MYSTIC TRAVELS

Privacy Policy

Last updated: 2025-11-04

Privacy Policy — Mystic Travels

Company: Mystic Travels — Operated by Destino Descoberto, Lda
VAT Number: 510 884 490
Website: www.mystic-travels.com
Email: booking@mystic-travels.com
Phone: +351 930 664 660

Last update: November 2025

1. Introduction

This Privacy Policy explains how Mystic Travels collects, uses, stores, and protects personal data from users who visit the website www.mystic-travels.com or use our services.

Mystic Travels is committed to processing personal data in accordance with:

  • The General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679
  • Applicable Portuguese data protection laws
  • International best practices for privacy and data security

By using the website or booking our services, users agree to the processing of their personal data as described in this policy.

2. Data Controller

The entity responsible for processing personal data is:

Destino Descoberto, Lda
Commercial brand: Mystic Travels

VAT Number: 510 884 490
Email: booking@mystic-travels.com

3. Personal Data We Collect

We may collect different categories of personal data, including:

Identification Data

  • full name
  • nationality
  • preferred language

Contact Information

  • email address
  • phone number
  • address (when required)

Booking Information

  • pickup and destination locations
  • dates and times
  • number of passengers
  • service preferences
  • luggage information

Payment Data

  • information necessary for payment processing
  • payment history

Mystic Travels does not store full credit card details.

Payments are securely processed through platforms such as:

  • Stripe
  • PayPal
  • banking institutions

4. Automatically Collected Data

When visiting the website, certain information may be collected automatically, including:

  • IP address
  • device type
  • browser type
  • pages visited
  • duration of visit
  • approximate geographic location

These data help improve website performance and user experience.

5. Purpose of Data Processing

Personal data may be processed for the following purposes:

Service Provision

  • processing bookings
  • organizing transfers, tours, and experiences
  • coordinating services with drivers and partners

Customer Communication

  • booking confirmations
  • service updates and information
  • customer support

Payment Processing

  • handling payments
  • fraud prevention
  • invoicing and accounting

Website Improvement

  • analyzing user behavior
  • improving website functionality and usability

Marketing (when applicable)

  • sending information about services
  • promotional campaigns
  • relevant communications

Clients may opt out of marketing communications at any time.

6. Data Sharing with Third Parties

Personal data may be shared with partners necessary for the provision of services, including:

  • drivers and transportation companies
  • tourism operators
  • hotels and restaurants
  • experience providers
  • payment platforms
  • technology service providers

Data sharing is limited to what is strictly necessary for service execution.

7. Platforms and Tools Used

The website may use third-party services for functionality and analytics, including:

  • Google Analytics
  • Google Ads
  • Stripe
  • PayPal
  • booking management systems
  • email communication platforms

These providers may process personal data in accordance with their own privacy policies.

8. International Data Transfers

Some technology providers may be located outside the European Economic Area (EEA).

In such cases, Mystic Travels ensures that:

  • adequate safeguards for data protection are in place
  • lawful data transfer mechanisms are applied in accordance with GDPR.

9. Data Retention

Personal data will be retained only for the period necessary to:

  • provide the requested services
  • comply with legal obligations
  • manage business and customer relationships

Some data may be retained longer when required by tax, accounting, or legal regulations.

10. Data Subject Rights

Under the GDPR, individuals have the right to:

  • access their personal data
  • request correction of inaccurate data
  • request deletion of personal data ("right to be forgotten")
  • restrict data processing
  • object to data processing
  • request data portability

To exercise any of these rights, please contact:

📧 booking@mystic-travels.com

11. Data Security

Mystic Travels implements appropriate technical and organizational measures to protect personal data against:

  • unauthorized access
  • data loss
  • unauthorized modification
  • unauthorized disclosure

Security measures include:

  • encrypted data transmission
  • secure payment systems
  • restricted data access
  • secure servers and infrastructure.

12. Cookies

The website uses cookies to improve the user experience and analyze website performance.

Cookies may be used for:

  • website functionality
  • statistical analysis
  • content personalization
  • advertising campaigns

Further details are available in the Cookie Policy.

13. Links to External Websites

The website may contain links to third-party websites.

Mystic Travels is not responsible for the privacy policies or practices of external websites.

14. Complaints

If you believe that your personal data is being processed improperly, you have the right to lodge a complaint with the relevant supervisory authority:

Portuguese Data Protection Authority (CNPD)
www.cnpd.pt

15. Changes to this Privacy Policy

Mystic Travels reserves the right to update this Privacy Policy whenever necessary.

The most recent version will always be available on the website.

16. Contact

For any questions regarding this Privacy Policy or personal data protection, please contact:

📧 booking@mystic-travels.com

📞 +351 930 664 660

Have any questions about this policy?

Contact us