1 - Personal Data Privacy
2 - Collected Personal Data and Reasons
Ecotravel maintains a database with the register of customers that is stored for 20 years, after the first contact. The data present in this database is only the data provided by the customers themselves at the time of registration or later requests for booking purposes, being collected under the terms approved by the National Data Protection Commission by Ecotravel, the entity responsible for the file, with headquarters at Praça Mouzinho de Albuquerque nº113, store 70 (Shopping Brasília), 4100-359 Porto, Portugal.
When the customer makes a reservation or purchase on this website, Ecotravel automatically records certain personal data that the customer has agreed to provide. The type of data stored will be information such as "name", "contact", "email address". In some cases, we may need other, more personal data such as “ID card number and / or passport”. All information requested on personal data is used solely and exclusively to organize the chosen trip/cruise or tourist service. All personal data provided will be treated as being of a “sensitive” nature and, therefore, it deserves the utmost respect and care on the part of Ecotravel.
In the case of online bookings, the customer will be able to pay by VISA / Mastercard credit card online. In this way, you will be redirected to the page of Redunicre, a partner and certified entity that processes online payments, where you will be asked to enter your card details. In this sense, Redunicre and our bank are the only entities that process customer card data and guarantee the transmission of encrypted data. Ecotravel only receives information with the result of the authorization and instructions to proceed with the order.
In no event will information be requested on philosophical or political beliefs, party or union affiliation, religious faith, private life and racial or ethnic origin, as well as health or sexual life data (including genetic data) of clients. When we are preparing for their trip, the customer can provide us with other types of information, such as dietary requirements and food intolerances, medical / health conditions, disabilities or other special information similar to the previous ones, in order to ensure that your specific needs are met.
Therefore, Ecotravel guarantees that they have implemented and will continue to implement the security measures of a technical and organizational nature necessary to guarantee the security of the data that is provided, with a view to preventing its alteration, loss, treatment and / or unauthorized access, taking into account the nature of the stored data and the risks to which they are exposed.
If the customer wishes to exercise the rights of access, rectification, cancellation or opposition that GDPR grants them, he can do so through the website or send an email to email@example.com.
3 - Other Ways of Obtaining Personal Data
Ecotravel also reserves the right to collect personal data in the following circumstances: if the user responds to a promotion through this website, if he completes a questionnaire, subscribes to the newsletter or other Marketing material, reports a problem, among other situations similar to the previous ones . In this case, we may keep a record of your email address, with the possibility of removal. Or, alternatively, the user just needs to send us an email to firstname.lastname@example.org.
Personal data obtained by third party sources:
In addition to this data provided by the user / customer, we may receive information from other certified suppliers and partners, to whom we entrust the responsibility of ensuring full compliance with the privacy policies required by the GDPR.
If you book one of our programs through a third-party travel agency or tour operator, certain personal data (as applicable to your booking) will be passed on to Ecotravel, in order to provide the services that the customer has requested (even if the reservation does not occur);
- if the customer / user provides us with feedback through a social network or other comment submission tool, the feedback (but not personal data) will be processed by that same company and transmitted to Ecotravel;
- if someone contacts Ecotravel on [+351] 226 191 090, our telephone management software partner keeps a record and shares information exclusively with Ecotravel. The data collected is: “phone / mobile number”, “date” and “duration” of the call, “network information”. If you contact us through any of the phones / cell phones available at the company, your number may be associated with your purchase (if there is no business relationship, the number will be forgotten);
- if you contact Ecotravel through the conversion window on the website (Chat Forum), this partner will retain your conversation history with Ecotravel through this software, the number of visits to the website, the page on the website where the user is find, your browser, computer system, IP location and duration of visit to our website. This supplier comprimises to share only our user's personal data with us.
- we may also record your visits to this website, including (but not limited to) traffic data, location data, IP address, operating system and type of browser. These are statistical data about the actions and browsing patterns of our users and do not identify any individual.
