1. INTRODUCTION
The ADELAIDE HOTEL, owned by the company Adelaide Hotel, Lda., has adopted best practices regarding privacy and will use the Personal Data (both physical and online) of its clients (actual or potential) solely for clearly identified purposes and with their consent to that effect.
2. PERSONAL DATA
Personal Data comprises all information, of any nature and regardless of the respective medium, relating to a natural person who is directly or indirectly identified or identifiable.
3. DATA COLLECTION
In the scope of its operations, the ADELAIDE HOTEL may request the following Personal Data from its actual or potential clients—whether in person, by telephone, via email, or through its proprietary website:
- Name
- Number, issuing authority, and validity of the Civil Identification Card
- Gender
- Birth date
- Telephone
- Mobile phone
- Address
- Tax Identification Number
- Credit Card Details (for billing purposes)
The aforementioned Personal Data may also be obtained through partners, associated companies, or official entities, provided that the respective data subjects have authorized their transmission for this purpose.
4. DATA PROCESSING
The processing of Personal Data collected by ADELAIDE HOTEL is carried out in accordance with applicable legislation, in a fair and transparent manner towards the respective data subjects, and ensuring their privacy.
The processing is intended for clearly identified, objective, and legitimate purposes for which the Personal Data subjects have provided their consent, and is not subsequently processed in a manner incompatible with those purposes.
Data Subjects may withdraw their consent; however, this does not compromise the lawfulness of the processing carried out based on the consent previously given.
The processing of Personal Data may occur without the need for the consent of the respective data subjects if such processing is necessary for compliance with legal obligations to which ADELAIDE HOTEL is subject, for the fulfillment of a contract to which the data subjects are a party, for pre-contractual procedures undertaken at the request of the data subjects, or for the defense of other fundamental rights of the data subjects or of third parties.
The processing of Personal Data includes its:
- Collection
- Organization
- Conservation
- Consultation
- Usage
- Adaptation
- Change
- Registration
- Recovery
- Placement at Disposal
5. PURPOSE OF DATA PROCESSING
The processing of Personal Data requested from clients is intended to:
- To fulfill the legal obligations to which ADELAIDE HOTEL is subject as an economic entity providing hotel services, including the provision of information to competent authorities (the Foreigners and Borders Service, the Tax Authority, and the National Statistics Institute, among others);
- Execute pre-contractual and contractual procedures requested by clients;
- To provide all types of hotel services, including accommodation, dining, laundry, vehicle parking, and tourism programs, among other services typically provided in hotel establishments;
- Invoice and bill clients for services rendered;
- Contact clients by telephone, postal mail, email, or other means of communication;
- To inform customers about new products and services, offers, campaigns, promotions, updated information, or other content—including newsletters and opinion surveys—as well as for general marketing activities of the ADELAIDE HOTEL;
- Improve the user experience of the ADELAIDE HOTEL website;
- User registration on the ADELAIDE HOTEL website;
- Allow access to restricted areas of the ADELAIDE HOTEL website;
On its proprietary website, ADELAIDE HOTEL also collects information regarding the characteristics of users’ hardware devices and their browsers/software, as well as information about the pages visited within the website.
Users of this website will be required to provide consent for the creation and storage of a text file (Cookie) on their respective computers, in order to facilitate faster and easier access to the website, as well as to enable its personalization in accordance with user preferences.
6. DATA RETENTION PERIOD
The period of time during which Personal Data is stored and retained varies according to the purpose for which the information is processed, and there are legal requirements mandating that data be retained for a specific period of time.
Unless there is a specific legal obligation, Personal Data will be stored and retained only for the period necessary for the purposes that motivated its collection or subsequent processing.
7. DATA TRANSFER
The Personal Data collected by ADELAIDE HOTEL are not shared with third parties without the consent of the respective data subjects, except if:
- Such processing is necessary for compliance with a legal obligation to which the ADELAIDE HOTEL is subject;
- Data Subjects contract, through the ADELAIDE HOTEL, for services provided by other entities responsible for the processing of Personal Data—services in connection with which such data may be consulted or accessed by said entities—to the extent necessary for the provision of the aforementioned services;
- In the event of a transfer of Personal Data to third parties, reasonable efforts will be undertaken to ensure that the recipient uses such data in a manner consistent with this Privacy Policy.
8. SUBCONTRACTED ENTITIES
In the context of Personal Data processing, ADELAIDE HOTEL engages—or may engage—third-party entities subcontracted by it to process Personal Data on behalf of ADELAIDE HOTEL, and in accordance with the instructions provided by it, in compliance with applicable legislation and this Privacy Policy.
