Data Protection and
Privacy Policy

Tripix Azores by MMCC – Matteo Miguel Carosi Cordeiro, Turismo & Serviços, Unip., Lda., hereinafter referred to as Tripix Azores / MMCC, is a licensed Tourist Entertainment Company with RNAAT 4/2017/RAA and Maritime-Tourism Operator license 09/2022. The company provides tourist services in the Azores, particularly on the islands of Pico, Faial, and São Jorge.

The Commercial Space and Headquarters of Tripix Azores / MMCC are located at Cais da Madalena, S/N, 9950-305 Madalena and Rua da Igreja, 23, 9950-026 Bandeiras, both on Pico Island, Azores. Our website address is tripixazores.com.

1. OBJECTIVES

The Data Protection and Privacy Policy of Tripix Azores / MMCC aims to inform visitors to our website, potential clients, and customers about how their personal data is collected, protected, and used, in accordance with the EU General Data Protection Regulation (GDPR) 2016/679. In addition to fulfilling this right to information, the policy also upholds the following rights of data subjects:

• Right to be notified if a data breach occurs with a risk to the subject

• Right to access their own data

• Right to portability where applicable

• Right to erasure (right to be forgotten) when consent is withdrawn or there is no legal basis for data retention

• Right to rectification if they wish to update their information

• Right to object to how their data is processed.

2. WEBSITE NAVIGATION SECURITY

Tripix Azores / MMCC ensures that its website is hosted on secure servers. Links to third-party websites (e.g., partners or other entities) may be found on our website. However, Tripix Azores / MMCC is not responsible for the security or privacy policies of third-party websites, and visitors should review these policies before accessing such sites.

3. COOKIE POLICY

The Tripix Azores / MMCC website uses various types of cookies. To learn more about cookies, how they function, and how to accept or reject their use, please refer to the cookie notification at the footer of our website.

4. COLLECTION OF PERSONAL DATA

The personal data mentioned in this Data Protection and Privacy Policy is voluntarily provided by the data subject through our website’s reservation forms, newsletter subscriptions, or directly via email or other methods. The collection of this data is the sole responsibility of Tripix Azores / MMCC and is conducted within the normal scope of operations of a registered tourist services company. The forms used include a Consent Statement, where applicable, outlining how the provided data will be used.

5. PURPOSE OF COLLECTING PERSONAL DATA

The personal data submitted through our service reservation forms, newsletter, email, or other means are used solely for the following purposes:

• Facilitating communication with clients and potential clients

• Promoting the company’s products and services

• Ensuring safe service delivery

• Complying with legal obligations related to insurance and invoicing

• Meeting the requirements of hotel rooming lists

• For foreign guests, complying with AIMA (Agency for Integration, Migration, and Asylum) regulations for customer identification.

6. TYPES OF PERSONAL DATA REQUESTED

The types of data requested by Tripix Azores / MMCC are limited to what is strictly necessary for the aforementioned purposes. These may include:

• Name

• Email and/or physical address

• Phone contact, where applicable

• Date of birth for insurance purposes

• Tax identification number for invoicing

• Passport number for AIMA reporting

• Weight and height for equipment allocation (e.g., for activities like cycling) and for insurance and emergency services in case of accidents.

7. PROTECTION OF PERSONAL DATA

The personal data provided via reservation forms will not be stored in the website’s databases or shared with third parties unless specified in the following section. The storage and processing of customer data are exclusively the responsibility of Tripix Azores / MMCC and are subject to confidentiality and protection rules in line with current legislation. Access is restricted to authorized personnel following our internal security policies. Tripix Azores / MMCC is not liable for how personal data is protected and processed when legally obligated to share it. For subcontracted entities, contractual agreements ensure that these entities are responsible for the protection and processing of the received data under the General Data Protection Regulation (GDPR). Except as stated in this Policy, Tripix Azores / MMCC does not sell or rent personal data to third parties unless required by law. We may, however, use images or videos of clients captured during our activities for promotion on social media or our website, unless the client requests otherwise during reservation or via email to [email protected]. Additionally, we kindly ask that when customers share posts on social media about their experience, they tag Tripix Azores / MMCC as a way of promoting our work.

8. RIGHT TO RECTIFICATION AND DELETION OF PERSONAL DATA

Any request to update or delete personal information submitted through forms or other methods can be made directly via email to [email protected], with the subject “Update or Delete Personal Data”. Tripix Azores / MMCC commits to processing these requests and completing the update or deletion within 30 days of the request. Exceptions to this rule include legal requirements for data retention (e.g., accounting records, complaint handling, or legal proceedings), subject to the specific timelines required.

9. RETENTION OF PERSONAL DATA

Customer data will be retained as long as there is a legitimate interest in doing so, or as long as consent is granted. Tripix Azores / MMCC will maintain its database for the purposes outlined in Section 5, unless the data subject exercises their right to be forgotten.

10. VALIDITY OF THIS PRIVACY POLICY

To ensure continuous improvement and updates, Tripix Azores / MMCC reserves the right to amend this Data Protection and Privacy Policy at any time. These changes will be published online to maintain transparency and inform users, service recipients, and customers. Continued use of the company’s services following such changes will be considered as acceptance of the new terms.