Data Protection

Protecting your privacy and the security of your personal data is of great importance to us. In line with applicable European data protection laws, we want to ensure that you are fully informed about how we handle personal data when providing our services.

The following Privacy Policy gives you an overview of the types of personal data we collect, the purposes for which we use it, how we protect it, with whom we may share it, and the rights you have regarding your information.

By continuing to use our services or by providing personal data, you acknowledge that your data will be processed in accordance with this Privacy Policy. You may withdraw your consent at any time with effect for the future, where consent is the legal basis for processing.

1. Scope and Purpose

This Privacy Policy (“Policy”) explains how Lisa Bikes, Lda. collects, uses, and protects personal data in the context of its activities as a tour operator.

These activities may include processing bookings, managing travel arrangements on behalf of clients, maintaining operational schedules, coordinating rental bike pick-ups and deliveries, managing emergency contacts, and supporting customer communication. Lisa Bikes, Lda. is committed to safeguarding the privacy and confidentiality of personal data through appropriate physical and digital controls.

In accordance with EU data protection rules, Lisa Bikes, Lda. acts as the data controller for the personal data it receives in connection with its services. By providing personal data, individuals acknowledge that their data will be processed as described in this Policy. If personal data is not provided when required for service delivery, Lisa Bikes, Lda. may be unable to provide certain services or the quality of service may be affected.

2. Types of Personal Data

Personal Data generally refers to information relating to an identifiable individual. Lisa Bikes, Lda. usually processes the following categories of Personal Data:

- Contact information (name, home address/ correspondence, phone number, email address)
- Passport or identification data
- Loyalty programs/ frequent-client details
- Dietary or health-related information when relevant for travel or tour safety
- Emergency contact details
- Information required for bike rental services (height, age, measurements, preferences)
- Accommodation details in Portugal if bike delivery/ pick-up is requested
- Other details relevant to travel plans or required by travel service providers (e.g. airlines, accommodation providers)

In some cases, Lisa Bikes, Lda. may process sensitive data with explicit consent and when reasonably necessary for its functions or operational activities.

For minors participating in tours or rentals, Personal Data is collected and processed only with the consent of a parent or legal guardian.

3. How Personal Data Is Collected

Lisa Bikes, Lda. collects Personal Data primarily through direct interactions with customers. This includes instances when customers:

- Contact the company in person, by phone, email, SMS, or WhatsApp
- Visit algarvecycling.com or submit online forms for rentals, tours, or inquiries
- Create or manage an online account to view bookings
- Log in to an online account using third-party authentication providers
- Interact with the company through social networks
- Provide measurements, preferences, or additional tour-related information
- Participate in promotions, surveys, or marketing activities, or sign up to receive marketing communications
- Request information, quotes, or materials

Lisa Bikes, Lda. strives to maintain the accuracy and completeness of stored Personal Data and promptly updates information upon customer notification.

In some cases, Personal Data may be collected from third parties, such as when one person makes a travel or tour reservation on behalf of another.

4. How Personal Data Is Used

Lisa Bikes, Lda. processes Personal Data under specific conditions, including when consent is provided, when processing is necessary to provide services, for compliance with legal obligations, or for legitimate interests. The purposes for collecting Personal Data include:

- Providing travel advice and making travel bookings
- Acting as an agent for travel service providers
- Operating guided and self-guided cycling tours
- Providing bike rentals and related services
- Responding to enquiries and providing customer support
- Preparing equipment based on customer information
- Managing luggage transfers and transport arrangements
- Coordinating bike deliveries and pick-ups
- Maintaining customer relationships and loyalty programmes
- Managing emergency contacts in the context of tours and rentals
- Internal analysis, research, and service improvement
- Complying with legal and administrative requirements

Lisa Bikes, Lda. may also use Personal Data for marketing its own services, including newsletters, email updates, and digital campaigns, unless the individual opts out.

Images voluntarily shared by customers or publicly posted in connection with our services (including tags on social media) may be used for promotional purposes. When images are taken by our team during tours, we will only use them with the individual’s consent, which may be withdrawn at any time.

