PRIVACY AND DATA PROTECTION POLICY


May 24th, 2018

 

INTRODUCTION

On April 14th 2016 the European Parliament approved the general Data Protection Regulation (RGPD), which replaced the previous Directive 95/46/EC transposed into the Portuguese legal order in Law No. 67/98 of 26 October, that still in force.

This regulation, which effective application will be on May 25th 2018, aims to harmonize the laws that rules this matter in the EU countries, but above all create a new awareness and approach to the way in which data are seen and treated.

At 3HB Hotels, our main goal is to make available to all guests who contact us and visit, from the moment of first contact by phone or email to check-out, a quality service and a memorable holiday.

With this objective in mind, we are committed to preserve the privacy, integrity and security of personal data that our guests, employees, and all users who contact us, share with us.

This privacy policy has been developed with the aim of making you aware of the principles and obligations we undertake in terms of data protection.

 

TERMS USED AND DEFINITIONS

Guest/Customer – someone who makes a reservation, stays housed or uses any of the services of our hotel units.

User – Someone who asks us for a quote or places an issue through our website, personally, by letter, phone, email, participates in a pastime organized by us or uses the Wi-Fi services offered in our properties, but is not a Guest/customer of ours.

' 3HB ', ' 3HB ', ' we ', ' our ' – refers to the company ' 3HB Hotels & Resorts Single-Personal LDA ', brand 3HB hotels and all associated hotel units.

Personal data - It is the data used to identify a person: "An identifiable person can be identified directly or indirectly (...), including by reference to an identifier, e.g. name, identification number, data from Location or identifier on-line, or to one or more specific elements of your physical, physiological, genetic, psychological, economic, cultural or social identity."

Special categories of personal data – special categories of personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic data, biometric, health, Sexual life or sexual orientation of a person.

Data controller – will be a natural or collective person, a public or private entity, agency, institution or any other body that decides how and why the data is processed. Therefore, a physical or legal person who, in isolation or in conjunction with others, determines the purposes and means of processing personal data.

Data processor – shall be a natural or collective person, a public or private entity, agency, institution or any other body which treats personal data on behalf of the Controller of these (subcontractor). That is, the one that processes personal data on behalf of the Controller.

Consent – Manifestation of will, free, specific, informed and explicit, whereby the data subject accepts, by means of an unequivocal declaration or positive Act, that personal data relating to him are the object of treatment.

Processing of personal data – any type of operations performed on personal data. Examples include: the collection, registration, organization, structuring, conservation, adaptation or alteration, recovery, consultation, use, dissemination by transmission, dissemination or any other form of availability, comparison or interconnection, The limitation, deletion or destruction.

 

WHO IS RESPONSIBLE FOR HANDLING YOUR PERSONAL DATA?

The entity responsible for the treatment of your data is 3HB HOTELS & Resorts Unipessoal LDA with address in Urbanização Quinta do Milharó, Escritório Central - Albufeira, registered in the Conservatória do Registo Comercial of Albufeira with the Fiscal Identification Number 513913378.

While responsible we promote the confidentiality and privacy of your personal data, ensuring your protection and proper use in accordance with the reason why they were made available to us and based on the terms defined in this policy.

 

3HB HOTELS – Who are we?

3HB Hotels is the brand used by different legal entities which are associated with the properties in activity under this trademark:

– 3HB Clube Humbria

– 3HB Golden Beach

– 3HB Falésia Mar

– 3HB Falésia Garden

 

HOW WE COLLECT AND TREAT YOUR PERSONAL DATA?

This data protection and privacy policy applies to all personal information collected by 3HB, whether it is related to guests/customers, users, employees or candidates.

We will collect your personal information when you make it available to us by telephone, email, through our website, reservation platforms, through application form or in person.

The personal data we collect is:

  1. the necessary for the purpose of the treatment concerned;
  2. processed in a transparent manner and in strict respect for the private life reserve, as well as for the fundamental rights, freedoms and guarantees of data holders;
  3. lawfully, loyally and transparently treated for certain and explicit purposes;
  4. treated appropriately and limited to what is strictly necessary to continue the treatment purposes concerned.

Legal basis for data processing: We will use your personal data only in accordance with the strictly necessary for the services we provide and in accordance with the legal requirements.

The legal bases that support our data collection and treatment are as follows:

  1. The data shall be necessary for the realization of a contract for the provision of the service requested by the customer or for the procedures prior to the realization of such a contract (reserve);
  2. The guest/customer has given their consent to the collection and processing of the data;
  3. Data shall be necessary for the fulfillment of a legal obligation;
  4. Data is necessary for the protection of your vital interests or other individuals.

For what purpose do we treat the personal data of our guests/customers, users, employees or candidates?

  1. To effectuate your reservations and/or to make available the requested services or facilities;
  2. To process the respective payment;
  3. To manage our business relationship, which may imply requiring you to fill in questionnaires or feedback forms;
  4. After booking, to send the necessary confirmation as well as any other information we consider in your interest to facilitate your stay with us;
  5. For the submission of general and promotional information about our hotel units (only in the specific case of having authorized these shipments through the subscription of our newsletter);
  6. When required by law;
  7. Where necessary to protect your health and well-being or other individuals.

