Privacy Policy

Last updated: February 2026

LEARN SOMETHING NEW, LDA (“HandsOn”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketplace platform at handson.pt.

1. Who We Are

HandsOn operates a digital marketplace platform connecting people with workshop experiences across Portugal.

Company Details:

Legal Name: LEARN SOMETHING NEW, LDA
Address: Rua Guilherme Faria 6 2dto, Portugal
Website: https://handson.pt
Email: admin@handson.pt
Data Protection Contact: admin@handson.pt

2. Information We Collect

2.1 Information You Provide Directly

For All Users:

Account information (name, email address, password)
Profile information (photo, bio, location preferences)
Payment information (processed through secure payment providers)
Communication data (messages, reviews, support inquiries)

For Workshop Participants (Students):

Booking details and preferences
Attendance records
Reviews and ratings of workshops and teachers
Gift card purchase and redemption information
Dietary restrictions or accessibility needs (when provided)
Emergency contact information (when provided)

For Workshop Teachers:

Professional credentials and teaching experience
Workshop descriptions, pricing, and availability schedules
Bank account details for payment transfers
Business registration information (VAT/NIF number)
Workshop photos, videos, and promotional materials
Identity verification documents
Teaching certifications or qualifications

2.2 Information Collected Automatically

Usage Data:

Device information (IP address, browser type, device ID, operating system)
Usage patterns (pages visited, time spent, click patterns, search queries)
Cookies and similar tracking technologies (see Cookie Policy)
Location data (with your permission)
Referral source (how you found HandsOn)

Analytics Data:

Google Analytics (page views, session duration, user flow)
Microsoft Clarity (heatmaps, session recordings)
Hotjar (user feedback and behavior analysis)

2.3 Information from Third Parties

Social Media Login:

Google, Facebook, Instagram, Twitter, LinkedIn
Basic profile information (name, email, profile picture)

Payment Processors:

Stripe (international card payments)
IfThenPay (Multibanco, MB WAY, bank transfers)
Transaction verification and fraud prevention data

Marketing Partners:

Email engagement data from Klaviyo
Advertising performance from Meta Pixel, Google Ads

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

Processing Purpose	Legal Basis
Account creation and management	Contract Performance
Workshop bookings and payments	Contract Performance
Platform security and fraud prevention	Legitimate Interests
Customer support	Contract Performance
Marketing communications	Consent (can be withdrawn)
Analytics and improvement	Legitimate Interests
Legal compliance (tax, accounting)	Legal Obligation
Teacher payments and commissions	Contract Performance

4. How We Use Your Information

4.1 Core Marketplace Services

For Participants:

Creating and managing your account
Processing workshop bookings and payments
Sending booking confirmations and reminders
Facilitating communication with teachers
Processing refunds and cancellations
Managing gift card purchases and redemptions
Providing customer support

For Teachers:

Creating and managing your teaching profile
Publishing workshop listings
Processing bookings from students
Calculating and transferring payments (85% of booking value to teachers)
Generating tax documentation
Providing teacher support and resources

4.2 Platform Improvement

Analyzing usage patterns to improve functionality
Testing new features and services
Conducting research and analytics
Preventing fraud and ensuring platform security
Optimizing search and recommendation algorithms

4.3 Communications

Transactional Emails (Always Sent):

Booking confirmations and receipts
Workshop reminders and updates
Payment notifications
Account security alerts
Terms of Service updates

Marketing Communications (Opt-In Required):

Newsletter with featured workshops
Personalized workshop recommendations
Special offers and promotions
New teacher announcements
Platform feature updates

You can unsubscribe from marketing emails at any time via the link in each email or through your account settings.

4.4 Legal and Safety

Complying with legal obligations (tax reporting, court orders)
Enforcing our Terms of Service
Protecting against fraud, abuse, and security threats
Resolving disputes between users
Maintaining transaction records for accounting

5. How We Share Your Information

5.1 Between Platform Users

Participants Can See:

Teacher names, photos, and workshop details
Public reviews and ratings from other participants
Workshop location and contact information

Teachers Receive:

Participant names and contact information (for booked workshops only)
Booking details and special requests
Payment confirmations

Public Information:

Reviews and ratings are publicly visible
Teacher profiles and workshop listings are public
Workshop photos and descriptions are public

5.2 Service Providers

We work with trusted third-party service providers who process data on our behalf:

