Following the purchase of the voucher and in order to exchange it, you can check and/or present at the CP ticket office*:
The vouchers are valid until the specified date.
For tax purposes, the PDF voucher serves as receipt. If you do not fill in the Name/Entity and NIF (Tax ID Number) in the voucher data for tax purposes, your voucher shall be issued with the “Final Consumer” NIF, by default. Upon issuance, it is not possible to change the data.
When you buy our tickets through the online ticket office using Visa or Mastercard, you are making a transaction with 3-D Secure.
The 3-D Secure protocol provides greater security for online purchases since, when you make the transaction, it checks that the person making the payment is the legitimate holder of the card that is being used for the online purchase.
When you reach the payment phase of the purchase operation, a bank form appears where you have to enter the bank card details and the authentication credentials, which only the card owners knows.
Most Portuguese banks have opted to send their clients SMS codes so they can authenticate the transfer being made.
If you have not yet associated your bank card with 3-D Secure, your Visa or Mastercard payment may be refused.
Please contact your bank for further details about authentication methods and how to use them in your online purchases.
Each voucher can only be exchanged once and for the defined product or ticket.
The exchange for the product or ticket is exclusively carried out at the CP ticket offices and the presentation of the printed or digital voucher is mandatory.
Portugal Rail Pass
The vouchers cannot be refunded, nor can the conditions, particularly the product/ticket to be purchased or expiry date, be changed.
The products/tickets purchased under the voucher are reissued in accordance with the regulation regarding each product. However, if the exchange is for a product of lower value, the customer shall not be entitled to the refund of the difference.
The products/tickets purchased under the voucher cannot be refunded.
CP - Comboios de Portugal, E.P.E. (hereinafter referred to as CP), as an entity responsible for the processing of the personal data provided to it, in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27th of April 2016, commonly referred to as General Data Protection Regulation (GDPR) and other applicable national and community legislation, has adopted the Personal Data Privacy Protection Policy disclosed in this document, establishing the way it collects, stores and processes the Personal Data, ensuring its confidentiality and safety.
Data protection and privacy principles
The processing operations carried out by CP comply with the fundamental principles of data protection and privacy, which ensure the proper functioning of the processes, the trust with customers and partners, as well as the public image: lawfulness, impartiality and transparency, purpose limitation, data minimisation, accuracy, retention limitation, integrity, confidentiality and transmission.
CP assures that all personal data are legally processed, i.e., subject to a strict compliance with the lawfulness foundations imposed by the GDPR. This lawfulness foundation exists when at least one of the following situations occur: The data subject gives his/her consent to one or more required purposes; if an agreement is concluded, of which the data subject is part of, or to pre-contractual steps requested by the data subject; to the compliance with a legal obligation to which the person responsible for the processing is subject; for the defence of the data object’s vital interesses; for the performance of tasks carried out in the public interest or public authority; for the purpose of the legitimate interests of the person responsible for the processing.
Purpose of the processing
The Personal Data transmitted by the data subject through the different means of interaction with CP is intended to one or several of the following purposes:
(for the purposes mentioned in items 1 to 5, the consent of the Data Subject is not required, in accordance with paragraph b) of item 1 of article 6 of the GDPR)
Type of cookies used
Some cookies are needed to access specific areas of the website. They allow you to browse the website and use its applications, such as accessing safe areas of the website through login. Without such cookies, the services that require them cannot be provided.
These cookies gather information regarding your use of the website, such as the pages you visit the most. Such data can be used to help optimise our Internet pages and make browsing easier. These cookies do not collect information related to your identity. All information collected by these cookies is aggregated and, therefore, anonymous.
These cookies allow the website pages to save the options made by the user while browsing. That is, they save the user’s preferences regarding the use of the website, so that it is not necessary to reconfigure the website in each visit.
These cookies help measuring advertising effectiveness. However, they do not identify the user.
In most cases, the cookies are deleted when you close your browser (session cookies). Some cookies are more persistent and remain in your browser until they expire or until you delete them.