These subcontracted entities may not transmit Personal Data to other entities without having obtained prior written authorization from the ADELAIDE HOTEL; furthermore, they are prohibited from engaging other entities without the prior authorization of the ADELAIDE HOTEL.
The ADELAIDE HOTEL commits to subcontracting only those entities that offer maximum security in the implementation of appropriate technical and organizational measures, in order to ensure the protection of the rights of Personal Data subjects.
9. DATA SUBJECT RIGHTS
The ADELAIDE HOTEL guarantees the means to enable the User to access their Personal Data.
The User has the right to obtain from ADELAIDE HOTEL confirmation as to whether or not personal data concerning them is being processed, and, where applicable, the right to access their personal data and the following information:
- The purposes of data processing;
- The categories of personal data in question;
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or belonging to international organizations;
- The retention period for personal data;
- The right to request from the Pestana Group the correction, deletion, or restriction of the processing of personal data, or the right to object to such processing;
- The right to lodge a complaint with the CNPD or another supervisory authority;
- If the data was not collected from the User, the information available regarding the source of such data;
- The existence of automated decision-making, including profiling, and information regarding the underlying logic, as well as the significance and envisaged consequences of such processing for the data subject;
- The right to be informed about the appropriate safeguards associated with the transfer of data to third countries or international organizations.
Upon request, ADELAIDE HOTEL will provide the User, free of charge, with a copy of the User Data currently being processed. The provision of additional copies requested by the User may entail administrative costs.
10. IMPLEMENT TECHNICAL, ORGANIZATIONAL, AND SECURITY MEASURES
To ensure the security of Personal Data and its utmost confidentiality, ADELAIDE HOTEL treats information as absolutely confidential and in accordance with legally established terms and conditions.
In light of the nature, scope, context, and purposes of the processing of Personal Data—as well as the risks to the rights and freedoms of data subjects arising from such processing—ADELAIDE HOTEL commits to implementing, both at the time the means of processing are determined and at the time of the processing itself, the technical and organizational measures necessary and appropriate to protect Personal Data and to ensure compliance with legal requirements.
It further undertakes to ensure that, by default, only the data necessary for each specific processing purpose are processed, and that such data are not made available—without human intervention—to an indeterminate number of persons.
Communication between the user’s device and the ADELAIDE HOTEL website is conducted through secure communication channels utilizing the HTTPS protocol and the SSL security standard. Nevertheless, in terms of general measures, ADELAIDE HOTEL adopts the following:
- Regular audits aimed at assessing the effectiveness of the technical and organizational measures implemented;
- Awareness-raising and training for personnel involved in data processing operations;
- Mechanisms capable of ensuring the permanent confidentiality, availability, and resilience of information systems;
- Mechanisms that ensure the prompt restoration of information systems and access to personal data in the event of a physical or technical incident.
11. PERSONAL DATA BREACH
In the event of a data breach—and insofar as such a breach is likely to entail a high risk to the rights and freedoms of the data subject—the ADELAIDE HOTEL undertakes to notify the affected data subject of the Personal Data breach within seventy-two hours of becoming aware of the incident.
The ADELAIDE HOTEL commits to notifying the Supervisory Authority as soon as possible, without undue delay, and, whenever possible, within seventy-two hours of becoming aware of the data breach.
Under the terms of the law, notification to the data subject is not required in the following cases:
- In the event that the ADELAIDE HOTEL has implemented appropriate protective measures—both technical and organizational—and such measures have been applied to the Personal Data affected by the Personal Data breach—specifically measures that render the Personal Data unintelligible to any person not authorized to access such data, such as encryption;
- In the event that the ADELAIDE HOTEL has taken subsequent measures ensuring that the high risk to the rights and freedoms of the data subject is no longer likely to materialize;
- If communicating with the data subject entails a disproportionate effort for the ADELAIDE HOTEL, it will issue a public notice or take a similar measure through which the data subject will be informed.
12. DATA PROTECTION OFFICER (DPO)
No DPO has been designated, given that the ADELAIDE HOTEL is not a public authority or body, does not regularly and systematically monitor Personal Data subjects on a large scale, and does not process sensitive Personal Data on a large scale.
13. CHANGES TO THE PRIVACY POLICY
The ADELAIDE HOTEL reserves the right to modify this Privacy Policy at any time.
If the changes are substantial, a notice will be posted on your website.
14. APPLICABLE LAW AND FORUM
The Privacy Policy, as well as the collection, processing, or transmission of Personal Data, are governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and by the applicable legislation and regulations in Portugal.
Any disputes arising from the validity, interpretation, or enforcement of this Privacy Policy, or relating to the collection, processing, or transmission of Personal Data, shall be submitted exclusively to the jurisdiction of the courts of the Judicial District of Vieira do Minho, without prejudice to applicable mandatory legal provisions.
