Vouchers terms and conditions

Following the purchase of the voucher and in order to exchange it, you can check and/or present at the CP ticket office*:

  • PDF sent by e-mail;
  • SMS, if requested;
  • PDF available in “your vouchers” of myCP, at cp.pt.

The vouchers are valid until the specified date.

For tax purposes, the PDF voucher serves as receipt. If you do not fill in the Name/Entity and NIF (Tax ID Number) in the voucher data for tax purposes, your voucher shall be issued with the “Final Consumer” NIF, by default. Upon issuance, it is not possible to change the data.

When you buy our tickets through the online ticket office using Visa or Mastercard, you are making a transaction with 3-D Secure.

The 3-D Secure protocol provides greater security for online purchases since, when you make the transaction, it checks that the person making the payment is the legitimate holder of the card that is being used for the online purchase.

When you reach the payment phase of the purchase operation, a bank form appears where you have to enter the bank card details and the authentication credentials, which only the card owners knows.

Most Portuguese banks have opted to send their clients SMS codes so they can authenticate the transfer being made.

If you have not yet associated your bank card with 3-D Secure, your Visa or Mastercard payment may be refused.

Please contact your bank for further details about authentication methods and how to use them in your online purchases.

Each voucher can only be exchanged once and for the defined product or ticket.

The exchange for the product or ticket is exclusively carried out at the CP ticket offices and the presentation of the printed or digital voucher is mandatory.

 

Portugal Rail Pass

  • Porto Campanhã;
  • Porto São Bento;
  • Braga;
  • Guimarães;
  • Espinho;
  • Aveiro;
  • Oriente;
  • Lisboa Santa Apolónia;
  • Rossio (loja CP);
  • Albufeira;
  • Faro;
  • Lagos;
  • Cais do Sodré;
  • Oeiras;
  • Estoril;
  • Cascais;
  • Entrecampos;
  • Sete Rios.

 

INTRA_RAIL

  • Braga;
  • Porto Campanhã;
  • Porto São Bento;
  • Aveiro;
  • Coimbra;
  • Lisboa Oriente;
  • Lisboa Santa Apolónia;
  • Entrecampos;
  • Cais do Sodré;
  • Portimão.

The vouchers cannot be refunded, nor can the conditions, particularly the product/ticket to be purchased or expiry date, be changed.

The products/tickets purchased under the voucher are reissued in accordance with the regulation regarding each product. However, if the exchange is for a product of lower value, the customer shall not be entitled to the refund of the difference.

The products/tickets purchased under the voucher cannot be refunded.

Purpose 
CP - Comboios de Portugal, E.P.E. (hereinafter referred to as CP), as an entity responsible for the processing of the personal data provided to it, in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27th of April 2016, commonly referred to as General Data Protection Regulation (GDPR) and other applicable national and community legislation, has adopted the Personal Data Privacy Protection Policy disclosed in this document, establishing the way it collects, stores and processes the Personal Data, ensuring its confidentiality and safety. 

This Personal Data Privacy Policy applies to all personal information collected, processed and stored by CP through the several existing forms and channels.

When accessing areas which require personal data, referred to as “Personal Data”, the service user (hereinafter referred to as data subject) shall be aware of this Personal Data Privacy Policy and the Terms and Conditions of use and service provision of CP. The access to the Online Ticket Office is only possible through the user registration (myCP).  

For the purpose of item 1 of article 8 of the GDPR, i.e., with regard to the direct service offering of the so-called information society, CP ensures that no personal data is requested from persons under 16, except if the prior express consent of the corresponding representatives – whether they are parents, tutors or guardians - had been obtained. Such representatives shall be aware of this Personal Data Privacy Policy.

Data protection and privacy principles
The processing operations carried out by CP comply with the fundamental principles of data protection and privacy, which ensure the proper functioning of the processes, the trust with customers and partners, as well as the public image:  lawfulness, impartiality and transparency, purpose limitation, data minimisation, accuracy, retention limitation, integrity, confidentiality and transmission. 

Lawfulness foundations
CP assures that all personal data are legally processed, i.e., subject to a strict compliance with the lawfulness foundations imposed by the GDPR.  This lawfulness foundation exists when at least one of the following situations occur:  The data subject gives his/her consent to one or more required purposes; if an agreement is concluded, of which the data subject is part of, or to pre-contractual steps requested by the data subject; to the compliance with a legal obligation to which the person responsible for the processing is subject; for the defence of the data object’s vital interesses; for the performance of tasks carried out in the public interest or public authority; for the purpose of the legitimate interests of the person responsible for the processing.

Purpose of the processing 
The Personal Data transmitted by the data subject through the different means of interaction with CP is intended to one or several of the following purposes:

  1. Conclude a transport agreement and manage the contractual relationship established, including the validation, supervision and gathering of official reports;
  2. Handle and respond to information requests, suggestions and complaints; 
  3. Delivery of lost objects;Provide the SIM service (Integrated Mobility Service, made available to disabled persons); 
  4. Receive spontaneous applications and recruitment procedures;
  5. Enhance the browsing experience in the website cp.pt and App CP (cookies);
  6. Provide information related to changes or occurrences with the provided services (e.g.: traffic changes);
  7. Make available information regarding the products and special offers of CP and its partners, sending of newsletters and implementation of contests;
  8. Conduct customer satisfaction surveys;
  9. Respond to service assessment questionnaires;
  10. Manage the relationship with the customer (e.g.: personalised services);
  11. Customer segmentation to improve the service offering or fees and loyalty programmes, in accordance with tastes and preferences of use of the provided services;

(for the purposes mentioned in items 1 to 5, the consent of the Data Subject is not required, in accordance with paragraph b) of item 1 of article 6 of the GDPR)

Cookies Policy
In order to provide a more personalized service, the website cp.pt uses cookies to collect and store information. A cookie is a small information file that is stored on the user’s device (e.g.: Computer, cell phone) and allows to remember previous choices, dates and visits. That is, they save the user’s preferences regarding the use of the website, personalising his/her experience so that it is not necessary to reconfigure the website in each visit.

Type of cookies used

Essential cookies
Some cookies are needed to access specific areas of the website.  They allow you to browse the website and use its applications, such as accessing safe areas of the website through login.  Without such cookies, the services that require them cannot be provided.

Analytical cookies
These cookies gather information regarding your use of the website, such as the pages you visit the most.  Such data can be used to help optimise our Internet pages and make browsing easier.  These cookies do not collect information related to your identity. All information collected by these cookies is aggregated and, therefore, anonymous.

Functional cookies
These cookies allow the website pages to save the options made by the user while browsing. That is, they save the user’s preferences regarding the use of the website, so that it is not necessary to reconfigure the website in each visit.

Advertising cookies
These cookies help measuring advertising effectiveness.  However, they do not identify the user.

In most cases, the cookies are deleted when you close your browser (session cookies).  Some cookies are more persistent and remain in your browser until they expire or until you delete them.

You can change the definitions of your browser to block or delete cookies, or to warn you every time a new cookie is stored on your computer, enabling you to decide if you accept it or not.  If you decide to block or delete our cookies, you may not be able to access all our services and it may have some impact on the performance of our website in your system.

You can find more information regarding the setting of each type of browser (e.g.:  Firefox, Chrome, Explorer, Opera) in the corresponding institutional websites.

Consent 
The Personal Data transmitted by the Data Subject may require his/her express consent, in accordance with the intended purpose. In such cases, the data subject freely gives his/her consent in a specific, informed and explicit way, in each of the means of interaction with CP.  

The data subject may always require the withdrawal of any of his/her consents for the corresponding processing. The withdrawal can be carried out through the website, in the personal area myCP, or through the filling of a specific form to be delivered in our sales points upon unambiguous identification of the data subject.  The consent withdrawal, regarding a certain personal data processing, does not compromise the lawfulness of the processing already carried out based on such consent.

