Privacy policy
Who we are
This document describes how we use and share personal data that you provide us either through the use of this website, in connection with creating and managing reservations that are made with us, sending enquiries, or for sending you marketing communications.
In exception to the circumstances described in this privacy policy, we do not share your personal information with third parties.
We are a group of companies whose main focus of activity is the operation and management of hotel establishments, tourist developments, golf courses, other sports and leisure facilities and food & beverage facilities, such as restaurants, bars, clubhouse, etc.
Personal information we collect
We collect personal information when you book with us or request or use our services. This includes hotel, golf course and other sports and leisure facilities and food & beverage facilities visits, using our websites or apps, or corresponding with us. We may also receive personal data about you from another source. This includes:
• Personal Identifiers - title, name, marital status, postal and email addresses, postcode, IP addresses and contact telephone numbers. We may also collect the names of those who are part of a group booking where necessary, and the age of children to meet your needs (e.g. to provide a cot) and enable us to confirm any restrictions that may apply to a room booking;
• Transaction Information - payment, reservation and booking details, including meals, beverages & car parking;
• Customer special requests and feedback including complaints - via call centres, emails and in person at one of our locations
How do we use your information, and what is the legal basis for this use
To fulfil a contract, or take steps linked to a contract.
This is relevant when you want to make a reservation with us; or receive other products and services from us such as meals and includes:
• making, amending or administering your bookings and meal orders;
• providing products and services requested by you;
• verifying your identity;
• processing payments;
• communicating with you;
• providing customer services, including managing complaints; and
• alerting you by text, email or phone in the event of an unplanned incident, as a result of which we have to make alternative arrangements under our contract (or where we believe it is in your vital interests).
If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.
In our legitimate interests regarding the conduct of our business, in particular:
• Ensuring customer satisfaction, maintaining goodwill and dispute resolution
• we provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes.
• We reserve the right to request evidence to support any claims or complaints.
• In our guest satisfaction surveys, we ask you to rate your stay and make suggestions for improvement so that we can improve our services.
To protect our business and prevent fraud
• monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business; and
• if you provide a credit or debit card as payment, we use third parties to check the validity of your bank account or card details in order to prevent fraud.
For business performance and improvement
• monitor and record CCTV, call centre communications, including incoming and outgoing calls and emails for staff training, quality improvement purposes and establishing facts; and
• analyse transactions to enable us to improve our services and products and plan for our business.
• Safety & Security of our Guests and Employees
• to protect premises and for security purposes including information recorded from CCTV;
• to monitor food safety and hygiene;
• to obtain statements from witnesses to accidents and other incidents; and
• for the detection and prevention of crime.
Developing Products and Services
• for monitoring the use of our websites in order to improve their performance
• we use personal data of some individuals to invite them to provide feedback or take part in market research; and
• to understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us;
Legal and Regulatory purposes
• in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with claims, legal process or litigation);
• to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents;
• to prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law;
Where you give us consent:
• we will send you emails, texts and push notifications (including newsletters) in relation to products and services provided by us, or by our named affiliates and carefully selected partners;
• when you use our websites or apps, we place cookies and use similar technologies on your computer, mobile or other device and we use such technologies such as pixel tags and web beacons in marketing emails and communications (also see our Cookie Notice)
• we may use your data to provide personalised promotional offers to you where permitted to do so by law;
• we will process health information, such as dietary, accessibility, and allergy information you or a party on your behalf provides to us (we may also be able to do this where it is in your vital interests);
• on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
You have the right to withdraw consent at any time.
For purposes which are required by law:
• To record the identity and nationality of overseas guests on check-in. These guests will be asked to complete a registration form and provide their identity card/passport details, in accordance with the applicable law. Acceptable forms of identification are: a passport, driving licence, ID card.
• in response to requests by government, law enforcement authorities, or intelligence services and court orders;
• we may be required to share information with other licensees in accordance with local licensing requirements; and
• responding to a rights request under data protection legislation.
To protect your vital interests or those of another person:
• disclosing your personal information to the emergency services where we believe it is necessary to protect your vital interests or the vital interest of another person; and
• where you (or a person acting on your behalf) provide us with dietary or other personal health data such as allergies.
Where is personal information stored
Our customers' personal information are processed within the European Economic Area (EEA), where they are protected by European legislation, more precisely the General Data Protection Regulation (GDPR). We only share personal data information with third parties, provided it is legally authorized for this purpose.
With whom do we share personal information
In connection with the purposes set out above, we will sometimes share Personal Information with other group companies, we may also share personal information with third parties.
Transfers within the group companies will be covered by an agreement entered into by members of the group (an intra-group agreement) which contractually obliges each group company to ensure that your Personal Information receives an adequate and consistent level of protection wherever it is transferred within the group.
Service Providers
For some activities, we use third party service providers including where we are joint controllers.
Your personal data will be disclosed to such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests. Third parties may be used to:
• administer bookings;
• provide Wi-Fi;
• undertake customer feedback surveys;
• provide analytics;
• send promotional offers;
• provide personalised advertisements;
• provide insurance;
• provide IT development, support, maintenance and hosting, including the provision of applications and website hosting;
• process payments to enable you to pay by credit or debit card;
• provide credit checks and fraud checks; and
• provide CCTV systems and maintenance.
Other parties
Personal information may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.
We disclose your personal information to payment providers, technology providers, insurers, and other specialist professional and technical advisers, to manage your bookings, arrange payments, and provide services.
When we do, we establish adequate contractual arrangements and security mechanisms to protect data and comply with data protection, confidentiality and security regulations.
Supervisory Authorities
We share information with supervisory authorities as part of our obligations and to help ensure the health of the hospitality sector in Portugal.
In compliance with a legal or regulatory obligation or to protect our rights or the rights of others, we may share data with any law enforcement body, regulator, court, government authority or otherwise.
International Data Transfers
Sometimes we, or third parties acting on our behalf, may need to transfer Personal Information outside of the EEA.
We’ll always take steps to ensure that any transfer of Personal Information outside the EEA is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place.
This might include transfers to countries that will provide adequate levels of data protection for your Personal Information (as determined by the European Commission) or putting contractual obligations in place with the party we are sending information to.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention
We keep Personal Information for as long as is reasonably required for the purposes explained in this Privacy Notice. We also keep records – which may include Personal Information – to meet legal, regulatory, tax or accounting needs.
For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your Personal Information will depend on your relationship with us and the reasons we hold your Personal Information.
To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.
Your Legal Rights
You have a lot of rights relating to your personal information. You have the right to:
- Request Access - The right to access the personal information we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request Correction - The right to request the correction of inaccurate personal information we hold about you.
- Request Deletion - The right to request that we delete your data, or stop processing it or collecting it, in some circumstances where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Request Transfer - The right to request that we transfer or port elements of your data either to you or another service provider. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Object to processing - Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
- Request restriction of processing - This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Withdraw consent at any time - Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Should you wish to exercise any of your privacy rights, please contact us via the details provided below.
Complaints
We try to provide better customer service, but if you are not satisfied, you should contact us in order to look into your queries.
Name: Hélia Ferreira
Contacts
Avenida Almirante Gago Coutinho, 30 – Piso 3, 1000-017 Lisboa – Portugal
dpo@details.net
You can also direct your questions to the National Data Protection Commission (CNPD), the entity that regulates the processing of personal data in Portugal:
- Phone: 351 213928400
- In writing to: Av. D. Carlos I, 134, 1st, 1200-651 Lisbon, Portugal
- Through its website at www.cnpd.pt.
Our local data protection officer can be contacted by email or by letter to addresses provided above.