top of page

PRIVACY POLICY

1. IDENTIFICATION OF THE DATA CONTROLLER
Company: JPBT, Lda (hereinafter referred to as THE BOX)
Headquarters: Rua Inocêncio Francisco da Silva, 24 - 9º dto | 1500-348 Lisboa
VAT: 514992964
Phone: +351 918 347 635
E-mail: experience@thebox.travel
Data Protection Officer: Bruno Almeida

 

2. INFORMATION AND CONSENT
The Personal Data Protection Law (hereinafter referred to as “PDPL”) and the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, hereinafter referred to as “GDPR”) ensure the protection of individuals with regard to the processing of personal data and the free movement of such data.
Under legal terms, “personal data” is defined as any information of any kind and regardless of its format, including sound and image, relating to an identified or identifiable individual; therefore, protection does not apply to corporate data.
By accepting this Privacy Policy, the user gives informed, express, free, and unequivocal consent for the personal data provided through the website www.thebox.travel to be included in a file under the responsibility of THE BOX, processed according to the appropriate technical and organizational security measures in compliance with LPDP and GDPR requirements.
THE BOX maintains a database of its clients' records. The data in this database consists solely of information provided by clients at the time of registration, automatically collected and processed by THE BOX under the authorization of the National Data Protection Commission, as THE BOX is responsible for the respective file.
The formalization of reservations through our website implies the input of personal identification data by the user, including personal preferences, special circumstances affecting them, and credit/debit card details, which will be used to facilitate and allow the booking and service requested, as well as to provide information related to THE BOX's products and services.
In no case will information be requested regarding philosophical or political beliefs, party or union affiliations, religious faith, private life, racial or ethnic origin, or health and sexual life, including genetic data.
Under no circumstances will any of the following activities be carried out with the personal data provided through this site:

Transfer to other people or entities without the data subject's prior consent;
Transfer outside the European Economic Area (EEA) without the data subject's prior consent.

 

3. PURPOSES OF PERSONAL DATA PROCESSING
The personal data we process through this site will only be used for the following purposes:
a) To carry out activities related to a travel agency, wholesaler, and retailer;
b) To provide services requested by the user to fulfill the reservation/service requested by the user;
c) Management, administration, delivery, expansion, and improvement of the services to which the user subscribes, registers, or uses, adapting these services to user preferences and tastes;
d) Verify credit cards and other payment cards indicated by the user;
e) Studying the use of services by users;
f) Verifying, maintaining, and developing systems and statistical analyses;
h) Advertising, promotional, and commercial prospecting activities, if duly authorized and consented to by the user;
i) Sending survey forms, to which the user is not obligated to respond;
j) Sending SMS messages for direct sales, advertising, or service-related purposes, if duly authorized and consented to by the user.
The user may consent to THE BOX processing their personal data to determine their profile and offer suitable products and services. These services may be THE BOX’s own or from third parties.
Moreover, the user consents to access information related to the service contracted with THE BOX to offer additional services beyond the contracted ones.
When personal data is collected via the “Newsletter” form or other forms related to the website’s activities, it will be necessary for the user to complete at least those fields marked with an asterisk, as failure to provide such data will prevent THE BOX from accepting or managing the requested web service or query.
When collecting personal data, except in fields where indicated otherwise, the user may voluntarily provide personal data without affecting the quality or quantity of the corresponding services (unless otherwise specified). However, failure to provide mandatory data will make it impossible to access the service for which the data is requested.
If the user does not agree with the above conditions, THE BOX cannot proceed with contracting and will not be able to accept their reservation.

 

4. DISCLOSURE OF PERSONAL DATA
THE BOX may disclose users' information to third parties solely for completing the requested reservation and for administrative purposes according to current legislation to fulfill travel/service requirements for specific countries.
Any data collected this way on the website will be transmitted, per current data protection legislation, to entities involved in contracting the requested services, as absolutely necessary to complete the reservation/service requested and to comply with destination country legislation.
Furthermore, the user explicitly consents to personal data being disclosed to:
a) National and international authorities competent in tourism, terrorism, or crimes against human rights;
b) Any legal entity affiliated with or subsidiary of THE BOX or to the company that provided the contracted service (hotels, transportation providers, etc.) to ensure the correct provision of each service requested by the user.
The user guarantees that the information provided is truthful, accurate, complete, and up-to-date and is responsible for any damages, direct or indirect, that may result from breaching this obligation. If the data provided belongs to a third party, the user guarantees they have informed the third party about the contents of this document and obtained their authorization to provide their data to THE BOX for the indicated purposes.

 

5. SECURITY MEASURES
THE BOX declares that it has implemented and will continue to implement necessary technical and organizational security measures to protect personal data provided, to prevent alteration, loss, unauthorized processing, and access, considering the current technology, the nature of the stored data, and the risks to which they are exposed.
The personal data obtained through website registration are incorporated into a software application owned by THE BOX. Only THE BOX employees with proper authorization can access this information, with a documented log of access. Changes to existing data are recorded with the date and the user ID responsible for the modification.
Personal data is treated with the legally required level of protection to ensure security and to prevent alteration, loss, unauthorized access, or processing, considering current technology, with the user aware that internet security measures are not impenetrable.
THE BOX is equipped with technical infrastructures for perimeter control, such as network firewalls, private circuits, and VPNs, that meet security requirements. Servers are hosted in a datacenter operator that provides digital information protection services, including file backup, retention per policy, and restoration upon THE BOX’s request.
For security reasons applicable in certain countries, flight reservations must include information such as name, passport number, gender, age, and nationality. This reservation information may, under applicable legislation, be accessed by customs authorities in origin or destination countries.
When accessing any personal data, THE BOX agrees to:
a) Store it using legally required security measures of a technical and organizational nature to ensure its security, avoiding alteration, loss, unauthorized access, and processing, according to the current state of technology, the nature of the data, and potential risks;
b) Use the data exclusively for the defined purposes;
c) Ensure that only employees whose intervention is necessary for service provision handle the data and that they are bound by confidentiality and secrecy. If information is disclosed to third parties, they must also maintain confidentiality as outlined in this document.

 

6. COMMERCIAL AND PROMOTIONAL COMMUNICATIONS
One purpose of processing users' personal data is to send electronic communications with commercial and promotional information.
Such communication will only be directed to users who have previously and explicitly authorized it.
Under Decree-Law no. 7/2004 of January 7, if the user wishes to stop receiving commercial or promotional communications from THE BOX, they may request to unsubscribe by emailing: experience@thebox.travel.

 

7. EXERCISE OF RIGHTS
Under the provisions of PDPL and GDPR, the user may exercise their rights of access, rectification, deletion, limitation, objection, and portability at any time by submitting a written request by any means, including a copy of a document proving their identity and specifying the right(s) they wish to exercise.
Mail: Rua Inocêncio Francisco da Silva, 24 - 9º dto | 1500-348 Lisboa
Email: experience@thebox.travel
Additionally, even if registered on the site, the user may decide not to receive information from us, whether newsletters or otherwise, by choosing the appropriate option in the "personal data" section.

 

8. SUPERVISORY AUTHORITY
Under legal terms, the data subject has the right to lodge a complaint regarding personal data protection with the competent supervisory authority, the National Data Protection Commission (CNPD) at www.cnpd.pt

If the user does not agree with the above conditions, THE BOX cannot proceed with contracting and will not be able to accept their reservation.

bottom of page