With the following information, we intend to inform you about the processing of your personal data by us and your rights, under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council of the 27<sup>th</sup> of April 2016 – hereinafter referred to as “GDPR”).
According to article 4 no. 7 of the GDPR, the controller is:
BETALYRA, SOCIEDADE UNIPESSOAL, LDA.,
Avenida General Eduardo Galhardo, Edifício Nucase, 115, 2775-564 Carcavelos, Portugal
E-mail: hello@betalyra.pt
BETALYRA processes data regarding your identification, your e-mail address as well as data entered in the searchattention created by the data subject. The data is supplied by the data subject, by filling in the registration form that is on the website or when the data subjects create and insert information in the searchattention.
The processing of your personal data is always linked to a specified, explicit and legitimate purposes, which have been defined before the processing of the data is commenced, in accordance with the principle of purpose limitation under article 5 no. 1 § b) of the GDPR.
When you fill in the registration form on our website, your personal data is processed in order to become a user and to authenticate on the website. The legal basis for processing your data is the fulfillment of a contract with you – article 6 no. 1 § b) of the GDPR.
The personal data inserted in searchattention by the data subject is processed in order to create the referred searchattentions. The legal basis for the processing of your data is the fulfillment of a contract with you and your consent for processing of the data (article 6 no. 1 § a) and b) of the GDPR .
Our policy consists of storing data for no longer than is necessary for the purposes for which the data are processed.
Your personal data will be stored during the entire period in which the data subject is a user of the website.
The invoice and accounting data will be stored for 10 years.
BETALYRA does not transfer your personal data to third parties, unless it is necessary for the rendering of services or it is necessary for compliance with a legal obligation to which BETALYRA is subject to.
Locations of the processing of your personal data
We process your data in Portugal and in other European countries (EU/EEA).
If your data is processed in countries outside of the European Union or the European Economic Area (EEA) (that is, in so-called third countries), this will only take place if you have expressly consented to it, if it is stipulated by law or if it is necessary for providing our services to you. If, in those exceptional cases, we process data in third countries, this will be done by ensuring that certain measures are taken, i.e., the data is processed on the basis of an adequacy decision by the EU Commission or if the processor provides appropriate safeguards in accordance with Article 46 of the GDPR.
As a data subject, you have the following rights:
Right of access to personal data (Article 15 of the GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to access your personal data as well as access the following information: the categories of personal data processed, the purposes of processing, any recipients or categories of recipients of your personal data and the planned storage period of your data.
Right of rectification of data (Article 16 of the GDPR): You have the right to request the rectification or completion of personal data concerning you, that is incorrect or incomplete.
Right to erasure (“Right to be forgotten“) (Article 17 of the GDPR):
You have the right to request the erasure without undue delay of your personal data. BETALYRA is obliged to delete your personal data in the following situations:
The personal data is no longer necessary for the purposes for which they were collected or otherwise processed.
You withdrew consent on which the processing is based, and there is no other legal ground for the processing of your personal data.
You have objected to the processing of your data based on the legitimate public interest or on our legitimate interests, and there are no overriding legitimate grounds for the processing.
Your personal data have been processed unlawfully.
The erasure of your personal data is necessary to comply with a legal obligation to which BETALYRA is subject.
Please note that the right to erasure of your personal data is excluded in the following cases:
Your personal data is used to exercise the right to freedom of expression and information.
Your personal data is used to comply with a legal obligation to which BETALYRA is subject.
Your personal data is used to carry out a task that is in the public interest or in the exercise of official authority that has been assigned to us.
Your personal data serves the public interest in the area of public health.
Your personal data is necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes.
Your personal data is necessary for the establishment, exercise or defense of legal claims.
Right to restriction of processing (Article 18 of the GDPR): You have the right to request that the processing of your personal data be restricted, where one of the following applies:
You contest the accuracy of your personal data and we have to verify the accuracy of your personal data.
The processing of your personal data is unlawful and instead of requesting the erasure of your personal data, you requested the restriction of their use instead.
We no longer need your personal data for the purposes of the processing, but you still need the personal data for the establishment, exercise or defense legal claims.
You object to the processing of your personal data and it has not yet been determined whether your or our legitimate reasons override this.
Right to data portability (Article 20 of the GDPR): You have the
right to receive the personal data concerning you, which you have
provided to BETALYRA in a structured, commonly used and machine-readable
format, and you have the right to transfer those data to another
controller. Furthermore, you also have the right to request that your
personal data be transferred from BETALYRA to another controller,
insofar as this is technically feasible.
The requirements for the applicability of data portability are as
follows:
Right to object (Article 21 of the GDPR): You have the right at any time to object to the processing of your personal data on grounds relating to your particular situation, which is based on a legitimate interest on our part (Article 6 no. 1 §. f) of the GDPR) or on the public interest (Article 6 no. 1 § e) of the GDPR). This also applies to profiling.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing.
Should you object to the processing of your personal data based on a legitimate interest, we will check in each individual case, whether we can demonstrate compelling legitimate grounds for the processing of the data which override your interests, rights and freedoms, thus we will inform you of those grounds.
In the event that we do not have any compelling legitimate grounds for the processing of the data or your interests as well as rights and freedoms override our own, your personal data will no longer be processed.
If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.
Right of withdrawal (Article 7 of the GDPR): If you have given us consent to process your personal data, you can withdraw this consent at any time without having to give reasons for the withdrawal.
