Skip to content Skip to footer
+ 351 913 175 772
Icon-facebook-1 Icon-youtube-feed Icon-instagram-1 Icon-envelope3
Equestrian centre
Close

LUSITANO HERITAGE

download PRIVACY POLICY

LUSITANO HERITAGE — PRIVACY POLICY

(Proezas Diárias Lda — Primary Data Controller)

Last updated: December 2025

LThis Privacy Policy explains how Proezas Diárias Lda, trading as Lusitano Heritage, collects,
uses, stores, and protects your personal data in accordance with the General Data Protection
Regulation (EU) 2016/679 (“GDPR”).
By using our website, booking a retreat, making a purchase, or interacting with our services, you
agree to the practices described in this policy.

1. WHO WE ARE


Proezas Diárias Lda
NIPC: 513940685
Registered Address:
Praceta Dr. Eduardo Vieira de Mascarenhas 3, R/C Dto
2640–800 Mafra, Portugal
Email: info@lusitanoheritage.com

Joint/Secondary Data Controller

Lusitano Heritage Group Ltd
(Registered office address will be updated upon completion of incorporation documents.)

Both entities operate under the brand Lusitano Heritage.

2. WHAT DATA WE COLLECT

We may collect the following categories of personal data:

2.1 Data you provide directly

  • Email address
  • Address
  • Riding experience
  • Health or dietary information relevant to retreats
  • Payment information (processed securely by Stripe or WeTravel)
  • Messages or enquiries sent through our forms
  • Newsletter subscription information

2.2 Automatically collected data

  • IP address
  • Browser type
  • Device information
  • Pages visited
  • Time on site
  • Newsletter subscCookies (see Cookie Policy)ription information

Collected via:

  • Google Analytics 4
  • WordPress cookies
  • WeTravel analytics
  • Ecwid/Shopify performance cookies

2.3 Special category data (GDPR Article 9)

For retreat safety we may collect:

  • Relevant health restrictions
  • Dietary requirements
  • Dietary requirements
  • We only collect this with explicit consent.

3. LEGAL BASES FOR PROCESSING (GDPR Article 6)

We process your data based on:

We process your data based on:

Contractual necessity
For: bookings, payments, communication, retreat participation.

Legitimate interests
For: site analytics, fraud prevention, service improvement.

Legal obligations
For: accounting, invoices, safety documentation.

Explicit consent
For: newsletters, promotional materials, wellness/health information.

You may withdraw consent at any time by contacting us.

4. WHY WE COLLECT YOUR DATA

We use your data to:

  • Process retreat bookings & payments
  • Manage scheduling and safety
  • Provide customer support
  • Send retreat information & updates
  • Deliver newsletters (if subscribed)
  • Improve website performance
  • Ensure horse, guest, and staff safety
  • Comply with legal and accounting requirements

5. THIRD-PARTY DATA PROCESSORS

We use trusted partners to operate our business. They process data strictly on our behalf.

5.1 Essential Processors

  • WeTravel – retreat bookings & payment processing
  • Stripe – secure online payments
  • Mailchimp – newsletters & automated emails
  • Google Analytics 4 – anonymised analytics
  • Ecwid (current shop) – ecommerce platform
  • Shopify (future shop) – ecommerce platform

5.2 Hosting & Infrastructure

  • Website hosting via WordPress servers
  • Email servers (hosting provider)

All third-party processors comply with GDPR and provide appropriate data protection safeguards

2.3 Special category data (GDPR Article 9)

For retreat safety we may collect:

  • Relevant health restrictions
  • Dietary requirements
  • Dietary requirements
  • We only collect this with explicit consent.

6. DATA SHARING

We never sell your data.

We only share data:
• With service providers listed above
• When legally required (e.g., tax authority, law enforcement)
• When necessary for retreat safety (e.g., emergency contact)

7. INTERNATIONAL DATA TRANSFERS

Some processors (e.g., Mailchimp, Stripe) store data outside the EU.
Where this occurs, transfers are protected by:
• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• GDPR-compliant safeguards

8. DATA RETENTION

We keep your data only for as long as necessary:
  • Booking & payment information: 7 years
  • Retreat safety information: 12 months after retreat
  • Accident or incident reports: 10 years
  • Newsletter data: until you unsubscribe
  • Analytics data: 26 months
Full schedule in Appendix.

9. YOUR RIGHTS (GDPR Articles 12–23)

You may request:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data (“right to be forgotten”)
  • Restriction of processing
  • Portability of data
  • Objection to processing
  • Withdrawal of consent

To exercise these rights, contact:
info@lusitanoheritage.com

You also have the right to lodge a complaint with the
Portuguese Data Protection Authority (CNPD).

10. SECURITY MEASURES

We protect your data by:
• SSL-encrypted website
• Secure payment gateways (WeTravel/Stripe)
• Access controls
• Staff confidentiality requirements
• Encrypted storage of sensitive data
• Minimisation of data kept

11. LINKS TO OTHER SITES

We cannot control the privacy practices of external websites linked from ours.

12. POLICY UPDATES

We may update this Privacy Policy periodically.
All updates will be posted on this page with a new “Last Updated” date.