Protection and safety
CP undertakes to adopt administrative, technical, physical and organisational measures which ensure the safety, integrity and privacy of the data subject’s personal data, appropriate to the risk of each processing and consistent with the practices established in the European Union.  Such measures are applied to protect the personal data against its dissemination, improper use, non-authorised access or the loss, change or destruction, as well as any other form of unlawful processing. 

Partners and subcontractors who have access to personal data shall be obliged to adopt the safety, organisational and technical protocols and measures required to the protection of such data.

The data used to make payments, particularly regarding credit/debit cards, are provided directly in the platforms of the corresponding service providers.  CP does not have access to such data.

The data subject ensures that the personal data he/she provides is true and accurate and undertakes to notify any change thereof.  Any damage caused to CP or to any third party due to the provision of incorrect, inaccurate or incomplete information in the registration forms, is the sole responsibility of the person who introduced or provided such information.

The data subject undertakes to not disclose his/her username and password.  If he/she decides to share such data with someone, he/she shall be responsible for all activities performed in his/her personal area of myCP.

Transmission to third parties 
The provision of information or services by CP may, eventually, lead to the transmission or access to the personal data by partners or subcontractors.  CP ensures that it will only resort to entities that offer adequate guarantees for the implementation of appropriate technical and organisational measures, so that the data processing ensures the compliance with the applicable legislation.  The categories of partners and subcontractors include:

  • Other railway operators;
  • Transport operators complementing the railway service;
  • Car rental companies;
  • Housing units;
  • Customer services and ticket sales (Travel agencies, Helpline);
  • E-mail services;
  • IT services, particularly application management and administration and infrastructure provision;
  • Audit services and similar;
  • Payment services and fraud control.

The provided data may also be transferred to official entities, in compliance with legal obligations.

CP only transfers personal data to entities located in countries outside EU, in compliance with legal obligations, or if the compliance with national and community legal standards is ensured.

CP does not sell, buy or markets personal data, in any way.

Links
In its website, CP includes links to other Internet pages or to resources managed by third parties, including its partners.  

CP assumes no responsibility for the content, accuracy, availability and privacy practices of such Internet pages or external resources.  CP does not accept, nor is liable, directly or indirectly, for damages, losses or violations caused by, or perceived to be caused by, or related to the use of such Internet pages or external resources.

Data subject rights 
The legislation of data protection grants to the data subjects the right to information regarding the purposes and processing of their data, the right to access, correct, delete and restrict the processing, and the right to transfer their data and contest automated individual decisions.  

To exercise the abovementioned rights, the data subject shall contact the Data Protection Officer of CP (protecaodado@cp.pt).

If the customer only provided his/her personal data through myCP, the deletion of his/her registration implies the deletion of the corresponding data. However, the deletion of myCP registration means that it is not possible to access the corresponding personal data and the purchases made. In this case, all after-sales operations (e.g.: revalidation/refund) shall be carried out in person in a ticket office or in the customer service office. 

The data subject may also submit a complaint to the competent national supervisory authority.

Personal data storage period
When there is no specific legal requirement, the Personal Data shall be stored for no longer than is absolutely necessary, in order to comply with their purposes.  The period during which the data is stored depends on the purpose for which the information is processed.

Contacts
The data subject may contact us for any questions regarding the application of the General Data Protection Regulation by CP, through the website page of Customer Information/Contacts, the e-mail protecaodado@cp.pt or by mail sent the Data Protection Officer, CP- Comboios de Portugal, Calçada do Duque, nº 20, 1249-109, Lisbon, Portugal.

Privacy policy changes
In order to ensure the adequacy of the document, CP may change at any time this Privacy Policy, without prior notice and with immediate effect.   Such changes shall be properly advertised on the website and ticket offices and, if needed, requested the renewal of the knowledge and consent.

This Privacy Policy was updated on 15th of May 2018.