At Riosultravel, Agência de Viagens e Atividades Marítimo-Turísticas (“Riosultravel”, “we”, “us”, or “our”), we are committed to protecting and respecting your privacy.
This Privacy Policy outlines how we collect, use, process, and protect your personal data when you visit our website, book our tours (including Jeep Safaris and Guadiana River Cruises), or communicate with our team, in strict compliance with the General Data Protection Regulation (GDPR) and Portuguese data protection laws.
1. Data Controller Identity
For the purposes of the GDPR, the Data Controller responsible for your personal information is:
- Company Name: Riosultravel, Agência de Viagens e Atividades Marítimo-Turísticas
- Registered Office: Rua Tristão Vaz Teixeira 15C, 8900-470 Monte Gordo, Portugal
- NIF (VAT Number): 500879265
- Contact Email for Privacy Enquiries: reservas@riosultravel.com
2. What Personal Data We Collect
We only collect information that is necessary to provide you with our services. This may include:
- Identity Data: First name, last name, and the ages/dates of birth of children or babies travelling with you (to verify ticket pricing).
- Contact Data: Email address, billing address, and mobile phone number.
- Booking and Transaction Data: Details about the tours you have booked, pick-up locations, payment status, and any specific dietary requirements or health notes you provide us for your safety and comfort during our excursions and meals at Quinta do Rio.
- Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, and operating system used to access our website.
3. How We Collect Your Data
We collect personal data through several different methods, including:
- Direct Interactions: When you fill out our contact form, subscribe to a newsletter, or communicate with us via email, phone, or WhatsApp.
- Booking Systems: When you make a reservation through our website via our secure third-party booking partner, Fareharbor.
- Automated Technologies: As you interact with our website, we may automatically collect technical data about your equipment and browsing actions via cookies. (Please see our Cookies Policy for more details).
4. How and Why We Use Your Data
We will only use your personal data when the law allows us to. We process your data under the following legal bases:
- Contractual Necessity: To process and fulfil your tour booking, arrange transport, manage payments, and communicate essential itinerary updates.
- Legal Obligation: To comply with Portuguese tax and accounting laws (e.g., issuing invoices via the Autoridade Tributária) and maritime passenger manifest requirements where applicable.
- Legitimate Interests: To improve our services, ask for post-tour reviews, and ensure the security of our website.
- Consent: To send you marketing communications or newsletters, provided you have explicitly opted in to receive them.
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. However, to operate our website and business effectively, we share your data with trusted third-party service providers who act as data processors on our behalf. These include:
- Website Infrastructure: Our website is built on WordPress and utilises Elementor Pro to manage our contact forms. When you submit an enquiry, this data is temporarily processed by these systems.
- Email Communications: We use a secure SMTP service to ensure the reliable deliverability of your booking confirmations and email enquiries to our inbox.
- Booking and Payments: We use FareHarbor as our secure booking and reservation system. FareHarbor processes your transaction data and payment details independently and securely.
- Analytics and Optimisation: We use Google Analytics 4 (GA4), managed via Google Tag Manager and Google Site Kit, to understand how visitors interact with our website. This data is aggregated and anonymised where possible.
- Web Fonts: We use Google Fonts to display text on our website. When your browser requests these fonts, your IP address may be temporarily logged by Google’s servers.
6. Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. Access to your personal data is limited strictly to employees and partners who have a business need to know and who are subject to a duty of confidentiality.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
Accounting and Tax Records: Under Portuguese law, we are required to keep basic information about our customers (including Contact, Identity, and Transaction Data) for a minimum of 10 years for tax purposes.
General Enquiries: Data submitted via contact forms that do not result in a booking will be deleted after 12 months.
8. Your Legal Rights
Under the GDPR, you possess several rights regarding your personal data, including the right to:
- Request access to your personal data (a “data subject access request”).
- Request correction of incomplete or inaccurate data we hold about you.
- Request erasure of your personal data when there is no longer a good reason for us to continue processing it (subject to our legal retention requirements).
- Object to processing of your data, particularly for direct marketing purposes.
- Withdraw consent at any time where we are relying on consent to process your personal data.
To exercise any of these rights, please contact us at reservas@riosultravel.com. We aim to respond to all legitimate requests within 30 days.
9. Right to Complain
If you believe that your data protection rights have been breached, you have the right to lodge a complaint with the Portuguese data protection authority:
Comissão Nacional de Proteção de Dados (CNPD)
- Website: www.cnpd.pt
- Address: Av. D. Carlos I, 134 – 1.º, 1200-651 Lisboa, Portugal
