Privacy Policy

Porto River Cruise as a subsidiary brand owned by Promatex, Lda., headquartered at Rua do Campo Alegre, 606, 2nd floor, 4150-171 Porto, corporate entity no. PT 500 223 580, is committed to protecting the security and privacy of its customers.

In this context, the company has prepared this Privacy Policy to safeguard users' data and inform its clients about the general rules of privacy and the terms of data processing that we collect, in strict compliance with the applicable regulations on personal data protection. These include the provisions of Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, known as the General Data Protection Regulation (GDPR), regarding personal data processing and free data movement, as well as Law 58/2019, of August 8, which implements the GDPR within the Portuguese legal framework.

Promatex needs to collect and process personal data from its clients to provide its services.

1) Scope:

This Privacy Policy applies exclusively to the processing of personal data conducted by Promatex.

2) Definitions:

For the purposes of this Privacy Policy, the following definitions apply:

  • Personal Data: Information related to an identified or identifiable natural person (“data subject”).

  • Processing: Any operation or set of operations performed on personal data or sets of personal data, by automated or non-automated means.

  • Data Controller: The legal entity determining the purposes and means of personal data processing.

  • Processor: A natural or legal person, public authority, agency, or other body processing personal data on behalf of the controller.

  • Supervisory Authority: An independent public authority established by a Member State to monitor GDPR compliance, protect individuals' fundamental rights regarding data processing, and facilitate free data flow in the Union. In Portugal, the supervisory authority is the National Data Protection Commission (CNPD).

3) Data Controller:

Promatex, headquartered at Rua do Campo Alegre, 606, 2nd floor, 4150-171 Porto, corporate entity no. PT 500 223 580, is the data controller under GDPR and applicable personal data protection laws. Promatex determines the purposes and means of personal data processing.

You may contact Promatex via:

  • Email: info@portorivercruise.com

  • Postal Address:
    Promatex, Lda
    Rua do Campo Alegre, 606, 2nd floor
    4150-171 Porto

4) Data Protection Officer:

Promatex has appointed a Data Protection Officer (DPO), who plays a key role in monitoring data processing activities and ensuring legal compliance.

The DPO can be contacted via:

  • Postal Address: Rua do Campo Alegre, 606, 2nd floor, 4150-171 Porto

  • Email: info@portorivercruise.com

5) Principles of Personal Data Protection:

Promatex processes personal data in accordance with the general principles set forth in GDPR, including:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.

  • Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes and not further processed in ways incompatible with those purposes.

  • Storage Limitation: Data is retained only as long as necessary for the purposes for which it is processed.

  • Integrity and Confidentiality: Data is processed securely to prevent unauthorized access, unlawful processing, accidental loss, destruction, or damage.

6) Personal Data and Processing:

Promatex may process the following categories of personal data in its operations:

Categories of Personal Data:

  • General Data: Name, ID number, Taxpayer ID, Social Security number, address, phone contacts, email address, date of birth, marital status, gender, nationality, etc.

  • Academic Data: Academic qualifications, education history.

  • Professional Data: Profession, job title, employment history.

  • Economic-Financial Data: Income, banking details, loans, subsidies, transactions.

  • Special Data (Sensitive Data): Racial/ethnic origin, religious/philosophical beliefs, health data, sexual orientation.

  • Other Sensitive Data: Criminal records, child-related data.

Promatex processes sensitive data when necessary to provide services, adhering to stricter legal and organizational safeguards.

7) Data Collection:

Promatex collects personal data through various methods, including in person, by phone, in writing, or via IT systems. This data is processed either manually (e.g., paper records) or automatically (e.g., computerized systems) in compliance with personal data protection laws.

8) Purpose of Data Processing:

Promatex processes personal data for specific purposes, including:

  • Customer management

  • Accounting, administrative, and tax management

  • Human resources management

  • Communication, marketing, and commercial activities

  • Electronic communications management

  • Litigation management

  • Video surveillance

  • Legal and contractual compliance

  • Handling complaints, suggestions, and compliments

9) Lawful Basis for Processing:

Promatex processes data based on lawful grounds, such as:
a) Consent: When the data subject consents to data processing for specific purposes.
b) Contractual Necessity: When data is required to perform a contract or pre-contractual measures.
c) Legal Obligation: When processing is necessary to meet legal requirements.
d) Vital Interests: When processing protects someone’s vital interests.
e) Public Interest/Authority: When processing serves public interest or official authority.
f) Legitimate Interests: When processing aligns with Promatex’s legitimate interests, except where overridden by data subject rights.

10) Data Access:

Promatex ensures data access is limited to authorized individuals who need it for their tasks. Specific confidentiality obligations apply to employees accessing data.

11) Data Retention:

Promatex retains personal data only as long as necessary for its purposes, unless longer retention is required due to legal obligations, legitimate interests, or ongoing disputes. Once no longer needed, data will be anonymized or securely deleted.

12) Data Sharing:

Promatex may share data with service providers (processors) bound by contracts or with authorities under legal obligations.

13) Data Subject Rights:

Data subjects have the following rights:

  • Information on data use and rights

  • Access to personal data

  • Rectification of incorrect/incomplete data

  • Erasure of data ("right to be forgotten")

  • Restriction of processing

  • Data portability

  • Objection to processing

Requests can be sent via email to info@portorivercruise.com.

14) Complaints:

Complaints may be filed with the CNPD:
Rua de São Bento, 148 - 3rd floor, 1200-821 Lisbon
Tel: +351213928400 | Email: geral@cnpd.pt

15) Security Measures:

Promatex employs robust measures to safeguard personal data, including restricted access, secure storage, system monitoring, and data redundancy.

16) Confidentiality:

Promatex does not sell, rent, or commercially share personal data, except as required for stated purposes.

17) Cookies:

See our Cookie Policy at: www.portorivercruise.com

18) Privacy Policy Updates:

This policy may be updated and will be disclosed accordingly.