Quinta Do Damasco

Privacy Policy

Quinta Do Damasco is committed to protecting the personal data of its website visitors, customers, and partners in full compliance with the General Data Protection Regulation (GDPR) and the specific requirements of Portuguese Law (Law No. 58/2019).

Last Updated: 10-DEC-2025

WHO IS RESPONSIBLE FOR YOUR DATA? (DATA CONTROLLER)

The Data Controller responsible for the processing of your personal data is:

Phone Number: +351 910 913 667

Entity Name: RED Horizon Unipessoal

Represented By: Ramia Abdulghnai

Address: RUA DA QUINTA , B2 2445-447 PISÕES (Quinta Do Damasco)

Email for Data Inquiries: info@damasco.pt

WHAT PERSONAL DATA DO WE COLLECT AND WHY?

We only collect data that is necessary for the specific purpose for which it is processed (Data Minimisation Principle).

Activity / Data Collection PointTypes of Personal Data CollectedPurpose of ProcessingLegal Basis (Art. 6 GDPR)Data Retention Period
Accommodation Booking/PurchaseName, Email, Phone, Address, Dates of Stay, Payment Details (processed by third-party only), Special Requests (e.g., dietary, allergies – Sensitive Data).To process and manage your reservation, fulfil the contract, and comply with fiscal/tax obligations.Contract (Performance of a contract to which the data subject is party) and Legal Obligation (Tax law, Serviço de Estrangeiros e Fronteiras (SEF) reporting).7 to 10 years, as required by Portuguese tax law
Contact Form / Direct EmailName, Email, Contents of the message.To respond to your inquiry, provide support, and manage communication.Legitimate Interest (Responding to user requests) or Consent (if the inquiry leads to a potential contract).Up to 1 year after the last communication, unless a contract is established
Newsletter Sign-upEmail address.To send you updates, news, special offers, and information about workshops/products.Consent (Freely given, specific, informed, and unambiguous).Until you withdraw consent (unsubscribe).
Website Analytics / CookiesIP address, Browser type, Operating System, pages visited, time spent on site.To analyse website performance, understand user behaviour, and improve our services (only after user consent).Consent (Via the Cookie Banner).Typically 1 day to 2 years, depending on the cookie type. See Cookie Policy.

Note on Sensitive Data (Special Categories of Personal Data): If you provide information about dietary restrictions (allergies, medical needs) in the special requests section, this is processed under your Explicit Consent to ensure the safety and quality of your stay/experience. This data is deleted immediately after your departure.

HOW IS YOUR DATA PROCESSED AND SHARED?

A. Data Processors (Third Parties)

To run our business, we use GDPR-compliant service providers who act as Data Processors. We have Data Processing Agreements (DPA) with these entities to ensure they protect your data according to GDPR standards.

Website Hosting: AlmourolTec, Lda

Booking System: Airbnb, Booking.com, or direct system nameFor reservation management).

Payment Processor: Stripe, PayPal, IBAN, MBway , Multibanco and Epagu

Email Marketing Platform: Mailchimp, Sendinblue

Legal Obligations (Portuguese Law)

We are obligated by Portuguese Law to share certain data:

  • SEF (Serviço de Estrangeiros e Fronteiras): By law (Lei n.º 23/2007, de 4 de Julho), we are required to register the identification data of all non-Portuguese guests with the Portuguese Immigration and Borders Service (SEF).

C. International Data Transfers

If any of our third-party processors are located outside the EU/EEA (e.g., in the USA), we ensure that the transfer is safeguarded by legal mechanisms (e.g., Standard Contractual Clauses (SCCs) approved by the European Commission).

4. SECURITY MEASURES

We implement appropriate technical and organisational security measures to protect your personal data from accidental loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include:

  • SSL/TLS encryption for data transmission on the website.
  • Access controls and password protection for internal systems.
  • Regular security updates and data backups.

Under the GDPR, you have the following rights regarding your personal data, which you can exercise by contacting us at

info@damasco.pt

  1. Right to Information (Art. 13 & 14): The right to be informed about the collection and use of your personal data (fulfilled by this policy).
  2. Right of Access (Art. 15): The right to request copies of your personal data we hold.
  3. Right to Rectification (Art. 16): The right to request that we correct any information you believe is inaccurate or incomplete.
  4. Right to Erasure (‘Right to be Forgotten’) (Art. 17): The right to request that we erase your personal data, under certain conditions (e.g., where there is no longer a legal basis to keep it). Note: Data kept for legal/tax obligations cannot be deleted.
  5. Right to Restrict Processing (Art. 18): The right to request that we restrict the processing of your personal data, under certain conditions.
  6. Right to Data Portability (Art. 20): The right to request that we transfer the data that we have collected to another organisation, or directly to you, in a structured, commonly used and machine-readable format.
  7. Right to Object (Art. 21): The right to object to our processing of your personal data, particularly where the basis is ‘Legitimate Interest’ or for direct marketing.
  8. Right to Withdraw Consent (Art. 7): If we process your data based on your consent (e.g., for the newsletter), you have the right to withdraw that consent at any time.

We commit to responding to all data subject requests within one calendar month.

6. COMPLAINTS TO THE SUPERVISORY AUTHORITY

If you have a complaint regarding our processing of your personal data, you have the right to lodge a complaint with the Portuguese national supervisory authority:

Comissão Nacional de Proteção de Dados (CNPD)

  • Address: Av. D. Carlos I, 134 – 1.º 1200-651 Lisboa, Portugal
  • Website: www.cnpd.pt

7. CHANGES TO THIS PRIVACY POLICY

We review and update this Privacy Policy regularly. Any changes will be posted on this page, and the “Last Updated” date at the top of the policy will be revised.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by