You can change the definitions of your browser to block or delete cookies, or to warn you every time a new cookie is stored on your computer, enabling you to decide if you accept it or not. If you decide to block or delete our cookies, you may not be able to access all our services and it may have some impact on the performance of our website in your system.
You can find more information regarding the setting of each type of browser (e.g.: Firefox, Chrome, Explorer, Opera) in the corresponding institutional websites.
The Personal Data transmitted by the Data Subject may require his/her express consent, in accordance with the intended purpose. In such cases, the data subject freely gives his/her consent in a specific, informed and explicit way, in each of the means of interaction with CP.
The data subject may always require the withdrawal of any of his/her consents for the corresponding processing. The withdrawal can be carried out through the website, in the personal area myCP, or through the filling of a specific form to be delivered in our sales points upon unambiguous identification of the data subject. The consent withdrawal, regarding a certain personal data processing, does not compromise the lawfulness of the processing already carried out based on such consent.
Protection and safety
CP undertakes to adopt administrative, technical, physical and organisational measures which ensure the safety, integrity and privacy of the data subject’s personal data, appropriate to the risk of each processing and consistent with the practices established in the European Union. Such measures are applied to protect the personal data against its dissemination, improper use, non-authorised access or the loss, change or destruction, as well as any other form of unlawful processing.
Partners and subcontractors who have access to personal data shall be obliged to adopt the safety, organisational and technical protocols and measures required to the protection of such data.
The data used to make payments, particularly regarding credit/debit cards, are provided directly in the platforms of the corresponding service providers. CP does not have access to such data.
The data subject ensures that the personal data he/she provides is true and accurate and undertakes to notify any change thereof. Any damage caused to CP or to any third party due to the provision of incorrect, inaccurate or incomplete information in the registration forms, is the sole responsibility of the person who introduced or provided such information.
The data subject undertakes to not disclose his/her username and password. If he/she decides to share such data with someone, he/she shall be responsible for all activities performed in his/her personal area of myCP.
Transmission to third parties
The provision of information or services by CP may, eventually, lead to the transmission or access to the personal data by partners or subcontractors. CP ensures that it will only resort to entities that offer adequate guarantees for the implementation of appropriate technical and organisational measures, so that the data processing ensures the compliance with the applicable legislation. The categories of partners and subcontractors include:
The provided data may also be transferred to official entities, in compliance with legal obligations.
CP only transfers personal data to entities located in countries outside EU, in compliance with legal obligations, or if the compliance with national and community legal standards is ensured.
CP does not sell, buy or markets personal data, in any way.
In its website, CP includes links to other Internet pages or to resources managed by third parties, including its partners.
CP assumes no responsibility for the content, accuracy, availability and privacy practices of such Internet pages or external resources. CP does not accept, nor is liable, directly or indirectly, for damages, losses or violations caused by, or perceived to be caused by, or related to the use of such Internet pages or external resources.
Data subject rights
The legislation of data protection grants to the data subjects the right to information regarding the purposes and processing of their data, the right to access, correct, delete and restrict the processing, and the right to transfer their data and contest automated individual decisions.
To exercise the abovementioned rights, the data subject shall contact the Data Protection Officer of CP (email@example.com).
If the customer only provided his/her personal data through myCP, the deletion of his/her registration implies the deletion of the corresponding data. However, the deletion of myCP registration means that it is not possible to access the corresponding personal data and the purchases made. In this case, all after-sales operations (e.g.: revalidation/refund) shall be carried out in person in a ticket office or in the customer service office.
The data subject may also submit a complaint to the competent national supervisory authority.
Personal data storage period
When there is no specific legal requirement, the Personal Data shall be stored for no longer than is absolutely necessary, in order to comply with their purposes. The period during which the data is stored depends on the purpose for which the information is processed.
The data subject may contact us for any questions regarding the application of the General Data Protection Regulation by CP, through the website page of Customer Information/Contacts, the e-mail firstname.lastname@example.org or by mail sent the Data Protection Officer, CP- Comboios de Portugal, Calçada do Duque, nº 20, 1249-109, Lisbon, Portugal.