Shilling logo
Shilling logo

Privacy Policy

Last update:
July 14, 2021

At SHILLING, we are truly committed in protecting your personal data.

This Privacy Policy describes what personal information SHILLING collects and how that information is processed, used and disclosed. Throughout this document, users of the website will be referred to as "you", and SHILLING will be referred to as "we" or "us".

This processing of Personal Data is carried out in compliance with this Privacy Policy, with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR”) and with Law 58/2019 of 8 August, which ensures the enforcement in Portugal of the GDPR.

By visiting our website or using any of the services we offer in the website, you are accepting and consenting to this Privacy Policy.

Who is responsible for your Personal Data?

The entity responsible (the “Controller”) for the processing of your personal data is SHILLING CAPITAL LDA., with the registered number 509626831 and head office at Campo Grande, 28, 3º B, 1700 Lisbon.

What personal data do we collect?

“Personal data” is any information that identifies you as an individual or relates to an identifiable individual.

We only collect personal data that we consider essential for using our website, and for providing you with our services, as well as for contacting you in relation to our services. To see the purposes and legal basis for the processing of your data, please see the section (“For what purposes do we process your data?”).

How do we collect your personal data?

We collect your personal data directly from you, when you fill out the forms available in our website (“submit your pitch, book office hours, subscribe our newsletter); when you contact us by any other ways (post, phone, e-mail, etc.); or when you contact us through our social media pages.  We also collect information about you, for example, during the talks and meetings we may have, when you book office hours and you schedule a call with us.

We use automated technologies in our website, which means that we may also automatically collect technical data about your equipment and browsing actions and patterns. 

We may also collect your publicly available data and any information you decide to share with us in your pitch, presentation or any support documentation you provide.

For what purposes do we process your data?

Below, you can find the type of data we can collect during the various interactions you can have with us, as well as the purpose and the legal basis for us to do it Please remember that this information is not always collected, and we will only collect it if we needed it or if you decide to provide the information.  Nevertheless, and when that happens, these are the specific purposes for which the information will be used.

Purpose / activity - Type of data - Legal basis for processing

Manage the presentation of your Pitch - Identification data and contact data - Performance of a contract or service with you; Consent.

Book office hours - Identification data and contact data - Performance of a contract or service with you; Consent.

Sending newsletters and other communications - Identification data and contact data - Our legitimate interests (to inform you of our news and keep you up to date with information regarding our Team); Performance of a contract with you.

Management of our contacts and relationship with users - Identification data and contact data - Performance of a contract or service with you; To comply with legal obligations.

To monitor, improve and administer the Website and the services provided on the Website - Connection and location data - Our legitimate interests (security purpose); To comply with legal obligations.

Data analysis to improve our website, our services and the relationship with our users - Connection and geolocation data; commercial data - Our legitimate interests.

We will only use your personal data for the purposes for which the information was first collected, unless we reasonably consider that we need to use that data for another reason and that reason is compatible with the original purpose.

Security measures

We implemented appropriate technical and organizational measures to address the risks corresponding to our use of your Personal Data, including loss, alteration, or unauthorized access to Personal Data, and empowering you to exercise your rights.

Data Sharing

We work on the assumption that when you pitch us, you want Shilling to share your ideas with people who may be willing to invest in projects like yours.  Most of the time, the process of letting other people know about your project involves sharing personal information you have provided, with these third parties so that they can evaluate your project.  However, we will only share information we understand is relevant for their analysis and decision making. 

Your personal data will never be transferred to third parties for purposes other than those described in this Privacy Policy. However, and to provide our services we will sometimes have to use external providers (processors), for example, e-mail platforms, network providers or hosting companies. Please remember that these providers will not be using your personal data for their own purposes, but solely to provide us with services we need and are part of the services we provide you, within the purposes detailed in this Privacy Policy. We only use entities (natural or legal person) that have implemented the adequate technical and organizational measures and that guarantee the fulfilment of the legislation in force.

These entities will only process Personal Data for the purposes expressly foreseen in this Privacy Policy, being bound to tight contracts which guarantee that they will only process your Personal Data, based on express and written indications provided by us.

We may also share Personal Data to any third party where you provided your consent.

International Transfers

Some of the data recipients with whom we share Personal Data may be in countries other than the country in which Personal Data originally was collected, namely outside the EEA. The laws in those countries may not provide the same level of data protection compared to the country in which you initially provided data. Nevertheless, when we transfer Personal Data to recipients in other countries, including the USA, we guarantee those recipients provide adequate levels on protection according to the GDPR, for example through the signing of Standard Contractual Clauses, or an intragroup data transfer agreement.

Retention of your data

We will keep your personal information only as long as reasonably necessary for the purposes described in this Policy unless a longer retention period is required by law.

Furthermore, even if you decide to stop using our services, we may still send you marketing communications, as we will retain the email address for the specific purpose of sending marketing communications until you unsubscribe from these communications. 

Our data retention policies regarding records are fully in accordance with the current legislation. We will keep and use your information to the extent necessary to comply with our legal obligations, namely regarding taxes and income and dispute resolution.

Your rights as data subject

As data subject, you have the right to request: 

  • access to Personal Data; 
  • a copy of Personal Data (portability) you have provided, for your own purposes to use across different services;
  • the correction of Personal Data if it is incomplete or inaccurate;
  • the deletion or restriction of Personal Data in certain circumstances provided by applicable law;
  • the withdraw of consent for any data processing, based on consent, at any time;

You can exercise your rights by sending us an e-mail to

You will also have the right to lodge a complaint at the Comissão Nacional de Proteção de Dados, if you consider your rights have been violated.

Third Party Links

Our website may provide links to third-party websites. The processing of data by those websites is not of our responsibility. As this Privacy Policy does not apply to the processing of personal data carried out by these third parties, we encourage you to read the Privacy Policy of any websites you visit whenever you leave the SHILLING website.

Changes to this privacy policy

This Privacy Policy is effective from the date indicated at the beginning. Applicable law and our practices change over time. If we decide to update our Privacy Policy, we will post it immediately on the website. If we materially change the way in which we process Personal Data, we will provide the User with prior notice, or where legally required, request consent prior to implementing such changes. We strongly encourage reading our privacy policy and keep informed of our practices. We advise a regular check for the latest updated version of the Policy.

Logo Stripes
Logo Stripes