Privacy Policy

Privacy Policy

Café do Mar — cafedomar.pt

Last updated: 19 April 2026 · In force since: 19 April 2026

Summary: Café do Mar (operated by Via Amarela, Lda) processes your personal data to respond to communications via WhatsApp, social media and the website, to manage bookings and to provide restaurant services. We do not sell data to third parties. You may request access to, correction of or deletion of your data at any time.

1. Data Controller

The controller of the personal data collected through cafedomar.pt, the associated WhatsApp Business number and the Facebook and Instagram integrations (@cafedomarcaparica) is:

For data protection (GDPR) matters, you may contact us at the email above, marking the subject as “Data Protection”.

2. Personal Data Collected

2.1. Data you provide directly

  • Communication via WhatsApp / Messenger / Instagram Direct: profile name, phone number (for WhatsApp), message content, photos or files you share.
  • Bookings and contacts: name, phone, email, number of guests, date, time and dietary preferences.
  • Comments and reviews: public content posted on our profiles or website.

2.2. Data collected automatically

  • IP address, device type, browser and operating system.
  • Pages visited and time spent (via Google Analytics, if you accept cookies).
  • Identifiers provided by the Meta platforms when you interact with us.

3. Purposes and Legal Basis

Purpose Legal basis (GDPR)
Responding to messages and information requests Pre-contractual measures (Art. 6(1)(b))
Managing bookings and providing the service Performance of a contract (Art. 6(1)(b))
Invoicing and tax compliance Legal obligation (Art. 6(1)(c))
Marketing and promotional communication Consent (Art. 6(1)(a))
Statistical analysis and service improvement Legitimate interest (Art. 6(1)(f))
Automated service by a conversational agent (AI) Pre-contractual measures and consent

4. Automated Service (AI)

Messages sent via WhatsApp, Facebook Messenger or Instagram Direct may be processed by an artificial intelligence system (conversational agent) operated on Via Amarela, Lda’s own infrastructure in Portugal. This system:

  • Reads and automatically replies to customer messages.
  • May hand the conversation over to a human team member whenever necessary.
  • Stores conversation history to ensure continuity of service.
  • Does not make decisions with legal effects or that significantly affect you without human review.

You may ask to speak directly with a human team member at any time.

5. Sharing Data with Third Parties

We do not sell your personal data. We may share it only with:

  • Meta Platforms Ireland Ltd. — to operate WhatsApp Business, Facebook and Instagram.
  • Google Ireland Ltd. — analytics, advertising and Google Workspace (email).
  • Cloudflare, Inc. — website security and CDN.
  • Booking platforms (TheFork, Google Reserve, etc.) where applicable.
  • Public authorities, where legally required (e.g. tax authority, police).
  • Service providers under a GDPR data-processing agreement (accounting, IT).

We do not transfer data internationally outside the European Economic Area, except where inherent to the operation of the Meta and Google platforms, in which case the Standard Contractual Clauses approved by the European Commission apply.

6. Retention Period

  • WhatsApp / social media conversations: up to 24 months after the last contact.
  • Booking data: up to 5 years (tax obligations).
  • Invoicing data: 10 years (Art. 123 CIRC).
  • Marketing data (consent): until consent is withdrawn.
  • Server logs: 12 months.

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Request its rectification (Art. 16)
  • Request its erasure (Art. 17 — “right to be forgotten”)
  • Request restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Not be subject to solely automated decisions (Art. 22)
  • Withdraw consent at any time
  • Lodge a complaint with the Portuguese Data Protection Authority (CNPD)

To exercise any of these rights, email us at viaamarela.caparica@gmail.com. We will respond within a maximum of 30 days.

8. Cookies

The cafedomar.pt website uses cookies essential to its operation and, subject to consent, analytics and marketing cookies. You can manage your preferences through the banner shown on first access or in your browser settings.

9. Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), role-based access control, audit logs and regular backups. In the event of a data breach posing a risk to your rights and freedoms, we will notify the CNPD within 72 hours and, where required, inform you directly.

10. Minors

We do not knowingly collect data from minors under 16 without the consent of those holding parental responsibility. If you become aware of such collection, please contact us so we can delete it immediately.

11. Changes to this Policy

We reserve the right to update this Policy whenever necessary. Any changes will be published on this page with the relevant date. In the event of substantial changes, we will notify you through the usual channels.

12. Contact

For any questions about this Privacy Policy or the processing of your personal data:

Email: viaamarela.caparica@gmail.com
Subject: “Data Protection — Café do Mar”

Reservar Ligar
PTENFRESDE