PRIVACY AND PROCESSING OF PERSONAL DATA

Conditions of Use and Confidentiality Policy

Pinto Lopes Viagens has always been committed to protecting the privacy of its website users and, as such, only collects personal information from those who voluntarily allow it, using the information only for the purposes for which it was provided.

This Privacy Statement helps you understand how we collect, use and protect your personal data when you visit our website.

The personal data collected by Pinto Lopes Viagens on this site is processed automatically and is intended for the management of user contacts on this site, in the form of “Booking Requests” and “Contact Requests” through this site, and will be used solely and exclusively for the treatment of this contact.

By making your personal data available to Pinto Lopes Viagens, the user of this website acknowledges and allows it to be processed in accordance with this Privacy Statement and Personal Data Processing and with the rules and principles contained in the respective General Terms and Conditions of the contracted services.

Accordingly, with regard to the processing of personal data, the user of this website should read this Privacy Statement together with the General Terms and Conditions governing the sale of travel contained on this website and in our annual brochure.

If we make any changes to this Statement, we will post those changes on this page so that you can see the type of information we collect and how we use it.

(Click here for details)

WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable person. Personal data is also the set of distinct pieces of information that can lead to the identification of a specific person.

  • Personal data that has been de-identified, coded or pseudonymized, but which can be used to re-identify a person, is still personal data and falls within the scope of the GDPR (General Data Protection Regulation).
  • Personal data that has been anonymized so that the person is not or is no longer identifiable is no longer considered personal data. For data to be truly anonymized, the anonymization must be irreversible.

Examples of personal data:

  • Name and surname;
  • The address of a residence;
  • The e-mail address, such as nome.sobrenome@empresa.com;
  • The IP address (Internet Protocol);
  • Cookies.

Examples of data not considered personal:

  • The company registration number;
  • The e-mail address, such as info@empresa.com;
  • Anonymized data.

COLLECTION OF PERSONAL DATA ON THE SITE
We collect personal data with your consent when you voluntarily and freely choose to send us a message via the site or make a reservation request.

The data collected is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed, and is not subsequently processed for a purpose other than that which led to the data subject being contacted.

Their processing for statistical purposes is not, in accordance with Article 89(1) of the General Data Protection Regulation, considered incompatible with the original purposes.

RAW DATA
Pinto Lopes Viagens will not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor will it process genetic data, biometric data to unequivocally identify a person, data relating to health or data relating to the holder’s sex life or sexual orientation.

However, it is necessary to point out the exception mentioned in Article 9(2) of the General Data Protection Regulation, which includes the religious conviction required when processing visas to visit certain countries.

ON WHAT BASIS CAN WE PROCESS YOUR PERSONAL DATA?

Consent
When we have your prior express consent – in writing or through the validation of an option – and if that consent is free, informed, specific and unequivocal.
or

Execution of contracts and pre-contractual steps
When the processing of personal data is necessary for the conclusion, execution and management of the contract entered into with Pinto Lopes Viagens, such as, for example, the purchase of a trip or the processing of a reservation.

or

Compliance with a legal obligation
When the processing of personal data is necessary to comply with a legal obligation to which Pinto Lopes Viagens is subject, such as, for example, the communication of identification data to police, judicial, tax or regulatory entities.

or

Legitimate interest
When the processing of personal data corresponds to a legitimate interest of Pinto Lopes Viagens or a third party.

Minors under the age of 16 must obtain permission from their parents or guardians before consenting or making personal data available on the site.

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
The company responsible for collecting and processing your personal data is Pinto Lopes Viagens S.A., for which its Board of Directors is responsible and which, in this context, decides which data is collected, the means of processing and the purposes for which the data is used.

YOUR RIGHTS
In accordance with applicable data protection law, users may exercise their rights of access, rectification or deletion of their personal data, restriction of processing, right to object to processing and right to portability of their data, by writing to Pinto Lopes Viagens, whose contact details we indicate below.

RIGHT OF ACCESS:
The right to obtain confirmation of what personal data is being processed and information about it, such as the purposes for which it is being processed, storage periods, etc.

RIGHT TO RECTIFICATION:
The right to request the rectification of inaccurate personal data or to have incomplete personal data completed, such as address, VAT number, e-mail address, telephone contact details or others.

RIGHT TO DELETE DATA OR “RIGHT TO BE FORGOTTEN”:
The right to obtain the deletion of your personal data, provided that there are no valid grounds for its retention, such as cases in which Pinto Lopes Viagens has to retain the data in order to comply with a legal obligation to retain it.