4 - Transfer of Assigned Personal Data
When a customer fills out a form on our website and / or finalizes the purchase with Ecotravel, some personal data provided will need to be transmitted, processed and stored by relevant third parties, such as:
- travel partners, such as airlines, airports, hotels, insurance companies and shore support agents, tour or river operators, among other tour service providers associated with the order (as applicable to your reservation). Some of these third parties may be located outside the European Economic Area, and these organizations may not be subject to the same level of control in relation to the new GDPR law;
- data and technology management partners that allow us to manage the services we provide (external CRM for lead organization and monitoring, in order to improve the response and experience of our customers and Optitravel - billing tool agency management software);
- credit card payment facilitators, who help us process customer payments and assist us in detecting and preventing fraudulent payments or reservations (Redunicre);
- platforms for sending Email Marketing, ensuring the encryption of our databases that include the subscriber's “name” and “email address”;
- governmental or other authorities in Portugal (or in other countries), in order to guarantee the safety of themselves and other passengers. At this point we include those responsible for immigration, border control, security and anti-terrorism. Even if we are not required to provide information to these authorities, we may exercise our right to assist them when we deem it appropriate.
5 - Personal Data Treatment and Storage
Some personal data obtained through registration on our website or from customers who have established a business relationship with Ecotravel will need to be provided, processed and stored in secure and certified systems, which result from a combination of our own systems and systems from credible suppliers and relevant.
The personal data we keep is treated with the degree of protection required by law to guarantee their security and prevent their alteration, loss, treatment or unauthorized access. For this purpose, we use backups on Google Drive and NAS (Network Attached Storage), a device that stores and shares data from several computers, which can be accessed remotely.
The records on our website are also encrypted, following the GDPR standards, in technical infrastructures for peripheral control, namely by network firewalls, private circuits and VPN’s that respect the security requirements. The computer servers are housed in a Datacenter operator, which performs a digital information protection service for the hosted servers. The service includes file backup, its conservation according to the defined policy and the restore at the request of Ecotravel.
Ecotravel is therefore committed to:
- custody of the personal data granted to it by means of legally required security measures, of a technical and organizational nature, which guarantee its security, thus preventing its alteration, loss, treatment or unauthorized access, in accordance with the state of technology at each moment, the nature of the data and the possible risks to which they are exposed;
- use or apply the data exclusively for the purposes foreseen and for which the client has consented to give;
- make sure that the data is handled only by workers whose intervention is necessary for the provision of the service, being obliged to the duty of secrecy and confidentiality. If there is a possibility that the information may be disclosed to third parties, they are obliged by us to keep due confidentiality.
6 - Use of Personal Data in Marketing
If the user does not make an inquiry or purchase with Ecotravel, we will only send you information and offers by email if you subscribe to our newsletter (double opt-in), to receive our information and / or promotions. In this way, only users who have expressly agreed to receive Marketing material will be included in these databases.
This personal data consented by the user (“name” and “email address”) is shared with a secure and external certified platform, from which we manage the database and send Email Marketing. We will not transmit the data to third parties with whom we do not have a protocol, who do not guarantee the security and encryption of the database and who are not Email Marketing and Marketing Automation companies. We attribute to these partners the strict follow-up of the GDPR standards and the confidentiality regarding the stored data, its disclosure being clearly prohibited.
If the user chooses not to receive more Marketing information, he / she can unsubscribe from the newsletter and, in this way, it will be automatically deleted from our databases for Marketing purposes.
