Privacy Policy and Cookies Policy

1. Scope and Purpose

The purpose of this policy is to present the commitments of Row For Fun Lda (hereinafter referred to as Row For Fun or Company) in relation to the management of the privacy and protection of the personal data of the data subjects whose processing is its responsibility and to respond to the1 requirements of the General Data Protection Regulation and the respective national implementing legislation2.

It also aims to explain how personal data is processed within the activities carried out by Row For Fun and its employees, by establishing internal rules that comply with the requirements of the Regulation, namely those related to lawfulness, processing, and data retention.

All personal data will be handled and managed in accordance with this Policy and the Information Security Policy, based on a regularly updated inventory of the data collected and processed.

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and subsequent amendments;.
2. Law no. 58/2019, of 8 August (and its subsequent amendments) which ensures the implementation of the General Data Protection Regulation in the national legal system.

2. Responsibilities

The Management of Row For Fun is responsible for ensuring that this Policy remains aligned with the company’s overall strategy, promoting continuous improvement in both information security and privacy.

Management is also responsible for ensuring ongoing and systematic compliance with the requirements of the Regulation, guaranteeing that the rights of all data subjects are respected and that appropriate security controls are effectively implemented for the purposes defined in this Policy.

All Row For Fun employees, as well as any subcontractors, where applicable, are required to cooperate with, adhere to, and uphold the commitments established in this Policy.

3. Data Subjects

For the execution of its activities and associated processing purposes, personal data from the following sources are collected by Row For Fun:

- Customers and participants – individuals who book, purchase, or take part in the company’s tours and related experiences.
- Employees and collaborators – staff members and individuals who work directly or indirectly with the company.
- Service providers and subcontractors – entities or individuals providing operational, technical, or logistical support (e.g., transport companies, accommodation partners).
- Business partners – organizations cooperating in marketing, event promotion, or tourism activities.
- Website users and online contacts – individuals who interact with the company through its website, social media channels, or online forms.
- Potential customers – individuals who have shown interest in the company’s services or subscribed to newsletters or promotional communications.

4. Guarantee of Confidentiality and Privacy of Personal Data

The personal data identified in this Policy will be processed by Row For Fun as the entity responsible for the processing of personal data.
In order to guarantee the confidentiality and privacy of the data, the Company ensures that it will only be accessed by employees formally authorized to perform their duties.

5. Identification of the Person Responsible for the Processing of Personal Data

The person responsible for the processing of personal data is Row For Fun, Lda. registered office at Travessa do Lameiro 122, 4430-666, Vila Nova de Gaia, Portugal, with legal person registration number 515 500 992.

6. How We Collect, Use, Share and Store Personal Data

a) Collection of personal data

1. For situations that don’t involve web tools

Personal data is collected directly in the following ways:

- Spontaneous applications or response to job offers with Curriculum Vitae sharing;
- Filling out paper forms;
- Capture of images and videos during rowing tours;
- E-mail;
- Telephone.

Personal data may be collected indirectly in the following ways:

- Import of the content of the Curriculum Vitae for the human resources registration record;
- Data import with shared responsibility with contracted business partners;
- Marketing outlets, catering services, or the like;
- Job Seeker Screening Companies;
- Medical service companies;
- Life Insurance Service Companies.

The collection of sensitive personal data will only be carried out in cases that are strictly necessary and justifiable by the activity carried out by Row For Fun and in accordance with the legislation in force.

2. For situations involving web tools

Personal data may be collected directly through the organization’s official digital platforms, or indirectly through marketing automation systems and online advertising tools operated by duly authorized subcontracted partners, in full compliance with our Personal Data Privacy Management Policy.

Indirect collection may also occur through authorized partners involved in order processing, such as the purchase of tickets or access to exhibitions and company services.

The Cookie Management Policy complements this section by detailing the available “opt-in” and “opt-out” mechanisms related to cookies and similar technologies on our websites.

Data subjects may also “opt out” of targeted advertising through social media and online advertising platforms, including Facebook, Google Ads, Instagram, and LinkedIn.

Row For Fun ensures that no manual or digital form includes pre-selected options, guaranteeing that all choices are made consciously and explicitly by the data subject.

All personal data are collected based on the legal grounds established in this policy and in strict adherence to the principle of data minimization.

b) Sharing of personal data

1. For situations that don’t involve web tools

In addition to the sharing purposes described below, no other purposes may be carried out, unless previously and expressly authorized by the Data Protection Officer.

Purposes arising from the activity of Row For Fun, Lda., inter alia:

- Social security;
- Communication with Tax Authority, Customs or other legal entities;
- Communication of complaints or privacy violations;
- Port security and immigration control;
- Labour registration & payroll;
- Issuance of the medical certificate for maritime or similar purposes;
- Compliance with registration and union obligations;
- Creation and registration of insurance policy;
- Compliance with tax and customs obligations.

Personal data may be shared with subcontracted entities for the purposes referred to above, under the terms of the contracts entered into with them. Row For Fun only uses processors that ensure, in accordance with the law, the implementation of appropriate technical and organizational measures for the protection of your data through subcontractor agreements, thus ensuring the defense of your rights under the applicable data protection law.
The sharing of data classified as sensitive will only be carried out with legal entities, partners, medical service providers and the like.

2. For situations involving web tools

In addition to the sharing purposes described below, no other purposes may be carried out, unless previously and expressly authorized by the Data Protection Officer.

Purposes arising from marketing, electronic payments and other services involving the use of electronic tools:

- Conducting advertising campaigns;
- Advertising in virtual places such as Google Ads, Facebook, Instagram and Linkedin;
- Operational needs in the interconnection with HiPay and Paypal and other electronic payment gateways using credit cards;
- Sending news, campaigns and personalized offers to the customer.

Data is shared with formally authorized subcontractors for digital marketing purposes, and the personal data involved in these shares are subject to the consent of the respective owner, with the possibility of opt-out at any time.

These shares may give rise to data transfers outside the European area, in the case of segmentation of digital marketing campaigns with intercontinental subcontracting partners. In these cases, the organization will take care to implement security controls appropriate to each risk situation identified, as well as to ensure the guarantee of the unconditional execution of their rights and all the requirements of the General Data Protection Regulation.

c) Retention of personal data

Retention is understood as the secure storage of data, in digital or paper format, ensuring the conditions of access management to guarantee confidentiality, integrity, availability of information and non-repudiation, as well as its preservation in the appropriate conditions of use according to the defined time.
Legal requirements requiring the retention of personal data for a minimum period for each purpose will be complied with. In particular, when data retention is mandatory for the purposes of fulfilling our tax documentation obligations, in which case we will retain the data for 10 years after the end of the relevant tax period.
Where such a minimum period is not imposed, personal data will be kept only for the period strictly necessary for the pursuit of the purposes for which the data were collected or are subsequently processed or, if and when applicable, for the period determined by the competent data protection authority, after which the data will be permanently deleted in secure mode.

d) Use of personal data for promotional communications

Row For Fun may use the contact details provided by customers and partners to send information about activities, special offers or promotional campaigns related to its services.

Such communications will always be carried out in accordance with applicable data protection regulations and based on the data subject’s consent, which may be withdrawn at any time.

Row For Fun guarantees that personal data used for these communications will never be shared, sold, or made available to third parties for independent marketing purposes.

All promotional messages will include clear and accessible mechanisms allowing recipients to unsubscribe (“opt-out”) from future communications, in accordance with the principles of transparency and lawful processing.

7. Embedded Content

Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. Below you can find a list of the services we use:

Facebook and Instagram

The Facebook or Instagram page plugin is used to display our Facebook or Instagram timeline on our site. Facebook has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Facebook and your IP is not sent to a Facebook server until you consent to it. See their privacy policy here: Facebook Privacy Policy .

Youtube

We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.

Google Analytics

We use Google Analytics on our site for anonymous reporting of site usage. So, no personalized data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: Google Analytics Opt-out.

8. Use & Purpose of Cookies

This website uses cookies to improve its service. Cookies are used to personalise content and advertisements according to the characteristics of the visitor, interact with social media features, analyse website traffic, as well as support implemented security controls.

Depending on the choices of the visitor to the pages of the websites, data may be shared with our social media partners, for advertising purposes, for traffic analysis and navigation through the pages of the websites and social media tools within the scope of this policy.

Under no circumstances will personal data be collected through cookies.

a) Types of Cookies:

Cookies are text files that can be used by websites to make the user experience more efficient.

