Rural Escape

Menu

Privacy Policy

Rural Escape, Lda (“Rural Escape”), a legally established company and manager of Quinta do Candeeira, is committed to protecting your privacy and the security of your personal data, in strict compliance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), Portuguese law, and ASAE standards.

1. Data Controller

Rural Escape, Lda

  • Registered Office: Rua da Aldeia, No. 13, 4520-524 Sanfins, Santa Maria da Feira, Portugal
  • VAT Number (NIF): 516511181
  • Phone: +351 917 524 144
  • Contact Email: ruralescape.lda@gmail.com
  • Data Protection Officer (DPO) Contact: ruralescape.lda@gmail.com

The DPO is the main point of contact for any questions, complaints, or exercising of rights related to data protection. All contacts are documented and tracked for ASAE audit purposes. Requests are treated confidentially, with responses provided within the legal timeframe.

 

2. Types of Personal Data Collected

Rural Escape collects only the data strictly necessary for the purposes described in this Policy.

a) Data provided voluntarily

  • Name, address, phone number, and email address;
  • Booking or payment data;
  • Tax data;
  • Contact preferences;
  • Information submitted through contact forms, reservations, or newsletter subscriptions.

Payment data is processed exclusively by certified platforms. Rural Escape does not store card details or payment credentials unless legally or contractually required.

b) Data collected automatically

  • IP address;
  • Browser type;
  • Pages visited and browsing time;
  • Cookies;
  • Where applicable, geolocation data.

c) Data required by law
Includes tax, accounting, invoicing, and official communication data.

Rural Escape does not intentionally collect sensitive data (such as health data, religious beliefs, or data of minors) without explicit, free, and documented consent.

 

3. Purpose of Processing

The personal data collected is used exclusively for:

  • Managing reservations and information requests regarding Quinta do Candeeira;
  • Sending communications about contracted services and promotions, based on prior, tracked, and documented consent;
  • Compliance with legal, tax, accounting, and regulatory obligations;
  • Fraud prevention and website security;
  • Statistical analysis and continuous service improvement.

ASAE Compliance:
Data will not be used for purposes other than those previously informed and consented to, except when required by law. All processing is documented, auditable, and available for immediate inspection by ASAE.

 

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

  • Contract performance: bookings, payments, and contracted services;
  • Explicit consent: sending newsletters and commercial communications;
  • Legal obligation: compliance with tax, accounting, and ASAE regulations;
  • Legitimate interest: fraud prevention, website security, and service improvement, preceded by a data protection impact assessment and documented for audit.

 

5. Sharing of Data with Third Parties

Your data is not sold or transferred. It may only be shared with:

  • Contracted service providers (reservation management, payments, marketing), under agreements including confidentiality, data protection, and audit availability clauses;
  • Legal and regulatory authorities, including ASAE, when legally required;
  • Internal or external audits, with complete traceability of all operations.

All third parties are required to process data only for the contractually defined purposes.

 

6. Storage and Security

Personal data is stored on secure servers with regular backups, access restricted to authorized personnel, and enhanced authentication mechanisms. Sensitive data is encrypted, and all access is logged for auditing purposes.

Retention periods:

  • Tax and accounting data: 10 years;
  • Reservation data: 5 years after last interaction;
  • Marketing data: until consent is revoked.

After legal retention periods, data is securely deleted or anonymized, ensuring it cannot be re-identified. All access, processing operations, logs, and consent records are maintained for at least 5 years, ensuring full traceability for ASAE inspection.

 

7. Data Subject Rights

Under the GDPR, data subjects may exercise the following rights:

  • Access, correction, or update of personal data;
  • Restriction or objection to processing;
  • Data portability;
  • Withdrawal of consent at any time;
  • Request for deletion or anonymization of data, when legally permitted;
  • Filing a complaint with the National Data Protection Commission (CNPD).

Requests should be sent to ruralescape.lda@gmail.com.
The response time is up to 1 month, with all requests and responses documented and tracked.

 

8. Cookies

The website uses only cookies strictly necessary for its technical operation and browsing security. No marketing, advertising, or third-party commercial cookies are used.

 

9. Minors

Rural Escape does not collect data from minors under 16 without parental or legal guardian consent. If data is inadvertently provided, it will be immediately deleted.

 

10. ASAE Audit and Compliance

Rural Escape maintains complete records of all processing operations, consents, and accesses, ensuring:

  • Full traceability of all activities;
  • Immediate availability of documentation for ASAE inspection;
  • Continuous assessment of risks and impact on data protection;
  • Documentation of all legitimate interest decisions for full transparency in audits.

 

11. Policy Updates

This Privacy Policy may be updated periodically.
The latest version will always be available on the website with an updated revision date. Significant changes affecting data processing will be communicated in advance to data subjects, when applicable, via email or other contact channels.

Rural Escape, Lda – Manager of Quinta do Candeeira (Santa Maria da Feira, Portugal)
Last update: 10/02/2026

MENU
Scroll to Top