Privacy Policy

Home / Privacy Policy

Last update: 2026-07-05

1. Data controller and contact

This website is operated by Pedro Lívio and Alda Nunes, as joint controllers of personal data, in their capacity as owners of the licensed Local Accommodation (Alojamento Local) establishment «Refúgio da Azinheira», located at Rua da Azinheira no. 22, 7595-116 Torrão, Alentejo, Portugal.

For any data-protection matter, including the exercise of your rights, you may contact us by email at refugiodaazinheira@outlook.pt or via WhatsApp at +351 915 570 801.

We are committed to processing your personal data lawfully, fairly and transparently, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, «GDPR») and Portuguese Law no. 58/2019 of 8 August.

2. Scope and informational nature of the website

This website is purely informational: it presents the accommodation, its conditions and its approximate availability. It does not allow bookings, payments or the conclusion of contracts online.

Bookings are made off the website, through direct channels (WhatsApp or email) or through the Booking.com and Airbnb platforms, to which the website only provides links.

This policy applies to the processing for which we are responsible. When you book through Booking.com or Airbnb, those platforms act as independent controllers, and their own privacy policies apply.

3. Data we collect

Technical browsing data: when you visit the website, the server may record technical data such as your IP address, browser type and the pages viewed, as well as the cookies strictly necessary for the site to work. We do not use analytics or marketing cookies.

Contact and booking-enquiry data: when you contact us by email or WhatsApp to request information or a booking, we process the data you provide, such as your name, contact details, desired dates, number of guests and the content of your message.

Identification data for legal check-in: at the time of the stay, and as required by law, we collect the guests' identification data: full name, ID or passport number, nationality, date of birth, country of residence, dates of stay and number of guests.

4. Purposes and legal bases

Handling information and booking enquiries and preparing the stay: we process contact and enquiry data to reply to you and organise your possible stay. Basis: pre-contractual steps and performance of the accommodation contract (Art. 6(1)(b) GDPR).

Complying with the legal obligation to report guests: we process the identification data collected at check-in to comply with the Local Accommodation regime and to report the accommodation bulletin to the competent authorities (SEF/AIMA, via the SIBA system). Basis: compliance with a legal obligation (Art. 6(1)(c) GDPR; Decree-Law no. 128/2014).

Ensuring the operation and security of the website: we process the technical data strictly necessary to provide the service, ensure security and prevent abuse. Basis: legitimate interest (Art. 6(1)(f) GDPR).

Complying with tax and accounting obligations: we retain documents relating to the stay where required by tax and accounting law. Basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).

Loading Google Maps: Google Maps is third-party content loaded only after your explicit acceptance, which may involve sharing data with the provider. Basis: consent (Art. 6(1)(a) GDPR).

5. Recipients and processors

We use service providers that process data on our behalf and under our instructions (processors), namely website hosting, email and accounting services, all bound by confidentiality and by a data-processing agreement.

Public authorities: guests' identification data is communicated to the competent authorities (SEF/AIMA) in compliance with the legal accommodation-reporting obligation, and may be shared with other authorities where the law so requires.

Booking platforms: if you book through Booking.com or Airbnb, those entities process your data as independent controllers under their own policies. We do not transmit data to them through this website beyond what is necessary to manage the booking made on those platforms.

We do not sell or transfer your personal data to third parties for marketing purposes.

6. International transfers

As a rule, your data is processed within the European Economic Area (EEA).

Some of our providers or the third-party platforms (for example, Google for maps, or Booking.com and Airbnb) may process data outside the EEA. In such cases, these transfers rely on European Commission adequacy decisions or on appropriate safeguards, such as Standard Contractual Clauses, under Articles 44 et seq. of the GDPR.

7. Retention periods

Information/booking-enquiry data: kept only for as long as necessary to reply and arrange the possible stay, then deleted; if the booking does not proceed, we delete the data as soon as it is no longer needed.

Check-in identification data: kept for the minimum period required by the Local Accommodation legislation and the reporting obligation, after which it is deleted or anonymised.

Documents of tax and accounting relevance: kept for the applicable legal periods (generally, the retention periods laid down in Portuguese tax and accounting law), after which they are deleted.

Technical data and server logs: kept for short periods appropriate to operation and security purposes.

8. Rights of data subjects

As a data subject, you have the right to access your data and to request its rectification, erasure, restriction of processing and portability, as well as to object to certain processing.

Where processing is based on your consent (for example, loading Google Maps), you may withdraw it at any time, without affecting the lawfulness of processing carried out beforehand.

To exercise these rights, contact us at refugiodaazinheira@outlook.pt. We may ask for information to confirm your identity. We will respond within the legal time limits.

9. Complaints to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD), if you consider that the processing of your data infringes applicable law.

10. Minors

The website is not directed at minors and does not knowingly collect their data. Where a minor is part of a booking or stay, their identification data is provided and managed under the responsibility of the parents or legal guardians, within the legal check-in obligations.

11. Security measures

We adopt appropriate technical and organisational measures to protect personal data against destruction, loss, alteration or unauthorised access, including restricted access to information, encrypted transmission where applicable and the selection of providers offering security guarantees.

12. Changes to this policy

We may update this Privacy Policy whenever necessary, in particular due to legal or operational changes. The current version is always available on the website, with its date.

WhatsApp Book