The privacy of visitors to the ANETOURS website is very important to us, and we are committed to protecting it. This policy explains what we will do with your personal information.
Personal data is information regarding a living, identified or identifiable natural person. Personal data is also the set of distinct pieces of information that can lead to the identification of a certain person. As examples of personal data, we have:
– First name, last name, home address, email address, IP address (Internet Protocol), and cookies.
Personal data that have been depersonalised, coded or pseudonymised, but which can be used to re-identify a person, remains personal data and falls within the scope of the GDPR.
Personal data that has been anonymised in such a way that the person is not or is no longer identifiable will no longer be considered personal data.
For data to be truly anonymised, anonymisation must be irreversible.
The following types of personal information may be collected, stored and used:
We collect personal data with your express consent when you voluntarily and freely choose to send us a message through the website or make a booking request, a request for information or even a complaint.
The data collected is suitable, relevant and limited to what is necessary when it comes to the purposes for which they are processed and will not be further processed for a purpose other than that for which the data subject has contacted us.
The processing for statistical purposes is not, in accordance with Article 89(1) of the GDPR, considered incompatible with the original purposes.
ANETOURS will not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and will not process genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a
subject’s life or sexual orientation.
However, there is an exception enshrined in Article 9(2) of the GDPR,
which integrates the religious beliefs required for the processing of visas for visits to certain countries.
Personal information sent to us through the ANETOURS website will be, solely and exclusively, used for the purposes specified in this policy on the relevant pages of the website. Your personal information may be used to:
. manage the ANETOURS website and the services it provides
. customise the ANETOURS website in accordance with the user’s preferences (communicated and highlighted);
. enable the use of the services available on the ANETOURS website;
. provide services purchased through the ANETOURS website;
. send statements, invoices and payment reminders, as well as receive payments for purchased services;
. send commercial communications other than marketing communications;
. send email notifications specifically and expressly requested by the user;
. send newsletters by email, if requested by the user (who may, at any time, cancel the subscription);
. send marketing communications regarding our services or carefully selected third-party services that we believe may be of interest to you, by email or other similar technology. This delivery will only occur if indicated in the user’s preferences, and may be cancelled at any time;
. provide statistical information about users to third parties (but those third parties will not be able to identify any individual user from that information);
. manage and respond to questions and complaints made by the user about the ANETOURS website and/or the services provided;
. ensure the computer and information security of the ANETOURS website and prevent fraud;
. verify compliance with the terms and conditions governing the use of the ANETOURS website (including monitoring private messages sent via our website’s private messaging service).
If you submit personal information for publication on the ANETOURS website, it will be published and used in accordance with the consent given by the user.
Privacy settings set by the user can be used to limit the publication of his/her information on our website and adjusted through the use of privacy controls on the website.
Without the express consent of the user, no personal information will be provided to third parties for direct marketing purposes by them or by others.
Consent: when we have your previous and express consent, in writing or by validating an option, and if this consent is free, informed, specific and unambiguous.
Contract execution and pre-contractual diligence: when the processing of personal data is necessary for the conclusion, execution and management of the contract concluded with ANETOURS, such as, for example, the purchase of a trip or reservation processing.
Compliance with legal obligations: when the processing of personal data is necessary to comply with a legal obligation to which ANETOURS is subject, such as, the communication of identification data to police, judicial, tax or regulatory authorities.
Legitimate interest: where the processing of personal data corresponds to a legitimate interest of ANETOURS or a third party.
NOTE: Minors under the age of 16 must obtain permission from their parents or guardians before accessing or providing personal data on the website.
The entity responsible for collecting and processing your personal data is ANETOURS – Agência de Viagens e de Turismo, Lda., under the direct responsibility of its Management and, in that context, decides which data is collected, its means of processing and the purposes for which the data is used.
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors as reasonably necessary for the purposes set out within this policy.
We may disclose personal information about the users in the following situations: to the extent that we are required to do so by law;
. in connection with any ongoing or potential legal proceedings;
. to establish, exercise or defend our legal rights (including providing information to third parties for the purposes of fraud prevention and credit risk reduction);
. the buyer (or potential buyer) of any business or asset that we are selling (or contemplating selling); and
. to any person whom we reasonably believe may request a court or other competent authority to disclose such personal information where, in our reasonable opinion and after consultation with the competent authority, it is likely that such court or authority will order the disclosure of such personal information.
As set out in this policy, we will not provide user’s personal information to third parties.
The information we collect may be stored, processed, treated and transferred between any of the countries in which we operate, in order to allow us to use the information in accordance with this policy.
The information that we collect, can be transferred to the following countries that do not have data protections laws that are equivalent to those in use in the European Economic Area: United States of America, Russia, Japan, China and India.
Personal information that the user posts on our website or submits for posting on our website may be available, via the internet, across the
world. We can’t prevent the use or the misuse thereafter of said information by third parties.
This step defines our data retention policies and procedures, designed to help ensure compliance with our legal obligations regarding retention and deletion of personal information.
Personal information that we process for any purpose or purposes should not be kept longer than necessary.
ANETOURS will only keep the data for the period that is necessary to fulfil the purpose for which it was collected or the minimum period of retention required by legal regulations, such as, the compliance with the VAT and the IRC codes when applicable.
We will take the appropriate technical and organisational precautions to prevent any loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure servers (protected by double authentication and firewall).
