Privacy Policy

Privacy Policy

Introduction

Alojamentos Pando, operated by Pando Turismo Lda, Tax Identification Number (NIF) 502623250, with registered office at Rua Eng. Frederico Ulrich 3472 C52, is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, and protect your data through our platforms: institutional website, booking engine, and check-in process.

Who is responsible for processing your data?

Your data is processed by Pando Turismo Lda, as the data controller, in accordance with the General Data Protection Regulation (GDPR).

When do we collect your personal data?

We may collect your data:

  • When you visit our website
  • When you make reservations through the booking engine
  • When you contact us by email, phone, or WhatsApp
  • During the check-in process
  • When you use additional services (e.g. cleaning services)

What data do we collect?

Depending on your interaction, we may collect:

  • Identification data: name, nationality, date of birth, ID/document number
  • Contact data: email, phone number, address
  • Booking data: dates, number of guests, preferences
  • Payment data: credit card details (securely processed via Stripe or another provider)
  • Technical data: IP address, browser, device, usage data
  • Marketing data: newsletter preferences and interaction

For what purposes do we process your data?

Your data may be used for:

A. Compliance with legal obligations

  • Reporting to SEF (Portuguese Immigration and Borders Service)
  • Invoicing and tax obligations

B. Performance of a contract

  • Reservation and accommodation management
  • Check-in and check-out
  • Provision of additional services (cleaning, laundry, transfers)

C. Marketing and communication (with consent)

  • Sending newsletters, campaigns, and promotional communications

D. Service analysis and improvement

  • Statistical and behavioral data for continuous improvement

Legal basis for data processing

  • Article 6(1)(c) GDPR – Legal obligation
  • Article 6(1)(b) GDPR – Performance of a contract
  • Article 6(1)(a) GDPR – Consent (marketing)
  • Article 6(1)(f) GDPR – Legitimate interest (analysis and improvements)

How long do we retain your data?

We retain data only for the strictly necessary period:

  • To comply with legal obligations (e.g. SEF – 1 year)
  • To manage reservations and stays
  • For statistical or marketing purposes, until consent is withdrawn

With whom do we share your data?

  • Public authorities (SEF, Tax Authority)
  • Technical service providers (e.g. CRM systems, invoicing, Stripe)
  • Employees and group companies with equivalent privacy policies

Note: We never sell your data to third parties.

International data transfers

  • Your data is stored within the EU. In exceptional cases, data may be transferred outside the EU with appropriate safeguards, including EU Standard Contractual Clauses, ensuring GDPR compliance.

Cookies and tracking technologies

We use cookies for:

  • Performance analysis (Google Analytics, Tag Manager)
  • Booking and payment management (Ynnov, Stripe)
  • Social media integration and customer support (Facebook, WhatsApp, Clarity)

You can manage cookie preferences in your browser settings.

Your rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request data deletion
  • Withdraw consent
  • Object to marketing
  • Lodge a complaint with the CNPD (Portuguese Data Protection Authority) – www.cnpd.pt

How to exercise your rights

Contact us at:
Email: alojamentopando@gmail.com
Phone: +351 915 205 481
Address: Rua Eng. Frederico Ulrich 3472 C52

Changes to this Policy

This policy may be updated occasionally. We recommend reviewing this page regularly.
If you have any questions, please contact us at alojamentopando@gmail.com.