This Privacy Policy is an integral part of the One Ticket Tour Website
1. Controller
Serena Razão, Lda., headquartered at Lt. 23 do Aldeamento Varandas do Lago 2240-332 Ferreira do Zêzere, taxpayer number PT 509 215 157 is responsible for the processing of personal data carried out through its website, and can be contacted by email XXX@XXX.pt and by telephone ( +351) 249 361 049.
The collection and processing of data carried out through this website complies with the requirements of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016.
2. Rights of data subjects
Data holders have the rights to information, access, rectification, erasure, limitation, portability, opposition, absence of automated treatment, and complaint.
If you wish to exercise these rights, please contact us through the contacts provided in point 1 of this policy.
3. What Personal Data We Collect
The type of Personal Data we collect is that which is necessary to facilitate travel arrangements, support reservations or organize travel-related services and/or products on behalf of our customers. In this regard, we normally process the following types of Personal Data about our customers:
Contact details (such as name, home/mailing address, telephone number, email address);
Payment data;
Detailed data from the Passport or EU Citizenship Card;
Loyalty / frequent flyer program data;
Data on dietary needs and health problems (if any); and
Other data relevant to travel plans or required by the travel service provider(s) (e.g. airlines and accommodation to tour providers). When our customers contact us for other purposes, Personal Data may also be collected in relation to those purposes. For example, we may collect Personal Data so that we contact our customers in the context of a contest/campaign in which they have entered or to respond to questions or comments that they have sent to us. We also collect data necessary for our related entities to use, including, for example, financial details needed to process transactions, video surveillance footage used for security purposes, or other relevant Personal Data that our customers may wish to provide to us. Under no circumstances do we collect.
Personal Data that may be considered sensitive data under local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal record or alleged criminal record, membership of political, professional or trade associations, biometric and genetic information, data financial data and health data. We will only collect sensitive data in accordance with local data protection laws, with the explicit consent of the subjects and where the data is reasonably necessary or is directly related to one or more of our functions or operational activities (for example, to make travel plans), unless required or authorized to do so by law. To the extent permitted or required by local data protection laws, our customers consent to us using and disclosing their sensitive data solely for the purpose for which it was collected, unless we subsequently receive their consent. For example, if our customers provide us with health data related to a travel insurance policy they intend to take out, customers consent to us using and disclosing this health data on their behalf in contacts made with the entity promoting that travel insurance policy. Another example is when our customers want to make their religious beliefs known because they are interested, for example, in certain vacation packages, consenting to the use and disclosure of that information to operationalise the trip. We will not use sensitive data for purposes other than those for which it was collected unless we receive consent from the holders to do so.
Your purchase history
Cookies from visitors to our website and online booking platform.
4. Data collection and purpose
The data we collect through our website are entered/provided by the visitor for the purpose of establishing a contractual relationship or communication.
We only collect Personal Data in accordance with local data protection laws. We generally collect Personal Data in the context of contacts made with our customers unless it is unreasonable or impractical to do so. Typically, this collection will occur when our customers:
contact us personally, by telephone, letter, e-mail;
visit us through our website; or
contact us through social networks.
We may also collect Personal Data when our customers:
purchase or inquire about travel plans or other products and services;
enter contests or register for campaigns/promotions;
sign up to receive marketing communications (e.g., e-newsletters).
In some circumstances, it may be necessary to collect Personal Data about our customers from third parties. This includes cases where an individual makes a travel booking on behalf of another person(s) (e.g., a family booking, a group booking, or a booking made by an employer). When this happens, we rely on the consent of the person making the travel booking to act on behalf of any other traveller on the booking, as well as that person's consent to collect, use and disclose Personal Data in accordance with this Notice. Our customers must inform us immediately if they become aware that their Personal Data has been provided to us by another person without their consent or if they have not obtained such consent before providing us with the Personal Data of another individual.
We make every effort to maintain the accuracy and integrity of the Personal Data we store and to ensure that all Personal Data is up to date. However, any Interested Party may contact us immediately if there is any change to their Personal Data or if they become aware that we have inaccurate Personal Data (please see section 13 below). We cannot be responsible for any losses arising from inaccurate, erroneous, defective, or incomplete personal information that the Interested Parties, or someone acting on their behalf, provide us.
