Privacy Policy

  1. Data controller
  2. Cookies
  3. Collection and Handling of General Information and Data
  4. Who has access to data
  5. Data storage period
  6. Automated Decision Making
  7. Newsletter Subscriptions
  8. Possibility of contact via Website
  9. Data protection for applications and application procedures
  10. Data protection provisions on the application and use of Google Analytics (with the anonymization feature)
  11. Rights of the data subject
  12. Security of personal data


Privacy policy

Our privacy policy has been recast on the basis of the new General Regulation on Data Protection (RGPD) as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council, as well as all other themes of privacy and data protection.

All data that will be processed by the company and how they can be used depend on the services that will be requested by you and in the way that is agreed with you.

  1. Responsible for data processing

If I have any questions regarding the handling of my data, I can contact the person responsible for them through the contacts:

(+351) 919442488

  1. Cookies

Cookies are text files that are stored on your computer through your browser.

inArrábida collects information from its customers to provide them with personalized service and to facilitate their navigation on our website. Your use of this site will be monitored for statistical purposes.

The configuration of cookies on our website can be prevented or deleted, if the holder of the data so understands, through the Internet browser or software programs. However, if the holder of the data does so, it may later have some features that are not fully usable.

  1. Collection and processing of general information and data

Our website collects some data and general information when it is accessed by the owner of the same.

This data is stored by the server and consists of:

  • browser types and versions used;
  • operating system used by the accessing device;
  • the website through which it was redirected to ours;
  • the sub-websites;
  • the date and time our website was accessed;
  • an Internet protocol address (IP address);
  • other data and similar information that may be used in case of security risks to our systems.

These data and information are not used by the company to draw conclusions from the owners. They are only used for:

  • correctly deliver the content of our website;
  • optimize your website content as well as your ads;
  • ensuring the long-term viability of our systems and technologies;
  • provide information to law enforcement authorities in the event of cyber attacks.

It is also important to highlight that all these data are withdrawn according to the consent of the data subject (as indicated in Articles 6 (1) (a) and 7, present in the RGPD):

By providing us with your consent to the processing of personal data, this will be done based on what you have been informed and in which you have consented. This consent may be revoked at any time. This revocation may also apply to consents that may have been provided before the RGPD entered into force, ie before 25 May 2018. Please note that revocation applies only to future retroactive effects, that is to say, the treatment which took place prior to the withdrawal is not covered by it.

  1. Who has access to data

Within the company, employees have access to the data that they need to carry out analyzes of statistical data and, consequently, to optimize the website and contents of the company.

In relation to the transmission of data to other companies, Aloha only shares data when the legal provisions require us and / or when we have the consent of the holders, as provided in the RGPD and applicable data protection laws.

  1. Data storage period

The data controller shall analyze and store the personal data of the data subject for the period necessary to achieve the storage objectives, for a period granted by the European legislator or other legislators in laws or regulations to which the data subject may also be subject .

If the storage purpose does not apply or if the defined storage period expires, the personal data will be blocked or deleted, in accordance with applicable legal requirements.

  1. Automated Decision Making

As provided in the RGPD, automated decision-making procedures are not used by the company. However, if it is necessary to resort to this procedure, you will be informed, as required by law.

  1. Newsletter Subscription

At inArrábida website, visitors have the possibility to subscribe to our newsletter (newsletter). The page used for this purpose determines the personal data that is transmitted as well as the list of companies to which the visitor wants to subscribe.

This newsletter can only be received by the data owner if he / she signs up for the reception of the data and if it has a valid email address. For security reasons, if you subscribe to the company’s newsletter, you will receive a confirmation email to verify your membership.

In the process of subscribing to the Newsletter, data such as IP address, date and / or time of registration of the holders can be stored, and this data collection is a legal protection objective of the controller. The data that is collected as part of the registration is only used for the sending of the newsletter and for the sending of information as technical or legal modifications of the same.

There will be no transfers of personal data collected by the newsletter to third parties and the signature of the newsletter may be terminated at any time, as well as the consent of the holders. For the revocation of consent and to cancel the subscription to the newsletter, a link can be found for this purpose in each newsletter, or it may be revoked by communicating this intention to the controller.

  1. Possibility of contact via Website

Our website contains information that enables quick and direct contact with our company via a general e-mail address (email address). In case the contact is made through our contact forms, the personal data transmitted by the holder will be stored for the purposes of being treated or to contact the owner of the same. This data will not be transmitted to third parties.

