Commitment to Customer and User Privacy
Companhia Turística do Douro, operator of the website www.ctdouro.com, recognizes the critical importance of our customers’ privacy and the security of their personal information. This Privacy Policy outlines how any personal data we receive from our customers, whether through our website or otherwise voluntarily provided by them, will be processed and stored by us. We are fully committed to protecting our customers’ personal information and being transparent about the data collection and usage practices.
In accordance with the General Data Protection Regulation (GDPR, EU Regulation 2016/679) established by the European Commission, Companhia Turística do Douro acts as the Data Controller. By interacting with our site and providing personal data, you acknowledge and agree to the practices described in this Privacy Policy. This includes the agreement of other parties involved in any reservation or purchase made on your behalf, ensuring their understanding and agreement with the processing of their personal data as described.
By making a reservation, making a purchase, or providing us with personal data through our site, you agree to the transfer, storage, and processing of such data, as necessary. We will undertake all legally required measures to ensure that your data is handled securely and in accordance with this Privacy Policy.
Collection and Use of Personal Data
At Companhia Turística do Douro, the privacy and security of our customers’ data are of utmost importance. We maintain a record of data provided by customers, which is kept for a period of 20 years from the first contact. The stored data is exclusively those provided by the customers at the time of their registration or subsequently requested for reservation purposes, and are collected in accordance with the standards approved by the National Data Protection Commission.
When making a reservation or purchase on our site, we automatically register certain personal data provided by the customer. These data include information such as name, contact, email address, and Tax Identification Number (NIF). In certain cases, we may require sensitive personal data, such as citizen/card/passport number, exclusively for the organization of the requested tourism service. We ensure careful and confidential handling of all personal data.
For online reservations with credit card payments, we redirect customers to certified payment platforms, ensuring a secure and encrypted transmission of data. Companhia Turística do Douro only receives confirmation of payment authorization.
We commit not to request or process information about philosophical or political convictions, religious faith, private life, health, or sexual life of customers, except when necessary to ensure specific needs related to the tourism service, such as dietary requirements or health conditions, always with the explicit consent of the customer.
We implement necessary technical and organizational security measures to protect personal data against unauthorized access, alteration, or loss, adapting these measures to emerging needs and risks.
Customers who wish to exercise their rights of access, rectification, deletion, or opposition can do so through our website or by sending a request to info@ctdouro.com, ensuring the protection and confidentiality of their data.
Other Methods of Personal Data Collection
At Companhia Turística do Douro, in addition to information directly provided by our customers and users, we may obtain personal data through other means, including but not limited to:
- Responses to promotions or surveys conducted through our website, subscription to newsletters or marketing materials, communication of problems, or other similar interactions. In these cases, we may record your email address, always offering the option to unsubscribe. To remove your data, simply send us a request to info@ctdouro.com.
Data from Third-Party Sources:
We may also receive information through trusted suppliers and partners, ensuring that they comply with the General Data Protection Regulation (GDPR) requirements:
- If you make a reservation for one of our services through a travel agency or tour operator partner, the personal data necessary for providing the requested service will be shared with us, even if the reservation is not finalized.
- Feedback provided on social networks or other evaluation platforms will be processed by these entities and shared with us, excluding personal data.
- Calls to our contact number [+351] 254 732 702 are recorded by our call management software, which collects data such as contact number, date, duration, and call information, sharing these data exclusively with us. If there is no commercial relationship, this data will be discarded.
- Interactions through our online chat (e.g., Zendesk Chat) can be stored by the service provider, including conversation history, frequency of visits to the site, visited pages, browser used, operating system, IP location, and time spent on the site, committing to share only the necessary data with us.
Additionally, we may collect data about your visits to our site, including traffic, location, IP address, operating system, and browser type for statistical purposes, without individually identifying our users.
Transfer of Personal Data
Sharing with Travel and Service Partners
When making a reservation or purchase through our site, it is necessary to share your personal data with third parties relevant to the completion of the requested services. This includes:
- Data and Technology Managers: Companies that support us in managing the services we offer, including external customer relationship management (CRM) systems and billing tools.
- Payment Processors: Entities that facilitate payment transactions, assisting us in payment management, fraud prevention, and detection.
- Email Marketing Platforms: Services used for marketing communication, ensuring the protection and encryption of subscriber data.
- Government Authorities: In specific situations, we may be required to share your data with government bodies or other authorities for security, immigration, or border control purposes. Although it is not always mandatory to share information with these entities, we may do so voluntarily to assist in national security or investigation matters.
Commitment to Data Protection
We commit to ensuring the security of your personal data, sharing it only with third parties who comply with appropriate data protection standards and are necessary for providing the requested services. Any data transfer outside the European Economic Area will be conducted in compliance with applicable data protection laws, ensuring that your data subject rights are respected and protected.
