Customer Privacy Policy

1. Commitment of SGEHR, Sociedade Gestora e Exploradora de Hotéis e Resorts, S.A. (SGEHR)

The protection of the privacy and personal data constitutes a fundamental commitment of SGEHR to the customers (“Customers”) of its services and products.

SGEHR recommends the reading of this Privacy Policy and its updates. In the event of modification of the Privacy Policy, the date of the last change, provided on the top of this page, is also updated. If the alteration is substantial, a warning many also be placed on the website.

The Privacy Policy and the treatment of Personal Data are ruled by the applicable laws of the Republic of Portugal. Any disputes should be submitted exclusively to the jurisdiction of the judicial courts of the district of Lisbon, without prejudice to the applicable imperative legal rules.

2. Personal data, personal data owners and personal data categories

What is personal data?

Personal Data is any information, of any nature and in any format, relative to an identified or identifiable natural person. A person is considered identifiable when she/he can be identified directly or indirectly, for example by name, identification number, location data, an electronic identifier or other elements that enable arriving at the identification of this natural person.

Who are the personal data owners?

The Customer, natural person, to whom the data refers and who used the services or products of SGEHR. For example, it will be a Customer of SGEHR that has concluded a contract to supply a product or render a service. It will be a potential Customer who is a target of advertising campaigns or promotional offers of SGEHR, or someone requesting information about the products and services marketed by SGEHR.
In this regard, SGEHR discloses that it both protects the personal data and respects the rights of the Customers.

What categories of personal data do we treat?

 

Categories
of personal data

Examples of personal data

Identification

Name
Identification document number
Taxpayer number
Nationality
Date of birth
Customer number
Room number

Contacts

Address
Telephone contact
E-mail address

Profile

Nationality
Country of residence
Date of birth
Gender
Marital status
Number of children

Interests

Transaction records
Hobbies
Loyalty cards

Loyalty cards

IP address
Identifiers of devices
Cookies

3. Grounds, Purposes and Duration of the Treatment of Personal Data

On what grounds can SGEHR treat your personal data?

For what purposes and for how long can SGEHR treat your personal data?

Your personal data are treated by SGEHR only for the necessary period of time to accomplish the defined purpose or, as applicable, until you exercise your right to object, right to be forgotten or withdraw consent. After the respective conservation period has ended, SGEHR will eliminate or anonymise the data whenever they should not be kept for any different purpose that may subsist.

 

Categories
of purposes

Examples of purposes

Marketing

Marketing or sale of new services or products
Analysis of customers (e.g. consumption profiles)
Adaptation and development of new services
or products

Management of Customers and Provision of Service

Management of contacts, information or requests
Complaints management
Management of invoicing, charging and payment

Accounting, Tax and Administrative Management

Accounting, invoicing
Management of commissions
Tax information, including sending information
to the tax authority

Management of Litigation

Judicial and extrajudicial collection
Management of other conflicts

Control of physical security

Video surveillance of the premises

What are the time limits for treatment and conservation of personal data?

SGEHR treats and keeps your personal data according to the purposes for which they are treated. There are cases in which the law obliges the treatment and conservation of data for a minimum period of time, namely 10 years for data required to inform the Tax Authority for accounting or tax purposes or data relative to trade book-keeping, as well as 7 years for the purpose of anti-money laundering and terrorist financing.

But, whenever there is no specific legal obligation, then the data will be treated only for the necessary period to comply with the purposes underlying their collection and preservation, and always in accordance with the law, the guidelines and decisions of the CNPD. Hence: SGEHR will treat and keep your personal data for the period during which it maintains a contractual relationship with you.

With respect to the video surveillance of its premises, SGEHR will only keep recordings of images and respective personal data for the maximum period of 30 days.

SGEHR might keep other personal data for periods longer than the duration of the contractual relationship, whether based on your consent, or to assure rights or duties related to the contract, or else because it has legitimate interests substantiating such, but always for the period strictly required for the accomplishment of the respective purposes and in accordance with the guidelines and decisions of the CNPD.

Examples are the contact for purposes of marketing and sales, data preservation in the context of invoice claim procedures, exercise of guarantee rights or the pendency of judicial litigation.

4. Form and time of collection of personal data

When and how do we collection your personal data?

We collect personal data through your consent or when you acquire SGEHR services and products.

The data can be collected orally, in writing or through the SGEHR’s website.

However, your personal information can also be collected from sources accessible to the public or other sources, such as travel agencies, which are likewise also responsible for assuring the protection of data and security of the information.

5. Rights of the personal data owner

What are your rights?

Right od Access - right to obtain confirmation as to which of your personal data are treated and information about them, such as what are the purposes of the treatment, the periods of conservation, among others.

Right to see or obtain a copy, for example, of invoices or written agreements.

Right to Rectification - right to request the rectification of your personal data that are inaccurate or request that incomplete personal data should be completed, such as for example the address, taxpayer number, email, telephone contacts, or other data.

Right to Deletion of data or “right to be forgotten”  - right to obtain the deletion of your personal data, provided that there are no valid grounds for keeping them, such as for example cases in which SGEHR has to keep data in order to comply with a legal obligation or because a lawsuit is underway.

Right to Portability - right to receive the data that you have provided us with in digital format of current use and automatic reading or to request the direct transfer of your data to another entity which then becomes the new entity responsible for your personal data, but in this case only if this is technically possible.

Right to Withdraw Consent or Right of Objection - right to object or withdraw your consent, at any time to a data treatment, such as for example in the case of data treatment for marketing purposes, provided that there are no legitimate interests prevailing over your interests, rights and freedoms, such as for example defence of a right in a lawsuit.

