Mulheres VIP is committed to protecting the personal data of its users and visitors. This Privacy Policy explains, in plain terms, what data we collect, for what purposes, with whom we share it and your rights as a data subject, in compliance with the General Data Protection Regulation (GDPR — Regulation EU 2016/679) and applicable Portuguese law.
1. Who we are
The website mulheresvip.net is operated by Mulheres VIP. For all purposes of the GDPR, this entity is the Data Controller of the personal data collected through this website.
General contact:
- Email: info@mulheresvip.net
- Phone: +351 934 106 784
2. Data Protection Officer (DPO)
For any question related to the processing of your data or to exercise your rights, you can contact our DPO:
- Email: dpo@mulheresvip.net
3. What data we collect
The nature of the data depends on how you interact with the website. We only collect what is necessary for each purpose:
Visitors (general use of the site)
- IP address, user-agent, language and approximate country
- Pages visited, time on page, traffic sources
- Cookie identifiers (see section 9 — Cookies)
Newsletter subscribers
- Email address
- Date and IP of consent (opt-in proof)
Authors of comments and reviews
- Name or nickname, comment content
- IP address, date and user-agent (fraud prevention)
Registered advertisers
- Name, phone, contact email
- Photos and descriptive text of the ad
- City and service location data
- Proof of age (copy of ID document) — mandatory to validate the minimum age of 21
- Payment data, handled directly by the payment gateway (see section 6)
4. What we use the data for
Each data category has a specific purpose:
- Service delivery — publishing ads, account management, receiving and moderating comments
- Security and fraud prevention — access logs, blocking malicious IPs, reCAPTCHA, age validation
- Direct communication — replying to requests sent by email, phone or WhatsApp
- Direct marketing — newsletter, only after explicit consent (opt-in)
- Statistics and improvement — aggregated, mostly anonymised traffic analysis
- Legal compliance — record retention when required by law (tax, criminal, etc.)
5. Legal basis (Art. 6 GDPR)
- Contract performance (Art. 6(1)(b)) — advertiser account management and ad publication
- Consent (Art. 6(1)(a)) — analytical and marketing cookies, newsletter
- Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, defending rights in disputes
- Compliance with legal obligation (Art. 6(1)(c)) — when applicable (e.g. tax retention)
6. Who we share data with (Processors)
We rely on providers acting as processors under contracts pursuant to Art. 28 GDPR. We only share the data strictly required for each service:
- Cloudflare, Inc. — CDN, DDoS protection, cache. May process IPs and security cookies
- Google LLC — Google Tag Manager, Google Analytics and reCAPTCHA (statistics, bot prevention)
- Amazon Web Services, Inc. (AWS) — backend hosting, database and files
- SendGrid, Inc. — transactional and newsletter email delivery
- Stripe, Inc. — payment processing
We do not sell or transfer personal data to third parties for autonomous marketing purposes.
7. International transfers
Some of our processors (notably Cloudflare and Google) are headquartered in the United States. Whenever there is a transfer of data outside the European Economic Area, it is made under:
- Standard Contractual Clauses (SCC) approved by the European Commission
- EU-U.S. Data Privacy Framework, where the provider is certified
8. Retention period
- Access logs — up to 30 days
- Analytical cookies — according to the processor (max. 13 months for Google Analytics)
- Newsletter — until consent is withdrawn
- Advertiser account — while active, plus 12 months after deactivation for defence of rights
- Comments and reviews — while the associated ad is published, or until deletion request
- Legal proof documents — as required by applicable retention periods
After these periods, data is deleted or fully anonymised.
9. Cookies
We use first-party and third-party cookies to ensure the site works, collect aggregated statistics and protect against abuse. Categories:
- Strictly necessary — session, security, language preferences (do not require consent)
- Analytical — Google Analytics (require consent)
- Marketing — only where applicable (require consent)
You can manage your preferences at any time through the consent banner or your browser settings. Refusing analytical/marketing cookies does not prevent use of the site.
10. Your rights
As a data subject, you have the following GDPR rights:
- Access — know what data we hold about you and obtain a copy
- Rectification — correct inaccurate or outdated data
- Erasure ("right to be forgotten") — delete your data, except where legal retention applies
- Restriction of processing — suspend processing under specific circumstances
- Portability — receive your data in a structured, commonly used format
- Objection — object to processing, especially direct marketing
- Withdraw consent — at any time, without affecting lawful processing already carried out
To exercise any of these rights, email dpo@mulheresvip.net. We reply within 30 days, extendable by 60 days in complex cases (with prior notice).
11. Complaints to the supervisory authority
If you believe the processing of your data violates the GDPR, you may lodge a complaint with the Portuguese supervisory authority — Comissão Nacional de Proteção de Dados (CNPD):
- Web: www.cnpd.pt
- Email: geral@cnpd.pt
- Address: Av. D. Carlos I, 134, 1.º — 1200-651 Lisbon, Portugal
12. Minors
Mulheres VIP is intended exclusively for people over 21 years old. We do not intentionally process data of minors. If you identify a situation of misuse by a minor, contact dpo@mulheresvip.net for immediate removal.
13. Security
We implement technical and organisational measures appropriate to the risk: TLS encryption (HTTPS) on all communications, access control based on the principle of least privilege, event logging, regular backups and periodic review of our practices. Despite our efforts, no system is 100% secure — we commit to notifying the CNPD and affected data subjects in case of a data breach as required by the GDPR.
14. Changes to this policy
This policy may be updated to reflect changes in our services, applicable law or our processors' practices. The last update date is always shown at the end of the document. Material changes will be duly communicated on the site and, where applicable, by email to affected data subjects.
In effect since May 25, 2018. Last updated: May 15, 2026.