Visitus.pt, Portugal travel guide

Privacy Policy

Effective date:
Last updated:

1. Introduction

This Privacy Policy explains how the Visitus website (hereafter "Visitus", "we", "our" or "the site"), accessible at https://www.visitus.pt, collects, uses and protects personal data when you visit the site, read our content, or contact us.

The policy is written to comply with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR"), the UK GDPR and Data Protection Act 2018, and the EU ePrivacy Directive 2002/58/EC as transposed into national law of EU member states. Where this policy refers to "GDPR", the equivalent UK rules apply to UK visitors.

If you do not agree with this policy, please discontinue use of the site. Continuing to use Visitus after material changes constitutes acceptance of the updated policy.

2. Who we are

The data controller for personal data processed in connection with the Visitus website is:

Best Assistance Group LTD
Company number 16870734 (England and Wales)
Registered office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Contact: contact@visitus.pt

For all questions related to this policy, your personal data, or your rights, please contact us at contact@visitus.pt. We aim to respond within thirty days as required by Article 12(3) GDPR.

3. What personal data we collect

Visitus is a publishing site, not a service or shop. Most visitors can read the entire site without ever sharing personal data with us. The categories below describe the limited cases where personal data is processed.

3.1 Server logs

Like every website, Visitus is served from an HTTP server that records technical information about each request. These logs are stored by our hosting provider (see section 8) and typically include: your IP address, your browser's user-agent string, the page URL you requested, the referring page, the response code returned, the number of bytes transferred, and the timestamp.

We use server logs only for security, abuse detection, and high-level traffic understanding. We do not download, aggregate, or share these logs.

3.2 Cookies and similar technologies

The site sets a small number of cookies for essential operation and, on monetized pages, for advertising. The full breakdown is in our Cookie Policy.

3.3 Advertising data (monetized pages only)

Some pages of Visitus display advertising provided by Google AdSense. On these pages, Google may collect device, approximate location (derived from IP), browsing context and ad interaction data to select and measure adverts. Google acts as an independent controller for this processing and applies its own privacy policy. We do not receive identify-level data from Google.

The AdSense script is loaded only after first user interaction (deferred load) and is not present on legal, contact, author, or about pages.

3.4 Contact form data

If you choose to send us a message via the form on the Contact page, we will receive the name, email address and message content you submit. The form is operated through Formspree (see section 8). We use this data only to respond to your message.

3.5 What we do not collect

Visitus has no user accounts, no logins, no comments. We do not process payment data, health data, biometric data, or any special-category data within the meaning of Article 9 GDPR. We do not run third-party analytics (no Google Analytics, Plausible, Matomo, or equivalent). We do not run social-media tracking pixels.

4. Lawful bases for processing

Under Article 6 GDPR, every category of personal data processing must rest on a lawful basis. The bases we rely on are:

Legitimate interests, Article 6(1)(f)
Server logs for security and abuse detection; aggregate traffic understanding; basic site operation. We have weighed these interests against the fundamental rights of visitors and conclude that the processing is proportionate and expected.
Consent, Article 6(1)(a)
Non-essential cookies (advertising), where required by the ePrivacy rules of your jurisdiction. Where consent is required, the AdSense load is deferred until the user explicitly accepts.
Performance of a contract, Article 6(1)(b)
Not currently relied upon. Visitus does not enter into contracts with visitors.
Legal obligation, Article 6(1)(c)
Retention of records to demonstrate compliance with this policy and respond to data-subject requests.

5. How we use your data

The categories of personal data described in section 3 are used for the following purposes:

  • To deliver site content to your browser and ensure pages load correctly.
  • To detect and respond to abuse, attacks, scraping, and security incidents.
  • To understand the rough volume and geography of our readership at a non-identifying level.
  • To display advertising on monetized pages (Google AdSense) and to comply with Google's reporting requirements.
  • To reply to messages you send us through the contact form.
  • To meet our legal and regulatory obligations.

We do not sell personal data, do not share it with data brokers, and do not use it for automated decision-making or profiling within the meaning of Article 22 GDPR.

6. Data retention periods

  • Server logs: retained by our hosting provider (Hostinger) for the period defined in their own policy, typically thirty to ninety days. Visitus does not extend this retention.
  • Advertising data: retained by Google according to their published policy. Visitus has no control over Google's retention.
  • Contact form messages: kept until the conversation is resolved, plus up to twelve months for follow-up reference. After that period the message is deleted.
  • This policy and prior versions: retained for as long as the site exists. Archived versions are available on request to contact@visitus.pt.

7. Your rights under the GDPR

If you are located in the EU, the EEA or the UK, the GDPR (or the UK GDPR) grants you the following rights with respect to personal data we process:

  1. Right to be informed (Articles 12 to 14): you have the right to clear information about what we collect, why, and how. This policy is part of meeting that obligation.
  2. Right of access (Article 15): you can ask us to confirm whether we process personal data about you, and to receive a copy.
  3. Right to rectification (Article 16): you can ask us to correct inaccurate or incomplete data.
  4. Right to erasure (Article 17), also known as the "right to be forgotten": you can ask us to delete your data in defined circumstances.
  5. Right to restrict processing (Article 18): you can ask us to limit how we use your data while a request is being resolved.
  6. Right to data portability (Article 20): you can ask for a machine-readable copy of data you provided to us, where the processing is based on consent or contract.
  7. Right to object (Article 21): you can object to processing based on legitimate interests, including for direct marketing.
  8. Rights related to automated decision-making (Article 22): not applicable to Visitus, but listed for completeness.

