Privacy Policy
How Havenly Living collects, uses, and protects personal data
Last updated: 29 April 2026
Section 1 — Data Controller
Havenly Living, Unipessoal Lda. Registered office: Avenida de Infante Edificio Madeira 1B, 8125-157 Quarteira. NIF: 519373103. Email: info@havenlyliving.com. Phone: +351 910 258 134. For all data protection matters, contact info@havenlyliving.com.
Section 2 — What data we collect and why
| Category of data | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Property owner identification (name, NIF, address, IBAN, contact details) | Onboarding, contract management, invoicing, tax reporting | Contract performance (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c)) | 10 years after contract end (Portuguese tax law) |
| Property details and photographs | Listing creation, marketing, operational management | Contract performance | Duration of contract plus 2 years |
| Guest identification (name, nationality, ID document, dates of stay) | Legal obligation under SEF/AIMA reporting and tourist tax remittance | Legal obligation (Art. 6(1)(c)) | As required by Portuguese law (currently 1 year for SEF data) |
| Guest contact data (email, phone) | Booking management, pre-arrival communication, support during stay | Contract performance | 3 years after stay |
| Marketing contacts (prospects who request information) | Responding to enquiries and follow-up | Legitimate interest (Art. 6(1)(f)) | 2 years from last interaction, or until objection |
| Website analytics (cookies, IP) | Site performance and improvement | Consent (Art. 6(1)(a)) | 13 months |
| Supplier and partner contact data | Operational coordination | Contract performance / legitimate interest | Duration of relationship plus 5 years |
Section 3 — Who we share data with
We share personal data only with the following categories of recipients, each bound by written data processing agreements where applicable:
- Booking platforms: Airbnb, Booking.com, VRBO (for listing and reservation management)
- Property management software provider (operational platform)
- Guest verification provider (legal SEF reporting)
- Cleaning and maintenance contractors (operational delivery)
- Our certified accountant (bookkeeping and tax filings)
- Legal counsel (when legally required)
- AI service providers used internally for content drafting and operational support
- Portuguese tax authority (AT), Loulé municipality, SEF/AIMA, and other public authorities when legally required
Section 4 — International data transfers
Some of our service providers operate outside the European Economic Area, including AI service providers and certain booking platforms hosted in the United States. Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal safeguard, in accordance with Article 46 GDPR. For US providers, transfers are made under the EU-US Data Privacy Framework where the provider is certified, otherwise under SCCs with supplementary measures. A copy of the relevant safeguards can be requested at info@havenlyliving.com.
Section 5 — Your rights
Under the GDPR, you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict processing, data portability, object to processing based on legitimate interest, and withdraw consent at any time where consent is the legal basis. To exercise any of these rights, contact info@havenlyliving.com. We respond within one month.
Section 6 — Right to lodge a complaint
You have the right to lodge a complaint with the Portuguese supervisory authority: Comissão Nacional de Proteção de Dados (CNPD), Av. D. Carlos I, 134, 1.º, 1200-651 Lisboa. Website: www.cnpd.pt. Email: geral@cnpd.pt.
Section 7 — Security
We apply appropriate technical and organisational measures to protect personal data, including encrypted storage, access controls limited to authorised personnel, written processor agreements with all service providers, and regular review of security practices.
Section 8 — Changes to this policy
We review this policy at least annually and update it when our processing activities change. The "last updated" date at the top of this page reflects the most recent version. Material changes will be communicated to active clients by email.