DATA PROTECTION POLICY
Welcome to the website www.domjosebeachhotel.com
The purpose of this section is to familiarize the Users with the sources and the use given to the information collected and processed during the consultation and eventual reservations made in our website, as well as their rights.
This policy is important to the Users, as they desire a positive and trustworthy experience in our services, and therefore it is important to us since we seek to match their expectations.
II. Data Protection
• Data Controller
In scope of the provision of the website hosted at www.domjosebeachhotel.com , the company “a Soares & Neto, Lda..”, under the legal number 501244336 with its headquartered at Av. Infante Sagres n.º 143, Quarteira- Loulé, as Data Controller, may request to the User, as Data Subject, personal data, i.e., information provided by the User that allows to identify and / or contact and / or complete the accommodation booking agreement requested.
• Purposes and legal basis of data processing
Soares & Neto, Lda. processes the User data in the context of the accommodation and catering services and for sending relevant information of an institutional or promotional nature. Personal data are also processed to fulfill legal obligations, where applicable.
The data processed may consist in identification data, contact and other data that is collected in the context of the relationship with the User, specifically in case of booking, the credit card data.
A Soares & Neto, Lda. also collects and processes information about the User’s hardware and software, as well as information about the pages visited within our website. This information may include: browser type, domain name, access times and links through which the User have accessed the website ("Usability Information"). We use this information only to improve the quality of the visits to our website.
These data are processed according to the intended purposes during collection and are stored to ensure their security and confidentiality, namely, for booking, invoicing and introduce our services and promotions should the User wishes to make new reservations.
Our Newsletters always allows the User to access the Opt-out option if it is not intended to remain as part of our mailing list.
If the User does not wish to continue to receive our Newsletter we may transmit such information through the email address firstname.lastname@example.org.
• Communication of data to third parties
The User's data are destined to us and are only communicated to the competent authorities in compliance with the legal obligations to which we are obliged.
• Transfer of data to third countries
We do not transfer internationally, personal data outside the European Union.
• Data conservation period
We will only retain User’s data for as long as it is necessary for the purposes for which it has been collected or, in certain cases, for longer periods if the law so requires.
• Withdrawal of consent
In cases where the processing of data is based on the consent of the User, at any time, without compromising the lawfulness of the processing made based on the consent previously given, it may be withdrawn.
III. What are the User rights?
Right of Access
The User, as Data Subject, has the right to obtain from the Data Controller (A Soares & Neto, Lda.) the confirmation of which data are processed, as well as the right to access them and the following information:
The purpose of processing.
The categories of personal data in question.
The recipients to whom the data have been or will be disclosed.
If possible, the deadlines for the retention of data, or the criteria for fixing these deadlines.
The right to request rectification, erasure, limitation or opposition to processing.
The right to complain to the supervisory authority.
The existence of autonomous decisions, including the definition of profiles.
If the data were not collected from the subject, available information as to their origin.
Guarantees concerning the transfer of data to third countries or international organizations.
Right of Rectification
The Data Subject has the right to obtain, without undue delay, rectification of inaccurate personal data concerning him, as well as having the right to request that his incomplete personal data be completed.
Right to erase data
The Data Subject has the right to request the erase of his personal data, without undue delay, when:
The data are no longer required for the purpose for which they were collected or processed.
Withdraw the consent on which the processing is based, not existing any other legal ground for the processing.
Opposes to processing as provided for in the Regulation.
Right to limit Processing
The Data Subject has the right to obtain from the Data Controller ([…]) the limitation of the processing, applying among other things one of the following situations:
Having disputed the accuracy of the data in the necessary the period for the verification for its accuracy.
If the Data Controller no longer needs the data for processing purposes, yet the data is required by the data subject for the purposes of declaration, exercise or defense of a right in a legal process.
When there is opposition to processing, until it is verified that the legitimate reasons of the Data Controller prevail over those of the Data subject.
Right to data portability
If the processing is based on consent, the Data Subject has the right to receive the data that was communicated in a digital format of current use and automatic reading or to request the direct transmission of the same to another entity that becomes the new Data Controller.
Said right, applies without prejudice the GRDP provisions in what concerns the right to erasure.
Right of opposition and automated decisions
The Data Subject may oppose to the processing of the Data, in the specific cases provided for in the Regulation, when he demonstrates that his particular situation should come under the exercise of functions of public interest, public authority or legitimate interests, including the definition of profiles based in provisions relating thereto, namely, The Data Subject also has the right to oppose to the processing of his data that includes the definition of profiles for the purposes of direct marketing, and the personal data should no longer be processed for this purpose.
The Data Subject has the right not to be bound to any decision taken solely on the basis of automated processing, including the definition of profiles that have an effect on its legal status, or that significantly affect it, except when it is necessary for the performance of an agreement, is based on the User explicit consent or is authorized by Community or national law.
Right to complain
The Data Subject have the right to complain to the supervisory authority in the Member State of his habitual residence, business address or the place where the infringement was allegedly committed, considering that the processing of its personal data is in breach of the General Regulation of Data Protection.
The Data Subject has the right to a lawsuit against the legally binding decisions of the control authorities that concern him.
It is also entitled to a lawsuit if considered that there has been an infringement of the rights under the General Regulation of Data Protection.
Right to Withdraw Consent
Being the processing of the data accomplished on the basis of the User consent, the User may withdraw it at any time, although this right does not compromise the lawfulness of the previous processing based on the same consent.
If you wish to exercise any of your rights, you must contact us in writing to the email address email@example.com, or by letter to the address Avenida Infante Sagres, 143, 8125-157 Quarteira, Algarve, Portugal.
IV. Security and confidentiality
We are committed to ensure the confidentiality of Users data by using the appropriate security measures to ensure that they are not accessed by unauthorized persons. We submit our systems to the analyses of periodic security to ensure that Users Data is protected and secure. However, the transmission of information via Internet is not completely safe, as so, we cannot guarantee absolutely the security of the information transmitted through our website.
We respect Users rights to the confidentiality of the data transmitted to us, so we do not transmit any data to third parties, for any purpose other than compliance with legal obligations.