The given consent can always be withdrawn at any time through contact for the data available in the point ‘HOW DO I GET MORE INFORMATION ABOUT DATA PROTECTION AND CONTACT THE DATA PROTECTION OFFICER?’.

 

WHY DO WE TREAT YOUR DATA?

We treat different types of data according to your relationship with us, namely:

  1. GUESTS/CUSTOMERS - The personal data we collect and treat may include:
    1. Name, email address, address, phone number;
    2. Date of birth;
    3. Bank and credit card data;
    4. Booking history;
    5. Transactional data that may include payment details and service details;
    6. Information related to the use of our services, such as room preference, special requests, feedback and response to satisfaction surveys;
    7. History of consumption;
    8. Marketing preferences.
  2. USERS - The personal data we collect and treat may include:
    1. Name, email address, address, telephone number; date of birth;
    2. Marketing preferences.
  3. EMPLOYEES OR CANDIDATES - The personal data we collect and treat may include:
    1. Name, email address, address, telephone number; date of birth;
    2. Academic history;
    3. Professional history;
    4. Personal, fiscal and social security identification number;
    5. Health data relevant to the development of professional activity.

We will use your personal data only in accordance with the strictly necessary for the services we provide and in accordance with the legal requirements. The legal bases that support our data collection and treatment are as follows:

  1. Data are necessary for the realization of a contract for the provision of the requested service or for the procedures prior to the realization of such a contract (reserve, employment contract);
  2. User has given its consent to the collection and processing of the data;
  3. Data are necessary for the fulfillment of a legal obligation;
  4. Data is necessary for the protection of your vital interests or other individuals.

We will only treat special categories of data when it is necessary under your relationship with us. Under any circumstances, we will only take care of these special categories of data based on one of the following fundamentals:

  1. Because you gave us your consent;
  2. Where it is necessary to fulfill obligations/exercise of rights in respect of labour law, security or social protection;
  3. Where the data have manifestly become public by its holder;
  4. Where treatment is necessary for reasons of an important public interest;
  5. If the treatment is necessary for the purpose of preventive medicine or work or for the evaluation of the working capacity of the employee.

 

HOW LONG DO WE KEPT YOUR DATA?

We retain your personal data only for the period that is strictly necessary for the continuation of the purposes that motivated your collection.

There are legal requirements that require us to keep the data for a minimum period of time. Thus, and where there is no specific legal requirement, the data shall be stored and retained only for the minimum period necessary for the purposes which motivated its collection or subsequent treatment or, for the period of time authorized by the Responsible entity, after which they will be eliminated.

 

WHICH ARE YOUR RIGHTS?

You have the right to request access to your personal data, as well as its rectification or deletion, the limitation of treatment or to oppose treatment, as well as the right to data portability.

  1. ACCESS – You have the right to access the personal data processed, and to know the conditions under which the treatment is carried out, and may request access to them or to obtain a copy of the personal data;
  2. RECTIFICATION – You have the right to require the rectification of your personal data and that are not correct. In view of the purposes of the treatment, if those data are incomplete, you may also require them to be completed;
  3. DELETION/OBLIVION – In certain circumstances, such as those listed below, you have the right to require the controller to erase your personal data:
    1. The data are no longer necessary for the purpose of its collection;
    2. You have withdrawn the consent on which the treatment is based and there is no other legal basis;
    3. You have opposed to treatment and there are no legitimate interests prevailing;
    4. Personal data have been treated in an illicit manner;
    5. This deletion results from the fulfilment of a legal obligation to which the person responsible is subject;
  4. LIMITATION OF TREATMENT – You have the right to restrict the processing of your personal data when:
    1. Contests the accuracy of personal data (during the period allowing the Controller to verify its accuracy);
    2. The treatment is illicit and the holder opposes the deletion of the data;
    3. Data is no longer necessary for the purposes of treatment, but is required by the holder for the purpose of declaring, exercising or defending a law in a judicial process;
    4. If you opposed to the treatment in the exercise of the direct opposition (until it is verified whether the legitimate interests of the controller prevail or not on this right);
    5. The data are no longer necessary for the purpose of its collection;
    6. You have withdrawn the consent on which the treatment is based and there is no other legal basis;
    7. You opposed to treatment and there are no legitimate interests prevailing;
    8. Personal data have been treated in an illicit manner;
    9. This deletion results from the fulfilment of a legal obligation to which the person responsible is subject.
    10. Where such a situation occurs, personal data may only be subject to treatment (except conservation) with the consent of the holder or for the purpose of declaring, exercising or defending a right in a judicial process, defending the rights of another person (individual or company), or for great reasons of public interest. You will be informed before the limitation of treatment is cancelled.
  5. PORTABILITY – You have the right to receive the data concerning you and that you have provided us, in a structured format, of current use and automatic reading and the right to transmit those data to another entity, when:
    1. The treatment is based on the consent of the holder;
    2. The treatment is carried out by automated means;
    3. When technically possible, you may also request that personal data be transmitted directly between those responsible for the treatment.
  6. OPPOSITION – You have the right, at any time, due to reasons related to your specific situation, to oppose the processing of your personal data, when the treatment is based on legitimate interests pursued by the person responsible for the treatment.
    When exercising the right of opposition, we shall cease the processing of data, unless there are compelling and legitimate reasons for such treatment, which prevail over the rights of the holder.

