Privacy Policy – Oi Tours, Lda.

Oi Tours, Lda. (hereinafter referred to as “Oi Tours”), headquartered at Urbanização Boca do Rio Resort, Lote 1, Apartment 108, 8400-113 Estômbar, corporate entity no. 517 146 797 and registered with the RNVAT under no. 10563, including its subsidiary brands Oi Transfers, Oi Algarve, and Oi Travel, is committed to protecting the personal data of its clients and partners and undertakes to handle such data in accordance with applicable legislation, namely Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).

 

1. Purpose of this Policy

To inform data subjects about:

  • How their data is collected, processed, and protected;
  • The legal grounds for processing;
  • Their rights as data subjects;
  • The contact channels to exercise those rights with Oi Tours.

 

2. Legal Grounds for Data Processing

Under the GDPR, the processing of personal data is only lawful when based on at least one of the following grounds:

  • a) The data subject’s explicit and informed consent;
  • b) Necessity for the performance of a contract;
  • c) Compliance with legal obligations;
  • d) Oi Tours’ legitimate interest;
  • e) The establishment, exercise, or defense of legal claims.

 

3. Data Controller

Oi Tours, Lda., or the agency/franchise contracted within the scope of the contractual relationship.

Data Protection Officer: Oi Tours, Lda.
Address: Urbanização Boca do Rio Resort, Lt.1, Ap.108, 8400-113 Estômbar
Email: geral@oitours.pt

 

4. Collection of Personal Data

Data is collected:

  • Directly from clients (email, phone, in person, forms);
  • During quotations, bookings, campaigns, or programs.

Failure to provide essential data may render the provision of services impossible.

 

5. Types of Data Processed

  • Identification: name, date of birth, nationality;
  • Documents: taxpayer number (NIF), ID/passport number and expiry date;
  • Contacts: address, phone number, email;
  • Behavioural: preferences, interests, loyalty information.

Minor’s data: collected only with lawful consent.
Special categories: sensitive data is not collected.

 

6. Purposes of Processing

  • a) Tourism Services: bookings, arrangements, communication with suppliers;
  • b) Visas: data collection for embassies;
  • c) Surveys: service improvement;
  • d) Administration/Accounting: legal and fiscal obligations;
  • e) Marketing: newsletters and promotions;
  • f) Events: managing participation;
  • g) Loyalty: communication with loyal customers;
  • h) Recruitment: evaluating applications (deleted after 15 days).

 

 

7. Disclosure of Data to Third Parties

  • 7.1 Contractual/Operational: franchises, partners (hotels, transport), customs authorities;
  • 7.2 Public Entities: Tax Authority, courts, Immigration Services (SEF), law enforcement.

Lack of authorization may make it impossible to provide the service.

 

 

8. Data Retention

Data is retained only as long as necessary for the purpose or as required by law.

 

 

9. Data Subjects’ Rights

  • Access, rectification, erasure;
  • Restriction, objection, portability;
  • Withdraw consent.

To exercise rights: geral@oitours.pt

 

 

10. Subprocessors and Confidentiality

Subprocessors are required to ensure confidentiality and data security. Data is not sold or used externally without consent.

 

 

11. Data Security

Technical and organizational measures are implemented to prevent loss, misuse, or unauthorized access to data.