Privacy Policy

Last Updated: September 29, 2023

This Privacy Policy governs the processing of personal data of users (hereinafter, “User” or “Users”), collected in the context of using this website https://bbdouro.com (hereinafter, “Website”), by BBDouro, Unipessoal, Lda. (hereinafter, “BBDouro”).

BBDouro is a company focused on promoting nautical activities in northern Portugal, offering services in the areas of sailing academy, tourist tours, events, corporate services, and boat maintenance. For more information, please visit our “About Us” page at https://bbdouro.com/about-bbdouro/who-we-are.

This Privacy Policy applies exclusively to the processing of personal data carried out by BBDouro in the context of the User’s use of the Website, where personal information is considered to be information relating to an identified or identifiable natural person, regardless of its form or support.

I) Our Commitment to Data Protection

We ensure compliance with the obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter “GDPR”), Law No. 58/2019 of August 8 (Personal Data Protection Law), and other applicable legislation on personal data protection.

Your privacy, the protection of your personal data, and compliance with the legal obligations applicable in this matter are important and a priority for us. We are committed to processing only your personal data that is strictly necessary to provide you with a quality service, ensuring respect for your privacy, transparency in information, and the application of best practices in the field of security and personal data protection.

II) Data Controller

The data controller for the personal data of Users is BBDouro, Unipessoal, Lda., located at Rua da Praia – Douro Marina, 1st floor, 4400-554, Vila Nova de Gaia, Portugal, with the unique registration number and tax identification number 510 130 933.

If you need to contact us, you can do so via the following email: info@bbdouro.com.

III) Purposes of Processing, Legal Bases, and Retention Periods

You can access, browse, and use this Website without necessarily having to provide personal information. However, the use of certain Website tools may involve the provision of personal data. In this regard, please refer to our Cookie Policy.

In this context, the processing of your personal data has the following purposes, legal bases, and retention periods:

a) Provide, improve, and develop the Website.

We may process this information to enable access and use of the Website, with the processing based on the performance of a contract governed by the Terms and Conditions and, in the absence thereof, by the general principles of law.

Your data will be retained for up to 6 (six) months after the last visit to the Website.

b) Manage the contractual relationship, reservations, and registrations

We may use your personal data for the provision of products and/or services, including booking boat programs and tours, private lessons, sailing baptisms, boat rentals, enrolling in the sailing academy, and participating in Sailor, Local Skipper, and Coastal Skipper courses, as well as providing assistance with customer support-related issues (including responding to requests and handling inquiries through customer service channels). Your personal data may also be used to communicate with you, including sending you information related to the contracted services/products.

This processing is based on pre-contractual measures or the performance of a contract, and your data will be retained for up to 1 (one) year after the contract expires or, if not concluded, up to 6 (six) months after the start of the contracting process, without completion.

c) Manage transactions

If you request your tax identification number for invoicing goods and services, we will need to record it and subsequently transmit it to the Tax Authority. This processing is based on compliance with a legal obligation.

Your data will be retained by legal obligation for a period of 10 (ten) years.

d) Provide and manage registrations in summer camps

Whenever you request registration and participation in one of our summer camp programs, we will need to process your personal data and the personal data of the child/minor for whom you exercise parental responsibilities. This processing is based on pre-contractual measures or the performance of a contract.

The data will be retained for up to 1 (one) year after the contract expires or, if not concluded, up to 6 (six) months after the start of the contracting process, without completion.

e) Direct marketing

We process personal data for (i) sending informative communications about activities you are registered for, news, campaigns, offers, discounts, or benefits, generic or targeted, via SMS and/or email, (ii) sending invitations to activities or events sponsored/managed by BBDouro or any of the BBDouro group companies, and (iii) sending satisfaction surveys.

Regarding the sending of informative communications and invitations, this processing is based on your consent, and you can withdraw your consent to receive such communications at any time, either through your personal account settings or through each communication we send you.

Regarding sending satisfaction surveys, this processing is based on our legitimate interest in monitoring the quality of service provided and improving our services.

We will only retain your personal data as long as you maintain your consent to receive these communications and up to 1 (one) year after collection of the consent or last contact.

f) Manage contacts, inquiries, complaints

The processing of this data is necessary to receive, analyze, follow up, and respond to requests for information and/or complaints. This processing is based on our legitimate interest in properly handling your requests and complying with legal obligations.

Your data will be retained for up to 1 (one) year after the last interaction or contact in the case of information requests and for a period of 3 (three) years for complaint management.

