Data privacy policy and consent to its use
“We”, “us”, “our” and other similar pronouns mean, depending on the context, the specific Data Controller as specified below.
Thank you for visiting our website and for your interest in our company.
Our interactions with our customers and stakeholders are a matter of trust. We really value the trust you have placed in us, which means that we are committed to exercising great care when handling your data and protecting it from misuse.
To make you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. For this reason, we only act in accordance with the applicable legislation on the protection of personal data and data security. The purpose of this data privacy notice is to provide you with information about the data we store and how we use it in accordance with applicable case law.
This Privacy Policy applies to all hotels managed and operated under the SANA Hotels brand, their food and beverage establishments, as well as their spa and fitness facilities.
All of our companies comply with the EU’s General Data Protection Regulation, the current Law Implementing the Portuguese GDPR (Law no. 58/2019, of August 8).
To protect your personal data while using the Internet, we are guided by the Portuguese Decree-Law on Electronic Commerce in the Internal Market and the Processing of Personal Data (Decree-Law no. 7/2004, of January 7).
Below, we explain what information we collect during your visit to our websites and how it is used.
OVERVIEW
NAME AND ADDRESS OF DATA CONTROLLER
The entity responsible for the GDPR and other national data protection laws of the member states, as well as other data protection regulations is the following, according to the website you are visiting and/or according to the entity that collects and processes your personal data:
SANA HOTELS
Myriad Crystal Center Building, Cais das Naus
Lot 2.15.02
1990-173 Lisbon, Portugal
.
EPIC SANA MARQUÊS
www.sanahotels.com/pt/hotel/epic-sana-marques/
Azimar Investimentos Turísticos, S.A.
Av. Fontes Pereira de Melo, N.8
1069-310 Lisboa, Portugal
FORMULÁRIO DE CONTACTO / CONTACTO POR E-MAIL
1. Description and scope of data processing:
To the extent that a contact form is provided on our website, this can be used to establish contact electronically. If a user contacts us via the contact form, the data entered in the input template will be transferred to us and stored. This data includes: title, name and surname, address, e-mail address, telephone number and reason for contact. You can also contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail must be stored.
2. Legal basis for data processing:
Our legitimate interest in processing data in the context of contact with you is the initial legal basis for processing data. If the purpose of the contact is to conclude a contract, the initiation of a business relationship or a contractual relationship will constitute the additional legal basis for data processing.
3. Purpose of data processing:
We only process personal data taken from the input template of the contact form for the purpose of establishing contact. If we are contacted by e-mail, we also have a legitimate interest in processing the data. Other personal data processed during the submission process is used to prevent misuse of the contact form and to guarantee the security of our computer systems.
4. Duration of storage:
Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of personal data sent by e-mail, the data will be deleted when the correspondence with the user has ended. The correspondence ends when it can be inferred from the circumstances that the matter in question has been conclusively resolved. If the contact is made on the basis of a pre-contractual relationship (offer or booking request), the data transmitted will be additionally stored in our hotel and/or event software and used for the execution of contracts. If no contractual relationship arises, the data will be deleted after a period of one year from the end of the year.
5. Option for opposition and deletion
Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of personal data sent by e-mail, the data will be deleted when the correspondence with the user has ended. The correspondence ends when it can be inferred from the circumstances that the matter in question has been conclusively resolved.
The enquirer (data subject) can revoke their consent to the processing of personal data at any time. For this purpose, we have set up the e-mail address privacy@sanahotels.com. In the event of an objection, correspondence cannot continue and we cannot continue to make offers, etc. In this case, all personal data stored when the contact was made will be deleted.
RECOLHA, TRATAMENTO E UTILIZAÇÃO DE DADOS PESSOAIS
1. Description and scope of data processing:
SANA Hotels Portugal, S.A., Edifício Myriad Crystal Center, Cais das Naus, Lote 2.15.02, 1990-173 Lisboa, Portugal is responsible for making central reservations. To enhance our services, we manage all the data received in the central hotel software within the hotel group. The establishment where the reservation is made is responsible for this.
The respective booking data can only be viewed by the person responsible. Together, access to a guest's master data is used, for example, to make a reservation for another hotel at a later date, to make a rebooking or to carry out marketing activities centrally. Central services, such as booking and marketing, have access to this data. The legal basis for data processing is our legitimate interest in processing data within the scope of central administration and using the data of our customers and business partners within the hotel group.
If the services are used, as a rule, only such data is collected as is necessary for the provision of the services. If more data is collected, this will be voluntary information. Personal data is processed exclusively for the purpose of fulfilling the requested service and to protect our own legitimate business interests in accordance with Art. 6(1) f) GDPR.
Contact information from bookings may be used later by the sales department for advertising purposes. Advertising campaigns preferably include the sending of e-mails. The use of the e-mail address requires the consent of the guest in accordance with Art. 6(1) a) GDPR.
Your data will only be processed for purposes other than those mentioned above if such processing is in accordance with Article 6(4) of the GDPR and is compatible with the original purposes of the contractual relationship. We will inform you of these processing operations before processing your data in this way.
2. Legal basis for data processing:
The legal basis for processing the data is the conclusion of an accommodation contract with the guest.
The data transmitted will be stored in our hotel software and used to conclude the contract. If there is no contractual relationship, the data will be deleted after a year, at the end of the year.
3. Groups of people affected, data and data categories:
In order to fulfill the purposes listed, personal data is collected, processed and used for the following categories:
Booking data (specifically address data, contact data, booking data, customer requests, billing data)
Other customer data (specifically address, billing and performance data)
4. Recipients to whom the data may be disclosed
The data can be communicated to subsequent recipients:
Internal units involved in the execution and fulfillment of the respective business processes (e.g. hotels in the hotel group, central reservation, accounting, sales and marketing, IT organization) Public bodies that receive data based on legal regulations (e.g. police forces, public authorities)
External contractors according to Art. 28 GDPR (service providers)
Other external bodies (e.g. credit institutions, companies, provided that the data subjects have given their written consent or that the transmission is permitted for overriding legitimate interests)
5. Purpose of data processing
The main purpose of collecting, processing or using personal data is the administration, care and hospitality of guests within the framework of the accommodation contract, in accordance with Art. 6(1) b) of the GDPR.
6. Duration of storage
The legislator has decreed various obligations and retention periods. After the expiry of these periods, the corresponding data and data records are routinely deleted or anonymized if they are no longer required for the performance of the contract.
7. Option for opposition and deletion
The user may object to the processing of personal data at any time. To this end, we have set up the e-mail address privacy@sanahotels.com.
RESERVAS ONLINE ATRAVÉS DO WEBSITE
1. Description and scope of data processing
The conclusion of an accommodation and/or Food and Beverage service contract with the user will constitute the legal basis for data processing.
The data transmitted will be stored in our hotel software and used to conclude contracts. If no contractual relationship arises, the data will be deleted after a period of one year from the end of the year.
2. Legal basis for data processing:
The legal basis for processing the data is the conclusion of an accommodation contract with the guest.
The data transmitted will be stored in our hotel software and used to conclude the contract. If there is no contractual relationship, the data will be deleted after a year, at the end of the year.
3. Purpose of data processing
We only process personal data taken from the input template of the contact form for the purposes of processing booking enquiries and completing payment transactions.
4. Duration of storage
Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as the national, commercial, statutory or contractual retention requirements have been met.
5. Option for opposition and deletion
The user may object to the processing of personal data at any time. For this purpose, we have set up the e-mail address privacy@sanahotels.com.
We would like to draw your attention to the fact that, if you object, we will not be able to complete the booking or continue sending you correspondence.
APOIO, ACONSELHAMENTO E PUBLICIDADE PARA CLIENTES CORPORATIVOS
1. Description and scope of data processing
For the support, advice and advertising of corporate clients, in addition to information about the business partner or potential business partner, we also collect and use information about the contact person, telephone number and postal address. Information is obtained from various sources, either by requesting it (by email or telephone) or at events, fairs, business cards received by our sales team, etc.
2. Legal basis for data processing:
Our legitimate interest in processing data will otherwise constitute the legal basis for processing data. If the purpose of the contact is to conclude a contract, the initiation of a business relationship or a contractual relationship will constitute the additional legal basis for data processing. To improve our services, we manage all the data received in the CRM module of our hotel software.
3. Purpose of data processing
We use this contact information exclusively for our own purposes and to design our own sales activities based on demand.
4. Duration of storage
No specific deadline has been set for disposal. However, if our sales department has not had contact with a corporate contact for a period of three years, the sales team will decide whether the corporate contact person's data will be deleted.
