Privacy Policy - Atlantida DMC

1. Introduction

This Privacy Notice (Notice) establishes how Atlântida DMC, Lda. protects the privacy of personal data of our employees, clients, partners or any other entity with which Atlântida DMC, Lda. relates in the context of its activity.
Being a travel agency, Atlântida DMC, Lda. needs to collect, use and disclose personal data to perform business functions and activities, including making and managing travel bookings on behalf of our clients. At Atlântida DMC, Lda., we are committed to protecting the privacy and confidentiality of personal data and maintaining a controlled environment (physical, electronic, human and procedural controls) aligned with operational risks. In the context of the General Data Protection Regulation 2016/679 (GDPR), Atlântida DMC, Lda. is a data controller of any personal information provided to us in the context of the relationship with our clients or any other Interested Parties.
By providing personal data, interested parties agree that this Notice will apply to how we handle their personal data and consent to it being collected, used and disclosed as detailed in this notice. If they do not agree with any part of this notice, interested parties should not provide us with their personal data. If they do not provide us with their personal data, as well as if they withdraw the Consent they provided in accordance with this Notice, this may affect our ability to provide them with services, or negatively affect the quality of services we can provide them. For example, most travel bookings must be made with the traveler's full name and must include appropriate contact and identification details (e.g., passport details) and we cannot make bookings without this information. Note that there may be cases where local data protection laws impose more restrictive personal data processing practices than the practices established in this notice. When this occurs, we will adjust our personal data processing practices to comply with those local laws.

2. What Personal Data Do We Collect?

Personal data has the meaning given by local data protection laws and, where GDPR applies, the meaning is considered given under the GDPR. Personal data generally means data related to an individual who can be identified from that data, or is identifiable from the combination of that data with other available data.
Generally, the type of personal data we collect is what is necessary to facilitate travel preparations, support bookings or to organize services and/or products related to travel on behalf of our clients. In this regard, we normally process the following types of Personal Data about our clients:
• contact data (such as name, residential/correspondence address, telephone number, email address);
• payment data;
• detailed Passport data;
• loyalty program/frequent passenger data;
• data about dietary needs and health problems (if any);
• other data relevant to travel plans or required by travel service provider(s) (e.g., airlines and accommodation or tourism providers).
When our clients contact us for other purposes, personal data related to those purposes may also be collected. For example, we may collect personal data to be able to contact our clients in the context of a contest/campaign they have entered or to respond to questions or comments they have sent us. We also collect data necessary for use in our business activities or those of our related entities, including, for example, financial details necessary to process transactions, video surveillance images used for security purposes or other relevant Personal Data that our clients may wish to provide us.
In some circumstances we collect personal data that may be considered sensitive data according to local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal background or alleged existence of an offense, membership in political, professional or commercial associations, biometric and genetic information, financial data and health data. We will only collect sensitive data in accordance with local data protection laws, with the explicit consent of the data subjects and where the data is reasonably necessary or directly related to one or more of our operational functions or activities (e.g., to make travel plans), unless required or authorized to do so by law. To the extent permitted or required by local data protection laws, our clients consent to us using and disclosing their sensitive data exclusively for the purpose for which it was collected, unless we subsequently receive their consent for another purpose. For example, if our clients provide us with health data related to travel insurance they wish to take out, clients consent to us using and disclosing that health data on their behalf in contacts made with the entity promoting that travel insurance. Another example occurs when our clients want to make their religious beliefs known because they are interested, for example, in certain holiday packages, consenting to the use and disclosure of that information for the operationalization of the trip. We will not use sensitive data for purposes other than those for which it was collected, unless we receive consent from their holders to do so.

3. How We Collect Personal Data

We only collect personal data in compliance with local data protection laws. We generally collect personal data in the context of contacts made with our clients, unless it is unreasonable or impractical to do so.
Generally, this collection will occur when our clients:
• contact us personally, by phone, letter, email;
• visit us through our website;
• contact us through social media;
• purchase or ask questions about travel plans or other products and services;
• enter contests or register for campaigns/promotions;
• sign up to receive marketing communications;
• request brochures or other information.
Unless they choose to do so under a pseudonym or anonymously, we may also collect personal data from our clients in the context of surveys or when they provide feedback.
In some circumstances, it may be necessary to collect personal data from our clients from third parties. This includes cases where an individual makes a travel booking on behalf of other person(s) (e.g., a family booking, group booking or a booking made by an employing entity). When this happens, we rely on the authorization of the person making the travel booking to act on behalf of any other traveler on the booking, as well as that person's consent to collect, use and disclose Personal Data in accordance with this Notice. Our clients must inform us immediately if they become aware that their personal data has been provided to us by another person without their consent or if they did not obtain such consent before providing us with another individual's personal data.
We make every effort to maintain the accuracy and integrity of the personal data we store and to ensure that all personal data is up to date. However, any interested party may contact us immediately if there is any change in their personal data or if they become aware that we have inaccurate personal data (please see section 13 below). We cannot be responsible for any losses arising from inaccurate, wrong, defective or incomplete personal information that interested parties, or someone acting on their behalf, provide to us.

