This Privacy Policy describes how Cooltouria, operated by Insightours, Lda, collects, uses, shares, and protects personal data of users of its platform.

1. Data Controller Identification

This Privacy Policy applies to the website and platform Cooltouria, operated by:
Company: Insightours, Lda
Trading name: Cooltouria
VAT Number: 517979594
Registered office: UPTEC – Science and Technology Park of the University of Porto, Rua Alfredo Allen 455, Portugal
Phone: +351 927 595 463
General contact email: geral@cooltouria.com

The data controller is Insightours, Lda.

2. Scope of the Platform

Cooltouria is a tourism marketplace intermediary platform that allows users to:
Discover and book tourism experiences
Access cultural experiences and activities
Book guided tours
Connect with tourism operators and travel agencies
The platform acts solely as an intermediary between customers and service providers and is not, in principle, the direct provider of the services listed.

3. Users of the Platform

The platform is used by:
Customers / tourists
Service providers, including tourism companies, activity operators, and travel agencies

4. Personal Data We Collect

We may collect the following categories of personal data:

4.1 Data provided directly by users

  • First and last name
  • Email address
  • Phone number
  • Address (when required for bookings)
  • Billing information
  • Account details
  • Customer support communications

4.2 Booking and transaction data

  • Booking history

  • Purchased experiences

  • Preferences

  • Reviews and ratings

4.3 Automatically collected data

  • IP address

  • Approximate location

  • Device and browser type

  • Browsing activity

  • Cookies and online identifiers

5. Purposes of Processing

Personal data is processed for the following purposes:

  • User account management
  • Processing bookings and requests
  • Facilitating communication between users and providers
  • Payment processing
  • Customer support
  • Operational communications (confirmations, notifications)
  • Marketing and newsletters (with consent)
  • Personalized advertising
  • Analytics and platform improvement
  • Fraud prevention and security
  • Compliance with legal obligations

6. Legal Basis for Processing

We process personal data based on:

  • Performance of a contract
  • User consent
  • Compliance with legal obligations
  • Legitimate interests (security, service improvement, analytics)

7. Data Sharing with Third Parties

Personal data may be shared with:

  • Tourism service providers (to fulfil bookings)
  • IfThenPay (payment processing provider)
  • IT infrastructure and cloud service providers
  • Email marketing and CRM platforms
  • Google (Analytics, Ads services)
  • Meta (Facebook/Instagram Ads, Pixel)

All third parties are required to comply with applicable data protection obligations.

8. Payments

Payments are processed through IfThenPay.

The platform:

  • Does not store full credit card details
  • Only receives transaction confirmation and payment reference data
  • Ensures payments are handled in a secure and certified environment

9. International Data Transfers

Some service providers (such as Google and Meta) may process data outside the European Economic Area (EEA).

In such cases, appropriate safeguards are applied, including:

  • Standard Contractual Clauses approved by the European Commission
  • Additional technical and organizational security measures

10. Data Retention

Personal data is retained only for as long as necessary:

  • User accounts: while the account remains active
  • Booking data: for legally required retention periods
  • Tax and invoicing data: as required by law
  • Marketing data: until consent is withdrawn
  • Security logs: limited retention period for system protection

11. User Rights

Under the GDPR, users have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability

  • Withdraw consent at any time

Users also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD).

12. Marketing Communications

Cooltouria may send:

  • Newsletters
  • Promotional emails
  • Personalized campaigns
  • Targeted advertising (Google Ads, Meta Ads)

Users may opt out at any time using the unsubscribe link or by contacting us directly.

13. Cookies and Similar Technologies

The website uses cookies for:

  • Website functionality
  • Traffic analytics (Google Analytics)
  • Advertising and remarketing (Google Ads, Meta Pixel)

Users can manage or disable cookies through browser settings or the cookie consent banner.

14. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • HTTPS encryption
  • Access control mechanisms
  • System monitoring and security audits
  • Protection against unauthorized access

15. Children’s Data

The platform is not intended for individuals under 18 years of age without supervision. Age verification may be required for certain experiences.

16. Languages

This Privacy Policy may be available in:

  • Portuguese
  • English
  • French
  • Spanish

In case of interpretation conflicts, the Portuguese version shall prevail, unless otherwise required by law.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Significant changes will be communicated via the website or email.

18. Contact

For any questions regarding data protection:

Email: geral@cooltouria.com

Data Controller: Insightours, Lda