Who is responsible for the processing of your personal data?
In the context of contacts, use of website , social networks and direct reservations made in the European Union space with our hotel units, through our website , those responsible for the treatment of your personal data, during the booking processes , are the operating entities of the various hotel units * and Oásis Atlântico Hotel Management, Lda., legal person nº 505158930, headquartered at Rua Hermano Neves , no. 22, 4º C, 1600-477 Lisbon, Portugal, hereinafter referred to as “we”.
What personal data do we process?
We will only collect the personal data that is necessary for the respective purposes, and unnecessary and superfluous data will not be collected.
For example, in order to be able to comply with your reservation processes and contacts made directly with us, we may collect your name, address, date of birth, nationality, email address, telephone, preferences, comments, names of family members and companions. , such as number and age of minors, diet and taxpayer number for billing purposes. We may also collect information regarding the type of browser and computer used, technical information regarding the way it connects to the website , namely, the operating system and the form of internet access .
The data you provide regarding your credit card for payment of the reservation are not directly collected or stored by us, but by a third party provider of the reservation service that is linked to the appropriate security and privacy measures. p>
You may also be provided with data from special categories, namely health data - allergies, diabetes, reduced mobility and food intolerances, for which we will always ask for your consent in order to treat them. The objective is solely to adapt and adapt your stay in the hotels managed by us.
Regarding suppliers and partners, we can also collect tax and address data for billing and logistics purposes.
Some of the identification and financial data listed above is a necessary requirement for us to handle a reservation (customers), enter into a contract (suppliers and partners) or be able to comply with legal obligations (for example tax obligations), failure to communicate such data implies the impossibility of performing the contract.
How do we collect your data?
We collect your personal data directly through the following way: through direct reservations on our website , when you ask us to send you newsletters or ask us for information or get in touch with us by phone, email or social media.
For what purposes do we process your personal data?
We collect your personal data for the following purposes:
- In order to fulfill and manage the reservations made through our website ;
- In order to be able to respond to requests for information and requests and manage your preferences (for example, on the floor, smoking or non-smoking rooms, specific requests);
- In order to be able to issue invoices and comply with other legal obligations;
- In order to be able to respond to requests for information and requests and even complaints that you send to us. In this case the treatment is based on our legitimate interests;
- In order to manage the contents of our website, social networks, publicized hobbies and management of loyalty programs. In this case the treatment is based on our legitimate interests;
- In order to carry out statistical analysis and assess the satisfaction / quality of the services provided to improve them. In this case the treatment is based on our legitimate interests;
- In order to be able to send newsletters, advertising and promotional campaigns and information on new offers of products, services and developments, to which we will ask for your consent. You can withdraw your consent at all times, just by sending an email to the following address: email@example.com or through the address: Oasis - Human Resources Department, Rua Hermano Neves, n.º 22, 4º C, 1600 - 477 Lisbon.
- If you are a supplier or partner, we may use your personal data to manage our contractual relationship, make payments, manage complaints, issue invoices;
What are the legal bases for treatment?
The legal bases for the processing of your personal data are:
a) Execution of the contract between the parties, or execution of pre-contractual steps at the request of the data subject;
b) Compliance with legal obligations to which we are subject;
c) Legitimate interests pursued by us;
d) Your consent, when none of the above legal bases is applicable;
How long do we keep your information for?
We will keep your data for the period necessary to pursue the purpose for which they were collected and are intended, or for the period required by law, respecting their conservation, the guarantees of secrecy and confidentiality recommended by the GDPR.
After the termination of the contractual relationship, the data will be kept for a period of 10 years.
After this period your data will be irreversibly destroyed or anonymized.
Who do we share your data with?
We may share your personal data within our business group for internal administrative purposes, whenever that sharing is related to the provision of our service, with the group's legitimate interest in that sharing.
We may also share personal data with third parties who provide services to us and who assist us and make it possible for us to provide the service to you, namely, computer services (website hosting and content management), software (reservation management, hotel management), services for sending satisfaction surveys, logistics and consultancy services. They may also be shared with third parties for the exclusive fulfillment of a legal obligation that is required of us, such as Public Authorities.
Such third parties will handle the data solely and exclusively on our behalf, following our documented instructions and only third parties are hired who present sufficient guarantees for the execution of appropriate technical and organizational measures in a way that the treatment meets the requirements of the GDPR and of in such a way that the rights of the data subject are defended, this treatment being regulated by written contract.
If personal data is transferred outside the European Union, we will ensure that all necessary security measures are complied with, as well as that these transfers take place under standard contractual clauses approved by the European Commission for this purpose, if the country to which data can be transferred has not been considered by the Commission to guarantee an adequate level of protection.
What are your rights?
You have the right to request access to your personal data, as well as its rectification or deletion, and the limitation of processing with respect to the data subject, or the right to object to the processing, as well as well as the right to data portability;
You can also withdraw consent for the processing of your personal data, when such treatment is based exclusively on your consent, at any time, without compromising the lawfulness of the treatment carried out based on the consent previously given.
Under the terms of the applicable legislation, you are guaranteed the following rights:
You can exercise these rights by e-mail to the address: firstname.lastname@example.org or through the address: Oasis - Human Resources Department, Rua Hermano Neves, n.º 22, 4º C, 1600 - 477 Lisbon.
Your requests will be treated by us in a careful manner so that we can comply with your rights, however you may be asked to prove your identity, in order to ensure you are completely sure that your personal data they are only shared with the interlocutor holder himself.
The exercise of your rights will not imply the payment of any fee. However, if there are unfounded, repetitive or excessive orders, we may subject them to a fee.
Can you complain?
Yes. You also have the right to lodge a complaint with a supervisory authority.
In Portugal, the competent supervisory authority is the National Data Protection Commission, located at Av. D. Carlos I, no. 134, 1200-651, telephone: 21 3928400. More information at www.cnpd. pt.
Are there automated decisions, including profiling?
At the moment there is no treatment for automated decision making, including the definition of profiles, however, if they exist in the future, you may as a holder of personal data, oppose them, under the terms and for the purposes of the article. . 22. of the GDPR.
* Oásis Atlântico Imobiliária, SA , Legal person nº 200 100 793 with headquarters in Cidade Santa Maria - Ilha do Sal - Cape Verde that operates the Hotel Sea Salinas; Fortaleza Atlântico Hotéis, Ld , Legal person nº G066077-0 / CPF / MF 618.119.833-40, with headquarters at Avenida Beira Mar, 2500 Meireles, Fortaleza, Ceará, Brazil, (which operates the Hotel Imperial Atlantic Oasis); Porto Grande Hotéis, S.A.R.L , Legal person nº 55115723883, headquartered in the City of Mindelo, S. Vicente Island, Cape Verde (Hotel Porto Grande operates); HotelMar, SARL, Legal person No. 200 124 706, headquartered in Praia, Santiago Island, Cape Verde (which operates Hotel Praia Mar) and Sal Hotéis, SARL strong >, Legal person nº 200 183 125, headquartered in Santa Maria - Ilha do Sal - Cape Verde (which operates the Hotel Belorizonte);