Privacy Policy

Policies

Ródão Empreendimentos Turísticos SA is increasingly committed to customer satisfaction, and to this end it is committed to certifying its hotels through the adoption of measures aimed at reducing the impact of tourist activity on the environment in which they operate.

Privacy and Cookies *

Ródão Empreendimentos Turísticos SA, a legal entity based in Portugal, is committed to protecting the privacy and personal data of all individuals with whom it interacts, namely customers, suppliers and employees.

* Use of “COOKIES”: “Cookies” are small software tags that are stored on the computer through the browser, retaining only information related to preferences, not including, as such, personal data.

In this sense and in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27-04-2016, also known as the General Regulation for the Protection of Personal Data (hereinafter GDPR) and other applicable legislation, Ródão Empreendimentos Turísticos SA has established this Privacy Policy.

1.Settings

To ensure a better understanding of this Privacy Policy, it is important to know the concepts. For this reason, Ródão Empreendimentos Turísticos SA provides a glossary of the terms it considers most important:

Personal data: Any information relating to an identified or identifiable natural person (“data subject”); An identifiable natural person is considered to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: Any operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, broadcast or any other form of availability, comparison or interconnection, limitation, erasure or destruction.

Special categories of personal data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data that uniquely identifies a person, health data or relative data to a person’s sex life or sexual orientation.

Sensitive categories of personal data: Personal data relating to the economic or financial situation of the data subject, (other) personal data that may lead to stigmatization or exclusion of the data subject, usernames, passwords and other registration elements, personal data that could be used for identity fraud.

Responsible for processing: Natural or legal person, public authority, agency or other body that, individually or jointly with others, determines the purposes and means of processing personal data.

Processor: Natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible for processing them.

Consent: Expression of will, free, specific, informed and explicit, by which the data subject accepts, through a declaration or unequivocal positive act, that personal data concerning him or her will be subject to processing.

Breach of personal data: Breach of security that causes, accidentally or unlawfully, the unauthorized destruction, loss, alteration, disclosure or access to personal data transmitted, stored or subject to any other type of processing.

Privacy by design: Means taking privacy risks into account throughout the process of designing a new product or service, rather than considering privacy issues only later. This means carefully evaluating and implementing appropriate technical and organizational measures and procedures from the outset to ensure that the processing complies with the GDPR and protects the rights of the data subjects concerned.

Privacy by default: Means ensuring that mechanisms are put in place within an organization to ensure that, by default, only the necessary amount of personal data will be collected, used and preserved for each task. This obligation applies to the extent of its processing, the conservation period and its accessibility. These measures ensure that personal data is not made available without human intervention to an indefinite number of natural persons.

Pseudonymisation: Processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

2.Scope

Ródão Empreendimentos Turísticos SA is dedicated to hotel and tourism activities and, within the scope of this activity, processes personal data.

This Privacy Policy applies exclusively to personal data for which Ródão Empreendimentos Turísticos SA is responsible for processing within the scope of its area of ​​activity, whether in the commercial area or in the human resources area

Data can be collected in person, by telephone and in writing, by e-mail, by fax or through websites.

Ródão Empreendimentos Turísticos SA websites may include access links to other websites that are outside Ródão Empreendimentos Turísticos SA.

Access links to Ródão Empreendimentos Turísticos SA websites may be included on websites outside Ródão Empreendimentos Turísticos SA. Ródão Empreendimentos Turísticos SA cannot be held responsible for the processing of data carried out through such third-party websites.

3.Purposes and basis for data processing

Personal data processed by Ródão Empreendimentos Turísticos SA has several purposes and bases:

Management of the contractual relationship: The processing of personal identification and other data is necessary for the conclusion and fulfillment of the service provision contract concluded between Ródão Empreendimentos Turísticos SA and its customers. Customers can choose to provide additional information (e.g. allergies, dietary restrictions, illnesses and mobility problems), which will only be used to help Ródão Empreendimentos Turísticos SA provide the best possible service. The processing of personal data is also necessary to fulfill contracts for the provision of services and goods between Ródão Empreendimentos Turísticos SA and its suppliers.

Legal obligations: Ródão Empreendimentos Turísticos SA is subject to compliance with legal obligations that impose data processing.

Quality: Ródão Empreendimentos Turísticos SA may analyze its customers’ information, collected through surveys, complaints and other means, for statistical purposes if it has their respective consent.

Marketing: With the consent of the holders, Ródão Empreendimentos Turísticos SA may process personal data to send information about promotions, campaigns, newsletters and other relevant information to its customers.

Profiling: Ródão Empreendimentos Turísticos SA may analyze its customers’ commercial information to identify consumption profiles for statistical purposes and/or, if it has their consent, send personalized information to its customers.

Video surveillance: For the safety of customers and employees, Ródão Empreendimentos Turísticos SA hotels have video surveillance systems, in accordance with the law.

Competitions and competitions: Ródão Empreendimentos Turísticos SA may promote competitions and competitions for which processing of personal data is necessary, in accordance with applicable regulations.

Recruitment: Candidates can compete for specific vacancies (through internal recruitment or outsourcing) or submit spontaneous applications, and must, to do so, provide personal data necessary for recruitment. The information provided by candidates will be processed only for recruitment purposes and will be kept for a maximum of 2 years.

Human resources management: For the execution of the employment contract, employees must transfer personal data to Ródão Empreendimentos Turísticos SA If necessary, specific consents will be requested for the processing of data that require it (for example for special data categories and sensitive).

4.Cookies

Cookies are used on Ródão Empreendimentos Turísticos SA websites to improve your browsing experience and provide the best possible service. Cookies are small files that are stored on access devices through the browser, only retaining information related to preferences, thus not including personal data. Despite being able to manage cookies directly in the browser, by continuing to browse the website, the user will be consenting to their use; however, by disabling cookies, you may prevent some web services from functioning correctly, partially or completely affecting website navigation.

5.Rights of holders

Under the GDPR, data subjects have, among others, the following rights:

• Right of access;
• Right to rectification;
• Right to be forgotten;
• Right to limit treatment;
• Right to data portability;
• Right to object;
• Right to revoke consent.

If you wish to exercise any of your rights or clarify any doubts, the holder must contact Ródão Empreendimentos Turísticos SA, in writing, addressed to the “Privacy Responsible”, to the head office address, email: info@rodaohotel.com or by filling out the form available on the hotel website.

6.Duties of Ródão Empreendimentos Turísticos SA

Ródão Empreendimentos Turísticos SA proposes to:

a) only collect data for specific, explicit and legitimate purposes;

b) minimize data collection, promoting only appropriate collection that is relevant and limited to what is effectively necessary in relation to the purposes and adequate and pertinent data;

c) not use the data collected for purposes other than the collection and consent obtained;

d) update data whenever necessary;

e) keep the data in such a way that their identification is only possible for the period necessary for the purposes for which they were collected;

f) protect data against unauthorized or unlawful processing and against accidental loss, destruction or damage;

g) iimplement the principles of privacy by design and by default in personal data processing activities/processes;

h) adopt a privacy by design reference framework;

i) implement encryption or pseudonymization techniques for data in use;

j) ensure compliance with the GDPR.

Written at its headquarters in: August 2023.

This policy will be updated periodically.