(Ecotravel has revised and updated its Privacy Policy on 05/21/2018)

Ecotravel, owner of www.cruzeiros-douro.pt, understands and respects the importance of your privacy and considers the security of its clients' personal information vital. This Privacy Policy provides the basis on which any personal data we acquire from customers through this site or their assignment will be processed and stored by us. We are committed to protecting your personal information and being transparent about the information we collect and what we do with it. Therefore, read the following information carefully.
For the purposes of the new General Data Protection Regulation approved by the European Commission (GDPR, EU Regulation 2016/679), we, Ecotravel Ltd., trading as Douro Cruises, are the Data Controller for this site www.cruzeiros- douro.pt. As our customer, you are aware of the rules set out in our Privacy Policy, as well as ensuring that other members on your part are aware of the same content and agree to provide their personal information in order to proceed with a booking or another purchase on their behalf.
By making a reservation/purchase or submitting your personal data through this site, you consent to the transfer, storage or process as set forth. We will take all legally necessary steps to ensure that your data is treated securely and in accordance with this privacy policy.

Ecotravel maintains a database with its customers' registration that stores for 20 years after the first contact. The data in this database are only the data provided by the clients themselves at the time of registration or subsequently requested for reservation purposes, and are collected in accordance with the approval of the National Data Protection Commission by Ecotravel, the entity responsible for the file, with headquarters at Praça Mouzinho de Albuquerque nº113, Loja 70 (Shopping Brasília), 4100-359 Porto, Portugal.

When you make a reservation or purchase on this site, Ecotravel automatically records certain personal data that you have agreed to provide. The type of data saved will be information such as "name", "contact", "email address" and "VAT". In some cases, we may need other, more sensitive personal data such as “citizen card and/or passport number”. All information about personal data requested is solely for the purpose of organising the requested travel or tourism service. All personal data you provide will be treated as “sensitive” in nature and therefore deserve the utmost respect and care from Ecotravel.

In the case of online booking, the customer may pay by VISA/Mastercard credit card online. In this way, you will be redirected to the page of Redunicre, a certified partner that processes payments, where you will be asked to enter your card details. In this sense, Redunicre and our bank are the only entities that process customer card data and ensure the transmission of encrypted data. Ecotravel only receives the information with the authorisation result and instructions to proceed with the order.

Under no circumstances will information on philosophical or political beliefs, party or union affiliation, religious faith, private life and racial or ethnic origin, as well as health or sex life data (including genetic data) of clients be requested. By the time we are preparing your trip, the customer may provide us with other information, such as dietary requirements and food intolerances, medical/health conditions, disabilities or other special information similar to the above, to ensure that their specific needs are met.
Thus, Ecotravel warrants that it has implemented and will continue to implement the technical and organisational security measures necessary to ensure the security of the data provided, in order to prevent its alteration, loss, processing and/or unauthorised access, taking into account the nature of the stored data and the risks to which they are exposed.

If the customer wishes to exercise the rights of access, rectification, cancellation or opposition granted by GDPR to them, they may do so through the website or by sending an email to info@cruzeiros-douro.pt.

Ecotravel also reserves the right to collect personal data in the following circumstances: if you respond to a promotion through this website, fill out a survey, subscribe to the newsletter or other marketing material, report a problem, among other similar situations as above. In this case, we may keep a record of your email address, which may be removed. Or, alternatively, simply send us an email to info@cruzeiros-douro.pt.

 
Personal data obtained from third party sources:

In addition to this data provided by the user/customer, we may receive information from other certified suppliers and partners, which we entrust to ensure full compliance with the privacy policies required by GDPR.

- if you book one of our programmes through a travel agency or third party tour operator, certain personal data (as applicable to your booking) will be passed to Ecotravel in order to provide the services you have requested (even if the booking does not take place);

- If the customer/user provides feedback to us through a social search or other feedback tool, the feedback (but not the personal data) will be processed by that company and transmitted to Ecotravel;

- If anyone contacts Ecotravel at (+351) 226 191 090 (national landline call), our phone management software partner keeps a record and shares information exclusively with Ecotravel. The data collected are: “phone/mobile number”, “date” and “call duration”, “network information”. If you contact us through any of the phone numbers available at the company, your number may be associated with your purchase (if there is no business relationship, the number will be forgotten);

- If you contact Ecotravel through the website's conversion window (Zendesck Chat), this partner will retain your conversation history with Ecotravel through this software, the number of website visits, the website page where the user is located, his/her browser, computer system, IP location and time of visit to our website. This provider undertakes to share with us only the personal data of our user.