4. How We Use Personal Data

We will only process personal data when:
• we have been given consent for such processing (which may be withdrawn at any time, as detailed in section 8 of this Notice);
• such processing is necessary for us to provide our services;
• such processing is necessary for compliance with legal obligations;
• such processing is necessary for our legitimate interests or those of any third party receiving such personal data (as detailed in sections 5 and 6 of this Notice).
When a client contacts us in the context of a travel inquiry or booking, the purpose for which we collect their personal data is generally to provide travel advice and/or assist in booking travel-related products and/or services. However, the purpose of collection may be different depending on the specific circumstances disclosed in this notice (e.g., collecting personal data for participation in a campaign, collecting feedback, etc.).
When a client makes a travel or product/service booking with our support, we generally act as an agent for travel service providers (e.g., for a hotel). In this case, we process personal data as necessary to provide the requested services, including collecting personal data for our internal purposes, as described in this notice, and for the travel service provider for whom we act as agent (e.g., to provide the contracted services). For example, if you book a flight through Atlântida DMC, Lda., we will use personal data to enable the flight to be booked and will disclose personal data to the airline to enable it to provide the flight service.
We may share data with our travel service providers (hotels, airlines, car rental companies or other providers related to travel bookings). These travel service providers may also use personal data as described in their respective privacy policies to obtain additional information that facilitates travel booking or the provision of requested services. We recommend that our clients review the privacy policies of any travel service providers purchased through Atlantida DMC, Lda. We will provide copies of all relevant terms, conditions and privacy policies of travel service providers upon request.
We act as agents for many travel service providers worldwide, so it is not possible to refer in this notice to all travel service providers for whom we act (particularly their locations). For more information about the disclosure of personal data to travel service providers located outside the GDPR context, see section 6 of this notice.
If there are any concerns regarding the transfer of personal data to a travel service provider, or if more information is needed, see section 13 of this notice.
The purposes for which we collect personal data also include:
• providing services or tools that our clients choose to use (e.g., saving travel preferences on our website in a wishlist or saving personal data to enable pre-filling of online forms);
• fraud or error identification;
• legal or regulatory compliance;
• developing and improving our products and services;
• maintaining or improving the relationship with our clients, namely by creating and maintaining a client profile that allows the provision of a service aligned with their preferences;
• market research, customer satisfaction assessment and feedback collection on the services we provide;
• facilitating our clients' participation in loyalty programs;
• conducting analyses related to our services, including but not limited to sales and travel destination preference trends;
• supporting internal organization and accounting;
• supporting compliance with legal obligations or applicable customs/immigration requirements related to travel;
• other purposes, as authorized or required by law (e.g., to prevent a threat to life, health or safety protection, or to enforce the legal rights of Atlântida DMC, Lda.).
Where permitted by local data protection laws, we may use personal data to conduct marketing activities related to our products and services (and those of third parties) that we believe may interest our clients, unless they have requested not to receive such information. These campaigns may include, but are not limited to, email sending, digital marketing and other electronic notifications. Personal data will be used to send digital marketing material (including e-newsletters, email, SMS, MMS and IM) if clients have chosen to receive them. Clients can sign up to receive e-newsletters and other promotional/digital marketing materials by following the relevant links on our website or by requesting one of our staff to do so.
Any individual who does not wish to receive promotional or marketing material from us, or participate in market research or receive other types of communication, should consult sections 8 and 13 of this Notice.

5. What Personal Data is Disclosed to Third Parties?

At Atlântida DMC, Lda. we do not sell, rent or exchange personal data. Personal data will only be disclosed to third parties in accordance with what is established in this notice and in accordance with local data protection laws (note: in this notice, the reference to disclose includes transferring, sharing verbally or in writing, sending or making personal data available to another entity).
Personal data may be disclosed to the following types of third parties:
• contracted entities, suppliers and service providers, including:

• the situations of each of the circumstances described in section 4 of this Notice (How we use personal data?);

• ICT solution providers who support us in providing products and services (such as any external data hosting providers we may use);

• publishers, printers and distributors of marketing material;

• event and exhibition organizers;

• marketing or market research agencies;

