Privacy Policy

Last updated: 02/02/2026

Who we are and our commitment to privacy

Tapa ao Sal is a digital travel and culture project that publishes content, guides, and related services through the website tapaaosal.pt and its subdomains.

We are committed to protecting your privacy and handling personal data responsibly, transparently, and securely, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

This Privacy Policy explains:

  • what personal data we may collect;
  • why we use it;
  • who it may be shared with;
  • how long it is kept;
  • and what rights you have as a data subject.

This policy applies to all data processing activities carried out through our website and associated digital services.

Data controller

The data controller responsible for the processing of personal data on this website is the owner of the Tapa ao Sal project.

For any questions regarding privacy or the exercise of your data protection rights, you may contact us through our Contact page.

All privacy-related requests (access, correction, deletion, or clarification) should be submitted through this channel and will be handled as promptly as possible, in accordance with applicable law.

Main section — Data processing

What data we collect

Depending on how you interact with our website, we may collect different categories of personal data. We only collect data that is necessary to operate the website, ensure security, and improve user experience.

Data provided directly by you

  • contact form submissions
  • comments posted on articles
  • subscriptions or communications (where applicable)

This may include your name, email address, and any information you choose to provide.

Data collected automatically

When you browse the website, certain technical data may be collected automatically, such as:

  • IP address
  • browser type and device information
  • pages visited and timestamps
  • security and protection logs
  • aggregated usage statistics (only after consent)

These data are mainly used for technical, security, and performance purposes and are analyzed in aggregate form.

Third-party data

Our website may include links to external platforms, including affiliate partners. When you click these links, those third parties become responsible for any data processing carried out on their websites.
Tapa ao Sal does not directly collect or control that data.

Why we use your data

We process personal data only for legitimate and specific purposes, including:

  • responding to enquiries and contact requests
  • improving website performance and usability through analytics (after consent)
  • ensuring security and preventing fraud, spam, or abuse
  • complying with legal or regulatory obligations
  • managing affiliate partnerships (only after you voluntarily click external links)

We do not use personal data for incompatible or unrelated purposes.

Legal basis for processing (GDPR)

All processing activities rely on appropriate legal grounds under the GDPR.

PurposeLegal basis
Responding to enquiries or requestsPre-contractual steps or contract performance
Website analytics and statisticsUser consent
Security and fraud preventionLegitimate interest
Legal and regulatory complianceLegal obligation

Where processing is based on consent, you may withdraw it at any time.

Cookies and similar technologies

We use cookies and similar technologies to ensure proper website functionality, improve security, and, where authorized, collect anonymous statistics.

Non-essential technologies (such as analytics) are only activated after your explicit consent.

Analytics tools are loaded through Google Tag Manager (GTM) and are configured not to run before consent is given.

Consent is managed via Complianz, which blocks non-essential cookies until you authorize them.

For full details, please refer to our Cookie Policy.

Data sharing with third parties

We do not sell or rent personal data.

However, we may rely on trusted service providers to operate the website and deliver our services.

Technical service providers

These may include:

  • hosting and infrastructure providers
  • security and traffic protection services
  • analytics tools (after consent)
  • email or transactional communication services (where applicable)

These providers act as data processors, handling data only according to our instructions and under contractual safeguards.

External partners

We may include affiliate links to third-party platforms.
When you click these links, data processing is carried out directly by those partners under their own privacy policies.

We are not responsible for processing performed on external domains.

International data transfers

Some service providers may process data outside the European Economic Area (EEA).

When this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • additional technical and organizational security measures
  • selection of providers that meet recognized data protection standards

Data retention

We keep personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

Type of dataRetention criteria
Contact form submissionsUntil the request is resolved, plus a reasonable administrative period
CommentsWhile published or until removal is requested
Security logsShort, limited periods (days or weeks)
Analytics dataAccording to tool settings (e.g., up to 13 months)

After this period, data is securely deleted or anonymized.

Your rights

Under the GDPR, you have the right to:

  • access your personal data
  • request correction of inaccurate data
  • request deletion where applicable
  • restrict processing
  • request data portability
  • object to processing based on legitimate interests
  • withdraw consent at any time
  • lodge a complaint with a supervisory authority

How to exercise your rights

Please submit requests through our Contact page.
We typically respond within 30 days, in accordance with legal requirements.

Data security

We implement appropriate technical and organizational measures to protect personal data, including:

  • encrypted communications (HTTPS)
  • restricted access controls
  • monitoring and anti-bot protection systems
  • regular software and security updates
  • data minimization practices

While no system is completely risk-free, we continuously work to maintain a high level of security.

User-generated content

Users are responsible for the content they submit, such as comments or messages.

We reserve the right to moderate, edit, or remove content that is illegal, offensive, or abusive.

We advise against sharing sensitive personal information in public areas of the website.

External links

Our website may contain links to third-party websites or services.

We do not control their privacy practices and are not responsible for how they process personal data.

We recommend reviewing their privacy policies before sharing any information.

Changes to this policy

This Privacy Policy may be updated periodically to reflect legal, technical, or operational changes.

We encourage you to review this page regularly.

Last updated: 02/02/2026

Contact

For any privacy-related questions or requests, please use our Contact page.For information about cookies and tracking technologies, please see our Cookie Policy.