1. Who is responsible for guest data?

The Host / Operator is:

For some bookings, the booking platform, such as Airbnb, Booking.com, Vrbo, Uplisting or Google Vacation Rentals, is also an independent controller of guest data under its own privacy policy.

2. Why do we process guest personal data?

We process guest personal data for the following purposes:

1. to administer the booking and provide the stay;
2. to communicate with guests before, during and after the stay;
3. to complete check-in and self-check-in arrangements;
4. to comply with Portuguese guest-registration obligations for foreign guests;
5. to verify guest identity where required for legal compliance, self-check-in, fraud prevention or property security;
6. to manage the rental agreement, house rules and guest support;
7. to process payments, deposits or payment status where applicable;
8. to manage cleaning, maintenance and emergency support;
9. to handle damage reports, insurance matters, complaints, disputes or legal claims;
10. to comply with accounting, tax and other legal obligations.

We do not use passport or identity document information for marketing, banking, credit applications or opening any financial account.

3. What personal data may be processed?

Depending on the booking and the guest, we may process:

1. name and surname;
2. contact details, such as email address and telephone number;
3. booking platform, reservation number, dates of stay, price, payment status and number of guests;
4. messages exchanged with us or the booking platform;
5. signed rental agreement, electronic acceptance record, timestamp and related technical record;
6. check-in and check-out information;
7. nationality, date of birth, place or country of birth, country of residence, identity document type, identity document number, issuing country, expiry date, arrival date and departure date, where required for Portuguese accommodation reporting;
8. identity-verification status and related verification information;
9. identity document image or photograph where the electronic verification process requires it;
10. payment/deposit status, but not full card details, which are handled by the platform or payment provider;
11. information about damage, incidents, complaints, maintenance or guest support requests.

4. Why do we need identity information?

Portuguese law requires accommodation providers to register and communicate the accommodation of foreign guests, including EU citizens, through the accommodation bulletin system. This is a legal requirement for paid short-term accommodation.

Because our apartments operate by self-check-in and do not have a hotel reception desk, we normally complete identity checks and guest registration before sending the final check-in details.

Guests should not send passports, national ID cards or other identity document images through Booking.com chat, Airbnb chat, WhatsApp, SMS or ordinary email unless we specifically agree this in an exceptional situation. The normal method is the secure pre-arrival guest portal.

5. What is the legal basis for processing?

We process guest data under the following legal bases:

1. performance of the booking contract, for booking administration, check-in, guest support and the rental agreement;
2. compliance with legal obligations, including Portuguese accommodation reporting, accounting and tax obligations;
3. legitimate interests, including property security, fraud prevention, protection of guests and neighbours, damage handling, insurance, complaints and legal claims;
4. consent, where we specifically ask for consent for an optional use of data.

Where Portuguese law requires guest registration, we cannot complete the stay lawfully without the required information.

6. Who receives guest data?

Guest data may be received or processed by:

1. the booking platform used for the reservation;
2. Uplisting or another property-management / guest portal provider used for pre-arrival administration;
3. identity-verification, e-signature, payment or security-deposit providers where enabled;
4. payment processors and banks where applicable;
5. the Portuguese authorities responsible for accommodation bulletins and legal reporting;
6. accountants, insurers, legal advisers or professional advisers where needed;
7. cleaners, maintenance contractors or emergency support contacts, but only the information they need to perform their task;
8. police, courts, regulators or public authorities where legally required or necessary for safety, fraud prevention or legal claims.

7. How long is data kept?

We keep personal data only for as long as necessary.

Accommodation bulletin records for foreign guests are kept for the legal period required by Portuguese law.

Booking, agreement, accounting and tax records may be kept for the legal period required for accounting, tax, audit and legal purposes.

Damage, complaint, insurance or dispute records may be kept for as long as reasonably necessary to deal with the issue and any legal limitation period.

Identity document images, where collected through the verification process, should not be kept longer than necessary for verification, legal compliance, security and dispute purposes, unless a longer retention period is legally required or reasonably necessary.

8. International transfers and service providers

Some service providers may store or access data outside Portugal. Where personal data is transferred internationally, this should be done using legally recognised safeguards, such as an adequacy decision, contractual safeguards or equivalent data-protection protections.

9. Guest rights

Guests may have the right to request access to their personal data, correction of inaccurate data, deletion, restriction, portability or objection, subject to legal limits.

These rights are not absolute. For example, we may need to keep some data to comply with Portuguese guest-registration law, tax law, accounting duties, insurance requirements or legal claims.

To exercise these rights, guests can contact:

Guests may also have the right to complain to a competent data-protection authority.