• courier services or postal services;

• external consultants (such as lawyers, accountants, auditors or recruitment consultants);
• travel service providers, such as travel wholesalers, tour operators, airlines, hotels, car rental companies, transfer managers and other related service providers;
• any third party to whom we assign or transfer any of our rights or obligations;
• people who make travel bookings on behalf of others (e.g., a family member, friend or work colleague);
• employing entities, in the context of business travel for corporate, business or government clients;
• contact persons (e.g., a family member) when our Clients are not contactable and the contact is, in our opinion, in the Client's interest (e.g., where the person is concerned about their well-being or needs to act on behalf of the Client due to unforeseen circumstances);
• as required or authorized by applicable law, and to comply with the legal obligations of Atlântida DMC, Lda.;
• customs or immigration services to comply with applicable legal obligations in the context of travel;
• government agencies or public authorities for compliance with valid and authorized requests, including court orders or any other valid legal process;
• regulatory entities or law enforcement authorities, including for fraud protection and related security purposes;
• enforcement agencies where there is suspicion of illicit activity and where Personal Data is a necessary part of investigating or reporting the matter.
In addition to the above, we will not disclose Personal Data without consent, unless we believe that disclosure is necessary to diminish or prevent a threat to life, health or safety protection of an individual, for public health or safety, or for certain action to be taken by an enforcement body (e.g., prevention, detection, investigation or punishment of criminal offenses), or when such disclosure is authorized or required by law (including applicable data protection/privacy laws).
On Atlântida DMC, Lda. websites or social networks, users may choose to use certain third-party features with which we partner. These features, which may include social networking and geo-location tools, are operated by third parties and are clearly identified as such. These third parties may use or share Personal Data in accordance with their own privacy policies, so we recommend consulting their privacy policies if you consider these tools relevant.

6. What Personal Data is Transferred Abroad?

We may disclose personal data to certain recipients abroad, as described below. We will ensure that such international transfers are necessary for the performance of a contract between our clients and third-party entities abroad or that they are subject to appropriate or adequate safeguards, as required by local data protection laws (e.g., GDPR). We will provide copies of relevant safeguard documents upon request (see section 13 of this notice).
It is possible that personal data may be transferred to an entity abroad located in a jurisdiction where it is not possible to guarantee a level of data protection equal to that existing in the GDPR context. In such cases, Atlântida DMC, Lda. cannot be responsible for how these recipients handle, store and process personal data.
Related entities abroad
Atlântida DMC, Lda. operates a global business, including operations worldwide. Personal data may be disclosed to our related entities abroad to support travel booking and/or to enable the provision of administrative, advisory or technical services, including the storage and processing of such data.
Travel service providers located abroad
To provide our services it may be necessary for us to disclose personal data to relevant travel service providers abroad. We deal with many different travel service providers around the world, so the location of a relevant travel service provider will depend on the travel services provided. Relevant travel service providers will, in most cases, receive personal data in the country where they will provide the services or where their businesses are based.
Our service providers located abroad
We may also need to disclose personal data to service providers located abroad for the purpose of supporting the provision of services, including the storage and processing of such data. Generally, we will only disclose personal data to these recipients abroad in the context of a travel booking and/or to enable the provision of administrative and technical services provided on our behalf. If there are any specific questions about where or to whom personal data may be sent, see section 13 of this notice.

7. Information Security

At Atlântida DMC, Lda. we are committed to protecting personal data by implementing and maintaining adequate technical, organizational and human control measures to ensure a level of security aligned with the risks related to: accidental or illegal destruction, loss, alteration or unauthorized disclosure, or improper access to Personal Data transmitted, stored or processed. Atlântida DMC, Lda. monitors and regularly reviews security controls and strives to protect Personal Data in the same way it protects its sensitive business Information.
Atlântida DMC, Lda. destroys or de-characterizes personal data whenever it ceases to be relevant to the business or as required by law.

