Privacy Policy
Last updated: February 2026
LEARN SOMETHING NEW, LDA (“HandsOn”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketplace platform at handson.pt.
1. Who We Are
HandsOn operates a digital marketplace platform connecting people with workshop experiences across Portugal.
Company Details:
- Legal Name: LEARN SOMETHING NEW, LDA
- Address: Rua Guilherme Faria 6 2dto, Portugal
- Website: https://handson.pt
- Email: admin@handson.pt
- Data Protection Contact: admin@handson.pt
2. Information We Collect
2.1 Information You Provide Directly
For All Users:
- Account information (name, email address, password)
- Profile information (photo, bio, location preferences)
- Payment information (processed through secure payment providers)
- Communication data (messages, reviews, support inquiries)
For Workshop Participants (Students):
- Booking details and preferences
- Attendance records
- Reviews and ratings of workshops and teachers
- Gift card purchase and redemption information
- Dietary restrictions or accessibility needs (when provided)
- Emergency contact information (when provided)
For Workshop Teachers:
- Professional credentials and teaching experience
- Workshop descriptions, pricing, and availability schedules
- Bank account details for payment transfers
- Business registration information (VAT/NIF number)
- Workshop photos, videos, and promotional materials
- Identity verification documents
- Teaching certifications or qualifications
2.2 Information Collected Automatically
Usage Data:
- Device information (IP address, browser type, device ID, operating system)
- Usage patterns (pages visited, time spent, click patterns, search queries)
- Cookies and similar tracking technologies (see Cookie Policy)
- Location data (with your permission)
- Referral source (how you found HandsOn)
Analytics Data:
- Google Analytics (page views, session duration, user flow)
- Microsoft Clarity (heatmaps, session recordings)
- Hotjar (user feedback and behavior analysis)
2.3 Information from Third Parties
Social Media Login:
- Google, Facebook, Instagram, Twitter, LinkedIn
- Basic profile information (name, email, profile picture)
Payment Processors:
- Stripe (international card payments)
- IfThenPay (Multibanco, MB WAY, bank transfers)
- Transaction verification and fraud prevention data
Marketing Partners:
- Email engagement data from Klaviyo
- Advertising performance from Meta Pixel, Google Ads
3. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on:
| Processing Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract Performance |
| Workshop bookings and payments | Contract Performance |
| Platform security and fraud prevention | Legitimate Interests |
| Customer support | Contract Performance |
| Marketing communications | Consent (can be withdrawn) |
| Analytics and improvement | Legitimate Interests |
| Legal compliance (tax, accounting) | Legal Obligation |
| Teacher payments and commissions | Contract Performance |
4. How We Use Your Information
4.1 Core Marketplace Services
For Participants:
- Creating and managing your account
- Processing workshop bookings and payments
- Sending booking confirmations and reminders
- Facilitating communication with teachers
- Processing refunds and cancellations
- Managing gift card purchases and redemptions
- Providing customer support
For Teachers:
- Creating and managing your teaching profile
- Publishing workshop listings
- Processing bookings from students
- Calculating and transferring payments (85% of booking value to teachers)
- Generating tax documentation
- Providing teacher support and resources
4.2 Platform Improvement
- Analyzing usage patterns to improve functionality
- Testing new features and services
- Conducting research and analytics
- Preventing fraud and ensuring platform security
- Optimizing search and recommendation algorithms
4.3 Communications
Transactional Emails (Always Sent):
- Booking confirmations and receipts
- Workshop reminders and updates
- Payment notifications
- Account security alerts
- Terms of Service updates
Marketing Communications (Opt-In Required):
- Newsletter with featured workshops
- Personalized workshop recommendations
- Special offers and promotions
- New teacher announcements
- Platform feature updates
You can unsubscribe from marketing emails at any time via the link in each email or through your account settings.
