Visitus.pt, Portugal travel guide

Privacy Policy

Effective date:
Last updated:

1. Introduction

This Privacy Policy explains how the Visitus website (hereafter "Visitus", "we", "our" or "the site"), accessible at https://www.visitus.pt, collects, uses and protects personal data when you visit the site, read our content, or contact us.

The policy is written to comply with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR"), the UK GDPR and Data Protection Act 2018, and the EU ePrivacy Directive 2002/58/EC as transposed into national law of EU member states. Where this policy refers to "GDPR", the equivalent UK rules apply to UK visitors.

If you do not agree with this policy, please discontinue use of the site. Continuing to use Visitus after material changes constitutes acceptance of the updated policy.

2. Who we are

The data controller for personal data processed in connection with the Visitus website is:

Best Assistance Group LTD
Company number 16870734 (England and Wales)
Registered office: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Contact: our contact form

For all questions related to this policy, your personal data, or your rights, please contact us through our contact form. We aim to respond within thirty days as required by Article 12(3) GDPR.

3. What personal data we collect

Visitus is a publishing site, not a service or shop. Most visitors can read the entire site without ever sharing personal data with us. The categories below describe the limited cases where personal data is processed.

3.1 Server logs

Like every website, Visitus is served from an HTTP server that records technical information about each request. These logs are stored by our hosting provider (see section 8) and typically include: your IP address, your browser's user-agent string, the page URL you requested, the referring page, the response code returned, the number of bytes transferred, and the timestamp.

We use server logs only for security, abuse detection, and high-level traffic understanding. We do not download, aggregate, or share these logs.

3.2 Cookies and similar technologies

The site sets a small number of cookies for essential operation and, on monetized pages, for advertising. The full breakdown is in our Cookie Policy.

3.3 Advertising data (monetized pages only)

Some pages of Visitus display advertising provided by Google AdSense. On these pages, Google may collect device, approximate location (derived from IP), browsing context and ad interaction data to select and measure adverts. Google acts as an independent controller for this processing and applies its own privacy policy. We do not receive identify-level data from Google.

The AdSense script is loaded only after first user interaction (deferred load) and is not present on legal, contact, author, or about pages.

3.4 Contact form data

If you choose to send us a message via the form on the Contact page, we will receive the name, email address and message content you submit. The form is operated through Formspree (see section 8). We use this data only to respond to your message.

3.5 Analytics (Google Analytics 4)

Visitus uses Google Analytics 4 (GA4, measurement ID G-QW512FLM2D) to understand site usage at an aggregate level. The GA4 script is loaded directly on every page from googletagmanager.com, with anonymize_ip: true enabled.

The data collected may include: pages visited and time spent on each, approximate geographic location at country or region level (derived from your IP, which is anonymized before being processed), device type and browser, screen resolution, language, the referrer that brought you to the site, and basic interaction events. Because anonymize_ip: true is set, your full IP address is never recorded by Google: the last octet of an IPv4 address (or the last 80 bits of an IPv6 address) is truncated before processing.

GA4 data is processed by Google LLC on servers operated in the United States. Default GA4 data retention is set to 14 months for event-level data. You can opt out at any time by installing the official Google Analytics Opt-out Browser Add-on, or by enabling the Do Not Track / Global Privacy Control signal in your browser.

3.6 What we do not collect

Visitus has no user accounts, no logins, no comments. We do not process payment data, health data, biometric data, or any special-category data within the meaning of Article 9 GDPR. We do not run social-media tracking pixels (no Facebook Pixel, no LinkedIn Insight Tag, no TikTok pixel).

4. Lawful bases for processing

Under Article 6 GDPR, every category of personal data processing must rest on a lawful basis. The bases we rely on are:

Legitimate interests, Article 6(1)(f)
Server logs for security and abuse detection; aggregate traffic understanding; basic site operation. We have weighed these interests against the fundamental rights of visitors and conclude that the processing is proportionate and expected.
Consent, Article 6(1)(a)
Non-essential cookies (Google AdSense advertising and Google Analytics 4 audience measurement), where required by the ePrivacy rules of your jurisdiction. The Journey by Mediavine engagement widget operates on its own consent layer (in compliance with GDPR and ePrivacy) and honors the Global Privacy Control signal.
Performance of a contract, Article 6(1)(b)
Not currently relied upon. Visitus does not enter into contracts with visitors.
Legal obligation, Article 6(1)(c)
Retention of records to demonstrate compliance with this policy and respond to data-subject requests.

5. How we use your data

The categories of personal data described in section 3 are used for the following purposes:

  • To deliver site content to your browser and ensure pages load correctly.
  • To detect and respond to abuse, attacks, scraping, and security incidents.
  • To understand the rough volume and geography of our readership at a non-identifying level.
  • To display advertising on monetized pages (Google AdSense) and to comply with Google's reporting requirements.
  • To understand aggregate site usage and improve the editorial product through Google Analytics 4, with anonymize_ip: true enabled at the GA4 client.
  • To reply to messages you send us through the contact form.
  • To meet our legal and regulatory obligations.

We do not sell personal data, do not share it with data brokers, and do not use it for automated decision-making or profiling within the meaning of Article 22 GDPR.

6. Data retention periods

  • Server logs: retained by our hosting provider (Hostinger) for the period defined in their own policy, typically thirty to ninety days. Visitus does not extend this retention.
  • Advertising data: retained by Google according to their published policy. Visitus has no control over Google's retention.
  • Contact form messages: kept until the conversation is resolved, plus up to twelve months for follow-up reference. After that period the message is deleted.
  • This policy and prior versions: retained for as long as the site exists. Archived versions are available on request through our contact form.

7. Your rights under the GDPR

If you are located in the EU, the EEA or the UK, the GDPR (or the UK GDPR) grants you the following rights with respect to personal data we process:

  1. Right to be informed (Articles 12 to 14): you have the right to clear information about what we collect, why, and how. This policy is part of meeting that obligation.
  2. Right of access (Article 15): you can ask us to confirm whether we process personal data about you, and to receive a copy.
  3. Right to rectification (Article 16): you can ask us to correct inaccurate or incomplete data.
  4. Right to erasure (Article 17), also known as the "right to be forgotten": you can ask us to delete your data in defined circumstances.
  5. Right to restrict processing (Article 18): you can ask us to limit how we use your data while a request is being resolved.
  6. Right to data portability (Article 20): you can ask for a machine-readable copy of data you provided to us, where the processing is based on consent or contract.
  7. Right to object (Article 21): you can object to processing based on legitimate interests, including for direct marketing.
  8. Rights related to automated decision-making (Article 22): not applicable to Visitus, but listed for completeness.

You also have the right to withdraw consent at any time where processing is based on consent (Article 7(3)), and the right to lodge a complaint with a supervisory authority (covered in section 14).

To exercise any of these rights, write to us through our contact form. We will respond within thirty days (extendable by two further months for complex requests, with notification).

8. Third-party services

Visitus relies on the following third parties to operate the site. Each is engaged under appropriate contractual safeguards and, where required, an Article 28 GDPR processor agreement.

8.1 Hostinger International Limited (hosting)

Our website is hosted by Hostinger International Limited, a company registered in Cyprus (EU). Hostinger acts as a processor for the server-log data described in section 3.1 and processes data in accordance with their own published privacy notice (hostinger.com/privacy-policy).

8.2 Google AdSense (advertising on monetized pages)

Some Visitus pages display advertising provided by Google LLC (United States) and its affiliates through the Google AdSense and DoubleClick services. Google acts as an independent controller for the data it collects through these adverts (device, IP-derived approximate location, ad interactions, conversion measurement). Google's privacy policy is at policies.google.com/privacy; advertising-specific terms are at policies.google.com/technologies/ads.

You can manage Google's use of your advertising data at adssettings.google.com, including opting out of personalized advertising.

8.3 Google Analytics 4 (aggregate audience measurement)

Visitus uses Google Analytics 4 (measurement ID G-QW512FLM2D), provided by Google LLC (United States), to understand aggregate site usage. The GA4 script is loaded directly in the page <head> from googletagmanager.com with anonymize_ip: true enabled. Google acts as a processor for analytics events configured by Visitus and as an independent controller for its own aggregated reporting. Default GA4 event-data retention is 14 months. You can opt out via the official Google Analytics Opt-out Browser Add-on, or by enabling the Global Privacy Control signal in your browser.

8.4 Journey by Mediavine (engagement widget)

Visitus uses Journey by Mediavine, operated by Mediavine, LLC (United States), as a reader engagement widget that allows visitors to save favorite articles, receive content recommendations, and optionally subscribe to a newsletter through the widget. The widget loads the script faves.grow.me/main.js with our site identifier on page load. Mediavine's own consent layer, in compliance with GDPR and the ePrivacy Directive, controls when tracking cookies and personal data processing actually begin. The Global Privacy Control (GPC) signal sent by your browser is honored.

Data collected by Mediavine when the widget is active may include: article engagement (saves, ratings, time on page), email address only if you voluntarily subscribe via the widget, and aggregate analytics on Visitus content performance. Mediavine acts as a processor for engagement events configured by Visitus and as an independent controller for its own aggregated partner reporting. Their privacy policy is at mediavine.com/privacy-policy.

You can opt out at any time by clicking Manage preferences inside the Mediavine widget itself, by simply not interacting with the widget, or by enabling the Global Privacy Control signal in your browser.

8.5 Formspree (contact form, when used)

If you submit the contact form, the message is transmitted to us through Formspree, operated by Formspree Inc. (United States). Formspree acts as a processor for the message content. Their privacy policy is at formspree.io/legal/privacy-policy.