8. Rights Regarding Personal Data We Collect

If any interested party, from whom Atlântida DMC, Lda. has personal data, and who wishes to:
• update, modify, delete or obtain a copy of personal data;
• restrict or prevent Atlântida DMC, Lda. from using any personal information, including withdrawing any consent previously given for the processing of such information;
• obtain a copy of personal information that was processed based on their consent or as necessary for the performance of a contract to which they are a party.
They should formally make the request to Atlântida DMC, Lda. through the contacts identified in section 13 of this notice. After the request, an acknowledgment will be made and information will be given about the timeframe within which the Information will be made available.
Atlântida DMC, Lda. will make every effort to respond to such requests within one month or less, although it may be necessary to extend this period for complex requests.
Additionally, Atlântida DMC, Lda. reserves the right to deny access to Information for any reason permitted by applicable laws. If the request for access or correction of Information is denied, the reasons for such refusal will always be communicated in writing, unless it is unreasonable to do so or when required by local data protection laws.
All communications related to requests for access to personal data must be made formally in writing through the contacts identified in section 13 of this notice.
If we are requested that Atlântida DMC, Lda. restrict or stop using personal data, withdrawing consent previously provided for the processing of personal data, the ability to provide services or their quality may be negatively impacted. For example, most travel bookings must be made under the traveler's full name and must include appropriate contact and identification details (e.g., passport details), and it is not possible to make bookings without this information.
Personal data shared with Atlântida DMC, Lda. must be accurate and individuals agree to update it whenever necessary. Additionally, they agree that, in the absence of any update, Atlântida DMC, Lda. may assume that the data sent is correct.
Any individual may at any time request Atlântida DMC, Lda. to stop sending marketing communications, and may use the cancellation links provided in marketing emails or through the contacts indicated in section 13 of this Notice.
In any of the situations listed above, the provision of valid identification of the requester may be requested to ensure that Atlântida DMC, Lda. complies with its security obligations and prevents unauthorized disclosure of personal data.
Atlântida DMC, Lda. reserves the right to charge a reasonable administrative fee following any manifestly unfounded or excessive requests regarding access to personal data or for any additional copies of personal data requested.

9. Social Media Integrations

Atlântida DMC, Lda. websites and mobile applications may use social media features and tools (such as "Like" and "Share" buttons). These features are provided and operated by external companies (e.g., Facebook) and hosted also by external companies or directly on our website or mobile application. Social Tools may collect data related to the page visited on the website/mobile application, the IP address and may set cookies to improve the functioning of social tools.
In case the user has activated social media accounts, these may be able to share data about the visit and use of our website or mobile application with those same social media accounts. In this way, interactions with social tools may be recorded by third parties. In addition, external companies may share with Atlântida DMC, Lda. personal data according to their policies, such as their name, profile photo, friend lists or any other information that individuals have chosen to make available to those same companies. In these cases, we may share this data with a third-party company for the purpose of enhancing targeted marketing through those same social media platforms. In this situation, users have the option to manage data sharing and can disable targeted marketing in the privacy settings of their social networks.
All interactions with social tools are governed by the privacy policy of the external company that provides them. More information about the data protection practices of these companies should be consulted directly in the privacy policy of those same companies.

10. IP Addresses

When a user accesses the website, uses any mobile application, or opens digital correspondence from Atlântida DMC, Lda, the servers may record data relating to the device or network to which the user is connected, including the IP address. An IP address is a series of numbers that identify a computer and are assigned when accessing the Internet.
IP addresses may be used by Atlântida DMC, Lda. for system administration, security problem investigation and compilation of anonymous data about the use of the website and/or mobile applications. IP addresses may also be associated with other personal data available about individuals for the purposes described above (e.g., to better tailor marketing and advertising materials, provided the user has chosen to receive digital marketing).

11. Tracking Technologies / Cookies

Atlântida DMC, Lda. may use web analytics services from external providers on its websites and mobile applications, such as those listed in the Cookie Policy. The providers of these services may use technologies such as cookies and web beacons to help analyze visitors who use the websites and applications. For information about the use of cookies and tracking technologies, the cookie policy of Atlântida DMC, Lda. should be consulted.

12. Associated Websites

The Atlântida DMC, Lda. website may contain links to third-party sites over which Atlântida DMC, Lda. has no control. Atlântida DMC, Lda. is not responsible for the privacy practices or content of associated websites. Atlântida DMC, Lda. recommends reading the privacy policies of any associated websites that are visited, as their privacy practices and policies may be different from those of Atlântida DMC, Lda.

13. Feedback / Complaints / Contact

Any questions, comments or complaints about this Notice or about the processing of personal data; or if you wish to inform Atlântida DMC, Lda. about a change or correction of personal data; or if you wish to receive information about the personal data that is processed by Atlântida DMC, Lda. or for any complaint or comment related to data protection, should be addressed to Atlântida DMC, Lda. through the contact below:
• Email: geral@atlantidadmc.pt Atlântida DMC, Lda. will respond to any queries or complaints received as soon as possible.

14. Changes to the Notice

This notice may be changed and updated. If a change is made to the notice, the revised version will be properly archived and published and dated on the Atlântida DMC, Lda. website, when it exists. If justified, in addition to updating the notice, we may request consent from clients to include other types of processing. This privacy notice was last updated on November 11, 2025.