Payment Processing:

Stripe: International credit/debit card payments, fraud prevention
IfThenPay: Portuguese payment methods (Multibanco, MB WAY, bank transfers)

Technology Infrastructure:

WordPress/WooCommerce: Website platform and booking system
Hosting providers (to be specified based on your actual hosting)
Email delivery services

Analytics and Marketing:

Google Analytics: Website usage analysis
Microsoft Clarity: User experience optimization
Hotjar: User feedback and behavior analysis
Klaviyo: Email marketing and automation
Google Ads: Advertising and conversion tracking
Meta Pixel: Facebook/Instagram advertising
Ottokit: Conversion optimization

All service providers are contractually required to:

Protect your data with appropriate security measures
Only use data for specified purposes
Comply with GDPR and data protection regulations
Not sell or share your data with other parties

5.3 Business Transfers

If HandsOn is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will:

Notify you before the transfer
Inform you if the privacy policy changes
Give you options to delete your data if you disagree

5.4 Legal Requirements

We may disclose information when required by law or to:

Comply with court orders or legal process
Respond to government agency requests
Protect our rights and property
Prevent fraud or security threats
Protect user safety and public interest
Defend against legal liability

We will notify you of such requests unless prohibited by law.

6. International Data Transfers

HandsOn operates primarily in Portugal within the European Economic Area (EEA). However, some service providers are based outside the EEA, including:

United States-Based Services:

Google (Analytics, Ads)
Meta/Facebook (Pixel, advertising)
Microsoft (Clarity)
Stripe (payment processing)
Klaviyo (email marketing)

Data Protection Measures: When transferring data outside the EEA, we ensure:

Standard Contractual Clauses (SCCs) are in place
Service providers have adequate data protection safeguards
Compliance with GDPR requirements for international transfers
Regular reviews of data protection adequacy

You have the right to obtain information about these safeguards by contacting us.

7. Your Rights Under GDPR

As a data subject in the EU/Portugal, you have the following rights:

7.1 Right of Access

Request a copy of the personal data we hold about you, including:

What data we have
Why we’re processing it
Who we’ve shared it with
How long we’ll keep it

How to exercise: Email admin@handson.pt with subject “Data Access Request”
Response time: Within 30 days

7.2 Right to Rectification

Correct inaccurate or incomplete information about you.

How to exercise: Update in your account settings or email admin@handson.pt

7.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data when:

It’s no longer necessary for the original purpose
You withdraw consent (where consent was the legal basis)
You object to processing based on legitimate interests
The data was unlawfully processed

Limitations: We may need to retain some data for:

Legal obligations (tax records: 7 years)
Defending legal claims
Archived records for public interest

How to exercise: Account settings > Delete Account or email admin@handson.pt

7.4 Right to Restrict Processing

Limit how we use your information when:

You’re contesting the accuracy of data
Processing is unlawful but you don’t want deletion
We no longer need it but you need it for legal claims
You’ve objected to processing pending verification

7.5 Right to Data Portability

Receive your data in a structured, commonly used, machine-readable format (JSON) and transfer it to another service.

What’s included:

Account information
Booking history
Reviews written
Communication preferences

How to exercise: Email admin@handson.pt with subject “Data Portability Request”

7.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

For Marketing:

Unsubscribe links in all marketing emails
Account settings > Email Preferences
Email admin@handson.pt

For Legitimate Interests:

Email admin@handson.pt explaining your objection
We’ll assess and respond within 30 days

7.7 Right to Withdraw Consent

Withdraw consent for processing at any time (where consent is the legal basis).

Note: Withdrawal doesn’t affect the lawfulness of processing before withdrawal.

7.8 Right to Lodge a Complaint

File a complaint with the Portuguese Data Protection Authority:

Comissão Nacional de Proteção de Dados (CNPD)

Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
Phone: +351 213 928 400
Email: geral@cnpd.pt
Website: www.cnpd.pt

To Exercise Your Rights: Email admin@handson.pt with:

Your full name and email address
Specific right you wish to exercise
Relevant details (e.g., data categories, time periods)

We may request identity verification for security purposes.

