Privacy Policy

In this policy we provide information on how the Local Accommodation establishment Algarve Sunrise Lodge collects and processes your personal data through the use of the website algarvesunriselodge.com, in accordance with the rules of Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”) and Law no. 58/2019 of 8 August, including any data that you may provide through this website when purchasing your stays at this property.

It is important that you read this Privacy Policy in order to understand how we use your data and why we do so.

This Policy may be updated at any time. Any changes will be published on this page with an indication of the date of the last update. To remain informed, we recommend that you consult it regularly.

This version is effective from 1 March 2026.

1. DATA CONTROLLER

The entity responsible for processing the personal data made available on the website algarvesunriselodge.com is the sole trader Manuela Fonseca Rodrigues, with professional address at Aldeia dos Matos de Cima, CP 300 Z, 8200-487 Paderne, holder of Portuguese tax number 213 815 605, who operates on the market under the registered brand Algarve Sunrise Lodge.

2. HOW TO CONTACT ALGARVE SUNRISE LODGE

If you have any questions regarding the processing of personal data on our website, or if you wish to exercise your rights in this area, you may contact us by email at info@algarvesunriselodge.com or by letter addressed to the Algarve Sunrise Lodge Aldeia dos Matos de Cima, CP 300 Z 8200-487 Paderne, Portugal.

3. PERSONAL DATA PROCESSED BY ALGARVE SUNRISE LODGE

The personal data referred to in this Privacy Policy are the information relating to you that allow us to identify you directly or indirectly. We may collect, use, store and transfer different types of personal data about you, which we have grouped as follows.

WEBSITE NAVIGATION

When you browse the Algarve Sunrise Lodge website, we use cookies and similar technologies to analyse traffic data relating to visits to the website, including information about how you use our website, in order to support activities aimed at improving our website and our marketing activities.

Some of these cookies may collect personal data such as Internet Protocol address (IP address), login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access the website.

The legal basis for processing these data is your consent, and therefore cookies will only be installed with your authorisation. We recommend that you read our Cookie Policy to obtain more detailed information on the cookies we use and their purposes.

ACCOMMODATION BOOKING ON THE WEBSITE

When you make an accommodation booking through our website, you must provide the data necessary for the reservation: number of adult and child guests, booking dates, first name, surname, email address, telephone number and credit card details (card number, expiry date and CVC code).

We use these data to process your reservation, issue the invoice, carry out administrative procedures relating to your stay and respond to your questions or requests for assistance before and after your stay at our AL. The legal basis for processing these data is the accommodation services contract that we conclude with you.

The provision of those personal data constitutes a necessary requirement for concluding the accommodation services contract. If you do not provide these data, you will not be able to make a reservation at Algarve Sunrise Lodge.

REPORTING OF FOREIGN GUESTS

Algarve Sunrise Lodge is required to communicate to national authorities the identity of all foreign citizens staying at the property, in accordance with the rules laid down in the legislation governing the entry, stay and departure of foreign nationals from Portuguese territory.

Therefore, if you are a national of a foreign state staying at our AL, you will be required to provide the identification data of each guest in order to complete the accommodation bulletin: full name, nationality, date of birth, type of identification document (for example passport or European identity card), document number, issuing country, country of residence (if different from the issuing country), date of entry (check-in) and date of departure (check-out).

We use these data to complete the foreign guest accommodation bulletin in the Accommodation Bulletin Information System (SIBA) and transmit it to the Border and Foreigners Coordination Unit (UCFE). The legal basis for processing these data is the legal obligation imposed on accommodation establishments to report the data of foreign citizens staying at their premises.

VIDEO SURVEILLANCE

Algarve Sunrise Lodge has a video surveillance system installed exclusively at the entrance area of the property for the purpose of protecting persons and property and preventing unlawful acts.

The system captures images of access points to the property and does not record the interior of the accommodation houses or private areas.

The legal basis for processing the images is the legitimate interest of the owner of Algarve Sunrise Lodge in protecting the property and its guests, pursuant to Article 6(1)(f) of the GDPR, as well as compliance with the rules applicable to private security activities.

The images collected are stored for the maximum period legally permitted (currently 30 days), unless they are required for the purposes of criminal investigation or for the exercise of rights in judicial proceedings.

Access to the images is restricted to the Owner or to persons duly authorised by her and may be communicated to the competent authorities in accordance with the law.

NEWSLETTER

When you subscribe to the Algarve Sunrise Lodge newsletter on the website, we collect your name, email address and the date on which you subscribed. Your data are used to send you newsletters from Algarve Sunrise Lodge containing information about its spaces, services, news, suggestions, campaigns and marketing initiatives. The legal basis for processing these data is your consent.

The newsletters we send contain a tracking pixel. This pixel is a small graphic embedded in the email file that provides us with aggregated information about the opening of newsletters and the links that may be included in them and helps us optimise the sending of newsletters and identify the content that most interests our customers.

If you no longer wish to receive these communications from Algarve Sunrise Lodge, you may unsubscribe from the newsletter at any time and free of charge by clicking the link included in the footer of the newsletter and following the instructions provided on the page. If you do so, your email address will automatically be removed from the mailing list and you will no longer receive the newsletter.

EMAIL CONTACT

When you send us a message by email, for example requesting information about Algarve Sunrise Lodge and the services we provide, we will process your contact details and the content of your message in order to respond to your request, based on the legal grounds of the need to take pre-contractual steps at your request, the performance of the accommodation services contract concluded with you, or the legitimate interest of Algarve Sunrise Lodge in responding to contact requests addressed to it, depending on the purpose of your communication.

