Privacy Policy

Last updated: 2026-05-16

Moonlight Dreams SA ("TAMILA", "we", "us") respects your privacy. This policy explains what personal data we collect, why, how long we keep it, and what rights you have under the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and Portuguese Law n.º 58/2019.

1. Data controller

The data controller is Moonlight Dreams SA, registered at Av. Duque de Loulé 69, 1050-087 Lisboa, Portugal (NIPC 509169392). You can reach our privacy contact at privacy@tamilaclub.pt.

2. What we collect

When you submit a reservation: your name, email, phone, requested date, party size, and any free-form notes you provide. Legal basis: performance of a contract (GDPR Art. 6(1)(b)) and our legitimate interest in operating the venue (Art. 6(1)(f)).

When you apply to perform with us through the careers form: your stage name, real name, date of birth, nationality, languages, physical details you choose to share, contact details, photos you upload, and the consent confirmations recorded at submission. Legal basis: your explicit consent (Art. 6(1)(a) and Art. 9(2)(a) for any photos that may reveal personal characteristics).

When you visit the website: minimal technical data (such as IP address, browser, and pages viewed) is logged by our hosting provider to keep the site secure and reliable. Legal basis: legitimate interest (Art. 6(1)(f)). We do not currently use any analytics, advertising, or marketing trackers.

We do not knowingly collect data from anyone under 18. Our age gate is the first thing you see, and our careers form rejects any applicant whose date of birth indicates they are under 18.

3. How long we keep it

Reservation requests: kept for up to 24 months after the requested visit date, then deleted automatically. You can ask us to delete them sooner at any time.

Career applications marked as declined or archived: deleted automatically 12 months after submission by a scheduled job.

Career applications marked as hired or under active review: kept for as long as the working relationship requires.

Photos uploaded with a career application: stored in a private bucket, accessible only to TAMILA management via short-lived signed links. Deleted together with the application.

You can request deletion at any time by writing to us at the email above.

4. Who we share it with and where it is stored

We do not sell your data. We share it only with service providers strictly necessary to operate the site and the venue: our database (Supabase, hosted in the EU — Frankfurt, eu-central-1), our deployment provider (Vercel, EU regions), and — once configured — our transactional email provider. Each of them is bound by GDPR-compliant data processing terms.

Personal data is stored on servers located inside the European Union. We do not transfer your data to countries outside the EEA. If that ever changes, we will rely on Standard Contractual Clauses (SCCs) approved by the European Commission and update this policy accordingly.

We may disclose information to law enforcement if required by Portuguese or EU law.

5. Your rights

You have the right to access, correct, delete, restrict the processing of, and receive a portable copy of your personal data, and to withdraw your consent at any time without affecting prior processing. Withdrawing consent for a career application means we will delete the application and all photos.

To exercise any of these rights, write to privacy@tamilaclub.pt. We will respond within 30 days.

If you believe we are mishandling your data, you also have the right to complain to the Portuguese data protection authority (CNPD — Comissão Nacional de Proteção de Dados, www.cnpd.pt).

6. Automated decisions

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you (GDPR Art. 22). Every reservation and every career application is reviewed personally by a member of TAMILA management.

7. Cookies and similar technologies

We use only strictly necessary cookies and storage required for the site to function. We do not set any analytics, advertising, or marketing trackers and therefore do not display a cookie consent banner.

ageVerified (browser localStorage) — Stores your confirmation that you are 18+ so the age gate does not appear on every visit. Necessary. Duration: until you clear your browser storage. Set by: TAMILA.

sb-<project>-auth-token (cookie) — Authenticates venue staff after they log in to the admin area. Necessary. Duration: until logout or session expiry. Set by: Supabase. Not set for public visitors.

Your language preference is encoded directly in the URL (e.g. /pt, /en) — no cookie is used to remember it.

8. Data Protection Officer

TAMILA is not legally required to appoint a Data Protection Officer under GDPR Art. 37, because our core activities do not consist of large-scale processing of special categories of data or systematic monitoring of data subjects. Privacy queries are handled by the management contact listed in section 1.

9. Changes

We may update this policy. The date at the top will reflect the most recent version. Material changes will be highlighted on the home page.

For any privacy question, write to privacy@tamilaclub.pt.