4.4 Legal and Safety
- Complying with legal obligations (tax reporting, court orders)
- Enforcing our Terms of Service
- Protecting against fraud, abuse, and security threats
- Resolving disputes between users
- Maintaining transaction records for accounting
5. How We Share Your Information
5.1 Between Platform Users
Participants Can See:
- Teacher names, photos, and workshop details
- Public reviews and ratings from other participants
- Workshop location and contact information
Teachers Receive:
- Participant names and contact information (for booked workshops only)
- Booking details and special requests
- Payment confirmations
Public Information:
- Reviews and ratings are publicly visible
- Teacher profiles and workshop listings are public
- Workshop photos and descriptions are public
5.2 Service Providers
We work with trusted third-party service providers who process data on our behalf:
Payment Processing:
- Stripe: International credit/debit card payments, fraud prevention
- IfThenPay: Portuguese payment methods (Multibanco, MB WAY, bank transfers)
Technology Infrastructure:
- WordPress/WooCommerce: Website platform and booking system
- Hosting providers (to be specified based on your actual hosting)
- Email delivery services
Analytics and Marketing:
- Google Analytics: Website usage analysis
- Microsoft Clarity: User experience optimization
- Hotjar: User feedback and behavior analysis
- Klaviyo: Email marketing and automation
- Google Ads: Advertising and conversion tracking
- Meta Pixel: Facebook/Instagram advertising
- Ottokit: Conversion optimization
All service providers are contractually required to:
- Protect your data with appropriate security measures
- Only use data for specified purposes
- Comply with GDPR and data protection regulations
- Not sell or share your data with other parties
5.3 Business Transfers
If HandsOn is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will:
- Notify you before the transfer
- Inform you if the privacy policy changes
- Give you options to delete your data if you disagree
5.4 Legal Requirements
We may disclose information when required by law or to:
- Comply with court orders or legal process
- Respond to government agency requests
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety and public interest
- Defend against legal liability
We will notify you of such requests unless prohibited by law.
6. International Data Transfers
HandsOn operates primarily in Portugal within the European Economic Area (EEA). However, some service providers are based outside the EEA, including:
United States-Based Services:
- Google (Analytics, Ads)
- Meta/Facebook (Pixel, advertising)
- Microsoft (Clarity)
- Stripe (payment processing)
- Klaviyo (email marketing)
Data Protection Measures: When transferring data outside the EEA, we ensure:
- Standard Contractual Clauses (SCCs) are in place
- Service providers have adequate data protection safeguards
- Compliance with GDPR requirements for international transfers
- Regular reviews of data protection adequacy
You have the right to obtain information about these safeguards by contacting us.
7. Your Rights Under GDPR
As a data subject in the EU/Portugal, you have the following rights:
7.1 Right of Access
Request a copy of the personal data we hold about you, including:
- What data we have
- Why we’re processing it
- Who we’ve shared it with
- How long we’ll keep it
How to exercise: Email admin@handson.pt with subject “Data Access Request”
Response time: Within 30 days
7.2 Right to Rectification
Correct inaccurate or incomplete information about you.
How to exercise: Update in your account settings or email admin@handson.pt
7.3 Right to Erasure (“Right to be Forgotten”)
Request deletion of your personal data when:
- It’s no longer necessary for the original purpose
- You withdraw consent (where consent was the legal basis)
- You object to processing based on legitimate interests
- The data was unlawfully processed
Limitations: We may need to retain some data for:
- Legal obligations (tax records: 7 years)
- Defending legal claims
- Archived records for public interest
How to exercise: Account settings > Delete Account or email admin@handson.pt
7.4 Right to Restrict Processing
Limit how we use your information when:
- You’re contesting the accuracy of data
- Processing is unlawful but you don’t want deletion
- We no longer need it but you need it for legal claims
- You’ve objected to processing pending verification
7.5 Right to Data Portability
Receive your data in a structured, commonly used, machine-readable format (JSON) and transfer it to another service.
What’s included:
- Account information
- Booking history
- Reviews written
- Communication preferences
How to exercise: Email admin@handson.pt with subject “Data Portability Request”
7.6 Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
For Marketing:
- Unsubscribe links in all marketing emails
- Account settings > Email Preferences
- Email admin@handson.pt
For Legitimate Interests:
- Email admin@handson.pt explaining your objection
- We’ll assess and respond within 30 days
7.7 Right to Withdraw Consent
Withdraw consent for processing at any time (where consent is the legal basis).
Note: Withdrawal doesn’t affect the lawfulness of processing before withdrawal.
7.8 Right to Lodge a Complaint
File a complaint with the Portuguese Data Protection Authority:
Comissão Nacional de Proteção de Dados (CNPD)
- Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
- Phone: +351 213 928 400
- Email: geral@cnpd.pt
- Website: www.cnpd.pt
To Exercise Your Rights: Email admin@handson.pt with:
- Your full name and email address
- Specific right you wish to exercise
- Relevant details (e.g., data categories, time periods)
We may request identity verification for security purposes.
