This Privacy Policy explains how Logica Irrefutável, Lda. ("we", "us", "our") processes personal data when you visit the website www.alegriastay.com ("the Website") or contact us by email or phone. We comply with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Portuguese Data Protection Act (Law No. 58/2019).

Logica Irrefutável, Lda.
Travessa Engenheiro José Ulrich 15, 1E
2750-629 Cascais, Portugal
NIPC: PT 516 541 765

Email: alegriastay@gmail.com
Phone: +351 927 882 789

When you access the Website, our hosting provider automatically collects the following technical information, which is required to deliver the Website to your device and to ensure its security:

• IP address
• Date and time of access
• Pages visited and referring URL
• Browser type and version, operating system
• Language settings

Legal basis: Article 6(1)(f) GDPR — our legitimate interest in providing a secure, functional website.
Retention: Server logs are stored for a maximum of 30 days and then deleted or anonymised.

If you contact us via the email address or phone number listed on the Website, we process the personal data you provide (e.g. name, contact details, content of your enquiry) in order to respond.

Legal basis: Article 6(1)(b) GDPR (pre-contractual measures, where your enquiry relates to a potential booking) or Article 6(1)(f) GDPR (our legitimate interest in responding to enquiries).
Retention: Until your enquiry is fully resolved, plus any statutory retention periods (commercial and tax-related correspondence: up to 10 years under Portuguese law).

The Website uses only strictly necessary technical cookies required for the Website to function correctly (e.g. session management). No analytics, advertising, or tracking cookies are used. Under Article 5(3) of the ePrivacy Directive and Article 5 of the Portuguese Electronic Communications Privacy Law (Law No. 41/2004), strictly necessary cookies do not require prior consent. No consent banner is therefore displayed.

You can disable cookies in your browser settings at any time. Disabling strictly necessary cookies may affect the functionality of the Website.

We host the Website with:

Webflow, Inc.
398 11th Street, 2nd Floor
San Francisco, CA 94103, USA

When you visit the Website, Webflow automatically collects server log data as described in Section 2.1. Webflow also stores strictly necessary cookies required for the display of the Website, its core functionality, and security.

Legal basis: Article 6(1)(f) GDPR — our legitimate interest in providing a reliable, secure website.
Privacy Policy: webflow.com/legal/eu-privacy-policy
EU-U.S. Data Privacy Framework: Webflow is certified under the DPF. See: dataprivacyframework.gov/participant/5666

We use Cloudflare for the delivery of JavaScript libraries and for security functions (e.g. protection against DDoS attacks).

Cloudflare, Inc.
101 Townsend Street
San Francisco, CA 94107, USA

When loading resources delivered via Cloudflare, your IP address and technical request data are processed.

Legal basis: Article 6(1)(f) GDPR — our legitimate interest in fast, secure delivery of the Website.
Privacy Policy: cloudflare.com/privacypolicy
EU-U.S. Data Privacy Framework: Cloudflare is certified under the DPF.

We use jsDelivr, an open-source CDN, to deliver certain JavaScript libraries.

Prospect One Sp. z o.o.
Królewska 65A/1
30-081 Kraków, Poland

When loading resources via jsDelivr, your IP address and technical request data are processed. As Prospect One is based within the EU, no transfer to a third country occurs through this provider directly, although jsDelivr's CDN infrastructure operates globally.

Legal basis: Article 6(1)(f) GDPR — our legitimate interest in fast delivery of the Website.
Privacy Policy: jsdelivr.com/terms/privacy-policy-jsdelivr-net

Email correspondence sent to our contact address is processed via:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

(Gmail service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.)

Legal basis: Article 6(1)(b) or 6(1)(f) GDPR — see Section 2.2.
Privacy Policy: policies.google.com/privacy
EU-U.S. Data Privacy Framework: Google LLC is certified under the DPF.

Where required under Article 28 GDPR, we have entered into Data Processing Agreements (DPAs) with the service providers listed above. These agreements ensure that personal data of Website visitors is processed only on our instructions and in compliance with the GDPR.

Fonts on this Website are embedded locally via our own infrastructure and the Webflow platform. No connection is made to external font providers such as Google Fonts.

Images, graphics, animations, and downloadable files are delivered through the Website or Webflow. When you access these resources, technically necessary access data may be processed as described in Section 4.

Some of our service providers process data outside the European Economic Area (EEA), including in the United States. Such transfers are safeguarded by:

• The EU-U.S. Data Privacy Framework (where the provider is certified, see Section 4 and 5), and/or
• Standard Contractual Clauses (SCCs) adopted by the European Commission, and/or
• Other appropriate safeguards under Chapter V GDPR.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interests (Art. 21 GDPR)
• Right to withdraw consent at any time, where processing is based on consent (Art. 7(3) GDPR)

To exercise any of these rights, please contact us using the details in Section 1.

You have the right to lodge a complaint with the competent supervisory authority if you believe that our processing of your personal data infringes the GDPR:

CNPD — Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134, 1.º
1200-651 Lisboa, Portugal
www.cnpd.pt

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.

We may update this Privacy Policy from time to time to reflect changes in our processing activities or legal requirements. The current version is always available at this URL. Material changes will be communicated through a notice on the Website.

Last updated: May 2026