Privacy Policy

Last Updated: 08/01/2026

At HESTIA, we are committed to protecting your privacy and ensuring that your personal data is handled securely, transparently, and responsibly. This Privacy Policy explains how we collect, use, and safeguard the information you provide to us in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws in the European Union (EU). By using our website or services, you agree to the practices described below.

1. Who We Are

HESTIA is the commercial name of Serendipity Homes, LDA, a property management company registered in Portugal and operating under the commercial name HESTIA.

Serendipity Homes, LDA (HESTIA) is the data controller responsible for the processing of your personal data for the purposes of the GDPR.

You can contact us via:

Email: [email protected]

Phone: +351 966 556 648 (Chamada para rede móvel nacional)

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

1. Identification details: Name, nationality, date of birth, and identification number (passport or national ID), including those of children, as required by Portuguese law for guest registration and compliance purposes.
2. Contact information: Email address, phone number, and home address.
3. Booking information: Dates of stay, number of guests (including children), special requests, and preferences.
4. Payment details: Credit card or bank details required to process payments (handled securely and, where applicable, via third-party payment providers).
5. Usage data: Information about how you use our website, such as IP address, browser type, and device information, collected via cookies and similar technologies.
6. Communications: Information you voluntarily provide when contacting us by email, phone, website forms, or social media.

Identification data is collected only where legally required and is stored securely with restricted access.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

1. Booking management: To process reservations, send confirmations, and communicate information relevant to your stay.
2. Guest services: To provide personalised service, respond to inquiries, and manage requests before, during, and after your stay.
3. Legal and regulatory compliance: To comply with Portuguese legal obligations, including mandatory guest registration with national authorities.
4. Marketing communications: With your explicit consent, to send newsletters, promotional offers, or updates about our properties (you may opt out at any time).
5. Website functionality and security: To ensure the proper functioning, security, and improvement of our website.
6. Legal and financial obligations: To comply with accounting, tax, and reporting requiremen

4. Legal Basis for Processing Personal Data

We process your personal data based on one or more of the following legal grounds:

1. Performance of a contract: To provide accommodation and related services requested by you.
2. Compliance with legal obligations: To meet requirements under Portuguese and EU law, including tourism, immigration, and tax regulations.
3. Legitimate interests: For internal administrative purposes and service improvement, provided that such interests are not overridden by your fundamental rights and freedoms.
4. Consent: For marketing communications and certain optional services, which you may withdraw at any time.

5. How Long We Retain Your Data

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by law:

1. Booking and payment data: Retained for up to 7 years, in accordance with Portuguese tax and accounting regulations.
2. Guest registration data: Retained for the period required by applicable Portuguese legal obligations.
3. Marketing data: Retained until you withdraw your consent.
4. Property owner data: Retained for the duration of the contractual relationship and thereafter as required by legal and accounting obligations.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyze website performance, and enable certain functionalities.

We use cookies for:

• Essential website functionality
• Analytics (such as Google Analytics or similar tools)
• Social media features and integrations

Where required by law, we use a cookie consent banner that allows users to accept, reject, or manage non-essential cookies. Detailed information about the cookies we use is available in our Cookie Policy, which is accessible separately on our website.

You may also manage cookies through your browser settings.

7. Sharing Your Data

We do not sell your personal data. We may share your data only where necessary and in the following circumstances:

1. Service providers: Trusted third parties that assist us in operating our business (e.g. payment processors, IT and hosting providers), subject to appropriate data protection agreements.
2. Legal obligations: Where disclosure is required by law or by competent authorities, including tourism and immigration authorities in Portugal.
3. Business transfers: In the event of a merger, restructuring, or sale of the business, personal data may be transferred as part of that transaction, subject to applicable data protection safeguards.

8. Your Rights Under GDPR

As a data subject, you have the right to:

• Access your personal data
• Request correction of inaccurate or incomplete data
• Request erasure of your data, where no legal obligation requires retention
• Request restriction of processing in certain circumstances
• Request data portability
• Object to processing based on legitimate interests or for direct marketing
• Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at [email protected].

We may request proof of identity before responding to your request.

9. International Data Transfers

Your personal data is primarily processed within the European Union. Where we use service providers located outside the EU, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms, to protect your data.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or misuse. These measures may include encryption, access controls, and regular security assessments.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our practices, or operational needs. Any updates will be published on this page with a revised “Last Updated” date.

12. Contact Us

If you have any questions about this Privacy Policy or how we process personal data, please contact us:

Email: [email protected]

Phone: +351 966 556 648

13. Complaints

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the relevant supervisory authority, including the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD).