Privacy policy
Privacy Policy
This Privacy Policy describes how the personal data of guests and users are collected, used and protected in the context of the operation of multiple Local Accommodation properties located in Portugal, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).
1. Data Controller
The data controller is:
Welcome2LX, Lda
Address: Rua António Variações, No. 3 A, Bairro do Oriente, 1800-026 Lisbon, Portugal
Tax Number: 513 885 366
Contact email: welcome2lx@gmail.com
Welcome2LX, Lda is responsible for the operational, administrative and technological management of personal data collected within the scope of Local Accommodation activity.
2. Scope and Method of Data Collection
The check-in process is carried out exclusively online, through digital platforms made available for this purpose.
No in-person check-in is carried out.
3. Personal Data Collected
The following personal data may be collected:
-
Identification data: full name, date of birth and nationality
-
Identification document data: type, number, issuing country and expiry date
-
Image of the identification document
-
Selfie photograph for identity verification
-
Contact details: email address and telephone number
-
Reservation, stay and assigned accommodation data
-
Data required for invoicing and compliance with tax obligations
4. Purposes of Processing
Personal data are processed for the following purposes:
-
Online check-in and guest identity verification
-
Management of reservations and stays across the different properties
-
Compliance with legal obligations applicable to Local Accommodation
-
Mandatory communication of data to the competent authorities, namely
AIMA – Agency for Integration, Migration and Asylum -
Administrative, accounting and tax management
-
Ensuring the safety and security of the accommodation and guests
5. Legal Basis for Processing
Processing is based on:
-
Compliance with a legal obligation (Article 6(1)(c) GDPR), namely the communication of data to AIMA
-
Performance of a contract (Article 6(1)(b) GDPR), relating to the provision of accommodation services
Where applicable, certain processing activities may be based on the data subject’s consent, which may be withdrawn at any time.
6. Mandatory Nature of the Data
Certain personal data are mandatory by law.
Failure to provide such data will prevent completion of the online check-in and the provision of accommodation services.
7. Data Recipients
Personal data may be disclosed to:
-
AIMA – Agency for Integration, Migration and Asylum, in accordance with legal requirements
-
Judicial, police or administrative authorities, when legally required
-
External service providers acting as data processors, including online check-in platforms, reservation management systems and IT service providers
8. International Data Transfers
Where data are processed outside the European Union or the European Economic Area, appropriate safeguards will be ensured, including the use of Standard Contractual Clauses approved by the European Commission.
9. Data Retention Periods
-
Data required for communication to authorities (AIMA): for the legally required period
-
Identification document images and selfies: deleted within 24 hours after check-out
-
Accounting and invoicing data: retained for the legally required period
10. Data Subject Rights
Data subjects have the right to access, rectify, erase, restrict or object to processing, request data portability and withdraw consent, where applicable.
Requests may be submitted using the contact details in section 1.
11. Right to Lodge a Complaint
Data subjects may lodge a complaint with the supervisory authority:
Portuguese Data Protection Authority (CNPD)
www.cnpd.pt
12. Security Measures
Appropriate technical and organisational measures are implemented to ensure data security.
13. Changes to this Privacy Policy
This Privacy Policy may be updated at any time.
Last updated: 28/01/2026