Privacy
Data Protection & Privacy Policy
The companies (i) Açores 2000 Soc. Desenvolvimento Turístico Açores, S.A.; (ii) HTA, Hotéis, Turismo e Animação dos Açores, S.A.; (iii) Proturotel, Promoção Turística e Hoteleira, S.A.; e, (iv) Bensitur, Sociedade Açoriana de Investimentos Turísticos LDA., (hereinafter referred to as “BENSAUDE Hotels Collection”), in the execution of its commercial activities on the website www.bensaudehotels.com (“ Website”) processes personal data, meaning any information relating to an identified or identifiable natural person (henceforth “ Data subject(s)”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).
The companies identified above that make up BENSAUDE Hotels Collection, in cases where they jointly determine the purposes and means of processing personal data within the scope of their activities, will be considered as Joint Controller, ensuring simple compliance with the Data Protection Legislation.
Use of the Website by any user shall be governed by the Terms and Conditions of use ("Terms and Conditions"), with the user agreeing to them. If the user rejects the Terms and Conditions, he/she must immediately cease using the Website.
BENSAUDE Hotels Collection determines the purposes and means of processing Personal Data as the Personal Data Controller, ensuring compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and other applicable legislation and data protection and privacy (“Data Protection Legislation”).
In accordance with the Data Protection Legislation, BENSAUDE Hotels Collection pleads for the processing of Personal Data in accordance with all applicable principles, as follows: i) Principle of Lawfulness, Fairness and Transparency; ii) Principle of Purpose Limitation; iii) Principle of Data Minimisation; iv) Principle of Accuracy; v) Principle of Storage Limitation; and, vi) Principle of Integrity and Confidentiality.
Therefore, this Data Protection and Privacy Policy (" Privacy Policy") is established, committing BENSAUDE Hotels Collection to carry out any and all processing of Personal Data in accordance with the following sections:
1. Legal Basis and Purposes for the Processing of Personal Data
The Personal Data of Data Subjects will be processed by BENSAUDE Hotels Collection with the following legal basis:
|
Lawful Basis |
What does it consist of? |
|
Consent i |
The Data Subject may consent to the processing of his/her Personal Data through a free, specific, informed and explicit expression of will by which he/she accepts, by means of a declaration (in writing or orally) or unequivocal positive act (by filling in an option), that his/her Personal Data will be processed. |
|
Pre-contractual information’s or performance of a contract i |
Personal Data may be processed if it is necessary, without limitation, for the performance of a contract for the provision of services and/or supply of products to which you are a party as an Employee, Customer and/or Supplier, or to carry out pre-contractual measures at your request. |
|
Compliance with a legal obligation i |
Personal Data may be processed to ensure and guarantee the fulfilment of legal obligations to which it is subject under the law of a Member State and/or the European Union. |
|
Defence of vital interests of the Data Owner i |
Personal Data may be processed to ensure the protection of your vital interests, in particular where such processing is essential to your life. |
|
Legitimate Interests i |
BENSAUDE Hotels Collection, other Responsible Persons or Third Parties, may treat Personal Data provided that such treatment does not prevail over their interests or fundamental rights and freedoms. |
Taking into account the abovementioned, the collection of personal data on the basis of the grounds of lawfulness set forth will be primarily for purposes related to the development of BENSAUDE Hotels Collection corporate purpose, for the execution of contracts and to comply with legal obligations. Hence, the non-collection of Personal Data will imply the impossibility of processing data for the aforesaid purposes.
2. Processing of Personal Data on the Website
BENSAUDE Hotels Collection processes Personal Data of Data Subjects as follows:
|
Processing Purposes i |
Processing Activities i |
Legal Basis i |
Retention Period i |
|
i Joint Website Management |
i Analysis and processing of Web Browsing Data |
i Execution of Terms and Conditions |
i Up to 3 months after the last visit to the Website |
|
i Account creation and access authentication |
i Duration of registration on the Website |
||
|
i Customer Management |
i Analysis and booking reservations |
i Pre-contractual arrangements or execution of the contractual conditions made available on the Website |
i For the period necessary for the fulfilment of contractual conditions made available on the Website and/or legal obligations |
|
i Making contacts and complaints |
i Compliance with legal obligations |
i For the period necessary for the management of complaints, in accordance with the applicable legal deadlines |
|
|
i Commercial and Marketing activities |
i Newsletters |
i Consent |
i Until 1 year after last contact |
3. Processed Personal Data on the Website
For the purposes mentioned above, BENSAUDE Hotels Collection processes the following Personal Data:
|
Purpose i |
Personal Data i
|
|
i Website Management |
i Identification Data, Contact Data, Authentication and Access Data and/or Web Browsing Data (such as name, email, user account, demographic data, company function, username, password, creation date, access validity, log in and out, electronic identifier (Mac, IP), connection start date/time, connection end date/time, place of origin of web browsing, URL visited, social network address, history of interaction on social networks or host name) |
|
i Customer Management |
i Personal Identification Data, Contact Data, Data Concerning Means of Payment and Transactions, Contract Data and/or Data Resulting from Complaints (such as name, email, telephone/telephone number, address, transaction number, description of the transaction, date of the transaction, amount of the transaction, electronic billing, invoice number, contract number, client segments, reservation, hotel unit, complaint number, complaint date, description of the complaint, origin of the complaint or date of response to the complaint) |
|
i Commercial and Marketing activities |
i Contact Data |
4. Processing Methods
The processing of Personal Data will be executed automated and manually by computer tools, which are strictly related to the mentioned purposes and, in any case, guaranteeing the security and confidentiality of Personal Data.
5. Disclosure and Transmission of Personal Data
BENSAUDE Hotels Collection employees will handle the Personal Data of the Data Subjects for the performance of their work duties and will handle the Personal Data exclusively under the terms specified in this Privacy Policy.
The Personal Data may be made available to third parties in charge of providing services to BENSAUDE Hotels Collection (“Data Processors”), bound by a written contract and processing the data in accordance with this Privacy Policy, and may not process them, directly or indirectly, for any other purpose, for their own benefit or that of a third party.
Data Subjects have the right to obtain a complete and updated list of the Data Processors (if any) hired by BENSAUDE Hotels Collection, and to this end must submit a specific request to BENSAUDE Hotels Collection under the terms specified in Section 10 of this Privacy Policy.
In compliance with legal obligations, the Personal Data of Data Subjects may be transmitted to third parties, for their own purposes, namely banks and insurance companies, judicial, administrative, supervisory or regulatory authorities, as well as entities that lawfully carry out data collection, fraud prevention and combat actions.
Your Personal Data may also be processed by the management bodies of the social networks or of the functionalities made available on the Website, such as for the purposes of content sharing or account creation, in accordance with the respective privacy policies, which we recommend that you read before browsing the Website.
6. International Transfers
BENSAUDE Hotels Collection may transfer the Data Subject's Personal Data outside the European Economic Area (“EEA”), to locations that may not guarantee the same level of protection.
However, if applicable, BENSAUDE Hotels Collection will only transfer Personal Data outside the EEA in accordance with the following measures:
- When the transfer is made to a location or through a method or in circumstances that the European Commission considers will ensure adequate protection of Personal Data;
- Where it has implemented standard contractual data protection clauses approved by the European Commission or a competent supervisory authority; or,
- Where none of the above options apply but the law nevertheless authorises such a transfer, for example if it is necessary for the declaration, exercise or defence of a right in a judicial proceeding.
You may request detailed information on the security measures that BENSAUDE Hotels Collection has implemented regarding transfers of Personal Data outside the EEA and, where applicable, a copy of the standard data protection contractual clauses in force at BENSAUDE Hotels Collection through the contacts provided in Section 10.
7. Data Subjects Rights
Under current or future Data Protection Legislation, BENSAUDE Hotels Collection informs that Data Subjects have the right of access, rectification, limitation, portability, erasure and the right to object to the processing of personal data in certain circumstances, which may be exercised under the terms of this chapter of the Data Protection and Privacy Policy.
