Personal Data Collected and Reasons
WALK ‘N’ ROLL maintains a database with the registration of its customers/visitors after the first contact. The data presented in this database is entirely the data provided by the customers themselves at the time of their booking, or later requests for booking purposes, and is collected under the terms approved by the National Data Protection Commission by WALK ‘N’ ROLL: Melina Eibs and Pedro Oliveira; Apartado 027074 EC Praça Município, 1144-003 Lisboa, Portugal.
When the customer makes a reservation or a booking on this website, WALK ‘N’ ROLL automatically registers certain personal data that the customer consented to. The type of data saved will be information such as "name", "contact" and/or "email address". In some cases, we may need more sensitive personal data such as: "citizen's card number and/or passport number". All information about personal data requested serves exclusively to organize the requested tours or tourist services. All personal data provided will be treated as being of a "sensitive" nature and, therefore, deserve the utmost respect and care from WALK ‘N’ ROLL.
Regarding online bookings, the customer can make the payment by PayPal, debit card, credit card VISA/Mastercard online. WALK ‘N’ ROLL only receives the information with the result of the authorization and instructions to proceed with the order.
Thus, WALK ‘N’ ROLL guarantees that it has implemented and will continue to develop the mandatory measures of technical and organizational nature to ensure the security of the data provided, in order to prevent its alteration, loss, unauthorized treatment and/or access, being aware of the sensitive nature of the data stored and the risks to which they are exposed.
If the customer wishes to exercise the rights of access, rectification, cancellation or opposition that the GDPR grants them, the customer can do this through the website or by sending an email to email@example.com.
Other Ways to Obtain Personal Data
WALK ‘N’ ROLL also reserves the right to collect personal data in the following circumstances: if the user responds to a promotion through this website, completes a questionnaire, subscribes to the newsletter or other Marketing material, reports a problem, or other similar situations.
Personal data obtained by outsourced sources
In addition to the data provided by the user/customer, we may receive information from other suppliers and certified partners, to whom we point the responsibility to ensure the full compliance with the privacy policies required by the GDPR:
In addition to data provided by our customers, we may receive information from suppliers and certified partners. Walk’n’roll are not responsible for any third party’s compliance with the privacy policies set out by the GDPR.
- if the customer provides us feedback through a social media channel or other feedback tool or software, the feedback (but not the personal data) will be processed by that company and shared with WALK ‘N’ ROLL;
- we may also record your visits to this website, including (but not limited to) traffic data, location data, IP address, operating system and browser type. These are statistical data about the actions and the navigation standards of our users and does not identify any individual.
Transfer of the Obtained Personal Data:
When a customer fills out a form on our website and/or ends the booking process with WALK ‘N’ ROLL, some personal information provided will need to be transmitted, processed and stored by relevant third-parties, such as:
- travel partners such as airlines companies, airports, hotels, insurance companies and ground support agents, tour or fluvial operators, among other touristic services suppliers related to the request. Some of these third-parties may be located outside the European Economic Area, and these organizations may not be subject to the same level of control as the European GDPR;
- credit card or ATM payment facilitators, which help us process customer payments and assist us in detecting and preventing fraudulent payments or bookings (Stripe);
- email marketing platforms, ensuring the encryption of our databases, which include subscriber "name" and "email address";
- government agencies or other authorities in Portugal (or in other countries) in order to ensure the safety of one's own and other passengers. At this point we include immigration, border control, security and anti-terrorism officials. Even if it is not mandatory to provide information to these authorities, we may exercise our right to assist them when we deem it appropriate.
Treatment and Storage of Personal Data
Some personal data obtained by registering on our website or given by customers who have established a business relationship with WALK ‘N’ ROLL will need to be processed and stored in secure and certified systems, as a result of a combination of our own protected systems and supplier’s reliable systems.
The personal data that we store is treated with the legally required degree of protection to guarantee its security and prevent its alteration, loss, treatment or unauthorized access. For this purpose, we use backups in Google Drive.
The registrations on our website are also encrypted, following GDPR standards, in peripheral control technical infrastructures, namely by network firewalls, private circuits and VPNs that comply with security requirements. The computer servers are located with a datacenter operator, which performs a digital information protection service of the hosted servers. The service includes backup of files, their conservation according to the defined policy and the restore at WALK ‘N’ ROLL's request.