To exercise any of these rights, can you send us your request, using the contacts indicated on the point ‘HOW DO I GET MORE INFORMATION ABOUT DATA PROTECTION AND CONTACT THE DATA PROTECTION OFFICER?’.

 

TO WHOM DO WE COMMUNICATE YOUR DATA AND WHY?

The provision of our services and the availability of information requested to us may imply the communication of your personal data to other entities, such as:

  1. Subcontracting entities for the processing of data under instructions and on behalf of the person responsible (including booking platform services or tour operators, customer management services, vocational training, accounting services and Consulting, financial services, and security services). In such cases, the person responsible shall ensure that such sub-contracting entities, including entities based outside the European Union, provide sufficient guarantees to implement appropriate technical and organizational measures in a manner Whereas the treatment satisfies the legal and regulatory requirements in force and ensures the protection of the rights of data holders.
  2. Third parties:
    1. when the data communication is necessary for the fulfilment of legal obligations or judicial orders,
    2. for the satisfaction of requests from public or governmental authorities (such as the tax authority, the authority for working conditions, Social security, the service of Foreigners and frontiers, among others.

Except in the context of compliance with legal obligations, in no event shall personal data be communicated to third parties in addition to the situations already mentioned.

 

HOW DO WE PROTECT YOUR DATA?

The security of your data is very important to us, so we use the appropriate technical and organizational means taking in consideration the nature of the data treated in order to protect your personal data and prevent unauthorized access, disclosure, loss or destruction.

Some examples of these measures includes:

  1. The anonymization and the encryption of personal data, where possible;
  2. The ability to ensure the confidentiality, integrity, availability and permanent resilience of treatment systems and services;
  3. The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;
  4. A process for testing, assessing and evaluating regularly the effectiveness of technical and organizational measures to ensure the safety of treatment.
  5. Our employees who, in the performance of their duties, treat personal data, are obliged to have professional secrecy, including after the end of their duties, and to be bound to observe the provisions of this policy, as well as in the Applicable legislation on the protection of personal data.

The procedures required to deal with suspected personal data violations are also included in order to be able to notify the holders of the affected personal data as well as the applicable regulatory authority during the necessary periods.

 

USE OF COOKIES

We use cookies on our website to improve the performance and experience of the users.

What are cookies? Cookies are small text files stored in your computer via the Internet browser, storing only information related to user preferences (generic information), not including the user's personal data.

The cookies we use on our website observe the principles of anonymity and confidentiality and have the sole purpose of recognize the user, not being used in any case to collect information that identifies the user, nor for direct marketing purposes.

Cookies helps our website to recognize the user's device in the next visit.

What are cookies for? Cookies serves to help determine the usefulness, interest and number of uses of our website, allowing for faster and more efficient browsing, eliminating the need to repeatedly introduce the same information.

What kind of cookies are used on our website? The cookies used have different functions and are distinguished in the following terms:

  1. Analytical Cookies – are used anonymously for the purpose of creating and analyzing statistics, in order to improve the functioning of the website.
  2. Functionality Cookies – Stores user preferences for the use of the site, so that you do not need to re-configure the site each time you visit.
  3. Third-party Cookies – measures the success of applications and the effectiveness of third party advertising. They can also be used in order to customize a widget with user data.

Cookies may be:

  1. Permanent: They are stored, by variable time, at the level of the Internet browser on your access devices and are used whenever the user makes a new visit to the website. Typically, they are used to direct navigation according to the user's interests, allowing us to provide a more personalized service.
  2. Session cookies: They are temporary, remain in the cookies of your Internet browser until you leave the website. The information obtained allows to identify problems and provide a better browsing experience.

How to manage Cookies? All Internet browsers allow the user to accept, refuse, or delete cookies, namely by selecting the appropriate settings in the respective Internet browser.

After authorize the use of cookies, the user may always turn off part or all of the cookies.

 

CHANGES TO PRIVACY POLICY

We can make changes to this policy at any time and without notice. The changes will be effective after publication on our website.

 

HOW TO GET MORE INFORMATION ABOUT DATA PROTECTION AND CONTACT THE DATA PROTECTION OFFICER?

For the exercise of any type of rights of data protection and privacy or for any clarification concerning the topics of data protection, privacy and information security, our guests/customers, users, employees and candidates may contact the Data Protection 0fficer through the following email

 

For any other questions the following general data may be used:

    [email protected]

    +351 289 003 033

    Apartado 629, 8200-998 Albufeira, Portugal

 

    GO BACK