Privacy and Data Protection Policy - TOMAZ DO DOURO

PRIVACY POLICY

Your privacy is important to us.

WHO WE ARE?

TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. was founded over 25 years ago, with the objective of being one of the reference companies operating on the Douro river.
Committed to the excellence and satisfaction of its customers, TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. performs and guides by the differentiation offering unique and authentic experiences.

We believe that quality, accuracy, trust, integrity, sustainability and innovation are the basis of our success.

WHY THIS PRIVACY POLICY?

This Policy intends to inform Customers of the general rules for the treatment of personal data by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA., which are collected and processed in strict respect and compliance with the provisions of the personal data protection legislation in in force at all times, namely Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 ("GDPR") and Law No. 58/2019, of August 8, 2019.
TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. respects the best practices in the field of security and protection of personal data, having for this purpose taken the necessary technical and organizational measures, in order to comply with the legislation on the protection of personal data and to ensure that the processing of personal data is lawful, fair, transparent and limited to authorized purposes.
TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. is committed to the protection and confidentiality of personal data, having adopted the measures it deems appropriate to ensure the accuracy, integrity and confidentiality of personal data, as well as all other rights that the respective holders enjoy.
The rules provided for in this Personal Data Protection Policy complement the provisions, in terms of protection and treatment of personal data, provided for the contracts that Customers conclude with TOMAZ DO DOURO, as well as the rules provided for in the terms and conditions that regulate the offer of the various products and services and which are duly advertised on the respective website.

WHAT IS PERSONAL DATA?

Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person.
An identifiable person is a person who can be identified, directly or indirectly, namely by reference to a name, identification number, location data, identifiers electronically or to one or more elements specific to his physical, physiological, genetic identity, mental, economic, cultural or social.

WHAT IS THE PROCESSING OF PERSONAL DATA?

The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, using automated means, whether or not, namely the collection, registration, organization, structuring, conservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, erasure or destruction.

WHO IS RESPONSIBLE FOR DATA PROCESSING?

The entity responsible for the processing of personal data is the company TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA., which determines the purposes and means of processing them.
For this purpose, if the holder of the personal data needs to contact the data controller, he / she may send a written communication addressed to the controller to the address:
Praça da Ribeira, nº5
4050-513 Porto
Portugal
E-mail: rgpd@tomazdodouro.com

DATA COVERED BY THIS PRIVACY POLICY

This privacy policy describes the privacy practices of TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. for data we collect:
  • through sites operated by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA., from which you can access this privacy policy, including tomazdodouro.com and other sites owned or controlled by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA.;
  • through software applications made available by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. for use on or through computers and mobile devices;
  • through pages controlled by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. on social networks and from which you are accessing this privacy policy;
  • through e-mail messages that TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. send with the link to this privacy policy and through communications established online or in person;
  • from third parties, such as Authorized Licensees, Strategic Business Partners, Owners and other Sources, such as public databases, marketing partners and third parties.

THE DATA WE COLLECT

Whenever TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. you must establish contact to make a reservation, collect personal data in accordance with the law, in order to perform a better service.
Personal information is all information that can identify you as an individual or related to you as an identifiable individual:
  • Name
  • Address
  • Telephone
  • E-mail
  • Language preference
  • Loyalty program data
  • Previous interactions, purchased goods and services, special service and other requests
  • Image, video and audio data via security cameras located in common public areas
  • Specific diet or health restrictions to ensure your well-being
  • Information about your preferences can also be collected, which TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. uses to make your experience more enjoyable. This may also include your preferences about services provided by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA., so that you can improve them.
Note: If you send or provide personal data of third parties (for example, if you are making a reservation on behalf of someone else), you declare that you are authorized to do so and authorize TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. to use data in accordance with this privacy policy.

COOKIES AND OTHER DATA

TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. can also collect “Other data” that, in general, does not specifically reveal your identity or does not relate directly to an individual. When other data specifically reveal your identity, or are related to a person, TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. will treat these “Other data” as Personal Data.

Os cookies usados no site são os seguintes:

  • Cookies para track de sessão e autenticação no site:
    • o AspNet.ApplicationCookie (User Id with login)
    • ASP.NET_SessionId (Session Id)
  • Cookie that stores the code of the chosen language when selecting the flag, thus avoiding having to make the selection of the language whenever you visit the website;
    • LanguageCode
  • Cookie that stores the date on which you read the notice of use of cookies on the website:
    • TomazDoDouroMonthlyCookieAlert
  • Cookie with anti forgery token, which lets you know if a particular form loaded is from that client (ip):
    • __RequestVerificationToken
  • Cookies do Google Analytics: track:
    • All those starting with __utm
  • Zoopim Cookies (chat):
    • __zlcmid