BBDouro processes and retains your personal data only for the period strictly necessary for the pursuit and fulfillment of the purposes for which they are collected, in accordance with the current regulations and contractual, legal, or regulatory obligations.

In any case, BBDouro adopts procedures that prevent the indefinite retention of data, limiting the retention period in accordance with the principle of data minimization and limited retention. After the defined retention period, BBDouro will delete, destroy, or anonymize the said data, except for data that must be retained for a longer period by legal requirement.

IV) Categories of Personal Data

In the context of the purposes mentioned, we only process data that is strictly necessary to pursue them, including:

Personal identification and contact information (e.g., full name, date of birth, civil identification number, email, phone, address).
Payment and transaction data (e.g., cardholder name, card number, expiration date, and security code).
Billing information (e.g., address, tax identification number).
Health-related data (allergies and dietary restrictions).
Traffic data (through Cookies).

BBDouro does not process other sensitive data categories, such as those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a person, or data concerning a person’s sex life or sexual orientation.

V) Sharing of Personal Data

In certain cases, we may disclose your personal data, only to the extent necessary, to third-party entities that provide services to us (“Subprocessors”) for the purposes mentioned above, in accordance with the contracts entered into with them.

Your personal data may also be shared with partner entities under joint liability agreements concluded with them.

Your personal data may be transferred, for internal administrative purposes, between Group companies if there is a legitimate interest in intragroup data sharing (e.g., Invictus Cruises, Ondastar, and Douro Yachts).

If your personal data needs to be shared with service providers located outside the European Union, we ensure that your personal data benefits from a high level of protection under applicable data protection legislation, promoting the transfer under a European Commission adequacy decision or standard data protection clauses (or equivalent) approved by the European Commission.

Your data may also be disclosed to authorities or third parties when the transmission is made in the context of compliance with a legal and/or contractual obligation, a decision of the CNPD, or another relevant supervisory authority, or a court order.

VI) Data Subjects’ Rights

Under applicable law, the User, as a data subject, may at any time request the right of access, rectification, erasure of their personal data, restriction of processing, data portability, objection, and not to be subject to automated decisions, as applicable. In cases where you have given consent for the processing of your personal data, you can withdraw it at any time. If you wish to exercise any of these rights or have any questions related to the processing of your data and the exercise of the rights conferred on you by applicable law and, in particular, by this Privacy Policy, please send your request to info@bbdouro.com or in writing to the company’s headquarters:

BBDouro

Douro Marina – Rua da Praia

4400-554 Vila Nova de Gaia, Portugal

Without prejudice to any other administrative or judicial remedy, you can also file a complaint with the National Data Protection Authority – CNPD (www.cnpd.pt) if you believe that the processing of your personal data by us violates the current legal regime.

VII) Cookies

We recommend reading our Cookie Policy, which is an integral part of this policy, to learn more about the processing of your personal data through this functionality.

VIII) Security Measures

We have a variety of information security measures in place, in line with national and international best practices, to protect your personal data, including technological controls, administrative, technical, physical measures, and procedures that ensure the protection of your personal data, preventing its misuse, unauthorized access, disclosure, loss, improper or accidental alteration, or destruction.

Among others, we highlight the following measures:

Restricted access to your personal data.
Secure storage and transmission of your personal data.

Protection of information systems through devices that prevent unauthorized access to your personal data.

Implementation of mechanisms to ensure the integrity and quality of your personal data.
Ongoing monitoring of information systems to prevent, detect, and prevent the misuse of your personal data.
Protection of equipment for storing, processing, and communicating personal data to prevent loss of availability.

However, it is the responsibility of Users to ensure that the devices and equipment used to access this website are adequately protected against harmful software, computer viruses, and worms.

IX) Links to Other Websites

We may provide hyperlinks to other websites of interest or partners, and we are not responsible for the privacy policy, cookie policy, or terms of use of these sites.

By accessing other sites through the provided hyperlinks, the entities managing these sites may collect information about you, which will be used by them. We recommend that when accessing other sites, you review all the information and conditions mentioned above.

When you choose to follow us on social media, interact with us on these platforms, or access the site through them, your personal data may be processed by the entities managing social media or the provided features, according to their respective privacy policies, which we recommend reading.

X) Changes to this Privacy Policy

We reserve the right to change and update this Privacy Policy at any time, with such changes being duly advertised and communicated on the Website.