1. Introduction
This Privacy Policy explains how ocmods.com (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website or purchase our products. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Portuguese data protection law (Lei n.º 58/2019).
Our business is operated from Portugal, European Union.
2. Data Controller
The data controller responsible for your personal data is the owner and operator of ocmods.com. For any data protection inquiries, please contact us via the Contact page on our website.
3. What Data We Collect
We collect only the data necessary to process your orders and provide our services:
3.1 When you place an order
- Name — to identify your account and license.
- Email address — to deliver your purchase, send order confirmations, and provide support.
- Billing address — required for invoicing and tax compliance.
3.2 When you visit our website
- Cookies — essential cookies for site functionality (cart, session). See Section 8.
- Server logs — IP address, browser type, and pages visited, retained for security and performance monitoring.
3.3 When you contact us
- Name and email — from your contact form submission or email.
- Message content — to respond to your inquiry.
We do not collect sensitive personal data (racial or ethnic origin, political opinions, health data, etc.).
4. How We Use Your Data
We process your personal data for the following purposes and legal bases (GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your order | Performance of a contract (Art. 6(1)(b)) |
| Sending order confirmations and download links | Performance of a contract (Art. 6(1)(b)) |
| Providing technical support | Performance of a contract (Art. 6(1)(b)) |
| Tax and legal obligations (invoicing, records) | Legal obligation (Art. 6(1)(c)) |
| Website security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Improving our website and services | Legitimate interest (Art. 6(1)(f)) |
5. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with:
- PayPal — to process payments. PayPal acts as an independent data controller. See PayPal’s Privacy Policy.
- Hosting provider — our web hosting provider stores data on servers within the EU/EEA.
- Legal authorities — if required by law or court order.
6. Data Retention
- Account and order data — retained for as long as your account is active or as needed to provide services, and for up to 10 years afterward as required by Portuguese tax law.
- Support correspondence — retained for up to 2 years after the last interaction.
- Server logs — retained for up to 90 days.
7. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate or incomplete data.
- Erasure (“right to be forgotten”) — request deletion of your data, subject to legal retention requirements.
- Restriction — restrict processing of your data in certain circumstances.
- Portability — receive your data in a structured, commonly used format.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, contact us via our Contact page. We will respond within 30 days.
You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD — Comissão Nacional de Proteção de Dados).
8. Cookies
We use the following types of cookies:
Essential cookies
- Session / cart cookies — required for the shopping cart and checkout to function. These cannot be disabled.
- Login cookies — keep you signed in to your account.
Analytics cookies (if applicable)
If we use analytics tools (such as Google Analytics), they are configured to anonymize IP addresses and do not track individual users across sites. You can opt out of analytics cookies via your browser settings.
We do not use advertising or tracking cookies.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- SSL/TLS encryption on all pages.
- Secure password hashing for user accounts.
- Regular software updates and security patches.
- Access controls limiting who can view personal data.
10. International Transfers
We aim to keep all personal data within the EU/EEA. If any data is transferred outside the EEA (for example, via third-party services), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Children’s Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
Last updated: February 2026