8. Data Retention

We retain your information only as long as necessary:

Data Type	Retention Period	Reason
Active account data	Duration of account	Service provision
Inactive accounts	2 years after last login	Re-engagement possibility
Booking records	7 years	Tax and legal compliance
Payment records	7 years	Tax and legal compliance
Marketing consents	Until withdrawn + 1 year	Compliance verification
Support communications	3 years	Quality improvement
Analytics data	26 months (aggregated)	Platform improvement
Security logs	90 days	Security and fraud prevention
Reviews and ratings	Indefinite (anonymized)	Platform trust and quality

After Retention Periods:

Personal data is securely deleted or anonymized
Backups are purged within 90 days of deletion
Anonymized data may be kept for statistical purposes

Account Deletion: When you delete your account:

Personal data is removed within 30 days
Some data is retained for legal compliance (booking records)
Reviews remain but are anonymized
Payment records are retained for 7 years (tax law)

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

Technical Measures:

Encryption of data in transit (SSL/TLS certificates)
Encrypted storage of sensitive information
Secure payment processing (PCI-DSS compliant)
Regular security updates and patches
Firewall and intrusion detection systems
Secure backup systems

Organizational Measures:

Access controls (role-based permissions)
Staff training on data protection
Confidentiality agreements with all personnel
Regular security audits and assessments
Incident response procedures
Data processing agreements with all vendors

Payment Security:

We never store full credit card numbers
Payment data is tokenized by processors
PCI-DSS Level 1 compliance (Stripe)
Fraud detection and prevention systems

However: No internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about:

Types of cookies we use
How to manage cookie preferences
Third-party cookies
Opt-out options

Please see our Cookie Policy

Quick Summary:

Essential cookies: Required for platform functionality (cannot be disabled)
Analytics cookies: Help us improve the platform (can be disabled)
Marketing cookies: Personalize ads and content (can be disabled)

You can manage preferences via the cookie banner or footer link.

11. Marketing Communications

11.1 Types of Communications

Transactional (Cannot Opt Out):

Booking confirmations and receipts
Workshop reminders
Payment notifications
Account security alerts
Terms of Service updates

Marketing (Opt-In Required):

Newsletter with featured workshops
Personalized recommendations
Special offers and discounts
New teacher announcements
Blog posts and content

11.2 How We Use Your Preferences

Email Marketing (Klaviyo):

Tracks email opens and clicks
Personalizes content based on interests
Segments by location and preferences
Measures campaign effectiveness

11.3 How to Unsubscribe

Multiple Options:

Click “Unsubscribe” in any marketing email
Account Settings > Email Preferences
Email admin@handson.pt with “Unsubscribe” in subject

Effect:

Stops marketing emails within 48 hours
Transactional emails continue (required for service)
Can re-subscribe anytime in account settings

12. Children’s Privacy

12.1 Age Requirements

Our Policy:

HandsOn is not intended for children under 16 years old
We do not knowingly collect data from children under 16
Parents can book workshops for children using parent’s account

If You’re Under 16:

You must have parental consent to use HandsOn
Your parent/guardian must create and manage the account
Workshop bookings must be made by parent/guardian

12.2 Parental Responsibility

If Your Child Uses HandsOn:

You are responsible for their use of the platform
You must supervise their workshop participation
Contact us if your child has provided information without consent

If We Discover Underage Use:

We will delete the account and data promptly
We will notify the email address on file
We will not process any further data

Contact Us: If you believe we’ve inadvertently collected data from a child under 16, email admin@handson.pt immediately.

13. Third-Party Links and Services

13.1 External Websites

Our platform may contain links to:

Teacher personal websites
Social media profiles
Workshop venue websites
Partner platforms
Payment processor sites

We Are Not Responsible For:

Privacy practices of these third parties
Content on external websites
Security of external services
Data collection by third parties

Recommendation: Review the privacy policy of any external site before providing information.

13.2 Social Media Integration

When You Connect Social Media:

We receive basic profile information (name, email, photo)
You control what information social platforms share with us
Review social platform privacy settings to manage sharing

Social Sharing:

When you share workshops on social media, that platform’s privacy policy applies
Public posts may be visible beyond your connections

14. Special Categories of Data

We generally avoid collecting sensitive personal data, but may receive:

Health Data:

Dietary restrictions (allergies, vegetarian/vegan)
Accessibility needs (wheelchair access, hearing/vision assistance)
Medical conditions (only if voluntarily shared for safety)

Processing Basis:

Explicit consent when you provide information
Necessary for providing workshop services safely
Limited to workshop teachers who need to know

Protection:

Extra security measures for sensitive data
Shared only with relevant teachers
Deleted after workshop completion (unless legal retention required)

15. Automated Decision-Making

15.1 How We Use Automation

We may use automated systems for:

Workshop recommendations (based on your searches and bookings)
Fraud detection (to protect payment security)
Pricing optimization (to offer competitive prices)
Customer support routing (to direct you to right person)

15.2 Your Rights

You Have the Right To:

Request human review of any automated decision
Express your point of view about the decision
Contest the decision if it significantly affects you
Opt out of automated decision-making

Important: No automated system makes significant decisions (account suspension, payment refusal, etc.) without human oversight.

