PRIVACY POLICY

The responsible party for the processing of your data is the service provider operating under the commercial designation Madeira Geo Tours. The Legal Controller is Sandro do Rosário Pita Vicente, holding Tax Identification Number 211 558 575. The Activity Address is Estrada Manuel Mendes Sousa, No. 29, 9360-254 Ribeira Brava. For all privacy-related enquiries, please contact the Data Controller directly via email at madeirageotours@gmail.com.

For the purposes of this Privacy Policy, “personal information” means information about an identifiable individual. The Service Provider has designated a Privacy Contact to be accountable for the operation of this Policy. Individuals may question or report any privacy concerns or compliance issues to the Service Provider's Privacy Contact via email.

The processing of personal data by Madeira Geo Tours is carried out in strict compliance with the General Data Protection Regulation (GDPR). Processing is based on the following legal grounds: Contractual Necessity (processing is essential for the execution of the contracted tour service); Legal Obligation (compliance with legal obligations, namely tax and safety regulations); and Consent (for processing data not essential to the contract).

The Service Provider collects and uses only the personal information that is strictly necessary for providing contracted services.

• Identification & Billing Data (Name, Address, NIF/TIN, Contact): Processed for reservation management, contract execution, communication, and mandatory billing. Retained for 10 years (minimum legal term for tax obligations).
• Safety & Insurance Data (Passport/ID No., Nationality, Date of Birth): Required for the mandatory issuance of insurance policies (DL 108/2009). Retained for 5 years after the end of the contractual relationship (legal term for claims prescription).
• Health/Fitness Data (Relevant medical conditions, fitness level): Processed to ensure the assessment of Client safety and suitability for the contracted activity. Retained strictly during the period of booking and the tour.
• Client Testimonials / Electronic Newsletters: Processed for promotion and marketing, based on Consent.

In addition, we also receive and send data from our servers and from your browser when you visit our website, including your IP address. We use tracking technologies solely for accumulating and reporting anonymous, aggregate statistical information on website usage.

Your personal data is confidential and will not be sold to third parties. Sharing occurs only under the following circumstances, which are necessary for the rigorous execution of the service:

• Insurer: Data is disclosed for the mandatory issuance of the personal accident and civil liability insurance policy in compliance with Portuguese law.
• Tax Authorities: Data is disclosed to the Portuguese Tax and Customs Authority for mandatory billing and tax compliance.
• Service Providers: We may share your information with third-party contractors and partners (e.g., payment processors, storage providers) to perform services in support of our business. These third parties are restricted from using information that identifies you in any way other than to provide services for us.

Personal information will be retained only as long as necessary to fulfil the purposes for which it is collected, and will be disposed of in a manner appropriate to the sensitivity of the information.

Data Transfer: Personal information will be stored and processed within the European Economic Area (EEA) where possible. If data must be stored or processed outside the EEA (e.g., via a cloud service provider), the Service Provider shall ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or an adequacy decision).

We will notify you and the competent authorities as required by law of a security breach affecting personal information if it creates a real risk of significant harm to individuals.

You have the following rights under the GDPR, which you may exercise by contacting madeirageotours@gmail.com:

• Right of Access
• Right to Rectification
• Right to Erasure (Right to be Forgotten)
• Right to Restriction of Processing
• Right to Data Portability
• Right to Object to processing
• Right to be Informed of automated decision-making

The Service Provider responds to requests for access or amendment within thirty (30) days. If you are not satisfied with the response, you have the right to lodge a complaint with the national data protection supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD).