Privacy Policy and Data Protection

Data Controller

Girafa Sabia, Lda. is the data controller for the personal data collected through our booking system. We are registered in Portugal and comply with the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary for the performance of the booking contract
  • Legal Obligation: Processing required to comply with legal obligations (e.g., tax records)
  • Legitimate Interest: Processing necessary for our legitimate interests in providing and improving our services
  • Consent: Where we have obtained your explicit consent for specific processing activities

Personal Data We Collect

When you make a booking, we collect and process the following personal data:

  • Full name
  • Email address
  • Phone number
  • Number of participants
  • Selected meeting point
  • Booking date and time
  • Payment information (processed securely by our payment providers)
  • Communication preferences

Purpose of Data Processing

We process your personal data for the following purposes:

  • To process and manage your booking
  • To communicate with you about your booking and send confirmations
  • To provide customer support and handle inquiries
  • To send important updates about your booking
  • To handle any special requirements or requests
  • To comply with legal obligations (e.g., tax records)
  • To improve our services and customer experience

Data Storage and International Transfers

Your data is stored and processed using the following services:

  • Google Firebase (Firestore) - Data is stored in the European Union
  • Supabase - Data is stored in the European Union

These services have implemented appropriate safeguards to ensure the security of your data and comply with GDPR requirements for international data transfers.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including:

  • Booking records: 7 years (for tax and legal purposes)
  • Customer communications: 2 years after the last interaction
  • Marketing communications: Until you withdraw your consent

After these periods, your data will be securely deleted or anonymized.

Your Rights

Under GDPR, you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Regular backups
  • Staff training on data protection

Contact Information

For any questions regarding your personal data or to exercise your rights, please contact us at:

Email: info@girafasabia.com

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados - CNPD) at www.cnpd.pt

Updates to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page, and we will notify you of any material changes via email or through our website.

Last updated: 6/23/2025