Privacy Policy

Last updated: 01.05.2025

At PORTO SURF COMPANY PSCO, LDA, trading under the brand name “JUNTOS”, we are committed to protecting your data and respecting your privacy. This Privacy Policy explains what information we collect, why we collect it, and how you can exercise your rights under the General Data Protection Regulation (GDPR) and Portuguese data protection laws. This Privacy Policy applies to all data collected from users within the European Union, including those residing outside of Portugal, in accordance with the EU General Data Protection Regulation (GDPR).

1. Who We Are

Controller: PORTO SURF COMPANY PSCO, LDA, trading under the brand name of “JUNTOS”
Registered office: Rua 47, casa 36, 4480-87 Árvore, Vila do Conde, Portugal
NIPC: 514257075
Email: privacy@juntos.pt
Phone: [Insert Phone Number]

For any questions or concerns about this policy or your data, please contact our Data Protection Officer (DPO):
Email: [Insert DPO Contact Email]
Postal Address: Rua 47, casa 36, 4480-87 Árvore, Vila do Conde, Portugal

Sub-brand activities include real estate consulting, property development, tourist accommodation, passenger boat transport, sports and recreation instruction, restaurant and bar services, equipment rental, parking lot operation, and construction management.

2. What personal data do we collect

We collect and process different types of personal data depending on your interaction with us. This may include:

Category	Examples	Legal basis
Core contact data	Name, email address, phone number, company name	Consent/contract
Project & property data	Information about your property, business plans, budget, or hospitality operations that you share with us during project planning or service delivery	Contract
Accommodation guest data	Passport/ID number, nationality, date of birth, check-in/out date	Legal obligation (DL 57/2007)
Passenger-transport data	Name, nationality, ID, emergency contact	Legal obligation (DL 259/2009)
Sports-instruction data	Surf skill level, health/fitness declarations	Explicit consent / vital interest
Food-service data	Allergy & dietary preferences (special category)	Explicit consent
Parking data	Vehicle registration, entry/exit times	Legitimate interest (security)
Construction-site access logs	Name, ID, qualifications	Legal obligation (DL 273/2003)
Website & marketing data	Messages or inquiries sent through our website forms or by email, IP, cookies (GA4, Meta Pixel, LinkedIn, Instagram, Bookingkit, TheFork Widget)	Consent / legitimate interest
Hospitality Operations Data (when applicable)	For clients who engage us in full hotel management, we may collect data related to bookings, guest information, billing details, and check-in and check-out records in compliance with Portuguese accommodation regulations.	Legal obligation/ legitimate interest

We do not knowingly collect data from minors under the age of 18.

3. How we use your data

We use your personal data to:

Respond to inquiries or requests made via our contact forms or email
Provide consulting, buyer’s agent, project development, or hotel management services, and follow up on business inquiries.
To create mandatory SEF guest files and submit them via SIBA
Improve our website and services
To issue passenger manifests and meet maritime safety rules
To evaluate medical fitness and ensure that participants in sports lessons
To respect your allergy choices when providing meals or minibar items
To manage access, security, and incident reporting at parking areas and building sites
Comply with other legal obligations
Send occasional updates or service-related information (if you consent to it)

We do not sell your data or use it for automated decision-making or profiling.

4. Legal basis for processing

According to the GDPR, we process your data on the following legal grounds:

Consent: When you contact us from any EU country, we process your data based on your consent and our legitimate interest in responding to your inquiry and providing our services.
Explicit consent: Such as 9 §2-a for health data and dietary information
Contract performance: When processing is necessary to fulfill a service or consulting request, such as Art. 6 §1-b for service bookings and equipment rentals
Legal obligation: For compliance with tax, legal, or regulatory requirements, such as Art. 6 §1-c for SEF, DGRM/IMT, ASAE, and tax
Legitimate interest: For improving our services or preventing fraud, such as (Art. 6 §1-f for CCTV, parking control, and fraud prevention.

You may withdraw consent at any time—services that depend on that data may then be unavailable.