|
Rights |
What do they consist in? |
|
Right to information i |
The Data Subject has the right to obtain clear, transparent and easily understandable information on how BENSAUDE Hotels Collection uses his/her Personal Data and what his/her rights are. It is for this reason that BENSAUDE Hotels Collection provides all this information in this Privacy Policy. |
|
Right of access i |
The Data Subject has the right to obtain information about what Personal Data BENSAUDE Hotels Collection handles (if any) and certain information (similar to that provided in this Privacy Policy) about how such Data is handled. This right allows you to know and confirm that we use your Data in accordance with the Data Protection Legislation. BENSAUDE Hotels Collection may refuse to provide the information requested where, in order to do so, BENSAUDE Hotels Collection must disclose Personal Data of another person or the information negatively impacts the rights of another person. |
|
Right to rectification i |
If the Data Subject's Personal Data is incorrect or incomplete (for example, if your name or address is incorrect), a request may be made to BENSAUDE Hotels Collection to take reasonable steps to correct it. |
|
Right to erasure i |
This right is also known as the “right to be forgotten” and, in a simple way, allows the Data Subject to request the deletion or elimination of his/her data, provided that there are no valid grounds for BENSAUDE Hotels Collection to continue using them or their use is unlawful. This is not a generic right to delete, as exceptions are permitted (for example, where such data is necessary for the defence of a right in a legal proceeding). |
|
Right to restriction of the processing activitiesi |
The Data Subject has the right to “block” or prevent future use of his/her Data while BENSAUDE Hotels Collection assesses a request for rectification or as an alternative to deletion. Where processing is limited, BENSAUDE Hotels Collection may still store your Data, but may not use it later. BENSAUDE Hotels Collection keeps a list of the subjects who have requested the “blocking” of the future use of their data to ensure that this limitation is respected. |
|
Right to data portability i |
The Data Subject has the right to obtain and reuse certain Personal Data for his/her own purposes in various organisations. This right applies only to the Personal Data provided to BENSAUDE Hotels and which BENSAUDE Hotels handles with the consent and those processed by automated means. |
|
Right to object i |
The Data Subject has the right to object to certain types of processing, on grounds relating to his/her particular situation, at any time, for the legitimate interest of BENSAUDE Hotels Collection or of third parties. BENSAUDE Hotels Collection may continue to process such Data if it can provide evidence of “overriding legitimate reasons for processing that override its interests, rights and freedoms” or if such Data is necessary for the establishment, exercise or defence of a right in a legal proceeding. |
|
Right to lodge a complaint i |
The Data Subject has the right to lodge a complaint with the competent supervisory authority, the Comissão Nacional de Proteção de Dados - CNPD (National Commission for Data Protection), if he/she considers that the processing of his/her personal data violates his/her rights and/or the Data Protection Legislation. |
If the lawfulness of the processing of your Personal Data is based on your consent or legitimate interest, you may withdraw your consent or object to the processing at any time, without any consequences, but without this compromising the lawfulness of the processing carried out in the meantime. If consent is withdrawn or if you expressly object, BENSAUDE Hotels Collection will immediately cease processing your personal data for the purpose in question, unless it is necessary to process the data in order to comply with legal and/or contractual obligations.
You may at any time, in writing, exercise the rights enshrined in the Data Protection Legislation and other applicable legislation through the means described in Section 10 of this Privacy Policy.
8. Confidentiality and Security
To ensure the security and confidentiality of Personal Data, protected databases are used, among others, appropriate firewalls and passwords, in accordance with the provisions of Data Protection Legislation. Access to Personal Data is only possible to authorized employees who have an effective need to use Personal Data, in accordance with the principles of security and confidentiality. Violations of this Privacy Policy by employees of BENSAUDE Hotels Collection may give rise to disciplinary action. Compliance with the rules and procedures of BENSAUDE Hotels Collection is monitored and checked periodically.
9. Cookies
With regard to the processing of Personal Data that BENSAUDE Hotels Collection performs through the use of cookies, please consult the BENSAUDE Hotels Collection's Cookie Policy and customize your settings according to your preferences.
10. How to Contact BENSAUDE Hotels Collection for Data Protection and Privacy Matters
The Data Subjects may exercise their rights by contacting BENSAUDE Hotels Collection through the following methods: i) Rua da Juventude, n.º 38, 9500 Ponta Delgada; ii) sending an e-mail to the mailbox protecaodedados@bensaude.pt.
Data Subjects may also contact the BENSAUDE Hotels Collection Data Protection Officer by sending an email to the mailbox at dpo@bensaude.pt.