All electronic financial transactions conducted through our website will be protected by encryption technology.
The client acknowledges that the transmission of information over the internet is inherently unsafe and that we cannot ensure the security of data sent across the internet if it is not sent using encrypted technology.
The user is responsible for maintaining, in secrecy, the login/user information and respective password defined to access the restricted area of our website (the password will only be requested by ANETOURS when the user accesses the restricted area).
In accordance with the GDPR, you may exercise your rights of access, rectification or erasure of your personal data, restriction of processing, right to object to processing and right to portability of your data by making a written request to ANETOURS.
Right to access: right to obtain confirmation as to which personal data are processed and information regarding them, such as, the purposes of processing and retention periods.
Right to rectification: right to request the rectification of personal data which is inaccurate or to request that incomplete personal data be completed, such as address, VAT number, email address, telephone contact details, etc.
Right to erasure or right to “be forgotten”: right to obtain the erasure of personal data, as long as there are no legal grounds for its retention, such as the cases in which ANETOURS has to retain the data to comply with a legal obligation of retention.
Right to portability: right to receive the data you have provided in a commonly used and machine-readable digital format or to request the direct transmission of your data to another entity.
Right to withdraw consent or right to object: right to object or withdraw consent at any time regarding a data processing, such as in the case of data processing for marketing purposes, as long as there are no legitimate interests overriding your interests, rights and freedoms, such as, for example, to defend a right in legal proceedings.
Right to limitation: right to request the limitation of the processing of personal data, in the form of: suspension of processing; limitation of the scope of processing to certain categories of data or purposes of processing.
Profiling and automated decisions: ANETOURS does not make any commercial decision based on automated decisions, nor will it perform any action leading to the definition of categories or profiles of the users of this website.
The user may instruct us to provide any personal information that ANETOURS holds. The provision of such information will be subject to the following:
Any communication whatsoever regarding the processing of personal data should be presented in writing and sent to ANETOURS at the following electronic communication address: email@example.com
The ANETOURS website may include links and details of third-party websites. ANETOURS cannot have control over and be responsible for the privacy policies and practices of third parties.
Cookies can be either persistent cookies or session cookies: persistent cookie – these will be stored by a browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date;
session cookie – will expire at the end of the user session, when the browser is closed.
Cookies do not typically contain any information that personally identifies a user, but the personal information we store about the user may be linked to the information stored in and obtained from cookies.
– in Microsoft Edge – you can block cookies using the available cookie-handling override settings by clicking on “Tools”, “Internet Options”, “Privacy” and “Advanced”;
in Mozilla Firefox – you can block all cookies by clicking on “Tools”, “Options”, “Privacy”, then “Use custom settings for history” from the drop-down menu and unchecking “Accept cookies from the websites”;
– in Google Chrome – you can block all cookies by going to the “Customize and Control” menu and clicking on “Settings”, “Advanced” and “Website Settings”, and then selecting “Block third-party cookies” in the “Cookies and other site data” section.
Blocking all cookies will have a negative impact on the usability of many websites. If you block cookies, you will not be able to use all the features that are available on the ANETOURS website.
The users can also delete cookies that are already stored on their computer.
Deleting cookies could cause a negative impact on the usability of many websites.
The ANETOURS newsletters contain, for statistical purposes, images that allow us to know whether they are opened or not, and to verify the clicks through links contained within them. The users always have the possibility of deactivating the delivery of newsletters of a promotional nature to their email address, simply by clicking on the “Unsubscribe” link at the bottom of all our newsletters.
In addition to the obligations referred to in the GDPR and related legislation or to safeguard and protect their interests, ANETOURS will never share any personal data with third parties, except when a legal obligation or a legitimate interest requires it. In this case, the user of this website will be duly informed.
ANETOURS has appropriate technical and organisational measures in place to protect processed data, namely against unauthorised access or any other form of illegal or unlawful processing.
Security and internal protection measures have been implemented in its facilities, which limit access to personal data by its employees, ensuring the sole and exclusive fulfilment of the processing purposes.
The ANETOURS has also implemented logical security requirements and measures, such as firewall use and intrusion detection systems in its systems, the existence of a strict policy on access to systems and information, and the record of actions taken by ANETOURS employees regarding the users’ personal data of this website (logging);
Physical security measures, which include strict access control to the physical facilities by employees, partners and visitors.
Means of data protection by privacy by design using technical means, such as masking, encryption, pseudonymisation and anonymisation of
personal data and also a set of privacy by default preventive measures;
Scrutiny, audit and control mechanisms to ensure compliance with security and privacy policies;
All employees of the data controller have been specifically informed, are aware of the legislation and are bound by the duty of secrecy and confidentiality regarding data that they have access to within the scope of the operations of data entry into the respective computer base, being duly informed of the importance of complying with the legal duty of secrecy and the requirement to ensure the corresponding responsibility.
ANETOURS’ privacy and personal data protection policies apply to the treatment of personal data carried out within the scope of its commercial activities and provision of services, in accordance with the principles of lawfulness, loyalty and transparency.
The supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD, Portuguese Data Protection Authority) with its head office at Rua de São Bento nº 148-3º, 1200-821 Lisboa;
In the case of a personal data breach, ANETOURS will notify the competent supervisory authority thereof without undue delay and, whenever possible, no later than 72 hours after becoming aware of such breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.