Privacy Policy

This Policy explains in a clear and transparent manner how ASAFEVOYAGE processes personal data in connection with private transfer and tour services in Portugal, in accordance with GDPR and applicable Portuguese law.

Last updated: February 13, 2026

1. Data controller, contact details and data collected

  • ASAFEVOYAGE acts as the data controller for personal data collected through the website, phone contact, email, WhatsApp and other commercial channels.
  • For privacy matters and rights requests: [email protected] and Rua de São Sebastião, Lote 11, Armazém 9, 2635-446 Rio de Mouro, Portugal.
  • We may process identification and contact data (name, email, phone), travel data (dates, times, pickup/drop-off details, passenger and luggage details), invoicing data and communication history.
  • We do not intentionally request special categories of personal data. If submitted voluntarily, such data is deleted whenever it is not strictly required.

2. Processing purposes and legal basis

  • We process data to answer quote requests, confirm and manage bookings, provide contracted services, deliver customer support, and meet administrative, accounting and tax obligations.
  • Depending on the activity, legal basis may include pre-contractual steps, contract performance, compliance with legal obligations and legitimate interests related to operational security, fraud prevention and continuous service improvement.
  • Where processing depends on consent (such as optional cookies), consent is requested in a free, specific, informed and unambiguous way and can be withdrawn at any time, without retroactive effect on previously lawful processing.

3. Retention, recipients and international transfers

  • Data is retained only for as long as required for the stated purposes and applicable legal deadlines, including invoicing, accounting and legal defense requirements.
  • We may share data with strictly necessary processors (hosting, email, technical support and administrative processing) under contractual confidentiality, security and documented processing obligations.
  • We do not sell personal data. Data is only disclosed to public authorities when legally required, requested by court order or otherwise imposed by applicable regulation.
  • If international data transfers outside the EEA occur, we apply legally required safeguards, including standard contractual clauses where applicable.

4. Cookies and consent management

  • The website uses strictly necessary cookies for security and technical operation, including storage of consent preferences.
  • Optional cookies (analytics, preferences and marketing) are only activated after explicit consent. Refusing optional cookies does not prevent access to essential website features.
  • Preferences can be reviewed at any time in the cookie settings panel available in the website footer. Consent is stored for up to 180 days and renewed after expiry or material change.
  • Withdrawal of consent takes effect for future processing and does not affect the lawfulness of processing already carried out on the basis of prior consent.

5. Security, incidents and minors

  • We implement technical and organizational measures proportionate to risk, including access controls, data minimization and periodic security reviews.
  • No system is fully risk-free. If a privacy-relevant incident occurs, we act in line with legal mitigation and notification duties where applicable.
  • Our services are intended for a general audience and are not designed to intentionally collect data from minors without legal guardian involvement.

6. Automated decisions and profiling

  • We do not use solely automated decisions with legal or similarly significant effects on individuals.
  • We do not perform invasive profiling for sensitive segmentation. Any internal analytics used for operational improvement is aggregated in nature.

Data subject rights (GDPR)

  • Right of access, rectification, erasure and restriction of processing.
  • Right to object to processing and right to data portability, where legally applicable.
  • Right to withdraw consent whenever consent is the legal basis for processing.
  • Right not to be subject to solely automated decisions, where legally applicable.
  • Right to lodge a complaint with the competent supervisory authority (in Portugal, CNPD at www.cnpd.pt).
  • Right to request clarification about retention criteria, recipients and legal basis for each processing activity.

How to exercise your rights

  • For privacy and data protection requests: [email protected].
  • Postal contact: Rua de São Sebastião, Lote 11, Armazém 9, 2635-446 Rio de Mouro, Portugal.
  • Please identify yourself and clearly describe the right you intend to exercise. We may request additional information to confirm identity.
  • We will respond within applicable legal timeframes, generally within one month, unless an extension is legally justified.
  • This Policy may be updated for legal, operational or technological reasons. The current version and revision date are always published on this page.