Privacy Policy

HOTEL DURÃO

Privacy Policy

The Hotel Durão is committed to protecting the privacy of all its customers and suppliers. As such, we have formulated this policy to showcase our dedication and commitment to upholding the rights of personal data owners, in compliance with the General Data Protection Regulation and other relevant legislation.

Hotel Durão adheres to best practices in the domain of security and personal data protection. To this end, we have developed and implemented a rigorous set of technical and organizational measures to safeguard the data provided to us by all those who are in any way related to the Company.

In this context, Hotel Durão appoints a Data Protection Officer responsible for implementing and monitoring this Privacy Policy, as well as defining clear rules for the processing of personal data. This ensures that all individuals who entrust us with their personal data understand how the Company manages data and what rights they have in this regard.

Responsible for personal data processing

Hotel Durão is accountable for handling the personal data of all its customers and/or prospective clients in a lawful manner.

Any communication regarding the protection of your personal data should be forwarded to:

Email: responsavelgdphd@hoteldurao.com
Address: Avenida da Bélgica n.º 203,
3510-159 Viseu

Scope of application

This data protection policy applies to all individual persons, data subjects, whose personal data is collected and processed by Hotel Durão regarding:

  • Pre-contractual measures at the request of the data subject;
  • Customers with whom a contractual relationship has been established;
  • Data subjects who have given their explicit consent for the collection and processing of their personal data for marketing, advertising, service satisfaction evaluation and any other purposes duly identified.

Categories of personal data we process
Categories of data subjects
Customers

Personal Data Categories
Personal Description
Identification Numbers
Other Identifiers

Data
Name, address, phone/mobile phone, email
Tax Identification Number (NIF), credit card details (card type, card number, cardholder name, expiration date, cvc), citizen card number, passport, identification card validity, license plate

Signature

How and when we collect your personal data – Basis for processing of your personal data
Your personal data will be collected and processed in the following situations:

  • Execution of pre-contractual diligences in the context of making a reservation at our hotel, where we may collect your data directly (i.e. directly from the user: in person, by phone, via email, institutional website) or indirectly (i.e., through partner entities or third parties: online booking platforms).
  • Contractual relationships;
  • Compliance with legal obligations applicable to Hotel Durão;
  • Processing is necessary for the vital interests of the data subject or of another individual;
  • When processing is necessary for the performance of tasks carried out in the public interest or for the exercise of the public authority vested in the data controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party;
  • If you have given your consent for the collection and processing of your personal data and if that consent is freely given, informed, specific and unambiguous.

Purpose of Data Collection and Processing

Our main objective is to ensure that all data collected is entirely suited to its purpose and is not subsequently processed in a manner incompatible with it, being restricted to the strictly necessary.

Purpose

Marketing and Sales
Reservation management
Customer management and service provision
Service assessment
Accounting, tax and administrative management
Litigation management
Computer security control
Physical security control

Example of purpose (non-exhaustive)

  • Marketing and sale of new products or services;
  • Customer registration on the website;
  • Reservation records.
  • Provision of hotel services and associated services (restaurants, bars, etc.);
  • Customer contact management;
  • Complaint management.
  • Customer satisfaction surveys, service evaluation;
  • Accounting, billing and collection;
  • Fiscal information, including sending information to the tax authority;
  • Judicial and extrajudicial collection;
  • Management of other conflicts;
  • Access management, logs;
  • Backup management;
  • Security incident management;
  • Video surveillance.

Processing Time and Data Retention

Hotel Durão processes and retains personal data in accordance with the purposes for which they are processed. Personal data is processed by Hotel Durão only for the period necessary to fulfill the defined purpose, or as required by applicable law, or until you exercise your right to object, to be forgotten, or to withdraw your consent.

As such, Hotel Durão will process and retain personal data for the duration of the contractual relationship with the data subject. However, we may need to retain personal data beyond the contractual relationship, either based on the consent of the data subject, to ensure rights or obligations related to the contract, or because we have legitimate interests that justify it, but always for the strictly necessary period to achieve the respective purposes and in accordance with the guidelines of the CNPD.

Personal data collected and processed with the consent of the data subject will be kept for a maximum period of 5 years, following which new consent will be requested from the data subject if consent has not been withdrawn during this period.

Following the expiration of the respective retention period, Hotel Durão will delete or anonymize the data whenever they are not required for a different purpose that may continue to exist.

Access rights

Right of access, rectification, erasure, restriction, portability and objection to the processing of your personal data

According to the General Data Protection Regulation, the data subject is guaranteed the right to access, rectify, erase, restrict, port and object to their personal data.

  • Subject to certain conditions, you may have the right to request from us:
  • Availability of additional information about how we use your personal data;
  • A copy of the personal data you provided to us;
  • To provide your personal data to another data controller at your request;
  • To update any inaccuracies in the personal data we hold;
  • Deletion of personal data whose use is no longer legitimate;
  • Limitation of how we use your personal data until the submitted complaint is investigated;
  • Objection to the processing of personal data concerning you, provided there are no compelling legitimate reasons for the processing.