Withdrawal of consent does not affect the lawfulness of the processing that has taken place based on the consent before its withdrawal.
Exercise of the rights of the data subject
Should you wish to exercise any of these data subject rights, please contact BETALYRA, by email: hello@betalyra.pt.
It should be noted that we can request that you prove your identity to ensure that the personal data is only provided to the data subject.
BETALYRA shall provide information on actions taken upon your request to exercise data subject rights, within one month of receipt of your request.
If you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
If there is a law or legal obligation that prevails over the above-mentioned rights, your request will be denied. In which case, BETALYRA shall inform you within one month of receipt of the request, indicating the reasons for denying your request.
You have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados: https://www.cnpd.pt/.
BETALYRA implemented technical and organizational measures to ensure the protection of personal data and to prevent security breaches and access to personal data by unauthorized persons, as well as the respective accidental or unlawful destruction, loss and alteration of personal data.
BETALYRA guarantees the confidentiality of your information. Consequently, BETALYRA does not sell, or in any way provides commercially the information to third parties. BETALYRA commits itself to keep your information confidential under this Privacy Policy and the applicable laws. BETALYRA requires from all its employees confidentiality on all personal information that they have access to. It should be noted that only authorized employees have access to personal information.
General information regarding the topic “cookies"
We use cookies on our website. Cookies are small text files that are stored on your hard drive, in accordance with the browser you are using and through which certain information flows to the website that sets the cookie. Many of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).
Cookies are used on our website for various purposes. For a better overview, each cookie has been assigned to one of the following categories:
Technically necessary
Cookies that belong to this category are necessary to ensure the core functionality and/or security of this website.
Functionality
Cookies of this category are used to increase user comfort e.g. by storing preferences such as language settings, text size adjustments, user names or local settings.
In the context of Cookies, what personal data are processed?
Processing of data upon visiting our website
Insofar as you use our website solely for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your personal browser transmits to our server.
This information is technically necessary so that our website can be displayed to you. Furthermore, this data is technically necessary to ensure the stability and security of our website. In this case, the legal basis for the processing of your personal data is article 6 no. 1 § f) of the GDPR, i.e., the legitimate interest in providing an optimal presentation of this website as well as the protection of the website against external attacks and their traceability. We delete this personal data at the end of the usage process, unless it is necessary for purposes of abuse detection or abuse traceability; in such a case, we retain this data for up to a maximum of 30 days.
When visiting our website, the following personal data may be processed, which is automatically transmitted by your browser to our servers and stored there in the form of "log files":
IP address of the device used to access the website
Date, time, and duration of the visit
Geographic location (country/region) of the request
Content of the request (specific page/URL accessed)
Access status/HTTP status code
Referrer URL (the website from which you navigated to our site)
Browser type and version
Browser extensions and permissions
Operating system and device type (desktop, mobile, tablet)
Device settings including display parameters
Language and localization preferences
Cookies and local storage data
User agent string information
Connection type and speed metrics
Preferred content delivery format
Do Not Track (DNT) signal status
Amount of data transferred
We use authentication cookies when you login to our website, which are used for security reasons and necessary for authentication (login and signup), which are as follows:
In this respect, the possibility of using the services provided in our website depends on you providing us with certain personal data. We collect, use and process this personal data only to the extent necessary to provide you with the respective service. The legal basis for the processing of your personal data is article 6 no. 1 § b) of the GDPR.
| Sub-processor | Data | Purpose of processing | Entity country |
|---|---|---|---|
| Plausible | Anonymous usage metrics (page views, referral sources, device type) without cookies or personal identifiers | Analytics to improve user experience and service performance | Estonia (EU) |
| Vercel | Connection metadata (IP address, browser information) | Hosting our landing page and user-facing website | United States |
| Scaleway | User account data and content submissions | Primary cloud infrastructure for application hosting, database storage, and AI processing (via Mistral LLM models) | France (EU) |
| Runpod | Content data (text submissions for analysis) | On-demand GPU computing for AI content optimization (no personal data transmitted) | United States |
| Cloudflare | Connection metadata and transit data | Content delivery network (CDN), security services (including CAPTCHA verification), and performance optimization | United States |
| Content data (text submissions for analysis) | AI processing for optimization recommendations (no personal data transmitted) | United States | |
| Digital Ocean | Content data for processing and analysis | Secondary cloud infrastructure for application hosting | United States |
| Mistral | Content data (text submissions for analysis) | AI language model processing for optimization (no personal data transmitted) | France (EU) |
Data Processing Details
Content Data: When you submit content for AI optimization, it is processed by our AI infrastructure providers (Runpod, Google Cloud, Scaleway, and/or Mistral AI). These providers only receive the content you specifically submit for analysis, not your account information or other personal data.
User Account Data: Your account information and settings are stored on our secure Scaleway infrastructure located in the EU.
Data Transfers: Where data is processed outside the EU, we ensure appropriate safeguards are in place through standard contractual clauses and data processing agreements.
Data Minimization: We follow the principle of data minimization and only collect and process the information necessary to provide our services.
BETALYRA may change its Privacy Policy at any time. The latest version will always be available on our website and it will govern the use of the users’ information.
For any questions regarding the processing of your personal data, please contact us via
the following e-mail address hello@betalyra.pt.
Carcavelos, 4th of March 2025