Policy on Privacy
How we process your personal data when you use this website.
1. Data controller
The data controller responsible for processing your personal data is:
- Picouto de Cima Farm
- R. Portelinha 260, 4800-429 Guimarães, Portugal
- Email: Email
- Tax Identification Number: (to be completed)
2. What data we collect and when
Contact form
When you send us a message via /contact details We collect: name, email address, telephone number (optional), subject and message. This data is stored in our database (Cloud Firestore, provided by Google) and is also sent to us by email so that we can reply.
Bookings (accommodation, events, experiences)
When you make a booking on the /accommodation, /tastings or /experiences pages, we collect the following information: name, email address, telephone number, preferred dates, number of people and any comments you wish to leave. The data is stored in Cloud Firestore and emailed to the Quinta team.
Orders from the online shop
When buying wine at /wines We collect the following information: name, email address, telephone number, delivery address and confirmation that you are aged 18 or over. Payment is not processed on the website — we will contact you by email to arrange this.
Website navigation
We use the Firebase Analytics (a version of Google Analytics 4) to gain an aggregate understanding of how the website is used: pages visited, device, country, session duration. This information is pseudonymised and used only in aggregate form; it is not used to identify you individually.
3. What do we use this data for?
- Replying to your messages, confirming bookings and processing orders;
- To comply with legal and accounting obligations (in the case of orders);
- To improve the website’s design and usability, based on aggregated statistics.
We do not use your data for targeted advertising, automated profiling or to sell it to third parties.
4. Legal basis
- Performance of the contract or pre-contractual measures — to respond to booking requests, orders and messages initiated by you;
- Compliance with a legal obligation — to keep invoices and sales records as required by law;
- Legitimate interest — for aggregated statistical analysis of website usage (Firebase Analytics).
5. Who we share your data with
Your data is processed by us and by the following technical data processors, all of whom are subject to contractual data protection obligations:
- Google (Firebase / Google Cloud) — hosting of the database and files, sending of notification emails and Analytics. Data stored in data centres within the European Union (region
eur3). - Cloudflare — website hosting (Cloudflare Pages) and protection against attacks.
We do not share data with third parties for commercial or marketing purposes.
6. How long do we keep it for?
- Contact messages: for up to 24 months after the last contact, unless you ask us to delete them before then;
- Bookings: up to 36 months, for record-keeping and managing repeat customers;
- Orders and data relating to invoices: 10 years, for tax purposes;
- Analytics statistics: period defined by Google (typically 14 months).
7. Your rights
Under the General Data Protection Regulation (GDPR, EU 2016/679), you have the right to:
- To access the data we hold about you;
- Correct incorrect or out-of-date data;
- To request the erasure of your data (‘right to be forgotten’), except where we are required by law to retain it;
- To request the restriction of processing or to object to processing;
- Request the portability of your data in a structured format;
- Submit a complaint to National Data Protection Commission (CNPD).
To exercise any of these rights, simply send an email to Email. We will reply within 30 days.
8. Cookies and similar technologies
This website uses cookies that are strictly necessary for its operation (session, preferences) and Firebase/Google analytics cookies. We do not use third-party advertising cookies.
Analytics cookies are enabled automatically; if you would prefer not to be included in the statistics, you can block them in your browser settings or use an extension such as uBlock Origin without affecting your browsing experience on the website.
9. International transfers
The data is stored in Google’s data centres in the European Union (eur3, Belgium/the Netherlands). In specific cases (technical support, maintenance), Google may access the data from other countries; these transfers are covered by the European Commission’s Standard Contractual Clauses (SCCs).
10. Safety
We implement reasonable technical and organisational measures to protect your data: encrypted communication (HTTPS), database access rules that restrict who can read from or write to each collection, mandatory authentication for the back office, and anti-spam protection on forms.
11. Changes to this policy
We may update this policy to reflect changes to our services or to legislation. The date of the last update is shown at the end. In the event of material changes, we will give advance notice on our website.
12. Contacts
If you have any questions regarding privacy or the processing of your data:
Book your experience at the Picouto de Cima Farm
Accommodation, wine tasting or a private event. We respond to all enquiries within 24 hours.