum personal data necessary to fulfil any specific objective. Where we ask you to provide us with certain data and you are unable or unwilling to do so it may affect how we are able to interact with you. In such an event, we will explain to you the impact of not providing the requested personal data.

Legal basis for processing

We process your personal data in accordance with the following legal bases.

  • Consent: In some situations, we will seek your freely given, specific, informed, and unambiguous consent to processing your personal data.
  • Contractual basis and/or our legitimate interests include: 
    • Creating, developing and or managing our relationship with you, including performing our contractual obligations or taking steps at your request prior to entering into a contract);
    • Meeting our administrative, accounting and corporate obligations;
    • Maintaining the security of our IT systems, offices and team in accordance with our information security policies; and
    • Developing our business and services.
  • Legal Basis:
    • Regulators in ensuring compliance with standards, obligations and the conduct of investigations.
    • Law enforcement in the prevention and detection of crime.
    • Complying with legal requirements, regulations or any obligations construed through professional body of which we are a member:  We are subject to legal, regulatory and professional obligations.

We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. 

Use of personal data

We may process your personal data collected through our website for the purposes outlined below:

  • Responding to enquiries: When you raise an enquiry with us, we will use your information to process and respond to your request.  If your request involves one or more of our member firms, we may share your data with them to facilitate a complete response or to enable them to respond to you directly.
  • Contract entry and performance: Should you indicate an interest in becoming a client of Forvis Mazars in Portugal we will use your personal data in order to take steps to enter into a contract with you or the company you represent.  We may continue to use the data provided through our website in order to perform our duties under a contract with you.
  • Our legitimate interests: We process personal data in order to run our business, including managing our relationship with you, meeting our administrative, accounting and corporate rights and obligations, maintaining and using our security systems and developing our business and services.
  • Recruitment and personnel administration: If you apply for a job through our website, we collect your personal data to consider your application and assess your suitability for employment.
  • Security, quality and risk management: Personal data may be processed in the context of maintaining security and within the scope of internal quality and risk analysis.
  • Compliance with legal, regulatory, and professional requirements: we are subject to legal, professional, and regulatory obligations. For this purpose, it is necessary to collect some data, including some personal data, to demonstrate that our services are provided in accordance with the obligations to which we are subject.

Who do we disclose personal data to?

On occasion we may transfer or disclose your personal data to other entities of the Forvis Mazars network (globally and locally), or to third parties for any of the purposes listed above, that include governmental and professional agencies and contracted parties who perform services on our behalf, such as IT providers, billing and Client management.

When we disclose your personal data to third parties who perform services on our behalf, we ensure that such service providers use your data only in accordance with our information security policies, and they are not authorized to use or disclose personal data, except when strictly necessary and when authorized to do so in order to provide services on our behalf or to comply with applicable legal obligations.

We may also disclose your personal data to third parties where we are required to do so by law, our regulators or for the purposes of, or in connection with any legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights.

We may share personal data with other Forvis Mazars network firms where necessary for administrative purposes and to provide professional services to our clients.

Owing to the global nature of our operations, we may transfer your personal data outside the European Economic Area (EEA) to countries whose data protection laws may not be as extensive as those in the EU, and in accordance with the GDPR regarding international data transfers. 

When we transfer data outside the EEA, UK or our jurisdiction, we will only transfer such personal data (i) to a country which the European Commission considers to have adequate data protection laws; or (ii) where we have put in place an appropriate data transfer mechanism, such as Standard Contractual Clauses EU, to ensure that your personal data are adequately protected.  

Should you make an enquiry through our website which concerns one of the Forvis Mazars network firms we may need to forward the request to them on your behalf. 

Data Subject rights

 Where we act as a Data Controller for your personal data, you may exercise your rights including:

  • Accessing the personal data we hold about you;
  • Asking us to update, correct or change your personal data we hold which are inaccurate;
  • Request to have your personal data deleted;
  • Withdrawing consent to our processing of your personal data (where we process your personal data based on consent).
  • Putting in place restrictions on our processing of your personal data;
  • Objecting to our processing of your personal data;
  • Asking us to transfer your data to another controller (data portability).

Requests to exercise your rights as a data subject, in accordance with the requirements of applicable privacy legislation, will be reviewed and processed, taking into account the purpose for which we obtain your data.

If you wish to exercise any of your data subject rights or have any questions about this statement, please use the following email: rgpd.pt@forvismazars.com.

Data retention

We will retain your personal data on our systems for the following periods:

1.     Purpose-Based Retention: As long as necessary to fulfill the purpose for which it was collected.

2.     Legal Requirements: For the duration mandated by applicable laws and regulations (e.g., tax, accounting, or compliance obligations).

3.     Liability Period: Until the conclusion of any ongoing legal claims, litigation, or associated investigations.

In general, and except for cookies which may have shorter retention periods (please refer to the "Cookies" section for more information), personal data is retained for a period ranging from one (1) to ten (10) years, depending on the nature of the data and the applicable legal requirements. However, if legal or regulatory obligations require a longer retention period, we will comply with such requirements. Once the retention period has expired, personal data will be securely deleted or anonymized.

Data Security

We ensure appropriate technical and organisational controls are in place to protect your personal data from loss, misuse, alteration and unintentional destruction in accordance with its information security policies, such as the use of anti-virus, firewalls, secure servers, hard disk encryption software, password protection, physical access controls, two-factor authentication, intrusion and anomaly detection.

Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data.  They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion. 

Conditions to protect personal data to at least the same standard as we do are cascaded to all our contractors, (sub) processors and suppliers.  

Regular monitoring and testing of our security defences is carried out to ensure they continue to be effective against the latest threats. 

Data transferred over the internet by us and through this website are protected using encryption technologies. 

Children and our website

Forvis Mazars in Portugal understands the importance of protecting children's privacy, especially in an online environment. Our sites are not intentionally designed for or directed at children. We do not knowingly collect or maintain information about individuals under the age of 16. If you are under 16, please do not share any personal data, even if requested. If you believe you have shared your personal data inadvertently, please ask your parents or guardians to notify us so that we can proceed with its deletion.

Cookies

Navigation on our website will result in cookies being placed to your computer. Cookies are small text files that are placed on your computer by the websites that you visit. For further details, please consult our Cookie Policy.

Changes to this privacy statement 

This privacy statement was updated in November 2025. We may amend it from time to time. Any changes will be published on this website, and we recommend you check here regularly.

Questions and complaints

Should you have any questions or complaints regarding this privacy statement or the way we collect and process your personal data, please contact us at by email: rgpd.pt@forvismazars.com

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you, you may take the matter to the Portugal Data Protection Authority: National Data Protection Commission - CNPD.

For more information, please visit the website www.cnpd.pt.

Contact us

+351 21 721 01 80
Meet our local team
Discover our offices
Or use our contact form