WALK ‘N’ ROLL hereby commits itself to:
- safeguard the personal data provided to it by means of legally enforceable security measures of a technical and organizational nature that guarantee its security, thus avoiding its alteration, loss, treatment or unauthorized access, in accordance with the technology used at any given moment, the nature of the data and the possible risks to which they are exposed;
- use or apply the data obtained exclusively for the purposes duly authorized and for which the customer consented;
- ensure that data is handled only by workers whose intervention is necessary for allowing the service, and who are bound by the duty of secrecy and confidentiality. If the information needs to be disclosed to third-parties, they are obliged to preserve the confidentiality.
Retention of Personal Data
Rights of Individual Relative to Personal Data Provided
Any user or customer that has provided personal data has several rights with respect to the information granted, in accordance with the GDPR law, such as:
- right to access your personal information: at any time, you have the right to request access to your personal data maintained by WALK ‘N’ ROLL, free of charge. We may require proof of identity and sufficient information about your interactions with us in order to find your information. If someone makes the request on your behalf, that person will have to provide written and signed confirmation that you have authorized this. We reserve the right of not providing you with a copy if it includes personal information of other people or if we have a legitimate reason to retain it;
- right to correct and update your personal information: the accuracy of your information is important to us. Thus, at any time, you may change your name or email address (or other relevant personal information) by sending us an email to or by contacting us (+351 962 255 941);
- right to withdraw consent: at any time, the customer/user can revoke their consent and prohibit us from using his data. If you wish to withdraw your consent for the processing of any particular category of data, you must contact our team (firstname.lastname@example.org or +351 962 255 941). We advise that if you want us to stop processing this information during your booking or trip, we may not be able to provide all or part of the services you requested. Consequently, if we have to cancel your reservation or other booking, you may have to pay the respective cancellation fee;
- right to delete your personal information or restrict its processing: you may request us to remove your personal information from our systems by email or in writing. As long as we have no legitimate reason (legal and commercial basis) to continue processing or maintaining your personal information, we will make reasonable efforts to fulfill your request as quickly as possible. While we may not permanently remove your information as quick as you wish (for software delays or other similar issues), you may request to restrict the processing of your data. If the processing is restricted, we can only use your personal information if we have your prior consent or if we are legally authorized to do so.
- right to transfer your personal information to a structured data file: at any time, you can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible for us. We reserve the right of not providing a copy of your personal information if it contains personal data of other people or if we have another licit reason to withhold such information;
Our Approach to Personal Data Security
While we do our best to protect your personal data, and always act according to strict GDPR standards, the transmission of information over the Internet is not entirely secure. Therefore, we cannot totally guarantee the security of your data transmitted to our website. When we receive your information, we take all reasonable and legal steps to maintain your personal information protected and try to prevent any unauthorized access, use or loss of your data, implementing appropriate security measures and limiting access, including internal access. All information that you provide is stored on our secure servers and any payment transaction will be encrypted using TLS technology.
In addition, if we detect any breach or suspicion about violation of personal data, we will notify the competent authorities immediately, as required by law.
Links from Our Website to Other Websites
The cookies that we use do not extract information from the user's hard drive, do not steal personal information and do not read cookie files created by suppliers/competitors.
These are cookies that are essential for the website to work properly and allow customers to make a booking or to check availability, permitting us to access the booking requests.
_ga, _gat, __utma, __utmb, __utmc, __utmz
Statistics Cookies: contain anonymous data about the use of our website, in order to analyze and improve the service provided.
_hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets, _hjIncludedInSample
Statistics Cookies: contain details of visitor behavior patterns anonymously and randomly.
SID, LOGIN_INFO, PREF, SSID, HSID, VISITOR_INFO1_LIV
Cookies used by YouTube to store user preferences. Some of these contain enough information to be tracked.
Google Adwords and Remarketing by Google
Cookies used in online campaigns.
Purpose of the Personal Data
Personal data is obtained for the following purposes:
- activity linked to a travel agency or tour operator;
- provide important information to suppliers chosen for the service requested by the customer;
- send SMS messages with intentions exclusively related to the booking and the trip logistics;
- management, administration, extension and improvement of services in which the user decides to subscribe to and/or register for;
- study of users' use of the services;
- verification, update and development of statistical systems and analyzes;
- advertising, promotion and commercial prospecting activities, if duly accepted by the user.
The user/customer of the website thus allows WALK ‘N’ ROLL to handle personal data. In addition, the user expressly agrees that personal data may be transferred to:
- national and international authorities responsible for tourism, terrorism or crimes against human rights, for their own security purposes;
- any legal entity affiliated or owned by WALK ‘N’ ROLL, or the tourist companies that provide the contracted service, which are obliged to use it only for a correct execution of each service requested by the customer;
- any certified third-party compliant with the GDPR standards, in order to guarantee the security of the personal data, the management and organization of the booking and customer process and platforms associated with marketing activities.