5. Data Processing
Data processing takes place after the user (visitor or customer) has entered data.
6. Treatment safety
Data is collected through forms and recorded in database tables, and an email with this information is subsequently generated for Serena Razão services.
Access to the site's administration panel, access to the accommodation's control panel and access to the database manager are provided with highly secure passwords.
The accommodation has an up-to-date security certificate installed.
Backup copies of the hosting are made daily for redundancy purposes and fortnightly for system reset purposes.
Locally, the data is stored on computers equipped with passwords for access and for recovery after inactivity, firewall and an antivirus program. Computers are backed up periodically to an external hard drive.
7. Data Transmission
As a rule, the data collected through the forms on the One Ticket Tour website, owned by Serena Razão, are not transmitted, except for:
Contracted entities, suppliers, and service providers
For example, if you book an activity through One Ticket Tour, which is organized or handled by one of our activity partners, we pass on your contact information to this partner. All of our partners are contractually obliged to process your personal information in accordance with current regulations and ensure that it is not used for any purpose other than providing the agreed service with us;
ICT solution providers who support us in providing products and services (such as any external data hosting providers we may use);
External consultants (such as lawyers, accountants, or auditors).
Any third party to whom we assign or transfer any of our rights or obligations;
Persons who make travel reservations on behalf of others (for example, a family member, friend or co-worker);
Employers, in the context of employee travel, corporate, business or government clients;
Contact persons (e.g. a family member) when our Customers are not reachable and the contact is, in our opinion, in the Customer's interest (e.g. where the person is concerned about their well-being or needs to take action on behalf of the Client due to unforeseen circumstances);
As required or authorized by applicable law, and to comply with Serena Razão's legal obligations;
Customs or immigration services to comply with legal obligations applicable in the context of the trip;
Government agencies or public authorities to comply with valid and authorized requests, including court orders or any other valid legal process.
Regulatory entities or law enforcement authorities, including for fraud protection and security related purposes; and
Law enforcement agencies where there is suspicion of illegal activity and where Personal Data is a necessary part of the investigation or reporting of the matter.
In addition to the foregoing, we will not disclose Personal Data without consent unless we believe disclosure is necessary to diminish or prevent a threat to the individual’s life, health protection, or safety, to public health or safety, or for certain action to be carried out by a law enforcement agency (e.g. prevention, detection, investigation or punishment of criminal offenses), or when such disclosure is authorized or required by law (including applicable data protection / privacy laws).
On Serena Razão websites or social networks, users can choose to use certain third-party resources with which we associate. These features, which may include social networking and geo-location tools, are operated by third parties and are clearly identified as such. These third parties may use or share Personal Data in accordance with their own privacy policies, so we recommend consulting their privacy policies if you consider these tools relevant.
8. Data Conservation
The data entered on the website are deleted within a maximum of 1 year after the fact that determines their need.
After the data is sent to the administrative services of Serena Razão, they are kept for the periods of time mentioned below:
Identification and contact – Kept up to 5 years after the end of the Tour;
Billing – Retained for 10 years
Data for Registration in Activities
Identification and contact – Retained for up to 1 year after carrying out the activity;
Billing – Retained for 10 years.
9. Links to Third Party Websites
We share some links to third-party websites, national and international, with the purpose of informing and/or facilitating access to information that may be of interest in the context of the recreational activity to f our visitors and customers. When following any of these links by visiting the website in question, you should consult its privacy policy. The privacy policy of this website concerns solely and exclusively the web pages that can be consulted under the domain wwwOneticketour.pt or www.Oneticketour.com.
10. Updates
Our privacy policy can be changed without prior notice, being immediately updated in the Privacy Policy link at the bottom of our website, so you should consult the most recent version each time you access it and/or perform an operation that involves collection of personal data.
The present changes do not affect data collection and processing operations carried out in the past or in progress, unless expressly indicated.
Date of last update: May 12, 2023