HOW AND WHERE WE COLLECT YOUR DATA

TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. collects the following personal data and other data through:
  • Online services
    TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. collects personal data or other data when interacting with its online services, performing actions such as, among others, browsing, booking, purchasing goods and services from our websites or applications, as well as when establishing communication, connection, publishing on network pages subscribe to a newsletter or participate in a survey, contest or promotional offer.
  • Visits to our boats or physical spaces and offline interactions
    TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. collects personal data when visiting the boats, company physical spaces or using its services. It also collects personal data when participating in a promotional event organized by TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. or in which it participates, as well as when it provides its personal data to TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. hold an event.
  • Customer service
    TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. collects personal data when making a reservation by phone, establishing communication by email, fax or online chat services or contacting TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA customer service / reservations. Such communications may be recorded for quality assurance and training purposes.
  • Strategic business partners
    TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. collects personal data from companies with which it partners in order to provide products, services or offers to its customers or potential customers, based on their experiences on TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. of your interest. Examples of strategic business partners include the commercial establishments of TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA., partners who carry out transfers or visits and travel booking platforms. The strategic commercial partners are independent from TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA.
  • Other sources
    TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. collects personal data from joint marketing partners and third parties.

WHY DO WE COLLECT YOUR DATA? (LEGAL BASIS)

GOAL DESCRIPTION OF ACTIVITIES ASSOCIATED WITH THE PURPOSE LEGAL BASIS
Acquisition of Services There are several activities associated with this purpose, such as:
- facilitating reservations;
- Participate in communications before arrival (logistics, changes, preferences, etc.);
- Payment processing and security deposits.
- Execution of the contract with the customer who purchases the service;
- Legitimate interests for the customer who is purchasing the service, for example, honoring his preferences, as well as that of the person accompanying him (for example, spouse, children, friends);
- Legal obligations related to financial transactions, such as billing and registration obligations.
Visit to boats and other physical spaces There are several activities associated with this purpose, such as:
- Facilitating check-in and check-out;
- Payment processing;
- Provision of consistent and personalized services and advice on services on the spot (based on past usage or expressed preferences);
- Handle customer requests, queries and complaints;
- Execution of the contract in relation to payment processing;
- Legitimate interests, such as respecting customer preferences;
- Consent, how to collect information about food preferences that the guest chooses to provide;
- Legal obligations, such as collecting the national identification document number where legally required.
Bookings There are several activities associated with this purpose, such as:
- communicating with customers about conferences and other event planning;
- Facilitate reservations;
- Participate in pre-event communications (logistics, accommodation, changes, etc.);
- Prepare and coordinate events according to the instructions, expectations and preferences of the client;
- Facilitate choice of the meal service;
- Communication on collection and recovery of amounts due;
- Payment processing and security deposits;
- Conducting the check of credit;
- Handle customer requests, queries and complaints;
- communicate with the participants during the events.
- Execution of the contract in relation to the collection of information for the reservation;
- Legitimate interests, such as responding to customer complaints or concerns related to an event;
- Legal obligations related to financial transactions, such as billing and registration obligations.
Incident and emergency response There are several activities associated with this purpose, such as:
- ensuring the safety of services on site;
- Responding and documenting on-site accidents and medical and other emergencies (including the facilitation of internal medical services);
- actively monitor spaces to ensure adequate incident prevention, response and documentation (including CCTV);
- Request assistance from emergency services;
- Send notifications and alerts in case of incidents or emergencies (such as via SMS, e-mail, call, audiovisual device warnings, etc.).
- Execution of the contract in relation to the safety of customers and employees through interactions with security personnel on site;
- Legitimate interests, such as monitoring company spaces through CCTV, to ensure the safety of customers and employees;
- Legal obligations, such as documenting accidents on the spot;
- Vital interests of individuals, such as contacting medical or emergency services for clients who are sick.
Compliance with the legal part There are several activities associated with this purpose, such as: complying with applicable laws; compliance with legal processes; respond to requests from public and government authorities; meet national security or law enforcement requirements; enforce our terms and conditions; protect our operations; protect the rights, privacy, security or property of TOMAZ DO DOURO, customers, visitors and other relevant individuals; seek available legal remedies and limit the damage that TOMAZ DO DOURO may suffer. Legal obligations, such as compliance with legal processes;
Legitimate interests, such as imposing terms and conditions for the protection of trademarks;
Vital interests of individuals, such as contacting emergency services in the event of disturbances and incidents involving customers.
Food & Beverage Services There are several activities associated with this purpose, such as: facilitating reservations; honor food preferences; offer consistent and personalized service based on previous usage and preferences, expressed by the individual; payment processing; organization of reservations; handle customer requests, inquiries and complaints. Execution of the contract in relation to payment processing;
Consent, how to collect information about a client's dietary or health restrictions;
Legitimate interests, such as providing personalized services (for example, offering red wine to a customer based on previous requests);
Legal obligations related to financial transactions, such as the obligation to maintain cash and records;
Vital interests (for example, when an individual fall ill in one of the spaces).
Child-related services (for parents and legal guardians) There are several activities associated with this purpose, such as: facilitating services; facilitate reservations; prepare and coordinate places and services according to the preferences, instructions and expectations of customers; payment and collection services; meal services. Parental consent or legal guardian, how to meet the needs of children;
Legal obligations related to financial transactions, such as the obligation to maintain cash and records;
Vital interests of individuals, such as when a child falls ill while participating in activities.
Marketing, promotions and contests There are several activities associated with this purpose, such as: communicating about products and services that may be of interest to customers; provision of personalized advertisements for products and services on selected websites, which may also include segmentation and profiling (as defined in the GDPR); support for participation in sweepstakes, contests and other promotions (such as contests for best holiday photos on social networks); and handling customer requests, inquiries and complaints. Performance of the contract in relation to the fulfillment of obligations associated with a tender;
Consent, how to respect communication preferences (for example, email, SMS);
Legitimate interests, such as offering ads for similar products and services;
Legal obligations, such as handling information consistent with contest-related rules.