You also have the right to withdraw consent at any time where processing is based on consent (Article 7(3)), and the right to lodge a complaint with a supervisory authority (covered in section 14).

To exercise any of these rights, write to contact@visitus.pt. We will respond within thirty days (extendable by two further months for complex requests, with notification).

8. Third-party services

Visitus relies on the following third parties to operate the site. Each is engaged under appropriate contractual safeguards and, where required, an Article 28 GDPR processor agreement.

8.1 Hostinger International Limited (hosting)

Our website is hosted by Hostinger International Limited, a company registered in Cyprus (EU). Hostinger acts as a processor for the server-log data described in section 3.1 and processes data in accordance with their own published privacy notice (hostinger.com/privacy-policy).

8.2 Google AdSense (advertising on monetized pages)

Some Visitus pages display advertising provided by Google LLC (United States) and its affiliates through the Google AdSense and DoubleClick services. Google acts as an independent controller for the data it collects through these adverts (device, IP-derived approximate location, ad interactions, conversion measurement). Google's privacy policy is at policies.google.com/privacy; advertising-specific terms are at policies.google.com/technologies/ads.

You can manage Google's use of your advertising data at adssettings.google.com, including opting out of personalized advertising.

8.3 Formspree (contact form, when used)

If you submit the contact form, the message is transmitted to us through Formspree, operated by Formspree Inc. (United States). Formspree acts as a processor for the message content. Their privacy policy is at formspree.io/legal/privacy-policy.

8.4 What we do NOT use

To minimize cross-border data transmission and respect visitor privacy by default, Visitus deliberately does not use a number of common third-party services:

  • No third-party CDN for fonts. The Fraunces and Inter web fonts are self-hosted on the same origin as the website. No request is sent to fonts.googleapis.com or fonts.gstatic.com, which means no IP address is transmitted to Google for font delivery (a transmission that the LG Munich I judgment of 20 January 2022 found to require GDPR consent).
  • No third-party analytics. Visitus does not run Google Analytics, Plausible, Matomo, or any equivalent. Aggregate traffic understanding is derived from raw server logs only.
  • No social-media tracking pixels. No Facebook Pixel, no LinkedIn Insight Tag, no X (Twitter) tag, no TikTok pixel, no Pinterest tag.
  • No retargeting beyond AdSense. Visitus does not run retargeting, programmatic, or affiliate-network pixels outside Google AdSense on monetized pages.
  • No tag manager. All scripts are inlined or loaded directly from our origin; no Google Tag Manager or equivalent that can introduce additional trackers without a code change.

9. International data transfers

Some of the third parties listed in section 8 are established outside the EU and EEA. Where personal data is transferred to these third parties, the transfer is covered by the safeguards required by Articles 44 to 49 GDPR.

Google LLC (United States), AdSense. Google relies on (i) the EU-US Data Privacy Framework (DPF), under which Google LLC is certified, and (ii) Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers not covered by the DPF. The relevant adequacy mechanism is the European Commission Implementing Decision (EU) 2023/1795 of 10 July 2023.

Formspree Inc. (United States), contact form. Formspree relies on Standard Contractual Clauses for transfers from the EU to the United States.

Hostinger International Limited (Cyprus, EU). No transfer outside the EEA for the hosting of this website.

10. Children's privacy

Visitus is a general-audience travel publication and is not directed at children. Under Article 8 GDPR and the UK Age Appropriate Design Code, the processing of personal data of children under sixteen years of age (or the lower age set by the relevant member state, e.g. thirteen in the UK) requires the consent or authorization of the holder of parental responsibility.

We do not knowingly collect personal data from children below this age. If you become aware that a child has provided us with personal data, please contact contact@visitus.pt and we will take steps to remove that data.

11. Cookies and tracking

Visitus uses a small number of cookies and similar technologies, listed in detail in our Cookie Policy. You can disable or delete cookies through your browser settings; doing so may degrade site functionality on monetized pages but will not break navigation.

Where the ePrivacy rules of your jurisdiction require prior consent for non-essential cookies, that consent is requested before any non-essential cookie is set. Visitus displays a cookie consent banner on your first visit. The banner offers two visually equivalent choices: Accept all and Reject all. The (X) close button is treated as a Reject. Your choice is stored in a single first-party cookie named visitus_consent for twelve months. You can change your preference at any time by clicking Manage cookies in the footer, which clears the cookie and reopens the banner. Until consent is granted, no Google AdSense scripts are loaded.

12. Updates to this policy

We may update this Privacy Policy to reflect changes in our practices, in the third parties we rely on, or in applicable law. The "Last updated" date at the top of the page shows when the most recent change took effect.

Where a change is material (for example, the addition of a new processor, a new category of personal data, or a new lawful basis), we will publish a notice on the home page for at least thirty days before the change takes effect, and contact you by email if you have submitted a previous data-subject request and have not asked to be forgotten.

13. Contact us

For any question or request related to this policy or your personal data, please contact:

Best Assistance Group LTD
Email: contact@visitus.pt
Postal address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

To submit a data-subject request, please write "Privacy request" in the subject line and tell us which right (section 7) you wish to exercise. We will respond within thirty days. We may ask you for proof of identity to make sure we are responding to the right person.

14. Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR or the UK GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement (Article 77 GDPR).

Lodging a complaint with a supervisory authority is without prejudice to any other administrative or judicial remedy you may have.