8.6 What we do NOT use

To minimize cross-border data transmission and respect visitor privacy by default, Visitus deliberately does not use a number of common third-party services:

  • No third-party CDN for fonts. The Fraunces and Inter web fonts are self-hosted on the same origin as the website. No request is sent to fonts.googleapis.com or fonts.gstatic.com, which means no IP address is transmitted to Google for font delivery (a transmission that the LG Munich I judgment of 20 January 2022 found to require GDPR consent).
  • No social-media tracking pixels. No Facebook Pixel, no LinkedIn Insight Tag, no X (Twitter) tag, no TikTok pixel, no Pinterest tag.
  • No retargeting beyond AdSense. Visitus does not run retargeting, programmatic, or affiliate-network pixels outside Google AdSense on monetized pages.
  • No tag manager. All scripts are inlined or loaded directly from our origin; no Google Tag Manager or equivalent that can introduce additional trackers without a code change. GA4 is loaded directly via gtag.js, not through a tag manager.
  • No first-party server-side analytics processor. Aggregate traffic understanding beyond what GA4 reports is derived from raw server logs only.

9. International data transfers

Some of the third parties listed in section 8 are established outside the EU and EEA. Where personal data is transferred to these third parties, the transfer is covered by the safeguards required by Articles 44 to 49 GDPR.

Google LLC (United States), AdSense and Google Analytics 4. Google relies on (i) the EU-US Data Privacy Framework (DPF), under which Google LLC is certified, and (ii) Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers not covered by the DPF. The relevant adequacy mechanism is the European Commission Implementing Decision (EU) 2023/1795 of 10 July 2023. IP anonymization (anonymize_ip: true) is enabled on the GA4 client so the visitor's full IP is truncated before any transfer to Google.

Mediavine, LLC (United States), Journey engagement widget. Mediavine relies on (i) the EU-US Data Privacy Framework (DPF) where applicable and (ii) Standard Contractual Clauses (SCCs) approved by the European Commission for transfers not covered by the DPF. The Mediavine widget script loads on page load; Mediavine's own consent layer (GDPR and ePrivacy compliant, honoring Global Privacy Control) gates the actual transfer of engagement data.

Formspree Inc. (United States), contact form. Formspree relies on Standard Contractual Clauses for transfers from the EU to the United States.

Hostinger International Limited (Cyprus, EU). No transfer outside the EEA for the hosting of this website.

10. Children's privacy

Visitus is a general-audience travel publication and is not directed at children. Under Article 8 GDPR and the UK Age Appropriate Design Code, the processing of personal data of children under sixteen years of age (or the lower age set by the relevant member state, e.g. thirteen in the UK) requires the consent or authorization of the holder of parental responsibility.

We do not knowingly collect personal data from children below this age. If you become aware that a child has provided us with personal data, please reach us through our contact form and we will take steps to remove that data.

11. Cookies and tracking

Visitus uses a small number of cookies and similar technologies, listed in detail in our Cookie Policy. You can disable or delete cookies through your browser settings; doing so may degrade site functionality on monetized pages but will not break navigation.

Where the ePrivacy rules of your jurisdiction require prior consent for non-essential cookies, that consent is requested before any non-essential cookie is set. Visitus displays a cookie consent banner on your first visit. The banner offers two visually equivalent choices: Accept all and Reject all. The (X) close button is treated as a Reject. Your choice is stored in a single first-party cookie named visitus_consent for twelve months. You can change your preference at any time by clicking Manage cookies in the footer. The Google Analytics 4 script is loaded directly on every page with anonymize_ip: true enabled; visitors who prefer to opt out can use the Google Analytics Opt-out Browser Add-on or the Global Privacy Control signal. The Journey by Mediavine widget script loads on page load but operates its own GDPR/ePrivacy-compliant consent layer (honoring Global Privacy Control) to gate tracking cookies and personal data processing.

12. Updates to this policy

We may update this Privacy Policy to reflect changes in our practices, in the third parties we rely on, or in applicable law. The "Last updated" date at the top of the page shows when the most recent change took effect.

Where a change is material (for example, the addition of a new processor, a new category of personal data, or a new lawful basis), we will publish a notice on the home page for at least thirty days before the change takes effect, and contact you by email if you have submitted a previous data-subject request and have not asked to be forgotten.

13. Contact us

For any question or request related to this policy or your personal data, please contact:

Best Assistance Group LTD
Contact: our contact form
Postal address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

To submit a data-subject request, please write "Privacy request" in the subject line and tell us which right (section 7) you wish to exercise. We will respond within thirty days. We may ask you for proof of identity to make sure we are responding to the right person.

14. Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR or the UK GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement (Article 77 GDPR).

Lodging a complaint with a supervisory authority is without prejudice to any other administrative or judicial remedy you may have.