7 - Retention of Personal Data
8 - Rights Regarding Provided Personal Data
Any user or customer who provided their personal data has several rights in relation to the information they have provided, in accordance with the GDPR law, as follows:
- right to access your personal information: at any time, the person has the right to request access to their personal data maintained by Ecotravel, free of charge. We may require proof of identity and sufficient information about your interactions with us in order to locate your information. If someone makes the request on their behalf, that person must provide written and signed confirmation that they have actually been given authority. We reserve the right not to provide you with a copy if you include other people's personal information or if we have a lawful reason to withhold it;
- right to correct and update your personal information: the accuracy and accuracy of your information is important to us. Therefore, you can change your name or email address (or other relevant personal information) at any time, by sending us an email to email@example.com or by contacting us (+351 226 191 093);
- right to remove consent: at any time, the customer / user can revert their consent and prohibit us from using their data. If you wish to withdraw your consent to receive any direct marketing that you have previously chosen, you can remove your subscription by clicking on the “unsubscribe” button in our newsletters. Alternatively, you can send us an email to firstname.lastname@example.org or contact us. If you want to withdraw your consent for the processing of any special category of data, you will need to contact our team (email@example.com or +351 226 191 093). We warn you that if you ask us to stop processing this information in the middle of your booking or travel, it may mean that we may be unable to provide all or part of the services you have requested. Consequently, if we have to cancel your reservation or other purchase, you may have to pay the respective cancellation fee;
- right to delete your personal information or restrict its processing: you can request that your personal information be removed from our systems by email or in writing. As long as we have no legitimate reason (legal and commercial basis) to continue to process or maintain your personal information, we will make reasonable efforts to respond to your request as soon as possible. Until we permanently remove your information (due to software delays or similar problems), you can ask us to restrict the processing of your data. So, while processing is restricted, we will only be able to use them if we have your prior consent or if we are legally authorized to do so. And in order to facilitate the removal of your personal data, if you wish, we are developing a tool that allows the automatic removal of them;
- right to transfer your personal information to a structured data file: at any time you can ask us to send your personal data directly to another service provider. And we will do so if this is technically possible. We reserve the right not to provide a copy of your personal information if it contains other people's personal data or if we have another lawful reason to withhold that information;
9 - Our Approach to Personal Data Security
Although we do our best to protect your personal data, and always acting in accordance with strict GDPR standards, the transmission of information over the Internet is not entirely secure. Therefore, we cannot guarantee the total security of your data transmitted to our website. When we receive your information, we take all reasonable and legal steps to keep your personal data protected and try to prevent any unauthorized access, use or loss of your data, by implementing appropriate security measures and limiting access, including internal one. All information you provide to us is stored on our secure servers and any payment transaction will be encrypted using TLS technology. We do not store customer card data internally and, when you give a password (personal and non-transferable) to a reserved area of our website, you must keep it and be responsible for keeping that password confidential.
In addition, if we detect any breach of personal data, we will immediately notify the competent authorities, as required by law.
10 - Links from Our Website to other Websites
11 - Cookies
No cookie used by us can extract information from the user's computer hard drive, steal personal information or read cookie files created by other suppliers.
12 - Cookies Policy
Essential cookies for the website to function correctly and that allow the customer to make a reservation or request for availability, allowing us to access purchase requests.
Third Party Cookies:
_ga, _gat, __utma, __utmb, __utmc, __utmz
Statistics cookies: store anonymous data on the use of our website, in order to be able to analyze and improve the service provided.
_hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets, _hjIncludedInSample
Statistics cookies: store details of visitor behavior patterns, anonymously and randomly.
SID, LOGIN_INFO, PREF, SSID, HSID, VISITOR_INFO1_LIVE
Cookies used by Youtube to store user preferences and some contain enough information to be followed.
Google Ads and Remarketing by Google
Cookies used on online campaigns.
Conversation cookies: cookies to store the “Live Chat” (Chat), used to provide a live service window on our websites. It requires the use of two types of cookies: to identify the device during visits and to store user preferences.
13 - Purpose of the Data
Personal Data is obtained for the following purposes:
- activity linked to a travel agency or tour operator;
- supply to the interveners in the services requested by the user to make the reservation;
- sending SMS messages with intentions exclusively related to the reservation;
- management, administration, provision, expansion and improvement of services in which the user decides to subscribe and register;
- study of the use of services by users;
- verification, updating and development of systems and statistical analysis;
- advertising, promotion and commercial prospecting activities if duly accepted by the user.
The user / client of the website www.douro.com.pt consents that Ecotravel treats his personal data. In addition, the user will expressly consent that personal data may be transferred to:
- national and international authorities competent in matters of tourism, terrorism or crimes that violate human rights, for the purposes of their own security;
- any legal entity affiliated or participated by Ecotravel or the tourist companies that have provided the contracted service, so that they use them for the purpose of a correct provision of each service requested by the user;
- any third party company certified and in accordance with GDPR standards, in order to guarantee data security, the management and organization of the reservation and the client process and platforms associated with Marketing activities.