Privacy Policy (GDPR & SEF/AIMA Compliance)

Last Updated: May 2026

Welcome to T2 Lagos. We operate a licensed "Alojamento Local" (AL) property in Portugal. Protecting your personal data is our highest priority. This Privacy Policy explains how we collect, use, and securely process your information in strict accordance with the European General Data Protection Regulation (GDPR) and Portuguese Law.

1. Mandatory Data Collection (SEF/AIMA Reporting)

Under Portuguese Law (Lei n.º 23/2007), all providers of tourist accommodation are legally obligated to register the entry, exit, and identification details of all non-Portuguese nationals and report them to the Portuguese Immigration and Borders Service (formerly SEF, now AIMA - Agência para a Integração, Migrações e Asilo) via the SIBA portal.

To comply with this legal obligation, we collect the following data prior to or upon your arrival:

• Full Name and Date of Birth
• Nationality and Country of Residence
• Document Type (Passport or National ID) and Document Number
• Issuing Country of the Document

2. Automated KYC & Biometric Verification

To ensure the highest level of security and to prevent identity fraud, we utilize a certified third-party Identity Verification (KYC) provider. This provider securely extracts data from your uploaded ID document and performs a biometric "Liveness" check (Face Match).

Why we do this: This process guarantees that the person booking the property is the legitimate owner of the ID, fulfilling our legal obligation to properly identify our guests before granting access to our licensed properties.

Your biometric data is processed securely by our certified KYC partner and is never stored on our public servers. Once your identity is verified, only the text data required by AIMA is transmitted directly to the Portuguese Government via a secure Business-to-Government (B2G) SOAP API.

3. Payment Processing (PSD2 Compliance)

All financial transactions are processed through Stripe, a globally certified payment gateway. We comply with the European Revised Payment Services Directive (PSD2) by enforcing Strong Customer Authentication (SCA / 3D Secure). We do not store your credit card information.

4. Fiscal Invoicing (Autoridade Tributária)

In accordance with Portuguese Decree-Law No. 28/2019, we issue certified invoices (Faturas) for all stays. To do this, your billing information (Name, NIF/Tax Number) is processed through our AT-certified billing software integration. Your invoice will include the mandatory ATCUD and QR codes.

5. Your Rights Under GDPR

You have the right to access, rectify, or request the deletion of your personal data. However, please note that data collected for mandatory AIMA reporting and AT fiscal invoicing must be retained for the minimum statutory periods required by Portuguese law, even if a deletion request is made.

For any privacy-related inquiries, please contact our Data Protection Officer at: admin@t2lagos.online.