PRIVACY POLICY

The protection of your personal data is a priority for GESTINAZOR, Consultoria e Investimentos Imobiliários, Unipessoal Lda. (VAT: 514 868 813), based in the Autonomous Region of the Azores. This Privacy Policy explains how we collect, use and protect your data in accordance with the General Data Protection Regulation (GDPR).

 

1. Who is responsible for processing your data?

Your data will be processed by Gestinazor, Unipessoal Lda., as the controller for the purposes of Article 4(7) of the GDPR.

2. When and how do we collect your personal data?

We may collect your personal data in the following situations:

  • When you book through our website or through platforms like Airbnb, Booking, or VRBO;
  • During the check-in process (including completion of the Guest Registration Form);
  • When you contact us by email or phone;
  • When you request additional services (e.g. transfers, cleaning, extra beds);
  • When visiting our website, through cookies and tracking technologies.

3. What data do we collect?

Depending on the interaction, we may collect the following data:

  • Identification data: full name, nationality, date of birth, ID or passport number;
  • Contact data: email, phone number, address;
  • Reservation data: dates, number of guests, preferences;
  • Payment data: card or bank information (processed securely via third-party providers);
  • Technical data: IP address, browser, device, usage data;
  • Marketing data: newsletter preferences and interaction (if applicable).

4. Why do we process your data?

Your personal data may be processed for the following purposes:

  1. To comply with legal obligations, such as reporting to immigration authorities (SEF), invoicing and fiscal duties;
  2. To perform the accommodation contract, including booking management, check-in/check-out, payments, and service delivery;
  3. For legitimate interests, such as property protection, customer service improvement, and internal statistics;
  4. For marketing and communication, such as sending promotional messages, only with your prior consent.

5. Legal basis for processing

  • Art. 6(1)(c) GDPR – Compliance with a legal obligation;
  • Art. 6(1)(b) GDPR – Execution of a contract;
  • Art. 6(1)(a) GDPR – Consent (for marketing);
  • Art. 6(1)(f) GDPR – Legitimate interest pursued by Gestinazor.

6. How long do we retain your data?

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal obligations:

  • SEF data: retained for 1 year;
  • Reservation and billing data: retained for up to 10 years (as required by tax law);
  • Marketing data: retained until consent is withdrawn;
  • Statistical or internal data: retained in anonymized or aggregate form where possible.

7. Who do we share your data with?

We may share your data with:

  • Public authorities – including SEF, Tax Authority, or other regulators, when legally required;
  • Third-party service providers – such as cleaning companies, IT support, accounting, and insurance providers, under data processing agreements;
  • Digital platforms – such as Talkguest, Stripe, web hosting and email marketing providers;
  • Courts or law enforcement agencies, in the context of legal or security-related obligations.

Note: We do not sell or trade your personal data to third parties.

8. Are your data transferred outside the European Union?

By default, your data is stored within the European Union.

In specific cases, your data may be transferred outside the EU for hosting, backups, or technical processing purposes. If this occurs, Gestinazor will ensure that:

  • Transfers are made to countries with an adequate level of data protection, or
  • Are governed by standard contractual clauses approved by the European Commission, in compliance with GDPR.

9. What are your rights?

You have the following rights under GDPR:

  • Access your personal data;
  • Correct or update inaccurate data;
  • Request erasure ("right to be forgotten");
  • Restrict or object to processing where applicable;
  • Withdraw consent at any time (for marketing communications);
  • Data portability where technically feasible
  • Lodge a complaint with the Portuguese Data Protection Authority (CNPD).

Gestinazor may charge a reasonable fee or decline requests if they are manifestly excessive or repetitive, as permitted by Article 12 of the GDPR.

10. Security and Confidentiality

We implement appropriate technical and organizational measures to safeguard your personal data.

However, no data transmission over the Internet is completely secure, and we cannot fully guarantee the safety of data shared online.

We also commit to respecting your confidentiality:

  • We do not sell or commercially disclose your data to third parties;
  • All data processing is conducted in line with this Privacy Policy and applicable legislation.

11. Need help or have questions?

If you have questions or wish to exercise any of your rights, you may contact us via:

📧 Email: geral@gestinazor.com