+351 964 246 220
en
Español Español English English Portugues Portugues
+351 964 246 220
en
Español Español English English Portugues Portugues
+351 964 246 220
en
Español Español English English Portugues Portugues
Book a Table
Delivery Orders
Ue Logo Horizontal Rgb Web Greenbg Bolt Food
Reserva grupos

Envíanos un email a:
valentinas@chicandbasic.com

Take Away

Llama, haz tu pedido y en 20 minutos lo tienes listo para recoger.
Se paga al momento de la recogida.

Privacy policy
Best price guaranteed
Opening date: July 2021
Home Privacy Policy

PRIVACY POLICY

Last updated: 18 February 2026

At ISASPASTA LDA, we care about privacy and transparency. Below, we provide detailed information about how we process personal data, as well as all related information, in compliance with the General Data Protection Regulation (GDPR) and Portuguese Law No. 58/2019.

DATA CONTROLLER

Who is responsible for processing your data?

HOW WE PROCESS PERSONAL DATA

Below, we detail the different types of personal data processing carried out by ISASPASTA LDA:

Reservation management

  • Purpose of Processing: To manage reservations made through our website, telephone, Google MyBusiness or platforms such as TheFork.
  • Legal Basis (Art. 6 GDPR): Performance of a contract (GDPR Art. 6.1.b).
  • Retention Period: During the contractual relationship and the applicable legal periods (tax, accounting), which in Portugal are generally 4 years from the end of the commercial relationship.

Order Management

  • Purpose of Processing: To manage takeaway and delivery orders, both directly and through platforms such as Uber Eats or Bolt Food.
  • Legal Basis (Art. 6 GDPR): Performance of a contract (GDPR Art. 6.1.b).
  • Retention Period: During the contractual relationship and the applicable legal periods (tax, accounting), which in Portugal are generally 4 years from the end of the commercial relationship.

Management of gift vouchers and group bookings

  • Purpose of Processing: To manage the request and issuance of gift vouchers and the management of group bookings.
  • Legal Basis (Art. 6 GDPR): Performance of a contract (GDPR Art. 6.1.b).
  • Retention Period: During the contractual relationship and the applicable legal periods (tax, accounting), which in Portugal are generally 4 years from the end of the commercial relationship.

Tax and administrative management

  • Purpose of Processing: To comply with the tax, accounting and administrative obligations arising from the provision of our services.
  • Legal Basis (Art. 6 GDPR): Legal obligation (Art. 6.1.c)
  • Retention Period: 4 years (fiscal).

Sending commercial communications

  • Purpose of Processing: To send promotional communications about products or services.
  • Legal Basis (Art. 6 GDPR): Consent of the data subject (Art. 6.1.a). Legitimate interest of the Controller (GDPR Art. 6.1.f and Recital 47).
  • Retention Period: Until the data subject objects to the processing or revokes consent.

Management of selection processes and CVs

  • Purpose of Processing: Management of CVs received through the website for personnel selection processes.
  • Legal Basis (Art. 6 GDPR): Implementation of pre-contractual measures (Art. 6.1.b).
  • Retention Period: 1 year unless the data subject requests its deletion beforehand or an employment relationship is maintained.

Communication of data within the business group

  • Purpose of Processing: To communicate customers' personal data to companies within the group for the purpose of consolidating accounts between companies within the group and for the harmonisation of corporate policies and strategic, commercial and financial management.
  • Legal Basis (Art. 6 GDPR): Legitimate interest (Art. 6.1.f). Legal obligation (Art. 6.1.c).
  • Retention Period: 6 years.

Management of queries and communications

  • Purpose of Processing: To respond to your request (contact form, queries) and send you promotional communications if you consent.
  • Legal Basis (Art. 6 GDPR): Consent of the data subject for commercial communications (Art. 6.1.a GDPR). Legitimate interest of the Data Controller for managing professional contacts (Art. 6.1.f. GDPR).
  • Retention Period: All data will be deleted when requested by the data subject or once the query has been dealt with. For commercial communications, until you withdraw your consent.

Website maintenance and management

  • Purpose of Processing: Maintenance of the web platform.
  • Legal Basis (Art. 6 GDPR): Legitimate interest (Art. 6.1.f).
  • Retention Period: As long as necessary for the purpose.

COMMUNICATION AND TRANSFER OF DATA BETWEEN INDEPENDENT CONTROLLERS

The data will be communicated to the following recipients:

  • Portuguese Tax Administration: For the purpose of complying with legal obligations (legal requirement).
  • Financial institutions: For the purpose of managing the corresponding payments (contractual requirement).
  • CBHOTELS OPORTO LDA: In exceptional cases of failure of our payment system, we may use the payment terminal of CBHOTELS OPORTO LDA, which will act as our data processor (subcontractor), following our instructions and ensuring data security in accordance with Article 28 of the GDPR.
  • For the provision of certain services, such as online booking management (e.g. TheFork), web analytics (e.g. Google Analytics) or delivery services (e.g. Uber Eats, Bolt Food), we may use providers that process data outside the European Economic Area (EEA). In such cases, ISASPASTA LDA guarantees that these transfers are carried out with the appropriate safeguards required by law, such as the signing of Standard Contractual Clauses approved by the European Commission.
  • Based on our legitimate interest, the data may be transferred to companies in the same business group for the purpose of consolidating accounts between the companies in the group and for the harmonisation of corporate policies and strategic, commercial and financial management.

No additional communications of your data will be made to third parties, except where legally required.

ORIGIN OF THE DATA AND HOW IT IS OBTAINED

The personal data we process has been provided directly by you. If you provide us with data belonging to other people, you guarantee that you have their express consent and that you have informed them of the content of this Policy. You also release us from any liability arising from a breach of this obligation.

ACCURACY OF PERSONAL DATA

If you do not provide us with your data or do so incorrectly or incompletely, we will not be able to respond to your request, making it impossible to provide you with the requested information or to contract the services.

The data subject guarantees that the data provided is true, accurate, complete and up to date. They shall inform us of any changes to the data provided through the channels indicated in the header of this policy.

EXERCISE OF RIGHTS

Any person has the right to obtain confirmation as to whether or not ISASPASTA LDA is processing personal data concerning them.

Data subjects have the right to:

  • Right of access: Access your personal data and find out what data we process about you.
  • Right of rectification: Request the rectification of inaccurate data or, where appropriate, request that incomplete data be completed.
  • Right of erasure (‘right to be forgotten’): Request the erasure of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing: Request the restriction of the processing of your data, in which case we will only retain it for the exercise or defence of claims.
  • Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and to transmit it to another controller.
  • Right to object: In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. In this case, ISASPASTA LDA will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.

How to exercise your rights?

You may exercise your rights in the following ways:

When commercial communications are sent using the legitimate interest of the controller as the legal basis, the data subject may object to the processing of their data for that purpose.

If you have given your consent for a specific purpose, you have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing based on your consent prior to its withdrawal.

Where to lodge a complaint?

If you feel that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you may lodge a complaint with the competent Data Protection Supervisory Authority, which in Portugal is:

Comissão Nacional de Proteção de Dados (CNPD)

  • Website: cnpd.pt
  • Email: geral@cnpd.pt
  • Address: Av. D. Carlos I, 134, 1.º, 1200-651 Lisboa
  • Telephone: (+351) 213 928 400

MINORS

Our services are not intended for children under the age of 13. In accordance with Article 16 of Law No. 58/2019, the minimum age for giving valid consent for the processing of personal data in Portugal is 13 years.

If you become aware that a minor under the age of 13 has provided us with personal data without the consent of their parents or legal guardians, please contact us so that we can proceed to delete it.