Privacy Policy

Last revised: December 2025

1. INTRODUCTION

This Privacy Policy explains how Luz Quarter (“we,” “us,” or “our”) collects, uses, processes, and protects personal information through our website and related membership services. By using our site, purchasing a membership, registering guest details, or interacting with our services, you agree to the terms outlined here and in our Terms & Conditions.

This Privacy Policy applies to all visitors, users, members, and customers of Luz Quarter. Please also review our Cookies Policy section below for details on how cookies and tracking technologies are used.

By using our website or purchasing a membership, you acknowledge and consent to the practices described in this Privacy Policy.

2. PURPOSE OF DATA COLLECTION

We collect personal data to:

• Provide and manage pool memberships and guest access
  
• Issue digital wallet passes through third-party service providers
  
• Verify eligibility (e.g., NIF/proof of residence for resident memberships)
  
• Maintain safety and security of the pool and surrounding areas
  
• Administer bookings, payments, and customer accounts
  
• Manage guest registration for property owners
  
• Comply with legal, financial, and regulatory obligations
  
• Improve site functionality, design, and performance
  
• Provide customer support and respond to inquiries
  
• Send service updates, notices, or marketing (where legally permitted)
  

3. LEGAL BASIS UNDER GDPR (EU & PORTUGAL)

We process personal data under the following legal bases:

• Performance of a contract — to deliver memberships, process payments, issue digital passes, and provide access to services.
  
• Legitimate interests — improving functionality, preventing misuse, and ensuring pool security.
  
• Consent — for marketing emails, optional notifications, and cookie usage (where required).
  
• Legal obligations — compliance with tax, accounting, security, and regulatory requirements.
  

4. TYPES OF PERSONAL DATA WE COLLECT

Depending on how you interact with our services, we may collect:

Identity & Contact Data

• Name
  
• Email address
  
• Phone number
  
• Property address (for property memberships)
  
• Resident verification details (e.g., NIF, proof of residence)
  
• Guest names via Guest Registration form
  

Transaction & Membership Data

• Purchase details
  
• Membership type, guest count, and validity
  
• Digital pass issuance status (Apple/Google Wallet)
  
• Order history
  

Technical & Usage Data

• IP address
  
• Device information
  
• Browser type
  
• Cookies and tracking identifiers
  
• Site interaction data
  
• Error logs and diagnostic data
  

Payment Data

Payment details are processed securely by third-party payment processors (e.g., WooPayments, Stripe). We do not store full credit card information.

5. HOW WE COLLECT PERSONAL DATA

We collect personal information:

• When you purchase a membership
  
• When you create an account on our website
  
• When you submit a Guest Registration form
  
• When you add a digital pass to Apple or Google Wallet
  
• When you contact us via email or support forms
  
• Through cookies, analytics, and device data
  
• Through payment providers during checkout
  
• From third-party integrations (e.g., PassKit) used for digital passes
  

6. DATA FROM COOKIES, TRACKING & ANALYTICS

We use cookies and similar technologies to:

• Operate the website and ensure functionality
  
• Analyze site traffic and performance
  
• Personalize content and improve user experience
  
• Detect security issues or fraudulent activity
  

Analytics services (e.g., Google Analytics) may collect aggregated statistics about user behavior. You can manage cookie preferences through our cookie banner or your browser settings.

7. YOUR RIGHTS UNDER GDPR

As an EU/EEA resident, you may have the right to:

• Access your personal data
  
• Correct inaccurate data
  
• Request deletion (“right to be forgotten”)
  
• Restrict processing
  
• Object to processing
  
• Request data portability
  
• Withdraw consent where processing is based on consent
  

To exercise these rights, email us at operations@luzquarter.com.

Requests will be handled in accordance with GDPR and Portuguese data protection laws.

8. WITHDRAWING CONSENT

If you have provided consent (e.g., for marketing communications), you may withdraw it at any time by:

• Using the unsubscribe link in emails
  
• Adjusting cookie settings
  
• Contacting us directly at operations@luzquarter.com
  

Withdrawal of consent does not affect the lawful processing prior to withdrawal.

9. DISCLOSURE OF PERSONAL DATA

We may share data with trusted third parties that help us operate our services, including:

• Payment processors (WooPayments, Stripe)
  
• Digital pass provider (PassKit)
  
• Website hosting & technical providers
  
• Analytics platforms
  
• Customer service tools
  
• Legal or regulatory authorities, where required
  
• Successors or acquirers in the event of business restructuring
  

We do not sell your personal data.

All third-party partners must comply with GDPR requirements.

10. DATA RETENTION

We retain personal data only as long as necessary for:

• Providing membership and access services
  
• Legal and accounting obligations
  
• Security and operational record-keeping
  

When data is no longer required, it will be securely deleted or anonymized.

11. DATA SECURITY

We implement technical and organizational measures to protect personal data from unauthorized access, loss, or misuse.

However, no system can be guaranteed 100% secure. Users should take appropriate precautions (e.g., securing devices, using strong passwords).

12. INTERNATIONAL DATA TRANSFERS

Some service providers (e.g., PassKit, analytics, hosting) may be located outside the EU/EEA.
Where data is transferred internationally, we use appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs)
  
• GDPR-compliant processing agreements
  
• Transfers to countries deemed adequate by the European Commission
  

13. THIRD-PARTY WEBSITES

Our website may contain links to external sites. We are not responsible for the privacy practices of those websites and recommend reviewing their policies before providing personal information.

14. CHILDREN’S PRIVACY

Luz Quarter services are not intended for individuals under 18.
We do not knowingly collect data from minors. If we discover such data, it will be deleted immediately.

Parents or guardians may contact us regarding accidental submissions.

15. SUPERVISORY AUTHORITY

If you believe our processing of your data violates GDPR, you may lodge a complaint with:

Comissão Nacional de Proteção de Dados (CNPD)
Website: https://www.cnpd.pt/

We encourage you to contact us first so we can address concerns directly.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes.
Please refer to the “Last revised” date at the top of this page.

17. CONTACT US

For questions, requests, or data-related inquiries, contact:

operations@luzquarter.com