Treatment and Conservation of Personal Data
Guarantee of Security and Confidentiality
The security and privacy of our customers’ personal data are of utmost importance to us. We commit to protecting the information entrusted to us through rigorous security measures, complying with legal requirements to protect against alteration, loss, or unauthorized access. We use certified and secure storage solutions, including backups on Google Drive and NAS (Network Attached Storage) devices, allowing secure remote data storage and access.
Encryption and Data Protection
The data recorded on our site are encrypted and protected using advanced security technologies, such as firewalls, private circuits, and VPNs, ensuring the integrity and confidentiality of our customers’ data. Our servers are hosted in specialized Datacenters, offering advanced digital protection services, including regular backups and data recovery systems, ensuring secure and efficient information management.
Companhia Turística do Douro’s Commitment
We commit to:
- Ensure the custody of personal data provided by our customers, adopting appropriate technical and organizational security measures to protect against alteration, loss, or unauthorized access.
- Use the data exclusively for the specific purposes for which they were collected, according to our customers’ explicit consent.
- Ensure that only authorized employees, whose intervention is essential for providing the services, have access to personal data, subject to confidentiality and secrecy duties. Moreover, any data sharing with third parties will be governed by a confidentiality commitment, ensuring the protection and privacy of our customers’ data.
Through these measures, we reaffirm our commitment to the security of our customers’ personal data, respecting and protecting their privacy in accordance with current data protection regulations.
Use of Personal Data for Marketing Purposes
Subscription Policy and Communication Sending
At Companhia Turística do Douro, we respect our customers’ and users’ preferences regarding the receipt of promotional and informational materials. We will only send newsletters and offers via email to users who expressly subscribe to our newsletter service through the double opt-in process, ensuring that only those who wish to receive our communications are included in our distribution lists.
Data Management for Marketing
The personal data voluntarily provided by users for newsletter subscription purposes (“name” and “email address”) are managed through a secure and certified external platform. This platform is used by Companhia Turística do Douro for database organization and conducting Email Marketing campaigns. We commit not to share this data with third parties not bound by a service agreement with us, that do not comply with required security and encryption standards, and are not specialized in Email Marketing and Marketing Automation.
Commitment to Confidentiality and GDPR Compliance
We guarantee that our marketing partners strictly follow the norms established by the General Data Protection Regulation (GDPR), maintaining the confidentiality of stored data and prohibiting its disclosure. The privacy and security of our users’ data are our top priorities.
Right to Unsubscribe
We recognize users’ right to change their communication preferences at any time. If they decide not to receive further marketing communications from us, they can easily unsubscribe from our newsletter. By doing so, their data will be automatically removed from our marketing database, ceasing all promotional communications.
Companhia Turística do Douro commits to maintaining a transparent and respectful policy regarding the use of personal data for marketing purposes, ensuring that our customers’ preferences are always respected and protected.
Retention of Personal Data at Companhia Turística do Douro
Data Retention Period
At Companhia Turística do Douro, we recognize the importance of managing our customers’ personal data with the utmost care and responsibility. After making a reservation, requesting availability information, or filling out any form available on our site, we retain your personal information for the period strictly necessary to provide you with the requested services and to comply with obligations arising from the transactions made.
Retention Criteria
Personal data are retained according to the purposes described in this Privacy Policy, which may include the need to keep the data for customer support, marketing, legal auditing, and compliance with legal obligations. In general, personal data related to reservations, purchases, or marketing interactions are kept for a maximum period of 20 years. This term may be adjusted as necessary to comply with legal, regulatory requirements, or to meet audit objectives.
Data Subject Rights at Companhia Turística do Douro
In accordance with the General Data Protection Regulation (GDPR), any person whose personal data are processed by Companhia Turística do Douro has the following rights:
- Right of Access: You have the right to request and obtain, at any time, access to your personal data under our management. We may request confirmation of your identity to ensure information security.
- Right to Rectification: If you identify that the information we hold is inaccurate or incomplete, you can request its correction or completion.
- Right to Withdraw Consent: You can withdraw your consent for the processing of your personal data at any time. This action does not affect the legality of the processing based on consent before its withdrawal.
- Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data from our systems, except in cases where there is a legal obligation to maintain them.
- Right to Restriction of Processing: Under certain circumstances, you can request the restriction of processing of your data, meaning that the data may only be processed with your consent or for certain legal purposes.
- Right to Data Portability: You have the right to receive the personal data you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller.
- Right to Object: You can object at any time to the processing of your personal data, especially for direct marketing purposes.
- Right to Lodge a Complaint: If you consider that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority.
To exercise any of these rights, you should contact us via email: info@ctdouro.com. We commit to responding to all requests promptly and in accordance with applicable legislation.
Contacts for Exercising Rights:
For questions related to this policy or to exercise your rights, please contact us through the following means:
Email: info@ctdouro.com
Companhia Turística do Douro ensures a commitment to protecting the privacy and data of its customers and users, adopting the best practices in the field of personal data security and protection.