• We may also record his/her visits to this website, including (but not limited to) traffic data, location data, IP address, operating system and browser type. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

When a customer completes a form on our website and/or completes the purchase with Ecotravel, some personal data provided will need to be transmitted, processed and stored by relevant third parties, such as:

- Travel partners, such as airlines, airports, hotel units, insurance companies and shore support agents, tour or river operators, among other tour service providers associated with the request (as applicable to your booking). Some of these third parties may be located outside the European Economic Area, and these organisations may not be subject to the same level of control over the new GDPR law;

- Data management and technology partners that enable us to manage the services we provide (external CRM for lead organisation and tracking to improve our customers' response and experience and Optitravel - agency management software and invoicing tool);

- Credit card or ATM payment facilitators that help us process customer payments and help us detect and prevent fraudulent payments or reservations (Redunicre, IfThenPay, EasyPay and Pagtur);

- Email Marketing platforms, ensuring the encryption of our databases including subscriber's "name" and "email address";

- Government agencies or other authorities in Portugal (or in other countries) to ensure the safety of themselves and other passengers. At this point we include those responsible for immigration, border control, security and anti-terrorism. Even if we are not required to provide information to these authorities, we may exercise our right to assist them when we deem appropriate.

Some personal data obtained through registration on our website or from customers who have established a business relationship with Ecotravel will need to be provided, processed and stored in secure and certified systems, which results from a combination of our own systems and our reliable and relevant supplier systems.

The personal data we store is treated with the degree of protection legally required to ensure its security and to prevent unauthorised alteration, loss, processing or access. To this end, we use backups on Google Drive and Network Attached Storage (NAS), a device that stores and shares data from multiple computers that can be accessed remotely.

The records on our website are also encrypted, following GDPR standards, in technical peripheral control infrastructures, namely network firewalls, private circuits and VPNs that meet security requirements. The computer servers are hosted by a Datacentre operator, which provides a digital information protection service for the hosted servers. The service includes backup of files, their conservation according to the defined policy and the restore upon request of Ecotravel.

Ecotravel is therefore committed to:

• safeguard personal data provided to it through legally enforceable security measures of a technical and organisational nature that guarantee your security, thereby preventing unauthorised alteration, loss, processing or access in accordance with the state of the technology at all times, the nature of the data and the possible risks to which they are exposed;
• Use or apply the data solely for the purposes intended for which the customer has consented to assign;
• Make sure that the data are handled only by workers whose intervention is required to provide the service and are bound by the obligation of secrecy and confidentiality. In case the information may be disclosed to third parties, these are required by us to maintain proper confidentiality.

If you do not make an inquiry or purchase with Ecotravel, we will only send you information and offers by email if you subscribe to our newsletter (double opt-in) to receive our information and/or promotions. Thus, only users who have expressly agreed to receive marketing material will be included in these databases.

This personal data provided by the user (“name” and “email address”) is shared with a secure and certified external platform from which we manage the database and send Email Marketing. We will not transmit the data to third parties with whom we have no protocol, who do not guarantee us database security and encryption, and who are not Email Marketing and Marketing Automation companies. We entrust these partners with strict compliance with GDPR standards and confidentiality of stored data, and their disclosure is clearly prohibited.

If you choose not to receive any more marketing information, you may unsubscribe from the newsletter and as such will be automatically deleted from our databases for marketing purposes.

When you make a purchase with Ecotravel, submit an availability request or fill out another form on our website, your personal information will be retained to ensure we offer the best possible service. Accordingly, we maintain personal data for as long as necessary in order to use your information as set forth in this Privacy Policy. This means up to 20 years with respect to reservations/purchases or marketing communication (or such other time as may be necessary for our legal and audit purposes or as required by law).

Any user or customer who has provided their personal data has several rights to the information they have provided under RGDP law as:

• Right to access your personal information: at any time, the person has the right to request access to his/her personal data kept by Ecotravel, free of charge. We may require proof of identity and sufficient information about your interactions with us in order to locate your information. If someone makes the request on your behalf, that person must provide a signed and written confirmation that he/she has actually been given that authority. We reserve the right not to provide you with a copy if it includes personal information of others or if we have a lawful reason to retain it;
• Right to rectify and update your personal information: The accuracy and strictness of your information is important to us. Thus, you may change your name or email address (or other relevant personal information) at any time by sending us an email to info@cruzeiros-douro.pt or by contacting us (+351 226 191 090- national landline call);
• Right to withdraw consent: You may at any time revert your consent and prohibit us from using your data. If you would like to withdraw your consent to receive any direct marketing you have previously opted for, you may remove your subscription by clicking the "unsubscribe" button in our newsletters. Alternatively, you can email us at info@cruzeiros-douro.pt or contact us. If you wish to withdraw your consent to the processing of any special category of data, you will need to contact our team (info@cruzeiros-douro.pt or +351 226 191 090 - national landline call). Please note that if you are asked to stop processing this information midway through your booking or travel, it may mean that we may not be able to provide all or part of the services you have requested from us. Consequently, if we need to cancel your reservation or other purchase, you may have to pay the respective cancellation fee;
• Right to delete your personal information or restrict its processing: You may request us to remove your personal information from our systems by email or in writing. As long as we have no legitimate reason (legal and business basis) to continue processing or maintaining your personal information, we will make reasonable efforts to meet your request as soon as possible. Until we permanently remove your information (due to software delays or other similar issues), you may ask us to restrict the processing of your data. Therefore, while processing is restricted, we may use them only if we have your prior consent or are legally authorised to do so. And in order to facilitate the removal of your personal data, we are developing a tool that allows the automatic removal of it;
• Right to transfer your personal information to a structured data store: You may ask us, at any time, to send your personal data directly to another service provider. And we will do so if this is technically possible for us. We reserve the right not to provide a copy of your personal information if it contains other people's personal data or if we have any other lawful reason to withhold such information;
• Right to complain: At any time, and if you wish, you may complain to the data protection regulator if you believe your legal rights have been violated or when you have reason to believe that your personal information is being used in a way that does not comply with the law. If you wish to contact us about this Privacy Policy, you can send an email to info@cruzeiros-douro.pt. We will give the best follow up to the above.

