Privacy Policy
Last updated: 23 de maio de 2026 · v3.0 RGPD
1. Controller Identification
| Entity | Via Globe Unipessoal Lda |
|---|---|
| Brand | TimelyStay |
| Registered office | Rua de Santo Amaro 17A, Loja 8, Lisboa |
| Contact | timelystay@viaglobe.pt · (+351) 932 541 180 |
| Data Protection Officer | Not mandatory under art. 37 GDPR; questions should be sent to the address above. |
2. Data we process
We process the following categories of personal data depending on your relationship with TimelyStay:
2.1. Website visitors
- IP address, user-agent (browser/device), URLs visited, date and time
- Strictly necessary and analytical cookies (see section 10)
2.2. Guests (booking users)
- Name, email, phone, address, tax identification number (NIF)
- Identification data required for AL registration (DL 71/2017): full name, nationality, document type/number, birth date, country/place of residence
- Booking data: dates, property, value, related communications
2.3. Partner Property Owners (Cedentes)
- Identification: name, NIF, address, ID document, IBAN
- Property data: address, AL license, characteristics, photographs
- Financial data: monthly statements, invoices, debit notes, current account
- Platform access data: logins, IP, device, browsing history
3. Legal Bases for Processing (art. 6 GDPR)
| Legal basis | Application |
|---|---|
Contract performanceart. 6.º/1 (b) | Performance of cession contracts with Cedentes and accommodation contracts with guests. |
Legal obligationart. 6.º/1 (c) | Invoicing (VAT Code), 10-year retention (Income Tax Code, LGT), guest registration with AIMA/SEF (DL 71/2017), reporting to AT, City Hall, Turismo de Portugal. |
Legitimate interestart. 6.º/1 (f) | Platform security, fraud prevention, abuse detection, access log retention, defense of contractual rights in judicial or extrajudicial proceedings. |
Consentart. 6.º/1 (a) | Marketing, newsletters, non-strictly-necessary analytics cookies. Revocable at any time. |
4. Purposes of Processing
- Provision of tourism exploitation and local accommodation management services
- Booking management, guest communication, payment processing
- Invoicing, accounting, and tax compliance
- Monthly statements and current account management with Cedentes
- Contractual communication (formal notices, updates, notifications)
- Submission of data to public entities (AIMA/SEF, AT, City Hall)
- Direct marketing, subject to prior consent
- Security, fraud prevention, and defense of TimelyStay's rights
5. Platform Access Logs and Security
- Platform security and integrity
- Detection and prevention of unauthorized or fraudulent access
- Defense of contractual rights in judicial or extrajudicial proceedings — including demonstration of access and ratification of data made available on the platform under clause 33(vii) of the cession contracts.
- Audit and compliance
Logs are retained for the period necessary for these purposes, generally matching applicable civil/commercial prescription periods (Civil Code arts. 309 and following).
6. Retention Periods
| Data category | Retention period |
|---|---|
| Invoicing, receipts, debit notes, current account | 10 years (CIRC art. 123.º · LGT art. 52.º · CIVA art. 52.º) |
| Contract execution and related claims | Until expiry of civil/commercial prescription periods (CC arts. 309+) |
| Platform access logs | Until expiry of civil/commercial prescription periods applicable to the contractual relationship |
| Guest data for AIMA/SEF (DL 71/2017) | Applicable legal period (currently 5 years) |
| Marketing data and commercial profiles | 12 months after last active interaction, unless renewed consent |
| Non-binding support communications | 24 months |
| Strictly necessary cookies | Session duration |
| Analytical cookies (with consent) | Maximum 12 months |
Once the applicable period elapses, data is either definitively deleted or anonymized.
7. Data Sharing with Third Parties
Personal data may be shared with:
- Public entities: AIMA/SEF, Autoridade Tributária, Câmara Municipal, Turismo de Portugal — for compliance with legal obligations
- Booking platforms: Booking.com, Airbnb, Vrbo, Expedia — for managing respective bookings
- Service providers (GDPR processors): alojamento web, software certificado de faturação, serviços de email, processamento de pagamentos — subject to data processing agreements under art. 28 GDPR
- Cedentes: dados de hóspedes relativos a reservas no seu imóvel, quando o regime de visibilidade esteja ativo (cl. 7.ª (iv) do contrato com Cedente)
- Judicial or regulatory authorities, when legally required
TimelyStay does NOT sell personal data to third parties for marketing purposes.
8. International Data Transfers
Personal data is generally processed within the European Union. When transfers to third countries occur (e.g., through services like Booking.com, Airbnb, or cloud providers), such transfers are made under:
- European Commission adequacy decision (art. 45 GDPR), when applicable
- Standard Contractual Clauses approved by the European Commission (art. 46 GDPR)
- Other appropriate safeguards under GDPR
9. Data Subject Rights
As a data subject, you have the following rights under GDPR arts. 15-22:
| Right | Description |
|---|---|
| Access (art. 15.º) | Confirm whether we process your data and obtain a copy |
| Rectification (art. 16.º) | Correct inaccurate or incomplete data |
| Erasure (art. 17.º) | Request deletion, within legal limits (not applicable to data subject to legal retention obligations) |
| Restriction (art. 18.º) | Temporarily restrict processing |
| Portability (art. 20.º) | Receive data in a structured format and transmit it to another controller |
| Object (art. 21.º) | Object to processing based on legitimate interest or for direct marketing |
| No automated decision-making (art. 22.º) | Not be subject to solely automated decisions with significant effects. TimelyStay does not make such decisions. |
To exercise any of these rights, send a request by email to timelystay@viaglobe.pt or through the Communications tab of your client area (registered Cedentes/guests). We will respond within 30 days.
10. Cookies
We use the following types of cookies:
- Strictly necessary: essential for operation (session, authentication, security). Do not require consent.
- Analytical: Google Analytics, to understand site usage. Subject to consent.
- Functional: language preferences, settings. Subject to consent.
You can manage cookies through your browser settings. Rejecting strictly necessary cookies may compromise platform functionality.
11. Data Security
We adopt appropriate technical and organizational measures to protect personal data, including:
- TLS (HTTPS) encryption on all communications
- Password encryption with robust algorithms (bcrypt)
- Restricted access to internal systems, with authentication
- Regular and secure backups
- Continuous security monitoring
12. Processing of Minors' Data
TimelyStay does not direct its services to minors under 18. Data of minor guests (accompanied by responsible adults) is processed only for compliance with legal obligations applicable to Local Accommodation (DL 71/2017).
13. Changes to this Policy
We may update this Policy periodically. The current version is always the one published on this page, with the date of the last update. Material changes will be communicated to registered users through the appropriate channel.
14. Contact and Complaints
For questions about this Policy or to exercise your rights:
- Email: timelystay@viaglobe.pt
- Telefone: (+351) 932 541 180
- Morada: Rua de Santo Amaro 17A, Loja 8, Lisboa
Right to lodge a complaint with the supervisory authority:
Without prejudice to contacting us directly, you have the right to lodge a complaint with the competent supervisory authority:
Via Globe Unipessoal Lda · TimelyStay · Rua de Santo Amaro 17A, Loja 8, Lisboa · Portugal