Right of Limitation - right to request the limitation of the treatment of your personal data, in the form of: (i) suspension of the treatment or (ii) limitation of the scope of the treatment to certain data categories or treatment purposes.

Profile and Automated Decisions – SGEHR can delineate customer profile based, for example, on their preferences or personal interests, namely to provide services, increase quality and enhance the experience of the products and services or adjust direct marketing communications, provided that this treatment is necessary for the conclusion or execution of the contract between the personal data owner and SGEHR or is based on this owner's consent.

When the treatment of personal data, including treatment for the definition of profiles, is exclusively automatic (without human intervention) and can take effect in the legal sphere or significantly affect it, the Customer will have the right to not be subject to any decision that is based on this automatic treatment, with the exceptions established in the law, and will have the right to SGEHR adopting suitable measures to safeguard your rights, freedoms and legitimate interests, including the right to have human intervention in the taking of decisions by SGEHR, the right to express her/his point of view or contest the decision taken based on the automated treatment of personal data.

Right to complain - right to submit a complaint to the supervisory authority, the CNPD, in addition to the company or DPO.

How can you exercise your rights?

The exercise of rights is free of charge, unless the request is manifestly unfounded or excessive, in which case a reasonable rate may be charged taking into account the costs.

If you wish to exercise your rights, please go to any of the hotels of NAU Hotels & Resorts. The exception to the right to withdraw your consent/to objection - where the consent in question could have been provided in digital format, can be exercised through the following electronic address: privacidade@nauhotels.com.

The answer to the request should be provided within the maximum period of 30 days, unless it is a particularly complex request.

6. Transfer of Personal Data

Under what circumstances is there communication of your personal data to other entities, subcontractors or third parties?

Your data can be transferred to subcontractors for them to treat the data on behalf and account of SGEHR. In this case, SGEHR will take the necessary contractual measures to assure that the subcontractors respect and protect the Customer's personal data.

The data can also be transferred to third parties – entities distinct from SGEHR or the subcontractors – in the case that the personal data owner has consented or entities to which the data has been communicated by force of the law, such as the tax authority.

7. Safety measures

How does SGEHR protect your personal data?

SGEHR has implemented the appropriate, necessary and sufficient logical, physical, organisational and security measures to protect your personal data against unauthorised destruction, loss, alteration, diffusion, access or any other form of accidental or unlawful treatment. Namely:

 

How is the forwarding to other links done?

The portal www.nauhotels.com provides access to other websites managed and controlled by third parties through different links to facilitate the users' search for information, contents and services on the Internet, but in no can this be considered a recommendation or invitation to visit them.

The placement of a hyperlink from one web page of another portal of the Internet to any of the pages ofparaty.es portal subjects www.nauhotels.com to the following conditions, the hyperlink to the portal will be the homepage or main pages of the sections contained in them;

In any case, no services or portal of content of the Company website will be reproduced where the hyperlink contains information that is illegal, immoral, transgresses standards of public decency or public order, or provides content contrary to any third party rights; nothing that is false, inaccurate or incorrect about the pages of paraty.es portal or the services or contents will be included;

No deep links, or IMG or links of images or pictures with paraty.es pages of the portal will be used, without the express authorisation of the Company;

The establishment of the hyperlink does not imply the existence of relations between the Company and the owner of the website or portal from which it is made, or that the Company authorised the hyperlink or supervised knew, accepted or assumed the services and contents offered on the portal.

8. Cookies Policy

What are cookies?

"Cookies" are small text files of software that are stored in your computer through the browser, retaining only the information related to your preferences and as such, not including your personal data.

For what purposes do we use cookies?

Cookies are used to help determine the utility, interest and number of uses of your websites, enabling faster and more efficient browsing, eliminating the need to repeatedly enter the same information.

What type of cookies exist?

There are two groups of cookies that can be used:

Permanent Cookies - are cookies that are stored in terms of the browser in your access equipment (PC, mobile and tablet) and which are used whenever you revisit one of our websites. Generally, they are used to direct the browsing according to the user's interests, enabling us to provide a more personalised service.

Session Cookies - are temporary cookies which remain in the archive of cookies of your browser until you leave the website. The information obtained by these cookies is used to analyse patterns of traffic on the web, allowing us to identify problems and provide a better browsing experience.

For what purposes do we use cookies??

Strictly necessary cookies - Enable us to browse the website and use its applications, as well as access the secure areas of the website. Without these cookies, the requested services cannot be provided.

Analytical cookies - Used anonymously for purposes of creation and analysis of statistics, in order to improve the functioning of the website.

Functionality cookies - Keep the user's preferences relative to the use of the website, so that it is not necessary to reconfigure the website each time it is visited.

Third party cookies - Measure the success of applications and efficacy of third party advertising. They can also be used to personalise a widget with the user's data.

Advertising cookies - Direct the advertising according to the interests of each user, so as to direct advertising campaigns according to the users' preferences as well as limiting the quantity of times you see the advertisement, helping to measure the efficacy of the advertising and the success of the website's organisation.

How can cookies be managed?

All browsers enable the user to accept, refuse or delete cookies, namely through selection of the appropriate definitions, in the respective browser. Cookies can be configured on the "options" or "preferences" menu of your browser.

However, it should be noted that deactivating cookies can prevent some web services from functioning correctly, partially or totally affecting website browsing.

Links?

For further information about cookies and their use, we suggest you consult the following link:

http://www.youronlinechoices.com/pt/