In accordance with the legislation in force, cookies may be stored and operated on the equipment to which the visitor accesses them if they are strictly necessary for the operation of the website.
For all other types of cookies, we allow the personal data subject to exercise their right to informed consent.
Some cookies may be installed automatically by our business partners, always in a way that is explicit to the visitor.

b) Our website may use the following types of cookies:

Ba) Required
Necessary cookies support the execution of basic functions such as navigation between pages and their traceability.
It is important to note that the website may not function properly without these cookies, and as such, they are considered fundamental and justified.

Bb) Statistical or Functional
Statistical cookies help the website operator to understand how the visitor interacts with the pages that compose it, collecting and processing information anonymously.

Bc) Marketing
Marketing cookies are used to track the visitor’s access to and sequence of page usage.
They allow the personalization of advertisements or other marketing materials to be displayed and that are relevant and appealing to the visitor, making the browsing experience more personalized and dynamic.

The visitor to the website, and as such a holder of personal data, must select, in each box available, the type of cookies he authorizes.
By clicking on the “I accept” button, you acknowledge the acceptance of this cookie policy and the confirmation of authorization for the type of cookies selected.

c) Accepting/refusing cookies
You can choose to accept or refuse the installation of cookies on your terminal at any time by configuring your browser software.

Ca) If you accept cookies
The registration of a cookie on your terminal depends on your wishes. At any time, you can express and modify your choice free of charge through the options provided by your browser software.
If in the browser software you use you have accepted the saving of cookies on your terminal, the cookies embedded in the pages and content you have consulted may be temporarily stored in a specific space on your terminal. There, they will only be readable by the sender of the cookies.

Cb) What is the point of accepting cookies?
When you visit our website www.rowforfun.pt, these cookies will record certain information that is stored on your terminal. This information is used, in particular, to offer you experiences based on the items you have already selected during your previous visits, thus enabling you to benefit from better navigation on our site.

Cc) If you refuse cookies
When you refuse cookies, we nevertheless install a “refuse” cookie. This cookie allows us to remember your choice so that we don’t have to ask you each time you visit whether you want to accept or decline cookies.

Cd) Configuring your browser
The configuration of cookie management depends on each browser and is found in your browser’s help menu.

d) Legal Notice Update
Row For Fun Lda, reserves the right to make any changes or corrections to this cookie notification. Please check this page regularly to review the information and check for any updates.

9. Data Subject Rights

Data subjects will be guaranteed the conditions to exercise their rights provided for by the General Data Protection Regulation.
Row For Fun will be involved in all issues related to the protection of personal data, and should preferably be put in writing through the email address geral@rowforfun.pt all questions that the holders of personal data deem necessary.

If the data subject wishes to file a complaint or report a privacy violation, the data subject may communicate via email geral@rowforfun.pt or directly with the supervisory authority of their choice.

Following the registration of a complaint or breach of privacy, the Group undertakes to inform the data subject of each step and progress in the process of filing a complaint, without prejudice to compliance with the deadlines defined by the regulation.

10. Security Measures

We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization.

In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.

11. Review and Continuous Improvement

This policy can be reviewed annually, or whenever there are significant changes in the inventory of personal data and/or in the computer or documentary media.

Each of these revisions will give rise to a new version of this document.

12. Dissemination and Publication

The Privacy Management Policy is classified as publicly accessible information. (cf. Information classification policy) and will be available for consultation through the Internet, either on the institutional website, on the Internet tools to support the business and also on the group’s social networks.
During the onboarding process, new employees will be made aware of this Policy, as well as the mandatory participation of those in the training and awareness actions on security, privacy and personal data protection that will be part of the onboarding process will be part of this process.
After publication and dissemination of the policy, employees are obliged to:

Protect the information assets in your charge;
Collaborate in the management of their risk;
Participate in any event that may jeopardize the security of information;
Comply with and enforce this policy;
Employees may consult this Policy at any time through the document management platform of the group’s internal network.

Entities/employees who, for reasons inherent to their function, do not have access to the platform, will be aware of this policy by sharing it in the appropriate format for each case.

13. Term of the Policy

This policy has been approved by Row For Fun, Lda. and becomes effective on the date it is published.

Any subsequent changes will be effective immediately upon their posting.