To Request Review: Email admin@handson.pt with details of the automated decision.

16. Additional Information for Teachers

16.1 Teacher-Specific Data Processing

As a Workshop Teacher, We Process:

Professional background and credentials
Workshop content and materials
Pricing and availability
Student bookings and attendance
Payment and tax information (NIF/VAT)
Performance metrics (ratings, review scores, booking rates)

16.2 Commission and Payments

Financial Processing:

We calculate 15% platform commission on bookings
Teachers receive 85% of booking value (82.59% after payment fees)
Payments processed via bank transfer
Tax documentation generated annually
Transaction history available in teacher dashboard

Tax Compliance:

We report teacher payments to Portuguese tax authorities
Teachers are responsible for declaring income
We retain payment records for 7 years (legal requirement)

16.3 Teacher Responsibilities

You Are Responsible For:

Protecting participant data received through bookings
Complying with GDPR when handling participant information
Not using participant data for unauthorized purposes
Maintaining confidentiality of participant information
Deleting participant data when no longer needed

We Recommend:

Only contact participants about booked workshops
Delete participant contact info after workshop completion
Never share participant data with third parties
Use HandsOn messaging for workshop communication

16.4 Teacher Reviews and Ratings

Public Information:

Student reviews of your workshops are public
Average ratings are displayed on your profile
Review history is retained indefinitely (for platform trust)

You Cannot:

Delete negative reviews (unless they violate Terms of Service)
Edit reviews written by others
Retaliate against students for negative reviews

You Can:

Respond to reviews publicly
Report reviews that violate our guidelines
Request removal of inappropriate content

17. Data Breaches

17.1 Our Notification Obligations

If a Data Breach Occurs:

We will notify CNPD within 72 hours (legal requirement)
We will notify affected users without undue delay
We will describe the breach and potential impact
We will explain steps we’re taking to address it

17.2 What We Tell You

Breach Notification Will Include:

What data was affected
When the breach occurred
How it happened
What we’re doing to fix it
Steps you can take to protect yourself
Contact information for questions

17.3 How We Notify You

Methods:

Email to your registered address
Prominent notice on website homepage
In-platform notification (if logged in)
Public statement (for large-scale breaches)

18. Changes to This Privacy Policy

18.1 When We Update This Policy

We may update this Privacy Policy to reflect:

Changes in our practices or services
New features or functionality
Legal or regulatory requirements
User feedback and improvements
Changes to third-party services

18.2 How We Notify You

For Material Changes:

Email notification to registered users (14 days before implementation)
Prominent banner on website
Update date at top of policy
Summary of key changes

For Minor Changes:

Update date change only
Changes effective immediately

Your Continued Use: Continuing to use HandsOn after changes take effect means you accept the updated policy.

18.3 Version History

You can request previous versions of this policy by emailing admin@handson.pt.

19. Contact Us

19.1 General Privacy Questions

Email: admin@handson.pt
Subject Line: Privacy Policy Inquiry
Response Time: Within 5 business days

19.2 Exercising Your Rights

Email: admin@handson.pt
Subject Line: Data Rights Request – [Specific Right]
Response Time: Within 30 days (GDPR requirement)

Include in Your Request:

Your full name and email address
Specific right you wish to exercise
Any relevant details or time periods
Proof of identity (if needed for verification)

19.3 Data Protection Officer

Contact: admin@handson.pt
Subject Line: Attention: Data Protection Officer

19.4 Business Information

Company: LEARN SOMETHING NEW, LDA
Address: Rua Guilherme Faria 6 2dto, Portugal
Website: https://handson.pt
Platform: handson.pt

20. Supervisory Authority

You have the right to lodge a complaint with the Portuguese Data Protection Authority: