Data Protection and Privacy Policy
Please read this Privacy Policy carefully, as the processing of the personal data you make available to us implies your knowledge and acceptance of the conditions contained herein.
Definitions and Key Concepts
For the purposes of this Privacy Policy:
“Personal Data” – information relating to an identified or identifiable natural person (“Data Subject”).
“Data Subject” – in the context of the activities carried out by RHG, the concept includes (but is not limited to): employees and former employees, workers, partners, job applicants, employees of partners, suppliers and service providers and their employees, applicants and claimants, visitors and all those individuals who have a relationship with RHG and to whom the Personal Data relates.
“Identifiable Person” – An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an electronic identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing of personal data” – is an operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction..
“Data Controller” – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Cookies” – small text files with information considered relevant that the devices used for access (computers, mobile phones or portable mobile devices) load, via the internet browser, when an online site is visited by the Citizen or User.
Who is responsible for collecting and processing the data?
Bernardino Gomes – Gestão Hoteleira S.A., with head office at Rua Quinta do Paizinho, n.º 11, Edifício Holiday Inn Express, 2790-236, Carnaxide, nipc 509.884.350, owner of the Real Hotels Group hotels, is the entity responsible for collecting and processing personal data and may, within the scope of its activity, use entities subcontracted by it for the purposes indicated herein.
What personal data is collected and processed?
Bernardino Gomes – Gestão Hoteleira S.A. collects and processes the personal data it collects within the scope of the relationship established with clients, employees and former employees, workers, partners, job applicants, employees of partners, suppliers and service providers and their employees, applicants and claimants, visitors and all those individuals who maintain a relationship and within the scope of compliance with applicable legal and regulatory obligations, among others, by way of example:
- Bookings: name, email address, telephone number, address, payment method and booking details.
- Recruitment: name, mobile phone, email address, date of birth and CV.
- Newsletter: name, email address and country.
When browsing the website, Bernardino Gomes – Gestão Hoteleira S.A. may collect information about your computer, including IP address, operating system and browser used, for administrative purposes and to aggregate information for its advertisers.
The use of channels or applications by any customer or citizen may involve the processing of personal data, the protection, privacy and security of which is ensured by RHG, as the entity responsible for the respective processing, in accordance with the terms of this Policy.
Bernardino Gomes – Gestão Hoteleira S.A., assumes that the data has been provided by the owner of the data or that the owner has given authorisation to do so and assumes that the data is true and up to date.
How your data is collected?
Personal data may be collected by the following means:
- Website
- Telephone calls
- In person
The data collected is processed and stored by computer and in strict compliance with the legislation on the protection of personal data, and is stored in a specific database created for this purpose by Bernardino Gomes – Gestão Hoteleira S.A., or by the entities it subcontracts.
Some of the personal data collected on the website must be filled in and, if this data is missing or insufficient, Bernardino Gomes – Gestão Hoteleira S.A. may not be able to provide you with the services or information you have requested. In each specific case, Bernardino Gomes – Gestão Hoteleira S.A. will inform you of the mandatory nature of providing the personal data in question.
What are the purposes and grounds for processing your data?
In accordance with the Data Protection Principles, Bernardino Gomes – Gestão Hoteleira S.A. may only process your personal data for specific purposes and if it has a legal basis for doing so. Bernardino Gomes – Gestão Hoteleira S.A. uses your data for the following purposes, namely:
- In fulfilment of legal obligations;
- In the context of the execution of contracts to which the data subjects are party or in pre-contractual procedures at their request;
- In pursuit of HRG’s legitimate interests;
- In the pursuit of the activities for which it is responsible, both in terms of service provision and I&D;
- As a result of the Data Subject’s consent.
The development and realisation of activities by RHG means the existence of a set of specific, explicit and legitimate purposes for Data Processing, such as:
- Accounting, Tax and Administrative Management;
- Access Control Management;
- Recruitment and Human Resources Management;
- Project Management;
- Litigation Management;
- Electronic Communications Management;
- Compliance with Legal Obligations.
By way of example only, and not exhaustively, the following are examples of current and/or compulsory purposes:
- Conclusion and execution of the Labour Contract;
- Wage processing, which includes payments, deductions and withholdings of taxes and contributions to which the Employer is obliged or permitted by law;
- Compliance with RHG’s occupational health and safety obligations;
- Fulfilment of the obligation to take out occupational accident insurance by RHG;
- Professional training and employee performance evaluation;
- Employee performance evaluation and disciplinary procedures;
- Control of attendance and punctuality [workers’ biometric data may be used for these purposes];
- Carrying out non-nominative statistical operations related to payroll processing within the framework of the processing entity, possibly subcontracted by the RHG;
- Wage garnishment regularly notified by enforcement agent;
- Compliance with other legal regulations applicable to the HRG or a court decision of which it has been notified.
Considering its business area as a hotel service provider, RHG sets out below, in greater detail, the grounds and purposes for processing its customers’ data:
1 – On the basis of the hotel services contract you have entered into with us, we process your data for the following purposes:
- Managing bookings and stays
- Quote requests, information and booking confirmation
- Recording preferences (favourite room, mobility, newspapers/magazines, etc.)
- Invoicing and verification of means of payment
- Providing the necessary information for your stay at the Hotel
- Customer support
2 – Based on your consent, we process your data for the purposes of:
- Sending newsletters (if you are not our client)
- Sending marketing actions (if you are not our client)
- Loyalty programmes
3 – To fulfil legal obligations, we process your data for the purposes of:
- Complaints management
- Compliance with other legal or regulatory obligations
4 – Because you are our customer and we have a legitimate interest in providing you with an increasingly better service, we process your data for the purposes of:
- Carrying out satisfaction questionnaires related to your stay
- Carrying out market research, evaluation surveys and statistical analyses
- Address book
- E-mail Marketing
In order to fulfil the purposes identified above, Bernardino Gomes – Gestão Hoteleira S.A. may interconnect the data collected, with the purpose of updating and completing said data.
Who your data is shared with?
The data collected and held by Bernardino Gomes – Gestão Hoteleira S.A. may be passed on, with respect for the duty of confidentiality and the principle of the purpose for which it was collected, to the following organisations:
- Entities of Bernardino Gomes – Gestão Hoteleira S.A.;
- Judicial or administrative authorities, in cases where such transfer is compulsory
- Recruitment and selection companies
- Subcontractors who will process the data on behalf of Bernardino Gomes – Gestão Hoteleira S.A., and in accordance with the purposes determined by the latter.
Cookies
Cookies are small pieces of information that can help identify your browser and that can store information such as user settings and preferences.
Bernardino Gomes – Gestão Hoteleira S.A. may store cookies on your device in order to personalise and facilitate browsing as much as possible, but these cookies do not provide references or personal data of the User.
For more information, please read our Cookies Policy.
What are your rights?
Under the terms of the Personal Data Protection Act, we guarantee you the right to access, update, rectify, delete, portability and erase your personal data. You can also lodge complaints with the National Data Protection Commission.
We also grant you the right to object to the use of the data you have provided for marketing purposes, for sending informative communications or for inclusion on lists or information services. If you did not do this when the data was collected, you can send a request later.
RHG has implemented an incident management system for data protection, privacy and information security. If any client or citizen wishes to report a personal data breach that accidentally or unlawfully results in the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, they can contact us at the following email address rgpd@realhotelsgroup.com or by post to Bernardino Gomes – Gestão Hoteleira S.A., located in Rua Quinta do Paizinho Nº11, 2790-236 Carnaxide | Portugal.
How long is your data stored for?
The period of time for which data is stored and kept varies according to the purpose for which the information is processed. Whenever there is no specific legal requirement, the data will only be stored and kept for the minimum period necessary for the purposes for which it was collected or further processed, after which it will be deleted.
Is your data processed securely?
Bernardino Gomes – Gestão Hoteleira S.A. is committed to guaranteeing the security of your data. To this end, it has adopted various technical and organisational security measures in order to protect the personal data you provide against its dissemination, loss, misuse, alteration, unauthorised processing or access, as well as against any other form of unlawful processing.
Bernardino Gomes – Gestão Hoteleira S.A. requires its subcontractors and partners to adopt security measures equivalent to those it practises.
Notwithstanding the security measures practised by Bernardino Gomes – Gestão Hoteleira S.A., the user must adopt additional security measures, namely ensuring that they use equipment and a browser that is up-to-date in terms of security, properly configured, with an active firewall, anti-virus and anti-spyware, as well as ensuring the authenticity of the websites they visit on the internet, and avoiding websites whose reputation they do not trust.
Communications
Bernardino Gomes – Gestão Hoteleira S.A. recognises that it may communicate Users’ data within the scope of mergers, acquisitions and/or incorporation processes in which it is involved, and does not consider this communication to be a transfer of data to third parties, nor is there any subcontracted processing.
Bernardino Gomes – Gestão Hoteleira S.A. may also transmit data to third parties within the scope of investigations, enquiries and judicial and/or administrative proceedings or of a similar nature, provided that it is duly ordered to do so by a court order.
Data transfer
In the event that data is transferred to third countries that do not belong to the European Union or the European Economic Area, Bernardino Gomes Gestão Hoteleira, owner of the Real Hotels Group hotels, will comply with the law, particularly with regard to the suitability of the country of destination with regard to the protection of personal data and the requirements applicable to such transfers, and personal data will not be transferred to jurisdictions that do not offer guarantees of security and protection.
The use of Bernardino Gomes – Gestão Hoteleira S.A. social networks may involve the transmission of data to social network service providers, which may be based outside the European Union or the European Economic Area. Bernardino Gomes – Gestão Hoteleira S.A. is not responsible for the data that the user makes available on the social networks.
Consent
The free, specific and informed provision of personal data by the respective data subject implies knowledge and acceptance of the conditions contained in this Policy, and it is considered that by using the channels or making their personal data available, customers and citizens are expressly authorising their processing, in accordance with the rules defined in each of the applicable collection channels or instruments.
Changes to the Privacy Policy
In order to ensure its updating, development or continuous improvement, Bernardino Gomes – Gestão Hoteleira S.A. reserves the right to make adjustments or changes to this Privacy Policy at any time, and such changes will be duly publicised at: https://www.realhotelsgroup.com/privacy-policy/
Secrecy and Confidentiality
Within the scope of its activity, RHG does not sell, rent, distribute, make available commercially or otherwise the Data to any third party, except in cases where it needs to share information with financing entities or service providers, for the purposes set out in this Policy or to Third Parties for the purpose of complying with its legal obligations and by imposition of these.