If the contact is for a pre-contractual relationship (offer, reservation or booking request), the data transmitted will be additionally stored in our hotel software and used for the execution of contracts. If no contractual relationship arises, the data will be deleted after a period of one year from the end of the year.
5. Option for opposition and deletion
The corporate contact can object to the processing of their personal data at any time. For this purpose, we have set up the e-mail address privacy@sanahotels.com.
In this case, all personal data of the contact person stored for the business partner will be deleted.
AVALIAÇÕES ONLINE
1. Description and scope of data processing
Former customers can rate the establishment after they have checked out. We would like to send you an e-mail within 14 days of your departure to ask you to submit an evaluation of the establishment. Upon request, reviews can be published anonymously. If you did not enjoy your stay at our hotel, or did not feel comfortable in our hotel, we would like to take the opportunity to contact you.
If you submit an online review on our website, the data will be stored in the REVIEW RANK, S.A., Calle Aribau, 240, 6-M, CP-08006 Barcelona, Spain rating tool. REVIEW RANK, S.A. has undertaken to process your transmitted data in a manner compatible with data protection. You have taken all organizational and technical measures to protect your data.
If you, as a former customer, have the opportunity to submit an online evaluation, the data entered in the evaluation template will be stored. This data includes: e-mail address and voluntary information such as name, surname and language, as well as evaluation statements.
2. Legal basis for data processing:
Our legitimate interest in processing data will otherwise constitute the legal basis for processing data.
3. Purpose of data processing
The purpose of the establishment evaluation is to communicate and summarize the opinions of hotel guests on our website and on third-party websites so that interested parties can form their own opinion regarding our services. The results are also used for our internal quality management.
The data is used exclusively for publishing reviews and for mediation in the event of negative reviews.
4. Duration of storage
The data must not be deleted.
5. Option for opposition and deletion
You can object to the use of your e-mail address to send an evaluation e-mail in the registration form. You can also delete the published review at any time (right to be forgotten). To this end, we have set up the e-mail address privacy@sanahotels.com.
Tell us which evaluation your request relates to!
SERVIÇO DE NEWSLETTER
1. Description and scope of data processing
You can subscribe to the Allora newsletter service on our website. If you use this option, the data entered in the input template (name, e-mail address, telephone number, preferences) will be transmitted to SANA Hotels Portugal, SA, Edifício Myriad Crystal Centre, Cais das Naus, Lote 2.15.02, 1990-173 Lisboa, Portugal and stored. If we receive an e-mail address where the recipient clearly informs us that they would like to receive our newsletter, we will collect their data via the input template on our website.
2. Legal basis for data processing:
The legal basis for processing data is the consent of the recipient. This is ensured by a double authorization procedure for data collection.
3. Purpose of data processing
We only process personal data for the purpose of sending individual newsletters.
4. Duration of storage
The data will be deleted as soon as the newsletter service is canceled.
5. Option for opposition and deletion
As a recipient of newsletters, you have the option of objecting to the use of your data for advertising purposes at any time. Each newsletter gives you the option to unsubscribe from the newsletter service. We have also set up the e-mail address privacy@sanahotels.com.
Please give us your e-mail address when you place your order!
CANDIDATURA A UM ANÚNCIO DE EMPREGO
1. Description and scope of data processing
On our website and via Internet portals (especially hotelcareer.de), you have the opportunity to apply for advertised vacancies. If you choose this option, as a candidate, the data transmitted to us can be stored and used. These data are:
Title, first name, surname
Contact information (e-mail address, telephone number)
Cover letter
Annex with detailed application
Initially, the data is not shared with third parties in this context. Otherwise, the data is used exclusively for processing the application by the specialist department and for communication.
2. Legal basis for data processing:
The legal basis for processing the data is the process of negotiating a contract or concluding a contract with the user. We will obtain your prior consent for the long-term storage of application documents and for passing on the application to third parties.
3. Purpose of data processing
Personal data is only processed to enable us to deal with the application.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to fulfill the purpose for which it was collected, no later than 6 months after rejection. In the case of a contractual relationship, we will delete the data received as soon as the national, commercial, statutory or contractual retention requirements have been met.
5. Option for opposition and deletion
You have the option of objecting to the processing of your data at any time. To do this, send an e-mail to the same address used to send the job application. We have also set up the e-mail address privacy@sanahotels.com.