RIGHT TO PORTABILITY:
The right to receive the data you have provided in a commonly used, machine-readable digital format or to request that your data be transmitted directly to another entity.

THE RIGHT TO WITHDRAW CONSENT OR THE RIGHT TO OBJECT:
The right to object or withdraw your consent at any time to data processing, for example in the case of data processing for marketing purposes, provided that there are no legitimate interests that prevail over your interests, rights and freedoms, such as defending a right in legal proceedings.

RIGHT OF LIMITATION:
Right to request the restriction of the processing of your personal data, in the form of:
– Suspension of treatment
– Limiting the scope of processing to certain categories of data or processing purposes.

PROFILING AND AUTOMATED DECISIONS
Pinto Lopes Viagens will not make any commercial decisions based on automated decisions or take any action that leads to the definition of categories or profiles of the users of this site.

HOW YOU CAN EXERCISE YOUR RIGHTS
Any communication regarding the processing of personal data should be addressed in writing to Pinto Lopes Viagens at the following address:

PINTO LOPES TRAVEL
Rua Pinto Bessa, 466
4300-428 Porto

Or by e-mail: dadospessoais@pintolopesviagens.com

The exercise of rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged, taking into account the costs.

TRANSMISSION
Apart from the obligations mentioned in the applicable data protection law or the safeguarding and protection of its own interests, Pinto Lopes Viagens will not share any personal data with third parties, except in cases where there is a legal obligation or legitimate interest, in which case the user of this website will be duly informed.

TECHNICAL AND ORGANIZATIONAL MEASURES
Although no data is stored on the website, Pinto Lopes Viagens has appropriate technical and organizational measures in place to protect the data processed, namely against unauthorized access or any other form of illegal or illicit processing.

Pinto Lopes Viagens has implemented security and internal protection measures at its facilities, which allow it to limit access to personal data to its employees only for the sole and exclusive fulfillment of the processing purposes.

Pinto Lopes Viagens has implemented:

  • Logical security requirements and measures, such as the use of firewalls and intrusion detection systems in its systems, the existence of a strict policy on access to systems and information and the recording of actions carried out by Pinto Lopes Viagens employees on the personal data of users of this site (logging);
  • Physical security measures, including strict control of access to Pinto Lopes Viagens’ premises by employees, partners and visitors.
    Means of protecting data by design (“privacy by design”), using technical means such as masking, encryption, pseudonymization and anonymization of personal data, as well as a set of privacy-friendly preventive measures (“privacy by default”);
  • Scrutiny, auditing and control mechanisms to ensure compliance with security and privacy policies;
  • All employees of the entity responsible for processing personal data are obliged to maintain the duty of secrecy and confidentiality in relation to the data they have access to in the context of data entry operations in the respective computer database, and are duly informed of the importance of complying with this legal duty of secrecy, and the corresponding responsibility is required of them.

DATA MAINTENANCE PERIOD
Pinto Lopes Viagens will only keep the data for as long as is necessary to fulfill the purpose for which it was collected or for the minimum retention period required by legal regulations, such as compliance with the VAT and IRC codes, when applicable.

APPLICABILITY
Pinto Lopes Viagens’ privacy and personal data protection policies apply to the processing of personal data carried out within the scope of its commercial activities and the provision of services, in accordance with the principles of legality, loyalty and transparency.

COOKIES
Pinto Lopes Viagens uses Cookies on its website to provide users with a better digital experience, optimize its functionalities, collect statistical data and target advertisements. If you do not allow the use of Cookies, some of the functionalities may not correspond to the expected level of service. If you wish to remove Cookies, please refer to the “Help” section of your Internet browser. To find out more about the cookies used on this site, click here: xxx

AUTOMATED DECISIONS
Pinto Lopes Viagens will not make any commercial decisions based on automated decisions or take any action that leads to the definition of categories or profiles.

CONTROL AUTHORITY
The control authority is the Comissão Nacional de Proteção de Dados (CNPD), with headquarters at Rua de São Bento, nº 148-3º 1200-821, Lisbon;

NOTIFICATION OF A PERSONAL DATA BREACH TO THE SUPERVISORY AUTHORITY
In the event of a personal data breach, Pinto Lopes Viagens will notify the competent supervisory authority without undue delay and, where possible, within 72 hours of becoming aware of it, unless the personal data breach is not likely to result in a risk to the rights and freedoms of natural persons.