Other uses and disclosures:
We will use and disclose Personal Data that we deem necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) comply with the legal process; (c) respond to requests from public and government authorities, including authorities outside your country of residence and meet national security or law enforcement requirements; (d) enforce our terms and conditions; (e) protect our operations, as in the case of any reorganization, merger, sale, assignment, transfer or other disposition of all or any part of the business, assets (including bankruptcy or similar procedures); (f) protect the rights, privacy, security or property, you or others; and (g) allow us to search for available remedies or limit the damage that we may suffer.
We may use and disclose other data for any purpose, except in cases where it is not permitted by applicable law.

Your Rights

  1. Right to be informed - You have the right to obtain clear, transparent and easily understandable information about how we use your data and what your rights are. That's why we provide you with all this information in this Privacy Policy.
  2. Right of access - You have the right to obtain a copy of your data and certain information about how that data is treated. This right allows you to be aware of and confirm that we use your data in accordance with data protection laws. We may refuse to provide you with the requested information whenever, in order to do so, we may disclose another person's Personal Data or negatively impact the rights of another person.
  3. Right to rectification - If your data is incorrect or incomplete, you can ask us to proceed with the respective rectification / correction.
  4. Right to erase data - Allows you to request the erasure or deletion of your data, as long as there are no valid grounds for us to continue using it or its use is unlawful. This is not a general right to erasure, as exceptions are allowed (for example, whenever this data is necessary for the defense of a right in a judicial process).
  5. Right to limitation of processing - You have the right to “block” or prevent the future use of your data when we evaluate a request for rectification or as an alternative to deletion. Whenever processing is limited, we will still be able to store your data, but we will not be able to use it later. We maintain lists of people who have requested to “block” the future use of your data to ensure that this limitation is respected in the future.
  6. Right to data portability - You have the right to obtain and reuse certain Personal Data for your own purposes in various organizations. This right applies only to the data you have provided to us and which we process with your consent, which are processed by automated means.
  7. Right to opposition - You have the right to oppose certain types of treatment, for reasons related to your particular situation, at any time during which this treatment takes place, for the purposes of the legitimate interest of TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. or third parties. We may continue to process that data if we can provide evidence of “overriding legitimate reasons for treatment that overlap with your interests, rights and freedoms” or if that data is necessary for the declaration, exercise or defense of a right in a judicial proceeding.
    You may at any time, in writing, exercise the rights enshrined in the Personal Data Protection Law and other applicable legislation by e-mail: rgpd@tomazdodouro.com

Retention period of Personal Data

We keep Personal Data only for the period / time necessary to carry out the specific purposes for which it was collected. However, we may be required to store some Personal Data for a longer period, taking into account factors such as:
  • legal obligations, under current laws, to keep Personal Data for a specified period;
  • prescription / statute of limitations, under the laws in force;
  • litigation; and,
  • guidelines issued by the competent data protection authorities.
During the Personal Data Processing period, we guarantee that they are treated in accordance with this Privacy Policy. As soon as the Data is no longer needed, we will proceed to delete it safely.

Safety

Personal Data will be treated only in the context of the purposes identified in this Policy, in accordance with the internal policies of TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. and using technical and organizational measures designed in accordance with the risks associated with the specific treatment of Personal Data. We use appropriate security measures to ensure the protection of your Personal Data and prevent access by unauthorized persons. We periodically review our security policies and procedures to ensure that our systems are safe and secure. However, since the transmission of information over the Internet is not completely secure, we cannot guarantee the security of your data transmitted to our Website.

Confidentiality

We recognize that the information you provide may be of a confidential nature. Within the scope of its activity, TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. does not sell, rent, distribute, or make Personal Data commercially or otherwise available to any third party, except in cases where you need to share information with Service Providers for the purposes set out in this Policy or to Third Parties for the purpose of complying with your legal obligations. We will preserve the confidentiality of your data and protect it in accordance with our Privacy Policy and all applicable laws.

Changes to this Privacy Policy

TOMAZ DO DOURO - EMPREENDIMENTOS TURÍSTICOS, LDA. periodically update this Privacy Policy. Whenever you do, the new version will be published on the website and will immediately take effect, so we advise you to consult it regularly.

Contacts

If you need more information contact us through the following email: rgpd@tomazdodouro.com
Book Now