PROVISÃO DO WEBSITE E CRIAÇÃO DE FICHEIROS DE REGISTO
1. Description and scope of data processing
Whenever this website is accessed, our system records data and information from the computer system of the computer, smartphone or other mobile device that performed the access by means of an automated system. The following data is collected as part of this process:
Information on the type of browser and version used
User's operating system
User's IP address
Access time and date
Websites from which the user's system reached our website
Websites accessed by the user's system through our website
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user. In this sense, it is not possible to create personal user profiles. The data stored will be evaluated for statistical purposes only.
2. Legal basis for data processing:
The legal basis for the temporary storage of data and log files is to safeguard our legitimate interests.
3. Purpose of data processing
The system temporarily stores the user's IP address in order to make the website available on the user's computer. To do this, the user's IP address must be stored during the session. Storage in log files is carried out to guarantee the functional capacity of the website. The data also helps us to optimize the website and ensure the security of our computer systems. The stored data can be evaluated for statistical purposes or to track cyber-attacks on the website carried out by third parties. This is also the reason behind our legitimate interest in data processing.
4. Duration of storage
Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. When data is collected to make the website available, this is the case when the respective session ends. When data is stored in log files, this happens after a maximum of seven days. Storage can be maintained after this period. In this case, users' IP addresses are deleted or disordered so that they cannot be attributed to the requesting customer (data subject).
5. Option for opposition and deletion
The collection of data to make the website available and the storage of data in log files are necessary for the operation of the website. Therefore, it is not possible for the user to object.
UTILIZAÇÃO DE COOKIES
1. Description and scope of data processing
Cookies are small files that allow us to store specific user-related information on your computer when you visit our website. Cookies help us determine the number of users who have used our website, as well as their frequency of use, and allow us to organize our products and services in the most convenient and effective way possible for you. We use "session cookies", which are temporarily stored on your computer during the period in which you use our website. Session cookies are stored on your data carrier and are used to ensure specific settings and functionalities on our website via your browser. The cookies we use will be deleted at the end of the browser session, i.e. when you close your browser. We also use cookies on our website to analyze user browsing habits. In this way, the following data can be transmitted: search terms entered, frequency of page views, use of website functions. Technical measures are used to anonymize user data that is collected in this way. It is therefore not possible to assign data to an enquirer (data subject). The data will not be stored together with other personal data of the user. By visiting our website, you are informed about the use of cookies for analysis purposes. Your consent to the processing of personal data is also obtained in this context. At this point, the user is also directed to the data privacy policy.
2. Legal basis for data processing:
Our legitimate interest in processing data is the legal basis for processing personal data using cookies, which are technically necessary. The provision of the user's consent for this specific purpose constitutes the legal basis for the processing of personal data through analytics-based cookies.
3. Purpose of data processing
Technically necessary cookies are used to simplify the use of the website by users. Some of the functions of our website cannot be provided without the use of cookies. These services require the browser to be recognized again after a page change. User data collected through technically necessary cookies will not be used to create user profiles. Analysis cookies are used to improve the quality of our website and its content. These cookies allow us to learn how the website is used so that we can continually improve our offer.
4. Duration of storage
Cookies are stored on the user's computer, which transmits them to our website. This will give you, as the user, full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings of your Internet browser. Previously stored cookies can be deleted at any time. Cookies can also be deleted automatically. If cookies are disabled for our website, some features of our website may no longer be available. You can also enjoy our offers without cookies or scripts. You can disable the storage of cookies and scripts in your browser, you can restrict cookies and scripts on certain websites or you can configure your browser so that you are notified whenever a cookie is activated. You can delete cookies from your computer's hard disk at any time. You can install an add-on to your browser to block scripts. Examples of these browser add-ons are NoScript for Firefox and ScriptSafe for Google Chrome. Not only do they block all types of Javascript, they also block selected trackers, Java, Flash and other plug-ins on websites. If third-party cookies are a concern for you, you can disable only these cookies and still enable the cookies that allow our website to function properly. However, these changes may affect the way the website is displayed or limit its functionality. Below, we provide more information about the cookies used on our website. These cookies allow us to customize the features and content of the website to your needs by storing your preferences. Cookies can be used, for example, to store your user data on our forum or to select the language. They can also be used to provide interactive information so that you can view our virtual catalogs or watch videos, for example:
Cookie name
tt-domain-user-id
Function of cookies
The booking function uses this cookie.