5. How long do we retain your data

We retain personal data only as long as necessary for the abovementioned purposes. Retention periods vary:

Contact form submissions: Up to 24 months after the last interaction
SEF guest registration forms: 5 years (Art. 16 DL 57/2007)
Passenger manifests: 2 years (Art. 10 DL 259/2009)
General client or project files: As long as contract + 10 years (tax)
Website logs (IP, access): Up to 90 days, unless required for security
Email correspondence: Up to 5 years, depending on context
Sports-lesson waivers & insurance: Duration of activity + 3 years (civil limitation)
Construction-site safety logs: 10 years (Art. 23 DL 273/2003)

6. Who do we share your data with

We treat your data confidentially. However, we may be obliged to share your data with SEF and Turismo de Portugal (guest data), with Direção-Geral de Recursos Naturais, Segurança e Serviços Marítimos (DGRM) or IMT (boat passenger lists), with ASEA (food-safety audits), insurance companies, and emergency medical services, and/or qualified subcontractors, such as skippers, sports instructors, chefs, and builders, bound by DPAs.

For international transfers, we rely on EU Standard Contractual Clauses and supplementary measures (some booking/ POS platforms are being hosted in the USA).

We also may share data with trusted service providers (e.g., hosting, email platforms, CRM) under data processing agreements, with business partners involved in your project (e.g., architects, financial advisors, legal professionals, marketing consultants, or operations partners), with your knowledge, or with public authorities, if legally required (e.g., tax office or regulatory bodies). We never transfer your data outside the EU unless adequate safeguards exist.

7. Cookies and tracking

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help remember your preferences, enable certain functionalities, and collect analytical data to improve website performance

Types of Cookies We Use

We use the following categories of cookies:

Strictly Necessary Cookies: These cookies are essential for the website to function correctly. They enable core functionalities such as security, network management, and accessibility.

Performance and Analytics Cookies: These cookies collect information about how visitors use our website, including which pages are being visited most frequently. We use this information to improve the website’s performance. For this purpose, we utilize:

Google Analytics/ Maps/ Pixel: Helps us understand website traffic and user interaction.
Facebook Pixel: Allows us to measure the effectiveness of our advertising by understanding the actions people take on our website.
LinkedIn Insight Tag: Provides insights into our website visitors, helping us optimize our LinkedIn campaigns.
Instagram Integration: Enables us to display our Instagram content and track engagement.

Functionality Cookies: These cookies enable the website to remember your choices (such as your username, language, or region) and provide enhanced, more personalized features.

Targeting/Advertising Cookies: These cookies are being used to deliver advertisements more relevant to you and your interests. They may also be used to limit the number of times you see an ad and help measure the effectiveness of advertising campaigns.

Managing Your Cookie Preferences
Upon your first visit to our website, you will receive a cookie banner requesting your consent to use cookies. You have the option to “Accept All Cookies” (allows us to use all types of cookies), “Customize Settings” (you can choose which categories of cookies you consent to), and to “Reject Non-Essential Cookies” (only essential cookies will be used). You can change or withdraw your consent at any time by accessing our [Cookie Settings] page.

Third-Party Cookies
Please note that third-party services may place cookies on your device to track your online activities. We do not have control over these cookies. We recommend reviewing the privacy policies of these third-party services for more information.

Data Retention

Cookies have varying lifespans. Some are being deleted automatically when you close your browser, while others remain on your device until they expire or you delete them. We ensure that cookies are not kept longer than necessary for the purposes for which they are being processed.

8. Your rights

Under the GDPR, you have the right to access your data, request correction or deletion of your data, object to or restrict processing, withdraw consent at any time, and lodge a complaint with the CNPD (Comissão Nacional de Proteção de Dados). To exercise your rights, please contact our Data Protection Officer by email or phone, as mentioned above. You also have the right to file a complaint with your local data protection authority in the EU, or with our lead supervisory authority in Portugal: CNPD Contact Info: https://www.cnpd.pt

9. Security measures

We implement technical and organizational measures to protect your data, including:

SSL encryption for secure communication
Access controls for internal systems
Regular backups and monitoring for suspicious activity

Despite these efforts, no method of internet transmission is entirely secure. We cannot guarantee absolute protection.

10. Updates to this Privacy Policy

We may update this Privacy Policy occasionally to reflect changes in our services or legal obligations. Any changes will be posted on this page, accompanied by an updated revision date.