Privacy Policies

We may collect account and authentication data such as email address, login tokens and saved profile preferences.

We may collect checkout and billing data such as first name, last name, billing email, phone number, VAT number, address, postal code, city, country, booking notes and vehicle drop-off and pick-up times.

We may also process technical data required to operate the website, including session cookies, theme cookie, selected language, cart data stored locally in the browser and technical security logs.

We process data to create and manage accounts, authenticate users, store preferences, keep the cart associated with an authenticated user and provide normal website navigation.

We process data to handle orders, payments, invoicing requests, workshop bookings, essential order communications and compliance with legal and accounting obligations.

The legal basis depends on the context: contract performance and pre-contractual steps, compliance with legal obligations, legitimate interests in website security and operation, and consent when the user opts in to marketing communications.

Electronic marketing communications are only sent when the user gives explicit opt-in consent. That subscription can be withdrawn at any time.

Card payments are processed by Stripe. The website does not store the full card number or CVC. Stripe may collect the billing and payment information strictly required for the transaction.

The website uses Google services for maps, directions and review summaries when those features are displayed on the About us page.

Transactional emails may be sent through the provider configured by the company. Hosting, database and email infrastructure may process data to the extent needed to technically operate the service.

Account data is kept while the account remains active or while needed to manage the relationship with the user.

Order, invoicing and payment data may be retained for the period required by applicable law.

Authentication tokens and email change requests are time-limited and become invalid after expiry, use or cancellation.

Under the GDPR, the user may request access, rectification, erasure, restriction, objection and portability where applicable.

Where processing is based on consent, consent can be withdrawn at any time without affecting prior lawful processing.

The user may also lodge a complaint with the Portuguese supervisory authority, CNPD, if they believe their data is not being processed lawfully.

At this stage, the website only uses cookies and local storage required for session management, authentication, CSRF security, theme preference, language and cart behaviour.

The website does not currently rely on analytics, advertising or other non-essential cookies that would require a separate consent banner. If that changes, this policy should be updated and an appropriate consent mechanism should be implemented where required.