Data Protection Policy
Last updated: January 2026
A Timeless Experiences respects the privacy of its users and undertakes to protect their personal data, in accordance with the Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR) and other applicable legislation.
This Data Protection Policy explains how we collect, use, store and protect your personal data when you use the website timeless-experiences.com, when you make a reservation or contact us.
1. Responsible for Treatment
The person responsible for processing personal data is:
Timeless Experiences
Website: www.timeless-experiences.com
Email: geral@timeless-experiences.com
2. Personal Data We Collect
We may collect and process the following personal data, among others:
- Identification: name, company (where applicable);
- Contacts: email, telephone;
- Invoicing data: TIN, tax address;
- Booking details: date of activity, number of participants, type of activity;
- Communications: messages sent by email, forms or other channels;
- Technical data: IP address, type of device, cookies (see Cookies Policy).
We do not intentionally collect sensitive data.
3. Purposes of processing
Your personal data is processed for the following purposes:
- Management of reservations and provision of contracted services;
- Invoicing and compliance with legal obligations;
- Communication with the client (confirmations, clarifications, booking changes);
- Marketing and dissemination, when there is consent or legitimate interest;
- Improving website operation and user experience;
- Compliance with legal and regulatory obligations.
4. Legal Basis for Treatment
Data processing is based on:
- Execution of a contract or pre-contractual steps;
- Compliance with legal obligations;
- Consent of the data subject, where applicable;
- Legitimate interest of Timeless, provided that the rights of the owner do not prevail.
5. Data retention
Personal data is only kept for the period necessary for the purposes for which it was collected or for the legally required period.
Examples:
- Billing data: kept for the mandatory legal period;
- Contact details and reservations: for as long as there is a contractual relationship or legitimate interest;
- Data for marketing: until consent is withdrawn.
6. Sharing Data with Third Parties
Personal data may be shared only when necessary with:
- Billing and accounting entities;
- Payment platforms;
- Technology service providers (hosting, email, CRM);
- Public authorities, when legally required.
All partners are contractually obliged to guarantee the confidentiality and security of data.
7. International data transfers
Where applicable, any data transfers outside the European Union will be carried out in accordance with the appropriate legal guarantees provided for in the GDPR.
8. Data subjects' rights
Under the terms of the law, the data subject has the right to:
- Access your personal data;
- Rectify inaccurate or incomplete data;
- Request the deletion of data (right to be forgotten);
- Limiting or opposing treatment;
- Request data portability;
- Withdraw consent, where applicable;
- File a complaint with the National Data Protection Commission (CNPD).
These rights can be exercised by sending a written request to the email address indicated above.
9. Data Security
Timeless adopts appropriate technical and organizational measures to protect personal data against loss, unauthorized access, alteration or improper disclosure.
Despite the measures put in place, no system is completely secure, so absolute security cannot be guaranteed.
10. Cookies
The website uses cookies to improve the user experience. For more information, see our Cookie Policy.
11. Changes to the Data Protection Policy
Timeless reserves the right to update this Policy whenever necessary. Changes come into effect after publication on the website.
12. Contact
If you have any questions about data protection or exercising your rights, you can contact us at:
Email: geral@timeless-experiences.com
We recommend that you read this Policy regularly to stay informed about how we protect your data.