  1. Data protection for applications and application procedures

In the case of data referring to applications and these are sent to the company via e-mail or a contact form of the website, the responsible person will be obliged to collect these data and to treat them, and the treatment can be done electronically.

If the person responsible completes an employment contract with the holder of the application, the data of the latter will be stored according to legal requirements.

If no contract of employment is concluded, the data subject must be deleted within a period of up to two months after notice of the refusal decision, provided that no other legitimate interests of the controller were opposed to erasure (such as being a evidence in a legal proceeding) or as long as the data subject explicitly expresses his / her wish for the data subject to keep his or her personal data.

  1. Data protection provisions on the application and use of Google Analytics (with the anonymization feature)

The Google Analytics component has been integrated into this website. This service is based on web analysis, that is, it consists of the collection, agglomeration and analysis of data referring to the behaviors of the visitors in websites, namely, data such as the pages they visit, the frequency with which they visit or the duration of the visualization of each page, in order to later optimize the website and reallocate resources relative to online advertising. This web analytics uses the “anonymizelp” feature that allows Google to obtain the IP address of the data subject’s Internet connection to our websites from a Member State of the European Union or of another Contracting State to the Agreement on the European Economic Area.

Google Analytics also uses a cookie system (definition above in section 2) that is responsible for analyzing personal data of visitors and data regarding the use of websites. This data is stored by Google in the United States of America and may be transmitted to third parties.

The configuration of cookies may be prevented by the data subject on our website, through an adjustment to the used web browser (as indicated in section 2) and the cookies already used by Google Analytics can be deleted at any time through the web browser. web or other software programs. In addition, the data subject may object to the data collection generated by Google Analytics and the processing of data by downloading and installing a browser add-on at This add-on works as an objection to Google’s use of visitor data. If the incumbent’s information technology system is subsequently deleted, formatted, or newly installed, it must again install the add-on so that its data is not analyzed by Google Analytics. If the add-in is disabled, a reactivation or reinstallation can be performed.

For more information on Google data protection, go to and For more information about Google Analytics, visit The Google Analytics component operator is:

Google Inc., 1600 Anphitheater Parkway, Mountain View

CA 94043-1351, United States of America.

  1. Rights of the data subject
  • Right to be informed:

Holders have the right (granted by the European legislator) to know how their personal data will be used by the controller or the processor. This data protection statement explains how personal data can be used, and if there are still some doubts on the part of the owners, they can contact our data controller at any time.

  • Right of confirmation

Holders have the right (granted by the European legislator) to obtain confirmation from the controller as to whether or not the personal data relating to them are to be processed and for this reason they must contact our data controller.

  • Right of access

Holders have the right (granted by the European legislator) to obtain from the person responsible, at any time and for free, information on their personal data stored and a copy of this information. In addition, according to European directives and regulations, access to the data subject should be given to:

    • The purposes of data processing;
    • The categories of personal data concerned;
    • The addressees or categories of recipients to whom the personal data have been or will be disclosed, in particular the recipients in third countries or international organizations;
    • The period for which personal data are to be stored or the criteria used to determine that period;
    • The existence of the right to complain to a supervisory authority;
    • The origin of the data when these are not personal data of the holders;
    • The existence of automated decision-making, including profiling, as referred to in Articles 22, paragraphs 1 and 4 of the RGPD and, at least in those cases, significant information on the rationale involved, as well as the importance and expected consequences of such treatment for the holder of the data.

In addition, the data subject has the right to obtain information concerning the transmission of his or her personal data to a third country or to an international organization. Where applicable, the data subject has the right to be informed of the appropriate safeguards relating to this transmission. If the holders wish to use this right of access, they may contact our data controller.

  • Right of rectification

Holders have the right (granted by the European legislator) to obtain from the controller, without undue delay, rectification of inaccurate personal data on them, as well as incomplete personal data. If the holders wish to use this right, they can, at any time, contact our data controller.