CONTACTS ON SOCIAL MEDIA

When you contact us through our pages on social networks Facebook or Instagram by posting comments and/or reactions to our content and publications, we will process your identification data, such as the username you use on that social network, and the content you publish on our pages in order to respond to your questions and comments in a personalised manner, based on the legal ground of the legitimate interest of Algarve Sunrise Lodge in responding to interactions with its followers and fans and supporting their interest in its brand and services.

4. RETENTION PERIOD OF YOUR PERSONAL DATA

The data we collect will be processed only for the period strictly necessary for the purposes for which they were collected. Once the maximum retention period has been reached, your personal data will be anonymised or securely deleted.

The most relevant retention periods are the following:

  • Website navigation – We will process your data until you withdraw your consent and for the period during which the cookies remain active. You may consult these periods in our Cookie Policy.
  • Bookings – We will process your data for the time necessary to manage your reservation and provide the accommodation services you purchased, for a period of 1 year. Billing data required to comply with legal obligations will be retained for the period required by law, which is 10 years.
  • Reporting of foreign guests – We will process your data for the time necessary to complete the foreign guest accommodation bulletin online, up to a maximum of 3 days after check-in at the Property.
  • Video surveillance – Images captured by the video surveillance system are stored for the maximum legal period currently allowed, which is 30 days, and are automatically deleted after that period unless they have been preserved for investigation or judicial proceedings.
  • Newsletter – Your data will be processed until you inform us that you no longer wish to receive the newsletter or while you remain an active subscriber.
  • Email contacts – We will process your data for the time necessary to respond to your request. These data will then be archived together with the documentation relating to any reservation you make or, if no reservation is made, they will be deleted after 3 months.
  • Social media – When associated with comments, likes or other forms of interaction available on social networks, your data will remain on our pages while they are published. If you wish these data to be removed, you may delete them at any time or ask us to do so. Your direct messages will be processed for the time necessary to respond to your request. These data will then be archived together with the documentation relating to any reservation you make or, if no reservation is made, they will be deleted after 3 months.

5. RECIPIENTS OF PERSONAL DATA COLLECTED BY ALGARVE SUNRISE LODGE

The personal data we process may be made available to entities contracted by us to provide services on our behalf and under our responsibility and supervision. These entities include:

  • Technology service providers and their subcontractors and partners
  • Banking institutions and payment processing service providers
  • Accounting service providers
  • Digital marketing and advertising service providers

Where the legal basis for processing the data is compliance with a legal obligation, the personal data collected will be provided to the national authorities that require them, namely the Border and Foreigners Coordination Unit (UCFE) of the Internal Security System, in relation to the foreign guest accommodation bulletin, and the Portuguese Tax and Customs Authority, in relation to invoices.

In the case of images collected through the video surveillance system, these may be made available to the competent police or judicial authorities, in accordance with the applicable legislation.

6. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

In most cases, the personal data we collect will be processed in Portugal or in other countries of the European Union. Some information may be transferred to other countries where companies that provide us with technological and marketing services are headquartered.

When we transfer personal data outside the EEA, the United Kingdom or Switzerland, we require the recipient companies to provide adequate guarantees ensuring a level of data protection equivalent to that of the European Union, namely that they offer an adequate level of protection according to the criteria of the European Commission or that they sign a data processing agreement including the Standard Contractual Clauses approved by the European Commission.

7. SECURITY MEASURES THAT PROTECT YOUR DATA

Algarve Sunrise Lodge implements physical, technological and organisational security measures to protect personal data against destruction, loss, alteration, disclosure or unauthorised access.

These measures include:

  • The entire website uses an encrypted HTTPS/SSL connection, in accordance with best security practices recommended for online services involving data transactions.
  • We do not store on our servers any data relating to external payment systems (credit cards). These data are processed and stored only by the banking institutions and payment processors that provide those services.
  • We store the data we collect in encrypted databases and perform periodic backups in order to reduce the possibility of data loss in the event of system failure. The hosting server also includes a firewall and standard protection systems for web hosting.
  • We monitor access to the website in order to prevent, detect and block unauthorised access. The platform we use is protected by a security module that limits and blocks unauthorised access attempts and analyses and blocks malware attacks.
  • The number of persons with access to your data is restricted and limited to the purposes indicated above.
  • Subcontracted partners and suppliers who process personal data are required to provide evidence that they maintain an equivalent level of data security.

8. WHAT YOUR RIGHTS ARE AS A DATA SUBJECT AND HOW YOU CAN EXERCISE THEM

Depending on the purpose and legal basis for processing your data, you may exercise the following rights:

  • Access, update or correct inaccurate data that we hold about you. It is important that the personal data we hold about you are accurate and up to date.
  • Request the deletion of your personal data where they are no longer necessary for the purposes for which they were collected or where we no longer have a legal basis for processing them.
  • Request restriction of processing where the data may not be accurate or may no longer be necessary for the original purpose of processing but cannot or should not be deleted.
  • Where data are processed on the basis of your consent, you have the right to withdraw that consent at any time.
  • Where the legal basis for processing is your consent or a contract concluded with our AL, you may also request the portability of the personal data you have provided to us, in a structured, commonly used and machine-readable format, so that you may transmit them to another entity.
  • Where data are processed on the basis of our legitimate interest, you may object to the processing of your data.
  • You also have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados – CNPD regarding any matter relating to the processing of your personal data if you believe that your rights have not been properly safeguarded or if you are not satisfied with our response to a request to exercise your rights. You may contact the CNPD via geral@cnpd.pt or through the forms available on the website https://www.cnpd.pt/.