8. Data Retention
We retain your information only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account | Service provision |
| Inactive accounts | 2 years after last login | Re-engagement possibility |
| Booking records | 7 years | Tax and legal compliance |
| Payment records | 7 years | Tax and legal compliance |
| Marketing consents | Until withdrawn + 1 year | Compliance verification |
| Support communications | 3 years | Quality improvement |
| Analytics data | 26 months (aggregated) | Platform improvement |
| Security logs | 90 days | Security and fraud prevention |
| Reviews and ratings | Indefinite (anonymized) | Platform trust and quality |
After Retention Periods:
- Personal data is securely deleted or anonymized
- Backups are purged within 90 days of deletion
- Anonymized data may be kept for statistical purposes
Account Deletion: When you delete your account:
- Personal data is removed within 30 days
- Some data is retained for legal compliance (booking records)
- Reviews remain but are anonymized
- Payment records are retained for 7 years (tax law)
9. Security Measures
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
- Encryption of data in transit (SSL/TLS certificates)
- Encrypted storage of sensitive information
- Secure payment processing (PCI-DSS compliant)
- Regular security updates and patches
- Firewall and intrusion detection systems
- Secure backup systems
Organizational Measures:
- Access controls (role-based permissions)
- Staff training on data protection
- Confidentiality agreements with all personnel
- Regular security audits and assessments
- Incident response procedures
- Data processing agreements with all vendors
Payment Security:
- We never store full credit card numbers
- Payment data is tokenized by processors
- PCI-DSS Level 1 compliance (Stripe)
- Fraud detection and prevention systems
However: No internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. For detailed information about:
- Types of cookies we use
- How to manage cookie preferences
- Third-party cookies
- Opt-out options
Please see our Cookie Policy
Quick Summary:
- Essential cookies: Required for platform functionality (cannot be disabled)
- Analytics cookies: Help us improve the platform (can be disabled)
- Marketing cookies: Personalize ads and content (can be disabled)
You can manage preferences via the cookie banner or footer link.
11. Marketing Communications
11.1 Types of Communications
Transactional (Cannot Opt Out):
- Booking confirmations and receipts
- Workshop reminders
- Payment notifications
- Account security alerts
- Terms of Service updates
Marketing (Opt-In Required):
- Newsletter with featured workshops
- Personalized recommendations
- Special offers and discounts
- New teacher announcements
- Blog posts and content
11.2 How We Use Your Preferences
Email Marketing (Klaviyo):
- Tracks email opens and clicks
- Personalizes content based on interests
- Segments by location and preferences
- Measures campaign effectiveness
11.3 How to Unsubscribe
Multiple Options:
- Click “Unsubscribe” in any marketing email
- Account Settings > Email Preferences
- Email admin@handson.pt with “Unsubscribe” in subject
Effect:
- Stops marketing emails within 48 hours
- Transactional emails continue (required for service)
- Can re-subscribe anytime in account settings
12. Children’s Privacy
12.1 Age Requirements
Our Policy:
- HandsOn is not intended for children under 16 years old
- We do not knowingly collect data from children under 16
- Parents can book workshops for children using parent’s account
If You’re Under 16:
- You must have parental consent to use HandsOn
- Your parent/guardian must create and manage the account
- Workshop bookings must be made by parent/guardian
12.2 Parental Responsibility
If Your Child Uses HandsOn:
- You are responsible for their use of the platform
- You must supervise their workshop participation
- Contact us if your child has provided information without consent
If We Discover Underage Use:
- We will delete the account and data promptly
- We will notify the email address on file
- We will not process any further data
Contact Us: If you believe we’ve inadvertently collected data from a child under 16, email admin@handson.pt immediately.
13. Third-Party Links and Services
13.1 External Websites
Our platform may contain links to:
- Teacher personal websites
- Social media profiles
- Workshop venue websites
- Partner platforms
- Payment processor sites
We Are Not Responsible For:
- Privacy practices of these third parties
- Content on external websites
- Security of external services
- Data collection by third parties
Recommendation: Review the privacy policy of any external site before providing information.
13.2 Social Media Integration
When You Connect Social Media:
- We receive basic profile information (name, email, photo)
- You control what information social platforms share with us
- Review social platform privacy settings to manage sharing
Social Sharing:
- When you share workshops on social media, that platform’s privacy policy applies
- Public posts may be visible beyond your connections
14. Special Categories of Data
We generally avoid collecting sensitive personal data, but may receive:
Health Data:
- Dietary restrictions (allergies, vegetarian/vegan)
- Accessibility needs (wheelchair access, hearing/vision assistance)
- Medical conditions (only if voluntarily shared for safety)
Processing Basis:
- Explicit consent when you provide information
- Necessary for providing workshop services safely
- Limited to workshop teachers who need to know
Protection:
- Extra security measures for sensitive data
- Shared only with relevant teachers
- Deleted after workshop completion (unless legal retention required)
15. Automated Decision-Making
15.1 How We Use Automation
We may use automated systems for:
- Workshop recommendations (based on your searches and bookings)
- Fraud detection (to protect payment security)
- Pricing optimization (to offer competitive prices)
- Customer support routing (to direct you to right person)
15.2 Your Rights
You Have the Right To:
- Request human review of any automated decision
- Express your point of view about the decision
- Contest the decision if it significantly affects you
- Opt out of automated decision-making
Important: No automated system makes significant decisions (account suspension, payment refusal, etc.) without human oversight.