  • Right of erasure (or Right to be forgotten)

Holders have the right (granted by the European legislator) to obtain from the controller the deletion of personal data concerning them, provided that such processing is not necessary, where one of the following grounds applies:

    • Personal data is no longer required for analysis or treatment;
    • The data subject withdraws the consent on which the treatment is based (according to articles 6, paragraph 1, point a) or 9, paragraph 2, point a) of the RGPD, and there is no other legal basis for treatment;
    • The data subject is opposed to the treatment under the terms of Article 21 no. 1 of the RGPD and there are no legitimate reasons for the treatment, or the data holder opposes the treatment under the terms of Article 21.2 of the RGPD;
    • Personal data has been treated unlawfully;
    • Personal data must be deleted in order to comply with a legal obligation under the legislation of the Union or of the Member State to which the controller is subject.
    • Personal data were collected in relation to the provision of information society services by persons under the age of 16 (Article 8 (1) of the RGPD).

If the holders wish to use this right, they can, at any time, contact our data controller.

  • Right to limit treatment

Holders have the right (granted by the European legislator) to obtain from the controller a limitation on the processing of their data if one of the following conditions applies:

    • The accuracy of the personal data is contested by the holder for a period that allows the controller to verify the accuracy of the data;
    • The treatment is illegal and the data subject, opposing the deletion of personal data, requests the restriction of its use;
    • The controller no longer requires personal data for treatment purposes, but is required by the data subject to establish, exercise, or defend legal proceedings;
    • The data subject is opposed to the treatment under Article 21 paragraph 1 of the RGPD, and it is not yet clear whether the controller’s legitimate motives nullify those of the owner.

If one of the above conditions is fulfilled and the data subject wishes to request the restriction of the processing of personal data stored by Aloha, he may at any time contact our data controller directly.

  • Right to data portability

Holders have the right (granted by the European legislator) to receive personal data relating to them that has been supplied to a controller in a structured, commonly used and machine-readable format. The holder has the right to transmit this data to another controller without impediment of the current controller, provided that it does not adversely affect the rights and freedoms of others and provided that the treatment is based on consent (as referred to in terms of Article 6 paragraph 1 (a) or Article 9 (2) (a) of the RGPD) or in a contract in accordance with Article 6 paragraph 1 (b) of the RGPD, and the processing is performed by automated means, provided that it is not necessary for the performance of a carried out in the public interest or in the exercise of the official authority conferred on the controller.

In order to ensure the right to portability of data, the holders may use this right at any time and contact our data controller.

  • Right to object

Holders have the right (granted by the European legislator) to oppose, on grounds relating to their particular situation, at any time, the processing of personal data concerning them, on the basis of Article 6 (1) (e) and RGPD, this being also applicable to profiling. In these cases, the company no longer treats any personal data unless it proves to have compelling legitimate grounds for handling them (exercises or legal proceedings, for example).

In order to exercise the right of objection, data owners may at any time contact our data controller.

  1. Security of personal data

Aloha uses security systems and procedures in order to guarantee the security of the personal data of the holders and in order to prevent unauthorized access, as well as the improper use, disclosure, loss and destruction of personal data.


This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (RGPD). Our data protection statement must be readable and understandable to the general public as well as to our customers and business partners. To ensure this, we would like to start by explaining the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

  • personal data

Personal data means any information related to an identified or identifiable natural person (“data subject”). An identifiable natural person is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more identity-specific factors physical, physiological, genetic, mental, economic, cultural, or social nature.

  • Data owner

The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the treatment.

  • Treatment

Treatment is any operation or set of operations that is performed on personal data or on personal data sets (whether or not by automated means), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, disclosure or disclosure, alignment or combination, restriction, deletion, or destruction.

  • Treatment Restriction

The restriction of processing is the marking of stored personal data for the purpose of limiting its processing in the future.

  • Profile

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to that person’s performance in work, economic situation, health, personal preferences , interests, reliability, behavior, location, or movements.

  • Data Controller or Controller or Controller responsible for processing

Data Controller or Controller or controller is the natural or legal person, public authority, agency or other body that (alone or jointly with others) determines the purposes and means of processing personal data. Where the purposes and means of such treatment are determined by Union or Member State law, the controller or the specific criteria for their appointment may be indicated by Union or Member State law.

  • Data Processor or Processor or Subcontractor

Data Processor or Processor or Subcontractor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

  • Addressee

The addressee is a natural or legal person, a public authority, an agency, or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a specific inquiry in accordance with Union or Member State legislation should not be considered as recipients; the processing of such data by such public authorities shall be in accordance with the applicable data protection rules according to the purposes of the processing.

  • Third

The third party is a natural or legal person, a public authority, an agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to processing of personal data.