The exercise of these rights is subject to certain exceptions aimed at safeguarding public interest (prevention or detection of crimes) or our interest (maintenance of professional secrecy), or the legislation applicable to Hotel Durão.

Response period

If you choose to exercise any of these rights, we will assess them and reply, expectantly, within 30 days.

How to exercise your rights

The exercise of rights is free, except in the case of a manifestly unfounded or excessive request, where a fee of €25.00 may be charged.

Information must be provided in writing, but if requested, it can be provided orally, with your identity being confirmed through non-verbal methods.

Exercise your rights through:

Data Protection Officer – Rui Filipe Costa Durão

email: responsavelgdphd@hoteldurao.com and/or
address: Data Protection Officer

Avenida da Bélgica n.º 203,

3510-159 Viseu

Right to object

Right to object and automated individual decisions, including profiling

Hotel Durão does not subject their customers to any decision made exclusively through automated processing, including profiling.

Right to Lodge a Complaint with a Supervisory Authority.
Data subjects have the right to lodge a complaint with a supervisory authority if they are dissatisfied with our use of their personal data or with our response after exercising any of these rights. You have the right to lodge a complaint with your supervisory authority (National Data Protection Commission – CNPD | Rua de São Bento, No. 148, 3rd, 1200-821 Lisbon | Tel: +351 213928400 | Fax: +351 213976832 | email: geral@cnpd.pt).

Communication of personal data breach to the data subject

If a personal data breach occurs and it constitutes a high risk to the rights and freedoms of data subjects, the data subjects will be informed.

  • The nature of the personal data breach;
  • The categories of personal data;
  • Number of affected data subjects;
  • Estimated number of personal data records affected;
  • Probable outcomes of the personal data breach;
  • Measures taken and/or proposed by the data controller to rectify the personal data breach and if applicable, measures to mitigate any adverse effects.

Consent

Hotel Durão requests the consent of the data subject, which must be given, if deemed appropriate, through a positive act that indicates a clear, free, specific, informed and unequivocal/explicit manifestation that the data subject has consented to the processing of data concerning them.

Whenever Hotel Durão requests your consent, if you need any additional information beyond that received at the time of obtaining your consent, you may request it, using the contacts referred to above.
If you wish to receive marketing campaigns or advertisements for our services, you must give permission.

How to modify or revoke your consent

You can, at any time, change or withdraw your consent, with effect for the future.
To do so, you should send a letter or email to the aforementioned contacts.

Measures adopted by Hotel Durão to ensure the security of your personal data

Hotel Durão has implemented rigorous technical and organizational measures, necessary and sufficient, to protect your personal data against its dissemination, loss, misuse, alteration, processing or unauthorized access, as well as against any other form of unlawful processing.

Compliance with these rules constitutes an unequivocal obligation for all those who legally access them.

In this regard, our website requires encrypted Browser sessions and all personal data you provide to us about yourself is stored securely in Hotel Durão’s computer systems, which in turn are housed in the company’s own Datacenter, protected by all physical and logical security measures we believe are essential for safeguarding your personal data.

We employ various security measures, such as encryption and authentication tools, to safeguard and uphold the security, integrity and accessibility of your personal data.

Although data transmission over the Internet or website cannot guarantee total security against intrusions, may not provide full security against intrusions, we and our subcontractors endeavor to implement and maintain physical, electronic and procedural security measures to protect your personal data in accordance with applicable data protection requirements. Among other steps, we have implemented the following:

  • Restricted personal access to your personal data based on the ‘need to know’ criterion and only within the scope of the purposes communicated;
  • All accesses are limited and defined according to the exclusive need, for the performance of the function and implementation of the service, which originated the need to collect personal data from individuals, ensuring their confidentiality;
  • All Hotel Durão employees, with special emphasis on those who have access to and process personal data from individuals, are subject to confidentiality rules and are fully aware, sensitized, informed and trained about the application of the General Data Protection Regulation;
  • Data protection measures from conception (privacy by design) and a set of preventive measures favorable to privacy (privacy by default);
  • Transfer of collected data only in encrypted form;
  • Protection of information technology systems through firewalls, aimed at preventing unauthorized access to your personal data;
  • The existence of a strict policy on access to computer systems and information, as wel as recording of actions carried out by Hotel Durão employees regarding personal data of customers, suppliers and subcontractors (logging);
  • Continuous monitoring of access to information technology systems to prevent, detect and prevent misuse of your personal data;
  • Audit and control mechanism to ensure compliance with security and privacy policies;
  • An information and training program for employees.

Data transfer to subcontractors

Your data may be forwarded to subcontractors for processing on behalf of Hotel Durão, following instructions provided by Hotel Durão.

When this happens, Hotel Durão takes appropriate measures to ensure that subcontracting entities, which have access to personal data, comply with the General Data Protection Regulation and provide the highest level of guarantees in this regard, which will be duly stipulated and safeguarded in a contract signed between Hotel Durão and the subcontractor.

Changes to the Privacy Policy

The Hotel Durão reserves the right to make adjustments or alterations to this Privacy Policy at any time, with said changes being duly advertised on the Company’s website.