To Request Review: Email admin@handson.pt with details of the automated decision.
16. Additional Information for Teachers
16.1 Teacher-Specific Data Processing
As a Workshop Teacher, We Process:
- Professional background and credentials
- Workshop content and materials
- Pricing and availability
- Student bookings and attendance
- Payment and tax information (NIF/VAT)
- Performance metrics (ratings, review scores, booking rates)
16.2 Commission and Payments
Financial Processing:
- We calculate 15% platform commission on bookings
- Teachers receive 85% of booking value (82.59% after payment fees)
- Payments processed via bank transfer
- Tax documentation generated annually
- Transaction history available in teacher dashboard
Tax Compliance:
- We report teacher payments to Portuguese tax authorities
- Teachers are responsible for declaring income
- We retain payment records for 7 years (legal requirement)
16.3 Teacher Responsibilities
You Are Responsible For:
- Protecting participant data received through bookings
- Complying with GDPR when handling participant information
- Not using participant data for unauthorized purposes
- Maintaining confidentiality of participant information
- Deleting participant data when no longer needed
We Recommend:
- Only contact participants about booked workshops
- Delete participant contact info after workshop completion
- Never share participant data with third parties
- Use HandsOn messaging for workshop communication
16.4 Teacher Reviews and Ratings
Public Information:
- Student reviews of your workshops are public
- Average ratings are displayed on your profile
- Review history is retained indefinitely (for platform trust)
You Cannot:
- Delete negative reviews (unless they violate Terms of Service)
- Edit reviews written by others
- Retaliate against students for negative reviews
You Can:
- Respond to reviews publicly
- Report reviews that violate our guidelines
- Request removal of inappropriate content
17. Data Breaches
17.1 Our Notification Obligations
If a Data Breach Occurs:
- We will notify CNPD within 72 hours (legal requirement)
- We will notify affected users without undue delay
- We will describe the breach and potential impact
- We will explain steps we’re taking to address it
17.2 What We Tell You
Breach Notification Will Include:
- What data was affected
- When the breach occurred
- How it happened
- What we’re doing to fix it
- Steps you can take to protect yourself
- Contact information for questions
17.3 How We Notify You
Methods:
- Email to your registered address
- Prominent notice on website homepage
- In-platform notification (if logged in)
- Public statement (for large-scale breaches)
18. Changes to This Privacy Policy
18.1 When We Update This Policy
We may update this Privacy Policy to reflect:
- Changes in our practices or services
- New features or functionality
- Legal or regulatory requirements
- User feedback and improvements
- Changes to third-party services
18.2 How We Notify You
For Material Changes:
- Email notification to registered users (14 days before implementation)
- Prominent banner on website
- Update date at top of policy
- Summary of key changes
For Minor Changes:
- Update date change only
- Changes effective immediately
Your Continued Use: Continuing to use HandsOn after changes take effect means you accept the updated policy.
18.3 Version History
You can request previous versions of this policy by emailing admin@handson.pt.
19. Contact Us
19.1 General Privacy Questions
Email: admin@handson.pt
Subject Line: Privacy Policy Inquiry
Response Time: Within 5 business days
19.2 Exercising Your Rights
Email: admin@handson.pt
Subject Line: Data Rights Request – [Specific Right]
Response Time: Within 30 days (GDPR requirement)
Include in Your Request:
- Your full name and email address
- Specific right you wish to exercise
- Any relevant details or time periods
- Proof of identity (if needed for verification)
19.3 Data Protection Officer
Contact: admin@handson.pt
Subject Line: Attention: Data Protection Officer
19.4 Business Information
Company: LEARN SOMETHING NEW, LDA
Address: Rua Guilherme Faria 6 2dto, Portugal
Website: https://handson.pt
Platform: handson.pt
20. Supervisory Authority
You have the right to lodge a complaint with the Portuguese Data Protection Authority:
Comissão Nacional de Proteção de Dados (CNPD)
- Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
- Phone: +351 213 928 400
- Email: geral@cnpd.pt
- Website: www.cnpd.pt
- Office Hours: Monday-Friday, 9:30 AM – 12:30 PM and 2:30 PM – 5:30 PM
When to Contact CNPD:
- If we don’t respond to your request within 30 days
- If you’re unsatisfied with our response
- If you believe we’re not complying with GDPR
- For general data protection questions
Acknowledgment and Consent
By using HandsOn, you acknowledge that you have:
- Read and understood this Privacy Policy
- Agreed to the collection and use of information as described
- Understood your rights under GDPR
- Been informed about how to exercise those rights
For Our Terms of Service, please visit: https://handson.pt/terms-conditions
For Our Cookie Policy, please visit: https://handson.pt/cookie-policy
© 2026 LEARN SOMETHING NEW, LDA. All rights reserved.
