Privacy Policy for Taxitours.pt
Effective Date: June 1, 2025
1. Who We Are
Website: https://taxitours.pt
Company: Auto T. Andrafer, lda (trade name “TaxiTours.pt”)
Address: Rua D. Dinis nº 79, Famões 1685-229, Lisboa, Portugal
Company Reg. No.: RNAVT 6789 (Turismo de Portugal)
Privacy Contact: [email protected] | +351 964 120 673
Controller & Contact Details
Data Controller:
Auto T. Andrafer, lda (trade name “TaxiTours.pt”)
Rua D. Dinis nº 79, Famões 1685-229, Lisboa, Portugal
E-mail: info@taxitours.pt | Phone: +351 964 120 673
Supervisory Authority: Comissão Nacional de Proteção de Dados (www.cnpd.pt)
2. What Personal Data We Collect & Why
2.1 Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised hash of your email may be sent to Gravatar to check for a profile image; their policy: https://automattic.com/privacy/.
2.2 Media
If you upload images to the website, avoid embedded location (EXIF) data; any visitor can extract it from publicly accessible uploads.
2.3 Contact Forms
Data submitted via forms (name, email, message) is kept for 1 year to respond to inquiries; not used for marketing unless you opt in.
2.4 Cookies & Tracking Technologies
We use cookies for:
- Essential: Site functionality (session, preferences).
- Analytics: Usage data via Google Analytics 4 (GA4) after consent.
- Marketing: Retargeting via Meta Pixel after consent.
2.5 Analytics
We use Google Analytics 4 (GA4) to understand site usage. GA4 only runs after your explicit consent. Opt-out: https://tools.google.com/dlpage/gaoptout
3. Purposes & Legal Bases
| Purpose | Data | Legal Basis | Retention |
|---|---|---|---|
| Booking & payments | Identity, payment, contact | Contract performance (Art.6(1)(b)) | 5 years after service |
| Site analytics | Usage data, anonymized IP | Consent (Art.6(1)(a)) | 14 months |
| Marketing & promotions | Contact, interaction logs | Consent (Art.6(1)(a)) | Until consent withdrawal |
| Security & fraud prevention | Technical, IP, location | Legitimate interest (Art.6(1)(f)) | 1 year |
| Legal compliance | All relevant | Legal obligation (Art.6(1)(c)) | As required by law |
4. Third-Party Services & Cookie Declaration
| Name | Provider | Purpose | Data | Duration | Category |
| Google Analytics 4 (GA4) | Google LLC, USA | Analytics & performance | Anonymised IP, pages, device | 14 months | Analytics |
| Meta Pixel (Facebook) | Meta Platforms, Inc., USA | Marketing & retargeting | Pixel ID, events, IP, user agent | 3 months | Marketing |
| Google Maps Platform | Google LLC, USA | Interactive maps | IP, location coordinates | Session/varies | Functional |
| Google Fonts & Font Awesome | Google LLC, USA / Fonticons, Inc. USA | Web fonts & icons | IP address | Session | Functional |
| Cloudflare | Cloudflare, Inc., USA | CDN, security, performance | IP address | 30 days | Essential |
| Google reCAPTCHA | Google LLC, USA | Bot protection | IP, interaction data | Session | Essential |
| Tawk.to Widget | tawk.to Inc., USA | Live chat support | Chat transcripts, IP | 1 year | Functional |
| Payment Processor (Stripe) | Stripe, Inc., USA | Payment processing | Card data (tokenised) | PCI-DSS rules | Essential |
| Mailchimp | The Rocket Science Group LLC, USA | Newsletters & transactional | Email, engagement metrics | Until unsubscribe | Marketing |
| YouTube | YouTube LLC, USA | Embedded videos | IP, browsing behaviour | Session | Functional |
| Vimeo | Vimeo Inc., USA | Embedded videos | IP, browsing behaviour | Session | Functional |
| SoundCloud | SoundCloud Ltd., UK | Embedded audio | IP, browsing behaviour | Session | Functional |
| LiteSpeed Cache / QUIC.cloud | LiteSpeed Technologies / QUIC.cloud | Caching & performance | Page cache files | Temporary | Essential |
Non-essential cookies are only set after your explicit consent via our cookie banner.
5. Who We Share Your Data With
- Service Providers: Stripe, Mailchimp, Cloudflare, tawk.to, Google, Meta.
- Legal Authorities: If required by law.
- Affiliates & Partners: With your consent for marketing.
6. Data Subject Rights
You have rights under GDPR Articles 15–22: access, rectification, erasure, restriction, portability, objection.
To exercise these, contact [email protected]. We reply within one month.
7. International Transfers & Security
- Transfers outside EEA use Standard Contractual Clauses.
- Site secured via HTTPS/TLS; data access limited to authorised staff.
8. Children’s Privacy
Not directed to under-18s. We do not knowingly collect data from minors.
9. Data Retention
| Data Type | Retention Period |
| Booking records | 5 years after service |
| Analytics | 14 months |
| Marketing consents | Until withdrawal |
| Chat transcripts | 1 year |
| Form submissions | 1 year |
10. Changes to This Policy
We will notify via email or site banner. Check the “Effective Date” above.
**This website complies with new EU cookie law.