Privacy Policy

Our privacy policy addresses:

The entity responsible for collecting and processing your personal data will be the commercial company. This information and this website are the property of the commercial company Hotel Rota Malhoa, Unipessoal Lda, legal person n.º 516617508, headquartered at Rua Major Neutel de Abreu, Nº 155, R/C, Vale Albardas 3260-427 Figueiró dos Vinhos and share capital of €5000.00 (five thousand euros), hereinafter identified as “the owner”.

Personal data is any and all information, of any nature and on any medium, relating to an identified or identifiable natural person. A person who can be identified directly or indirectly by any element that allows their identification is considered identifiable. The personal data processed include name; contact details; postal address; email addresses, telephone numbers, civil and tax identification documents and bank details, etc.

On this website, personal data are collected and processed for the purposes of acquiring services provided by the owner. The collection of your personal data is carried out as part of the procedure for requesting information or contracting the hotel reservation service, at the initiative of the user.

Any collection and processing of data through other digital communication channels that are associated with this website (such as, without limitation, electronic means of communication and social networks), is carried out as part of the contact request procedure of the user's initiative or contracting the owner's services.

Your personal information may be collected through other sources, such as travel agencies, who are also responsible for ensuring the protection of your data.

The data we collect is the following:

Contact request: name and email address

Hotel reservation service: Name, email address, telephone contact, country of residence, bank details, NIF and address;

The personal data collected is used to provide the services that the user can access through this website. Personal data are processed to provide information requested by the user and to be able to guide and manage the existing or potential contractual relationship between the user and the owner. User data is also processed for compliance with tax legislation and on money laundering and terrorist financing, as well as for conflict verification and in the pursuit of our legal, regulatory and risk management obligations, including in the exercise of rights or in defense of lawsuits.

Basics of use:

  • Provision of Consent: when the client gives his free, informed, specific and unequivocal consent, in writing, verbally or through the validation of an option.
  • Execution of contract and pre-contractual steps: when the processing of personal data is necessary for the execution of contracted services or within the scope of contracted services or in the process of contracting, namely for requests for information, preparation of proposals, provision of the hotel service, management of contacts and/or complaints, invoicing, collections and payments;

 

  • Compliance with a legal obligation: when the processing of personal data is necessary to comply with a legal obligation, such as the obligation to identify the customer or the communication of identification or traffic data to police, judicial entities , tax or regulatory or location data to ensure emergency services;
  • Legitimate interest: when the processing of personal data corresponds to a legitimate interest of the owner, such as the processing of data to improve the quality of service and deter fraud.

The natural person user to whom the data relate, even if representing a collective entity, and who has contracted or demonstrates any intention of intending to contract the owner's hotel services, through the website, even if by simply submitting a request of contact.

Contact request: name and email address

Hotel reservation service: Name, email address, telephone contact, country of residence, bank details, NIF and address;

With regard to the video surveillance of its facilities, the owner will only keep the recordings of images and respective personal data for a maximum period of 30 days.

Your personal data are processed only for the period necessary to carry out the defined purpose and depending on what is applicable, namely, but without limitation, for 10 years the data necessary for information to the Tax Authority for accounting or tax purposes and for 7 years with the purpose of combating money laundering and terrorist financing.

After the respective conservation period has elapsed, the data will be deleted or anonymized, whenever they should not be kept for a different purpose that may survive.

Your personal data is not sold or rented or made available to third parties for commercial purposes.

The sharing of your personal data with third parties, in accordance with the contractual and legal provisions in force, is restricted to:

  • Public entities, namely, but not limited to, the Tax Authority, the Foreigners and Borders Service or Turismo de Portugal;
  • Professionals who collaborate with the owner, regardless of the existence of an employment relationship or subcontractors who act on behalf of the owner;
  • IT and design service providers with regard to the development and support of platforms associated with the development of the owner's activity:
  • When necessary or required, personal data may also be shared with regulatory authorities, courts and official entities. Although it is unlikely, we may be required to disclose your data to comply with legal requirements. We will use reasonable efforts to notify you prior to such sharing, unless we are legally prevented from doing so.

Appropriate, necessary and sufficient logical, physical, organizational and security measures are in place to protect your personal data against destruction, loss, alteration, dissemination, unauthorized access or any other form of accidental or unlawful treatment.

If the provision of the service involves conflict with a legal system other than Portuguese, it may be necessary to transfer your personal data to locations outside Portugal. If the data has to be transferred outside the European Economic Area (“EEA”) – and which is not part of the list of countries that the European Commission has already considered to meet adequate levels of protection of personal data – data transfers will be ensured in full compliance applicable legal rules, namely chapter V of the RGPD.

  • Right of access: consists of the right to obtain confirmation of which personal data are processed and information about them.
  • Right of rectification: consists of the right to request the rectification of your personal data that are wrong/outdated or request that those when incomplete be completed.
  • Right to erase data or “right to be forgotten”: consists of the right to obtain the deletion of your personal data, provided that there are no valid grounds for its conservation.
  • Right to portability: consists of the right to receive the data you have provided in a digital format that is commonly used and can be read automatically or to request the direct transmission of your data to someone else who becomes the new person responsible for your personal data.
  • Right to withdraw consent or right of opposition: consists of the right to oppose or withdraw your consent, at any time, to data processing.
  • Right of limitation: consists of the right to request the limitation of the processing of your personal data, in the form of suspension of processing or limitation of the scope of processing to certain categories of data or purposes of processing.
  • Right to complain: consists of the right to present a complaint to the supervisory authority, the CNPD, in addition to the company.

 

The exercise of rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged taking into account the costs. Information must be provided in writing, but upon request, it may be provided orally. The response to requests must be provided within a maximum period of 30 days, unless it is a particularly extensive or complex request. Exercise your rights through the following address: geral@hotelrotamalhoa.com

Furthermore, you have the right to lodge a complaint with the supervisory authority, the CNPD
www.cnpd.pt, if you consider that the requirements of the GDPR or the applicable national legislation with regard to your personal data have not been met.

 

This Privacy Policy page was prepared by a lawyer, and its content is protected by copyright, so that any reproduction, even partial, is prohibited under penalty of committing the crime of counterfeiting, provided for and punished by articles 196 º and 197º of the Code of Copyright and Related Rights, punishable by imprisonment for up to three years and a fine of one hundred and fifty to two hundred and fifty days, according to the seriousness of the infraction, both aggravated twice in case of recurrence.