While we will do our best to protect your personal data, and always in accordance with strict GDPR standards, the transmission of information over the Internet is not entirely secure. Therefore, we cannot guarantee the complete security of your data transmitted to our website. When we receive your information, we take all reasonable and legal steps to keep your personal data protected and to attempt to prevent any unauthorised access, use or loss of your data by implementing appropriate security measures and limiting access, including internal access. All information you provide to us is stored on our secure servers and any payment transaction will be encrypted using TLS technology. We do not store customer card data internally and when we give you a password to access (personal and non-transferable) to a reserved area of ​​our website, you should keep it and be responsible for keeping that password confidential.

In addition, if we detect any breach of personal data, we will immediately notify the appropriate authorities as required by law.

The blog of our website (or other support pages) contains links to other relevant sites that are in accordance with the theme addressed. If you choose to follow an external link to any other website outside the Ecotravel group, you should understand that these companies have their own Privacy Policy which may not be the same as ours. Accordingly, we accept no liability for these policies or for third party websites. We advise you to check and accept their policies before sending them any personal data.

Due to the way Internet communication standards work, access to websites may involve the use of cookies. A cookie is a small file sent to the user computer that is stored on the user's disk. Some of these cookies are essential for the correctly work of this website, to allow a user to make a booking or request through it, to verify your requests and to improve the user experience on our platform.

The cookies that we use do not extract information from the user's hard drive, do not steal personal information, or do not read cookie files created by suppliers/competitors.

If you do not accept the use of cookies, you will not be able to use the website www.cruzeiros-douro.pt/en. Alternatively, you may delete all cookies at any time after using our website by accessing your browser preferences.

The www.cruzeiros-douro.pt website uses cookies to give you a better browsing experience.

Strictly Required:

Essential cookies for the website to function properly that allow the customer to make a reservation or an availability request, allowing us to access purchase requests.

Third-Party Cookies:

_ga, _gat, __utma, __utmb, __utmc, __utmz

Statistics cookies: Store anonymous data about the use of our website in order to analyse and improve the service provided.

_hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets, _hjIncludedInSample

Statistics cookies: Store details of visitor behaviour patterns, anonymously and randomly.

SID, LOGIN_INFO, PREF, SSID, HSID, VISITOR_INFO1_LIV

Cookies used by Youtube to store user preferences and some contain enough information to be tracked.

Google Adwords and Remarketing by Google

Cookies used for online campaigns.

_zlcmid, _zprivacy

Chat Cookies: Cookies for storing “Zopim Live Chat” (zendesk), which is used to provide a live service window on our websites. It requires the use of two types of cookies: identify the device during visits and to save user preferences. 

Personal data are obtained for the following purposes:

- Activity linked to a travel agency or tour operator;

- Provision to those involved in the services requested by the user to make the reservation;

- Sending SMS messages with intentions exclusively related to the reservation;

- Management, administration, provision, expansion and improvement of services in which the user decides to subscribe and register;

- Study of the use of services by users;

- Verification, updating and development of systems and statistical analysis;

- Advertising, promotion and commercial prospecting activities if properly accepted by the user.

The user / customer of the website www.cruzeiros-douro.pt thus consents to Ecotravel to treat his/her personal data. In addition, you expressly consent that personal data may be transferred to:

- National and international authorities competent in the field of tourism, terrorism or human rights offenses for their own security purposes;

- Any legal entity affiliated or participated by Ecotravel or the tourist companies that have provided the contracted service, so that they use them for the purpose of the correct rendering of each service requested by the user;

- Any certified third party company that complies with GDPR standards to ensure data security, management and organisation of the client's process and reservation and platforms associated with Marketing activities.

Ecotravel reserves the right to update or change this Privacy Policy. You may, however, request a copy of an earlier version of our Privacy Policy.