Privacy Policy
Last updated: February 6, 2026
1. INTRODUCTION AND SCOPE
CAZOS – Sociedade de Advogados, RL ("CAZOS") is committed to protecting the privacy and personal data of all who interact with us, including clients, prospective clients, suppliers, partners, and website visitors. This Privacy Policy describes how we collect, use, retain, share, and protect personal data, in compliance with applicable legislation in Angola and, when relevant, with the European Union General Data Protection Regulation (GDPR – Regulation (EU) 2016/679). This policy applies to the processing of personal data by CAZOS, regardless of medium (digital, physical, or other), and complements any specific terms agreed in legal service provision contracts. By using the website or contacting CAZOS, you confirm that you have read this Policy.
2. DATA CONTROLLER
CAZOS – Sociedade de Advogados, RL
TIN: 5000021229
Registered Office: Entre as Nações Unidas e a Escola Americana, Condomínio Rosa Linda, Futungo, Samba, Luanda, Angola
Phone: +244 222 773 602 / +244 936 822 571
privacidade@cazosadvogados.com
Website: www.cazosadvogados.com
For any questions related to privacy and personal data protection, you may contact us through the indicated email.
3. PERSONAL DATA COLLECTED
3.1. Data categories
Depending on the nature of the relationship, CAZOS may process, among others, the following data:
a) Identification and contact
Name, date of birth, nationality, TIN, civil identification (ID/passport), address, email, phone.
b) Professional data
Employer entity, position/function, activity sector, and professional information relevant to the mandate.
c) Financial and transactional data
Data necessary for invoicing and payments and, when strictly relevant to the mandate, financial elements essential to service provision.
d) Navigation data (website)
IP address, device and browser, pages visited, visit duration, traffic origin, cookies, and equivalent technical identifiers.
e) Special categories of data / sensitive data
Only when strictly necessary for legal services provision and with adequate legal basis, CAZOS may process data relating to judicial proceedings, offenses/decisions, health data (when essential), or other sensitive data relevant to the mandate, with reinforced safeguards.
3.2. Collection sources
Data may be collected: (i) directly from the data subject, (ii) through entities with legitimacy to provide them in the mandate context (e.g., corporate clients, authorities, registries), (iii) by consultation of legally accessible public sources, and (iv) automatically through the website (cookies and technical logs).
4. PROCESSING PURPOSES
CAZOS processes personal data, in particular, for the following purposes:
a) Legal services provision
Assessment and execution of mandates, drafting of briefs and documents, representation in judicial, arbitral, or administrative proceedings, diligences, due diligence, compliance, conflict of interest management, communications necessary to the mandate, and compliance with professional obligations.
b) Client and contact relationship management
Administrative management, invoicing, collection, operational communications and, when applicable, complaint management.
c) Compliance with legal and regulatory obligations
Compliance with tax, accounting obligations, and cooperation with competent authorities, under the law.
d) Website operation and institutional communications
Respond to contact requests, ensure essential functionalities, measure performance, and improve user experience. Newsletter and institutional communication sending occurs, when required, upon consent or other applicable legal basis.
e) Defense of rights and security
Fraud and misuse prevention, system security, auditing, and defense of rights in judicial or administrative context.
5. LEGAL GROUNDS
Processing of personal data by CAZOS is based, as applicable, on:
a) Contract execution and pre-contractual diligences
When necessary to contract and provide legal services.
b) Legal obligation
When necessary to comply with legal and regulatory obligations applicable to CAZOS.
c) Legitimate interest
When necessary for relationship management, security, abuse/fraud prevention, and defense of rights, provided data subject's rights and freedoms do not prevail.
d) Consent
When necessary (e.g., for certain institutional communications/direct marketing), which may be withdrawn at any time.
e) Exercise and defense of rights / administration of justice
When processing is necessary for exercise, declaration, or defense of rights in proceedings or for acts inherent to legal practice, under applicable legislation.
6. DATA RECIPIENTS
6.1. Internal access
Access is limited to strictly necessary by lawyers, jurists, and support staff, subject to confidentiality duties and professional secrecy regime applicable.
