01. IDENTIFICATION AND CONTACT
SENSORY FRONTAGE - LDA, with NIPC 519227727 and registered office at Rua Cidade Vila Cabral, nº 28, 1º Esquerdo, 1800 131 Lisbon, is committed to protecting the privacy of the users of the This Is Portugal platform. [cite: 4] Data Controller: SENSORY FRONTAGE - LDA. [cite: 5] Contact Email / DPO: geral@thisisportugal.pt. [cite: 6]
02. DATA COLLECTED AND PURPOSES
We collect data so that you can enjoy the cultural experience in a safe and technical manner. [cite: 10] Personal data is any information that allows you to be identified directly or indirectly. [cite: 11] We collect and process this data minimally and strictly necessary for the following purposes: Account management, fulfillment of tax obligations, map visualization, cybersecurity, and optional marketing. [cite: 12, 13] GPS coordinates are strictly technical and volatile; we do not keep route histories. [cite: 14, 15] We also automatically collect activity, location (IP), and browsing data necessary for the platform to function. [cite: 16, 17, 19, 20, 21]
03. WHY WE PROCESS YOUR DATA
Processing is based on: Contract Execution (supplying digital content licenses), Legal Obligations (issuing invoices), Legitimate Interest (security, fraud prevention, optimizing experience), and Consent (direct marketing). [cite: 23, 24, 26, 27, 28]
04. DATA RETENTION AND SECURITY
Billing data is kept for 10 years (Legal Obligation). [cite: 42, 43] Account data is kept while active, and deleted/anonymized 6 months after a closure request. [cite: 44, 45] Geolocation data is volatile and deleted immediately after the session. [cite: 51] Security measures include SSL/HTTPS encryption, restricted access, and firewalls. [cite: 53]
05. SHARING DATA WITH THIRD PARTIES
We do not sell personal data. [cite: 61] Sharing only occurs with GDPR-compliant processors, such as App Stores for In-App purchases, payment gateways (Stripe/PayPal), Cloud hosting (AWS/Google), and billing software. [cite: 61, 62, 63] Public authorities are provided data only when required by law. [cite: 66]
06. DATA SUBJECT RIGHTS
Under the GDPR, you have the right to: Access, Rectification, Erasure ("Right to be Forgotten"), Restriction of Processing, Portability, Objection (General and Direct Marketing), not be subject to Automated Decisions, and Withdrawal of Consent. [cite: 68, 69, 70, 71, 72, 73, 74, 75, 76, 77]
07. SECURITY AND UPDATES
We implement Pseudonymization, Encryption, Access Control, and regular Audits to protect your data. [cite: 82, 83, 84] We reserve the right to update this policy, notifying you of substantial changes. [cite: 86, 87] You have the right to lodge a complaint with the Portuguese control authority (CNPD - www.cnpd.pt). [cite: 90, 91]