This Privacy Policy explains how Doazores, Lda. collects, uses, and protects your personal data when you use our website and services. We comply with the EU General Data Protection Regulation (GDPR) and Portuguese Law 58/2019.
1. Data controller
Doazores, Lda., Rua do Mercado 12, 9500-088 Ponta Delgada, Portugal. Contact the Data Protection Officer at privacy@doazores.com.
2. What data we collect
Account data (name, email, phone, country). Booking data (experience, date, number of guests, special requests). Payment data (processed by our payment providers — we never see full card numbers). Technical data (IP address, browser, device, pages visited).
3. Why we collect it
To process your bookings (legal basis: contract). To send you transactional emails (legal basis: contract). To send you marketing emails (legal basis: consent; you can opt out anytime). To improve our service and prevent fraud (legal basis: legitimate interest). To comply with Portuguese tax and accounting law (legal basis: legal obligation).
4. Who we share it with
The Operator hosting your experience (only data needed to deliver the service). Payment processors (Stripe, PayPal). Email and analytics providers under Data Processing Agreements. Public authorities when required by law.
5. International transfers
Some providers are outside the EEA. We rely on Standard Contractual Clauses approved by the European Commission.
6. Retention
Account data: kept while your account is active and for 6 months after closure. Booking and invoice data: kept for 10 years (Portuguese tax law). Marketing data: kept until you withdraw consent.
7. Your rights
You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to lodge a complaint with the Portuguese Data Protection Authority (CNPD, www.cnpd.pt). To exercise your rights write to privacy@doazores.com.
8. Cookies
We use cookies as described in our Cookie Policy.
9. Changes
We may update this Policy. Material changes will be notified on this page.