Facebook-f Instagram
LOGIN
Facebook-f Instagram Whatsapp

PRIVACY POLICY

StayINPorto – Last updated: June 2026

1. Identification of the Data Controller

The data controller is:
StayINPorto
Holder: Diogo Barreiros Cardoso
Address: Porto, Portugal
Email: contact@stayinporto.pt
Phone: +351 936 259 110

2. Legal Framework

This Privacy Policy was drawn up in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • Law No. 58/2019, of 8 August (Law implementing the GDPR in Portugal)
  • Decree-Law No. 128/2014, of 29 August, and its amendments (Local Accommodation)
  • Law No. 41/2020, of 18 August (amendments to the Local Accommodation regime)

3. Personal Data Collected

StayINPorto may collect and process the following categories of personal data:

3.1. Identification and contact data:

  • Full name
  • Identification document number (National ID Card, Citizen Card, Passport)
  • Nationality and country of residence
  • Date of birth
  • Email address
  • Phone number

3.2. Booking and stay data:

  • Check-in and check-out dates
  • Number of guests
  • Stay preferences
  • Payment information (processed through secure third-party platforms)

3.3 Browsing data (website):

  • IP address
  • Browser type and device
  • Pages visited and time spent
  • Cookies and similar technologies

3.4 Legally required data (Local Accommodation):

Under Decree-Law No. 128/2014 and applicable local accommodation and SEF/AIMA legislation, it is mandatory to collect identification data for all guests, including minors, for reporting to the competent authorities (e.g. Accommodation Bulletins – SIBA/RNAL).

4. Purposes and Legal Bases of Processing

  • Booking and stay management
  • Communication of guest data to authorities (SEF/AIMA, PSP, GNR)
  • Invoicing and compliance with tax obligations
  • Sending travel information and tips (newsletter)
  • Responding to contacts and information requests
  • Website improvement and statistical analysis
  • Contract performance (Art. 6(1)(b) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Consent (Art. 6(1)(a) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)
  • Legitimate interest / Consent

5. Sharing Data with Third Parties

Your personal data may be shared with:

  • Public authorities: SEF/AIMA, PSP, GNR, Tax and Customs Authority, Local Council, and other legally required entities, under the local accommodation regime.
  • Booking platforms: Airbnb, Booking.com, or other OTAs used for intermediation, each governed by their own privacy policy.
  • Service providers: payment system providers, email marketing services, IT maintenance, always subject to sub-processing agreements with adequate safeguards.

StayINPorto does not sell, rent, or transfer your personal data to third parties for commercial purposes.

6. International Data Transfers

If your data is transferred to countries outside the European Economic Area (EEA), StayINPorto will ensure that such transfers take place with adequate safeguards, in particular through standard contractual clauses approved by the European Commission or other mechanisms provided under the GDPR.

7. Data Retention Period

Personal data is retained for the strictly necessary period for the purposes for which it was collected:

  • Booking and guest data: 5 years after the end of the contractual relationship, due to fiscal and legal obligations.
  • Mandatory local accommodation data (accommodation bulletins): in accordance with legally imposed deadlines by the competent authorities.
  • Newsletter/marketing data: until consent is withdrawn.
  • Browsing/cookies data: as defined in the cookies policy (generally up to 13 months).

8. Rights of Data Subjects

Under the GDPR, the data subject has the following rights:

  • Right of access – to know which data is being processed and obtain a copy.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – to request the deletion of data, where applicable.
  • Right to restriction of processing – to restrict processing under certain circumstances.
  • Right to object – to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to data portability – to receive data in a structured, machine-readable format.
  • Right to withdraw consent – at any time, without prejudice to the lawfulness of prior processing.

To exercise these rights, please contact us at: contact@stayinporto.pt. You also have the right to lodge a complaint with the supervisory authority: www.cnpd.pt.

9. Cookies

The website stayinporto.pt uses cookies to improve the browsing experience. You can manage your cookie preferences through your browser settings or the cookie management panel available on the website. For more information, please consult our Cookie Policy.

10. Data Security

StayINPorto implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or alteration, including communication encryption (HTTPS), access control, and staff training.

11. Changes to the Privacy Policy

This Privacy Policy may be updated periodically. Changes will be published on this page with the date of the update indicated. We recommend checking this document regularly.