13. CONTACT INFORMATION

For privacy questions or GDPR requests:
info@lusitanoheritage.com
Proezas Diárias Lda
Praceta Dr. Eduardo Vieira de Mascarenhas 3,
R/C Dto, 2640–800 Mafra, Portugal

LUSITANO HERITAGE COOKIE POLICY

Lusitano Heritage / Proezas Diárias Lda
Last updated: December 2025
This Cookie Policy explains how Lusitano Heritage (Proezas Diárias Lda) uses cookies and similar
technologies on our website. It should be read together with our Privacy Policy, which explains
how we process personal data.
By continuing to use our website, you agree to the use of cookies as described below, unless you
withdraw or modify your consent through your browser or through our cookie banner (if enabled).

1. What Are Cookies?


Cookies are small text files stored on your device when you visit a website. They help websites
function, improve user experience, and provide analytics to site owners.
Cookies may be:

  • Session cookies (expire when you close your browser)
  • Persistent cookies (remain until deleted or expire)
  • First-party cookies (set by our website)
  • Third-party cookies (set by external services we use)

2. Why We Use Cookies

We use cookies for the following purposes:

✔ Strictly Necessary Cookies

Required for the website to function.
Examples: website security, checkout pages, cookie preference storage.

✔ Functional Cookies

Enhance user experience (language preferences, login sessions, shop functionality).

✔ Analytical / Performance Cookies

Help us understand how users interact with our site.
Example: Google Analytics 4 (GA4).

✔ Marketing / Tracking Cookies (limited use)

Used by third-party processors (e.g., Mailchimp) for campaign analytics.
We do not use intrusive targeted advertising.

3. Cookies Used on This Website

Below is a list of the primary cookies and similar technologies we use.

A. Strictly Necessary Cookies

Cookie Provider Purpose Duration
PHPSESSID / WordPress session cookies WordPress Enables basic site functionality and security Session
__stripe_mid / __stripe_sid Stripe Enables secure online payments and fraud prevention 1 year / Session
wt_session WeTravel Manages retreat booking sessions and checkout flows Session
AWSALB / AWSALBCORS Ecwid / Shopify hosting Ensures load balancing and stable shop performance 7 days

These cookies do not require user consent (GDPR Article 5).

B. Functional Cookies

Cookie Provider Purpose Duration
wp-settings, wp-settings-time WordPress Stores user preferences for returning visitors 1 year
Ecwid-storefront cookies Ecwid Enables shop cart, product display, and checkout Varies
Shopify functional cookies Shopify Required for store operation (cart, preferences) Varies

C. Analytical Cookies (Consent Required)

Cookie Provider Purpose Duration
_ga, ga<container-id> Google Analytics 4 Tracks site usage anonymously 2 years
_gat Google Analytics Helps limit data collection on busy sites 1 minute
_gid Google Analytics Tracks session-level page views 24 hours

These cookies help us improve navigation, understand visitor engagement, and optimise content.

D. Marketing & Email Performance Cookies (Consent Required)

Cookie Provider Purpose Duration
Mailchimp campaign tracking Mailchimp Tracks newsletter engagement (if subscribed) Varies
mc_cid / mc_eid Mailchimp Tracks referral source for newsletters Varies

We do not run behavioural advertising or cross-site tracking.

4. Your Cookie Choices

You can manage cookies in the following ways:
Via your browser settings
You can block, delete, or disable cookies at any time.
Via our consent banner (if enabled)
You may accept only essential cookies or customise your preferences.
Declining Google Analytics
You may install the GA opt-out tool:
https://tools.google.com/dlpage/gaoptout/
Please note:
Blocking essential cookies may affect site performance and retreat booking functionality.

5. Third-Party Services That Use Cookies

We use reputable third-party tools to operate our business. These include:
Google Analytics 4 (analytics)
WeTravel (retreat bookings & payments)
Stripe (secure payments)
Mailchimp (email marketing)
Ecwid (current online shop)
Shopify (future shop)
WordPress hosting (site performance & security)
These services may set their own cookies subject to their privacy policies.

6. Data Transfers Outside the EU

Some providers, such as Mailchimp or Stripe, may store data outside the EEA.
All transfers are protected by:
• Standard Contractual Clauses (SCCs)
• GDPR-compliant safeguards

7. Updates to This Cookie Policy

We may update this policy periodically.
Any changes will appear on this page with a new “Last Updated” date.

8. Contact Information

If you have any questions about our Cookie Policy:
info@lusitanoheritage.com
Proezas Diárias Lda
Praceta Dr. Eduardo Vieira de Mascarenhas 3,
R/C Dtr
2640–800 Mafra, Portugal

2. Data Retention Schedule (GDPR Appendix)

Data Category Retention Period Legal Basis / Reason
Retreat bookings & client details 7 years Legal obligation (accounting & tax)
Payment records (Stripe, WeTravel) 7 years Legal obligation
Invoices & financial 7 years Legal obligation
Client health / dietary information 12 months after retreat Safety + explicit consent
Accident or incident reports 10 years Legal, insurance & liability requirements
Emails & customer enquiries 24 months Legitimate interest
Mailchimp newsletter data Until user unsubscribes Consent
Horse sale enquiries 24 months Legitimate interest
Horse PPE reports & sales documentation 10 years Legal + contractual necessity
Website analytics (GA4) 26 months Legitimate interest (anonymised)
Photos/videos with guest consent Until consent withdrawn Consent
Staff records Duration of employment + 7 years Legal requirement
Supplier/contractor agreements Duration of contract + 7 years Legal requirement