Data Security Guarantee at Companhia Turística do Douro
Links to External Sites
Our website may include links to external sites, blogs, and other sources of information relevant to our visitors. These links are carefully selected, aiming to complement the content we provide and enrich our users’ experience.
These links are carefully selected, aiming to complement the content we provide and enrich our users’ experience. Keep in mind that these external sites have their own privacy policies, which may differ from ours. We have no control over the collection, storage, or processing of personal data by third parties, and as such, we assume no responsibility for the privacy practices or content of these sites.
We recommend that you carefully read the privacy policies of these external sites before providing any personal data. The inclusion of links on our website does not imply endorsement of the linked sites by us, nor a partnership with the entities managing them.
Companhia Turística do Douro commits to providing links only to sites that share our high standards of respect for privacy. However, the security of your data while browsing third-party sites is beyond our control. Therefore, we advise caution and reading the privacy policies of each site you visit.
Cookie Policy
Companhia Turística do Douro uses cookies to enhance our users’ browsing experience on our website, https://www.ctdouro.com. Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit websites. They allow the site to remember your actions and preferences (such as login, language, font size, and other display preferences) for a period of time, so you don’t have to re-enter them whenever you return to the site or navigate from one page to another.
Types of Cookies Used
- Essential Cookies: These cookies are fundamental to the functioning of our website, allowing you to browse and use its features. Without these cookies, services that you have requested, such as making a reservation, cannot be provided.
- Performance and Analysis Cookies: We use these cookies to analyze how visitors use our website and monitor the site’s performance. This allows us to offer a high-quality experience by customizing our offer and quickly identifying and resolving any issues that arise.
- Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language, or region you are in) and provide enhanced, more personal features.
- Marketing and Advertising Cookies: These cookies are used to deliver more relevant advertisements to you and according to your interests. They are also used to limit the number of times you see an advertisement, as well as help measure the effectiveness of advertising campaigns.
Cookie Management
You can choose how cookies are used on your device through your browser settings. Most browsers allow you to block or delete cookies. However, if you block all cookies, parts of our site may not function as expected.
For more information on how to manage and delete cookies, visit www.aboutcookies.org. Remember that by deleting or blocking cookies, you may not be able to access certain areas or features of our site.
Consent for the Use of Cookies
By using our website, you agree to the placement of cookies on your device as explained in this Cookie Policy. If you choose not to accept cookies, you can still visit our website, but some functionalities may be limited.
Companhia Turística do Douro is committed to protecting your privacy and providing a transparent and controlled experience. If you have any questions or concerns about the use of cookies on our website, please do not hesitate to contact us.
Purpose of Collected Personal Data
Companhia Turística do Douro collects personal data for various essential purposes to the proper functioning of our services and the satisfaction of our customers and users, always ensuring strict compliance with the data protection standards established by the GDPR. The purposes of data collection include:
- Travel Agency and Tour Operator Activity: We collect data to offer and improve tourism services, including tours, excursions, and other activities related to tourism in the Douro.
- Reservation Execution: To finalize reservations requested by users, it is essential to collect data that allow efficient management of the reservations, from the first contact to the completion of the service.
- Direct Communication: We use SMS messages or emails for communications strictly related to the reservations made, ensuring clear and up-to-date information about the requested services.
- Improvement and Personalization of Services: The collected data allow us to manage, administer, provide, improve, and personalize the services offered, adapting them to users’ preferences and needs.
- Service Usage Analysis: Through studying and analyzing how our services are used, we can develop and optimize website functionalities, enhancing the experience for all users.
- Advertising and Promotion: With the user’s express consent, data can be used to send promotional information, news, and special offers that may be of interest.
Consent for Data Sharing
By using our website www.ctdouro.com, the user gives consent for Companhia Turística do Douro to process their personal data as described here. Additionally, the user expressly agrees that their personal data may be shared with:
- Competent Authorities: For the user’s security, we may share data with national and international authorities on matters of tourism, terrorism, or legal infractions.
- Entities Associated with Tourism Service Provision: Data may be shared with affiliated entities, subsidiaries, or service partners to ensure the correct provision of requested services.
- Certified Third Parties: With outsourced companies, always certified and in compliance with the GDPR, for data security purposes, booking management, and associated marketing activities.
This data sharing will always be carried out with maximum security, respecting the privacy and protection of our users’ data, and only with entities that guarantee compliance with legal obligations regarding data protection.
Updates to the Privacy Policy
Companhia Turística do Douro recognizes the importance of keeping its Privacy Policy updated to reflect any changes in data management practices or applicable legislation. Thus, we reserve the right to make changes to this Privacy Policy at any time, ensuring that these are properly communicated to our users through our website or other communication means.
We encourage all users to visit this section periodically to be informed about any updates or changes. Should there be significant changes that may affect how we treat users’ personal data, we will do our best to notify more directly, such as through email.