Privacy Policy

Grutas de Mira de Aire

The Grutas de Mira de Aire, SA follows the European Parliament and the the April, 27th 2016 Counsil Regulation (EU) 2016/679 – General Regulation for Data Protection – concerning the gathering, processing, keep and access to personal data, ensuring the placement of technical and organizational adequate measures for data protection.

Responsibility for processing personal data

Your data will be treated by Grutas de Mira de Aire, hence forth “GMA”.

The GMA is responsible for processing personal data when accessing the General Regulations on Data Protection.

Fundaments for processing personal data

The GMA will only process your personal data in the following situations:

  1. There is a legitimate interest in doing so, namely for:
    1. Development and maintenance of the website;
    2. Technical assistance;
    3. Prevention and detection of fraud;
    4. Ensure the network and information safety;
    5. For services or information;
    6. Whenever, in any case, our interest is according to the legal documents and its rights.
  2. Has your consent to process your personal data, for specific, explicit and legitimate ends;
  3. Is necessary in order to keep legal obligations;
  4. Included in contract or pre-contract negotiations for its celebration.

Ends for processing personal data

When you fill the forms available in our website, your personal data (such as name, e-mail, phone number or address) are gathered in order to answer your questions, requests, or information demands.

By making your contacts available, we can contact you for marketing effects related to our services, as long as you have given us consent to use your data for this effect. In case you give us your consent, you may receive marketing communication by e-mail. You can at any moment oppose this data processing.

The personal data provided will also be processed for the said means while gathering them.

Your consent is essential for the GMA to process your personal data for the said effects; however, if you choose not to consent its use, your visit and use of our website will not be affected.

Concerning contracts and pre contract negotiation, your personal data will be gathered and processed, with that fundament, for administrative purposes, processing of accountancy documents and suppliers payments and control of receipts.

Categories for personal data

To the above mentioned specific ends, the GMA can gather and process personal data included in the following categories:

  1. Identification data;
  2. Professional data;

Data gathered by our platform are not sensible, thus not subjected to specific condition in their treatment.

Deadline for personal data keeping

The GMA will process and keep your personal data depending on the end by with they were gathered. In some cases legal demands may force the processing and keeping of personal data for a said amount of time, namely 10 years, concerning data necessary for Tribute Authority as for accountancy or taxes or mercantile activity, as well as for 7 years regarding money laundering e financing terrorist activities.

Whenever there is no legal obligation, your data will be processed only for the time needed for the ends they were gathered and processed for and always in accordance to the law, guidance and decisions of the CNPD (National Commission for Data Protection). Thus:

The GMA will process and keep your data for as long as the contract obligation will dictate.

Concerning the video surveillance of their facilities, for ends of physical safety of the people and safety of their belongings, the GMA will keep image footing and respective personal data for no longer than 30 days.

The GMA may keep other personal data for period longer than then duration of the contract, be it based on its consent, to ensure rights or duties related to the contract, or by legit interest fundament, but always for the period strictly necessary to the fulfillment of the ends and in accord to the guidance and decisions of the CNPD.

Transmission of personal data

Your personal data may be transmitted to subcontracts in order to be processed in the name of the GMA. In this case, the GMA will take all the contractual measures to ensure that the subcontracts will respect and protect the personal data supplied by the GMA.

Data may also be transmitted to others – distinct entities from the GMA or the subcontracts – in case the owner of the data has given consent to it or in case it’s a legal requirement, or it’s necessary to fulfill contract obligations assumed with the customer. For example, we can transmit data such as address and contacts to a delivery company in order to deliver packages.

Data owner rights

  1. Demand the access to information on their personal data.
    As owner of personal data, you have the right to ensure your data are processed or not, and if needed to access your personal data and to the information foreseen by law.
  2. Demand correction of their personal data, in case they are incomplete or inaccurate.
    As owner of personal data, you have the right to demand correction of inaccurate and incomplete data.
  3. Demand the personal data to be deleted.
    As owner of personal data, you have to right to demand the data to be deleted, without unjustified delay, and the company has the duty to delete the personal data, without unjustified delay, when applied, namely, one of the following motives:
     a)  Your data are no longer necessary to the end for which they were gathered or processed;
     b)  You have removed your consent to processing data (in the case the consent is needed in order to process data) and there is no other fundament  for said processing;
     c)  You have opposed to the processing of data and there are no legit interests prevailing for the processing of said data.
  4. Demand limitation to the processing of personal data
    As owner of personal data, you have the right to demand limitation of the processing of your data.
  5. Opposing to the processing of personal data
    As owner of personal data, you have the right to oppose the processing of them when (i) processing said data is done for legit purposes continued by the GMA; or (ii) the process of said data is done for direct marketing, or (iii) definition of profiles.
  6. If the processing of the data needs your approval, you have the right to remove it.
    If the consent is legally necessary for processing personal data, the owner of said data may remove their consent whenever they chose to, though that right does not compromise the lawfulness of the data processing done based on previous consent nor the future processing of the same data, based in other legal foundation, such contractual compliance or legal obligation that the GMA may be subjected to.
  7. Right of portability
    The owner of the data has the right to receive the supplied data in digital format and of automatic read or to ask the direct transition of their data to other entities that will be the new responsible for their personal data, but in this case only if technically possible.


In case you want any of your rights to be executed, you should contact us, by writing through the e-mail

You also have the right to present a complaint with the National Commission for Data Protection.

Security protocols and data process

We commit ourselves to keep your data secure, by which we employ the appropriate safety measures to ensure the protection of your personal data and prevent unauthorized personnel to access them. We submit our systems and safety measures to periodical analysis in order to make sure the data are safe and protected. However, the transition of information by internet isn’t totally safe, and we can’t guarantee the safety of the data transmitted through our website in absolute.

We also respect the confidentiality of your information. Such as, we do not sell, distribute or make available by any means commercial your data to foreign entities. The GMA assumes the compromise of keeping your data confidential in accord to this Policy of Privacy and applicable legislation.

Notification of Security Violations

All security violations resulting in risks to the rights of the data owners will be immediately communicated to the authorities, as well as to the data owners.


We may occasionally update this privacy policy. We will notify the users for changes when it’s demanded by law. In any case, we encourage you to review periodically our privacy policy, in order to keep updated.