5. Additional information
In addition to the information provided above on the use of cookies, we would like to draw your attention to the following: Use of Google Analytics, Google DoubleClick Cookies, Google Conversion Tracking and Google Remarketing. Our website may use Google Analytics, Google DoubleClick Cookies, Google Conversion Tracking and Google Remarketing
These services are provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google").
This website uses Google Analytics, a web analysis service provided by Google Inc. Google Analytics uses so-called "cookies". These are text files stored on the user's computer that facilitate an analysis of the use of the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and truncated there in exceptional cases. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and Internet use. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by changing the respective settings in your browser software; however, you may not be able to use all the features of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to using the browser add-on or on mobile browsers, click on this link to prevent future detection by Google Analytics within this website. It will store an opt-out cookie on your device. If you delete your cookies, you must click on this link again. The explanations provided above in Section XI(1) to (4) apply accordingly.
Deactivation of Google advertising
(http://www.google.com/privacy_ads.html) or on the cancellation page of the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp)
Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed by marketing professionals using this interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record personal data. The tool causes other tags to be activated, which in turn can record data under certain circumstances. Google Tag Manager does not access this information. If recording has been disabled at the domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
Use of social media plug-ins
Plug-ins from the social network Facebook, operated by Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into the pages of our websites. You can recognize Facebook plug-ins by the Facebook logo or the "Like" button on our pages. You can find an overview of Facebook plug-ins here: developers.facebook.com/docs/plugins/. When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook server. Thus, Facebook receives the information that you have visited our website from your IP address. If you click on the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. In this way, Facebook can assign the visit to the pages of our website to your user account. We, as the provider of the pages on our website, do not receive any notification of the content of the data transmitted from Facebook, nor do we receive any notification of its use
PROTEÇÃO DE MENORES DE IDADE
Overview
This service is specifically for adults. Currently, we don't have any services aimed specifically at minors. As a result, we do not knowingly collect age rating information, nor do we knowingly collect personal information from children under the age of 16. However, we advise all visitors to our website under the age of 16 to avoid disclosing or providing any personal information to our service. If we discover that a minor under the age of 16 has provided us with personal information, we will delete said minor's personal information from our files to the extent technically possible.
DIREITOS DO TITULAR DOS DADOS
Overview
When your personal data is processed, you become the data subject within the meaning of the GDPR and will have the following rights in relation to us ("the controller"):
You have the right to information about the personal data stored about you, including the purpose of the processing, as well as about any transfer of data to third parties and the duration of the data storage.
If the data is incorrect or no longer necessary for the original purpose for which it was collected, you can request that the data be corrected, deleted or that the data processing be restricted. In accordance with the processing procedures, you can also view and correct your data if necessary.
You have the right to object, at any time, on compelling legitimate grounds relating to your particular situation, to the processing of your personal data, provided that the processing is based on a legitimate interest. Following an objection, the controller may no longer process the personal data concerning you, unless the controller can prove compelling reasons for the processing which require protection and which override your interests, rights and freedoms, or can prove that the processing is for the purpose of asserting, exercising or defending legal claims. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is directly related to such direct marketing. If you object to processing for direct marketing or profiling purposes, the personal data concerning you should no longer be used for these purposes.
You have the right to revoke your declaration of consent at any time under data protection law. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the moment of revocation.
DIREITO DE APRESENTAR UMA RECLAMAÇÃO JUNTO DE UMA AUTORIDADE DE CONTROLO
Overview
As a data subject, you have the right to lodge a complaint with a data protection supervisory authority, namely in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data concerning you violates data protection.
The regulatory authority with which the complaint was lodged must inform the complainant of the progress and outcome of the complaint, including the possibility of judicial review.
More information can be found on the website of the National Data Protection Commission.
SEGURANÇA
Overview
We are responsible for ensuring the protection of your personal data. To protect your personal data from unauthorized access and illegal use, alteration, distribution or copying, we take appropriate technical and organizational measures, such as anti-virus or anti-spyware, subject to permanent updates, SSL encryption of confidential data (credit card, reservation form), firewalls, frequent backups or limited access to personal data, when necessary.
We know that no security measure is 100% efficient and secure, but we are committed to protecting the integrity and confidentiality of your personal data. To this end, we will continue to review and improve our security measures. When you access our website using a username and password created or selected by you, you are responsible for the password and the confidentiality and protection of those credentials.
Last updated in February 2023