Privacy Policy

1. Data Controller Identity

This Privacy Policy applies to the website operating under the brand name METRO SG at the domain metodo2passos.com (the "Website"). The data controller responsible for your personal data is:

LISBURN CITY KART CLUB LTD
Company Number: NI740536
Registered Office: 11d Terryhoogan Road, Scarva, Craigavon, Northern Ireland, BT63 6NF, United Kingdom

As data controller, we determine the purposes and means of processing your personal data. We are committed to protecting your privacy and handling your personal data in an open, transparent, and secure manner, in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, how long we retain it, and what rights you have in relation to your personal data. Please read this policy carefully before submitting any personal information to us.

2. Personal Data We Collect

We collect and process the following categories of personal data:

• Identity Data: First name and last name provided through our contact and enquiry forms.
• Contact Data: Email address and telephone number provided through our forms.
• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology identifiers on the devices you use to access the Website.
• Usage Data: Information about how you use the Website, including pages visited, time spent on pages, referring URLs, and navigation paths.
• Cookie and Tracking Data: Preferences and settings stored via cookies and similar tracking technologies as further described in the Cookie section below.
• Communications Data: Content of messages, queries, or feedback you submit to us via contact forms or email.

We do not knowingly collect sensitive personal data (special category data) such as data relating to race, ethnicity, political opinions, religious beliefs, health, sexual orientation, or biometric data. We do not knowingly collect personal data from children under the age of 16.

3. How We Collect Your Personal Data

We collect personal data through the following means:

• Direct interactions: When you complete a contact form, guide request form, or enquiry form on the Website, you directly provide us with Identity Data, Contact Data, and Communications Data.
• Automated technologies: As you interact with the Website, we automatically collect Technical Data and Usage Data using cookies, server logs, and similar tracking technologies.
• Third parties: We may receive Technical Data from analytics providers and advertising networks, subject to their own privacy practices and your consent where required.

4. Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so under UK GDPR Article 6. The lawful bases we rely upon are:

• Consent (Article 6(1)(a)): Where you have provided clear consent to the processing of your personal data for specific purposes, including receiving informational communications and accepting cookies. You may withdraw consent at any time.
• Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests — such as operating and improving the Website, preventing fraud, ensuring network and information security, and conducting internal analytics — provided those interests are not overridden by your fundamental rights and interests.
• Legal Obligation (Article 6(1)(c)): Where we are required to process your data to comply with a legal obligation, including obligations under UK law.

5. Purposes of Processing

We use your personal data for the following purposes:

• To respond to enquiries and deliver the free city guides or informational content you requested;
• To send you relevant educational content, itinerary updates, and city guide information where you have consented;
• To operate, maintain, and improve the Website and its content;
• To monitor and analyse usage of the Website for statistical and improvement purposes;
• To detect and prevent fraud, abuse, and other unlawful activity;
• To comply with applicable legal and regulatory obligations;
• To enforce our Terms and Conditions and other applicable policies.

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason compatible with the original purpose. If we need to use your data for an incompatible purpose, we will notify you and explain the legal basis for doing so.

6. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to distinguish you from other users of the Website, to remember your preferences, and to improve your experience. A cookie is a small text file stored on your device by your web browser.

We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the operation of the Website, such as cookies that enable you to log in or remember your cookie consent preference. These cannot be disabled.
• Analytical/Performance Cookies: These allow us to recognise and count the number of visitors to the Website and to see how visitors move around the Website. This helps us improve the Website's functionality and content.
• Functionality Cookies: These are used to recognise you when you return to the Website and to personalise our content to you.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of the Website may become inaccessible or not function properly. By clicking "Accept" on our cookie banner, you consent to our use of non-essential cookies.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients:

• Service Providers: Third-party companies and individuals who provide services on our behalf, such as web hosting providers, email service providers, and analytics platforms. These parties are authorised to use your personal data only as necessary to provide their services to us and are bound by appropriate data processing agreements.
• Legal and Regulatory Authorities: Where required by law, court order, or governmental authority, we may disclose your personal data to comply with legal obligations or to protect the rights, property, or safety of the Company, our users, or others.
• Business Transfers: If the Company undergoes a merger, acquisition, reorganisation, or sale of all or substantially all of its assets, your personal data may be transferred as part of that transaction. We will notify you via a prominent notice on the Website of any change in ownership and any choices you may have regarding your personal data.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

8. International Data Transfers

Some of our service providers may be based outside the United Kingdom. Where we transfer your personal data to countries outside the UK, we ensure that appropriate safeguards are in place to protect your data, including:

• Transfers to countries that have been deemed to provide an adequate level of protection for personal data by the UK government;
• Where we use service providers based in the United States, ensuring they participate in appropriate data transfer mechanisms or equivalent approved safeguards;
• Use of UK Information Commissioner's Office (ICO) approved standard contractual clauses.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

As a general rule:

• Contact and enquiry form data is retained for up to 24 months from the date of last contact, after which it is securely deleted or anonymised;
• Technical and usage data collected through analytics tools is retained for up to 26 months;
• Financial and transactional records (if any) are retained for at least 6 years in accordance with UK statutory requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such anonymised data indefinitely without further notice.

10. Security of Your Data

We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure Socket Layer (SSL/TLS) encryption for data transmitted between your device and our servers;
• Access controls limiting access to your personal data to those employees, contractors, and service providers who have a business need to process it;
• Regular review of our information collection, storage, and processing practices.

Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by UK GDPR.

11. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you (a "Subject Access Request").
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances (the "right to be forgotten").
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: Where processing is based on your consent or on a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis, or where processing is for direct marketing purposes.
• Rights in relation to automated decision-making and profiling: You have rights regarding any decisions made solely by automated means that have a significant effect on you.
• Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us in writing at: LISBURN CITY KART CLUB LTD, 11d Terryhoogan Road, Scarva, Craigavon, Northern Ireland, BT63 6NF. We will respond to your request within one month of receipt. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you are unhappy with how we have handled your personal data. The ICO can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. Website: ico.org.uk.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated revision date. Where changes are material, we will endeavour to provide more prominent notice. Your continued use of the Website following the posting of any changes constitutes your acceptance of such changes.

We encourage you to review this Privacy Policy periodically to remain informed about how we are protecting your personal data. This Privacy Policy was last updated on 25 May 2026.