5. Disclosure to Third Parties

Lisa Bikes, Lda. does not sell or rent Personal Data. Personal Data may be shared with trusted third parties when necessary for the provision of services, such as:

- Contracted entities, suppliers, and service providers
- Providers of ICT and cloud solutions
- Payment service providers
- Marketing agencies and communication service providers
- Organisers or venues involved in delivering parts of a tour or activity
- External consultants (e.g. lawyers, accountants)
- Travel service providers (e.g. airlines, hotels, accommodation partners)
- Subcontracted guides, drivers, and transfer partners
- Authorised individuals involved in making a booking on behalf of others
- Emergency contacts
- Employers for corporate travel arrangements
- Courier and delivery services
- Public authorities when required by law
- Law enforcement or regulatory bodies for fraud prevention and investigations
- Third parties assigned our rights or obligations

Payments for our services are processed by external payment providers who may collect the information required to authenticate and complete transactions. Lisa Bikes, Lda. does not access or store card numbers, security codes, or other sensitive cardholder details. For payments made by bank transfer, limited bank account information (such as the payer’s name and IBAN) may be visible to us as part of the banking transaction. Users are encouraged to consult the respective provider’s privacy policy for further details.

Lisa Bikes, Lda. also works with cloud-based service providers such as Google Workspace to support communication, document management, and operational processes. These providers process Personal Data on behalf of Lisa Bikes, Lda. under appropriate data-processing agreements. Some of these services may store or process personal data outside the European Union. In such cases, the providers are responsible for implementing appropriate safeguards in accordance with applicable data-protection requirements.

Lisa Bikes, Lda. will not disclose Personal Data without consent unless necessary for life-threatening situations, public safety, legal actions, or as required by law.

6. Information Security

Lisa Bikes, Lda. is committed to protecting Personal Data through appropriate technical and organisational measures. These measures are designed to prevent accidental or unlawful destruction, loss, unauthorised alteration, disclosure, or access to Personal Data. Security controls are monitored and reviewed regularly to ensure ongoing protection.

7. Your Data Protection Rights

Individuals may exercise various rights in relation to their Personal Data collected by Lisa Bikes, Lda. These rights include updating, modifying, deleting, obtaining a copy of Personal Data, restricting or preventing its use, and withdrawing consent. Requests must be formally submitted to Lisa Bikes, Lda. through the contacts provided in section 10 of this Policy. Lisa Bikes, Lda. will make reasonable efforts to respond within one month but may extend this period for complex requests. Access may be denied for reasons permitted by applicable law, with reasons for refusal communicated in writing. Lisa Bikes, Lda. reserves the right to charge a reasonable administrative fee for unfounded or excessive requests.

8. IP Addresses

IP addresses are recorded when users access the company’s website or use digital assets. These addresses are used for system administration, security analysis, and anonymous usage statistics.

When individuals are logged in to their account, certain technical data (such as IP address or device identifiers) may be associated with their profile for security and authentication purposes.

9. Cookies and External Links

Lisa Bikes, Lda. may use cookies and similar technologies to analyse website usage and enhance user experience. Cookies may also be used to improve marketing relevance when the individual has agreed to receive digital communications.

Third-party tools or resources accessible through the company’s website or social media channels are operated by external companies. These providers may collect or process Personal Data independently, and users are advised to consult the privacy policies of these companies.

10. Contact for Feedback and Claims

For questions, requests, or complaints relating to the processing of Personal Data, individuals may contact:

Data Protection Contact
Jaime Carminho
info@algarvecycling.com
Rua Conselheiro Sebastião Teles, 72, 8000-256 Faro

Lisa Bikes, Lda. will review and respond to all valid requests.

11. Data Retention

Lisa Bikes, Lda. retains Personal Data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required for legal, operational, or administrative reasons. To determine appropriate retention periods, we consider the type and sensitivity of the Personal Data, the purpose of the processing, and whether those purposes can be fulfilled through other means. We also take into account the periods for which Personal Data may need to be retained to meet legal obligations, respond to complaints or queries, or protect our rights in the event of a claim.

When Personal Data is no longer required, it is securely deleted or anonymised. Where possible, we also seek to minimise the Personal Data we store over time and may anonymise certain information so that it can no longer be associated with an identifiable individual. Anonymised data may be used without further notice.

12. Changes to This Policy

This Policy may be updated periodically, with the revised version and date published on the company‘s website. Consent may be sought for certain types of processing in addition to updating the Policy. The last update to this Policy was on December 15, 2025.