6.2. Third parties
CAZOS may share data, as necessary, with:
a) Service providers
IT services, hosting, communications, security, management software, audit/accounting, and tax consultancy (when applicable).
b) Professional partners and mandate auxiliaries
Correspondents, experts, translators/interpreters, notaries, valuers, and technical consultants, when essential.
c) Authorities and public entities
Courts, registries, and other competent authorities, when legally required or necessary in the mandate context.
d) Counterparties and interveners
Only as necessary and compatible with the mandate, observing professional secrecy and confidentiality duties.
6.3. Confidentiality and subcontracting obligations
When applicable, third parties are bound by confidentiality and security duties and to process data only according to legitimate instructions and for purposes compatible with the service provided.
7. INTERNATIONAL TRANSFERS
When necessary (e.g., transnational mandates, correspondents outside Angola, or technology providers), international data transfers may occur. In such situations, CAZOS adopts adequate safeguards required by applicable legislation and, when relevant, by GDPR, including appropriate contractual clauses and technical and organizational measures proportional to the risk. Additional information may be requested through privacidade@cazosadvogados.com.
8. DATA RETENTION
CAZOS retains personal data only for the period necessary for the purposes that motivated collection and for additional time required by legal, deontological, accounting/tax obligations, or necessity of rights defense.
Indicative criteria (may vary by case):
a) Active mandates and clients: during mandate validity.
b) Completed mandates and archive: for the period necessary for compliance with legal/deontological obligations and rights defense, considering matter nature and applicable deadlines.
c) Marketing/newsletters (when applicable): until consent withdrawal or legal basis cessation.
d) Website technical logs: for limited period proportional to security and audit purposes (typically up to 12 months, unless justified need).
After deadlines, data are securely deleted or anonymized, unless retention is necessary by legal obligation or rights defense.
9. DATA SUBJECTS' RIGHTS
Under applicable legislation, the data subject may exercise, as the case may be, rights of access, rectification, limitation, opposition, and erasure, as well as right to portability when legally provided and technically applicable. When processing is based on consent, it may be withdrawn at any time, without affecting lawfulness of previously performed processing.
For exercise of rights: privacidade@cazosadvogados.com.
Response deadline: as a rule, up to 30 days, which may be extended in duly justified cases.
For data subject protection, CAZOS may request reasonable proof of identity before proceeding with the request.
10. SECURITY, CONFIDENTIALITY AND PROFESSIONAL SECRECY
CAZOS adopts appropriate technical and organizational measures to protect personal data against loss, destruction, alteration, disclosure, or unauthorized access, including profile-based access controls, encryption when applicable, backups, recording of relevant activities, and system update and security practices. In addition to data protection, information entrusted to CAZOS is covered by professional secrecy regime and confidentiality duties proper to legal practice.
In case of security incident with relevant impact, CAZOS will act according to applicable legal duties, including, when required, communications to competent authorities and affected data subjects.
12. MINORS
CAZOS's services and website are not intended, as a rule, for minors under 18 years old. CAZOS does not intentionally collect data from minors without adequate legitimacy. If you have reason to believe that a minor has provided us with data without authorization, contact us.
13. UPDATES
This Policy may be updated to reflect legal, technical, or operational changes. The current version will be available on the website with indication of last update date. In materially relevant changes, we may publish additional notice on the website.
14. COMPLAINTS AND SUPERVISORY AUTHORITY
If you consider that processing of your data violates applicable legislation, you may file complaint with the competent authority in Angola:
Data Protection Agency (APD)
Rua do MAT, Complexo Administrativo Clássicos de Talatona, 3rd building, 7th floor, Luanda – Angola
Phone/WhatsApp: +244 937 930 788
E-mail: geral@apd.ao
When applicable (e.g., in processing covered by GDPR), the data subject may also file complaint with a supervisory authority of a European Union Member State.
15. CONTACTS
privacidade@cazosadvogados.com
Telefone: +244 222 773 602 / +244 936 822 571
Morada: Entre as Nações Unidas e a Escola Americana, Condomínio Rosa Linda, Futungo, Samba, Luanda, Angola
Website: www.cazosadvogados.com
Last update date: February 6, 2026