USER / CUSTOMER PRIVACY POLICY | RR Alvor Baía Resort

1. GENERAL ASPECTS


1.1. PROCESSING OF PERSONAL DATA

According to the General Data Protection Regulation (GDPR), "Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Moreover, according to the GDPR, "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


The Privacy Policy (is available on the website www.rrhotelsgroup.com and on the reservation websites of the hotel units indicated below) applicable to the hotel units of the RR Hotels Group, reflects the commitment to the protection of natural persons with respect to the processing of personal data.


The entities of the RR Hotels Group are committed to protect the personal data entrusted to them. For this reason, all information of a personal nature is processed and protected with all diligence, always in accordance with the GDPR, in addition to compliance with applicable laws and regulations in Portugal.


The scope of application of this Policy includes all personal data processing implemented in the entities indicated below and to all the reservation websites of the respective hotel units.


The RR Hotels Group is composed of the following hotel units and their respective entities controller for data processing:

  • Alvor Baía Resort Hotel and Hotel da Rocha: "KRRK, SA", fiscal nº 514 287 845, with head office at Avenida Lusíadas - Edifício Amarilis, Praia da Rocha, 8500-801 Portimão;
  • Club Amarilis: "AMARILIS, SA", fiscal nº 504 635 476, with head office at Avenida Lusíadas - Edifício Amarilis, Praia da Rocha, 8500-801 Portimão.

As a rule, the processing of personal data is performed when an natural person registers on the Website, requests a contact and / or sending newsletters, subscribes to a personalized service, provides or requests information, acquires a product or establishes a contractual relationship with one of the hotel units of the RR Hotels Group, namely Alvor Baía Resort Hotel, Hotel da Rocha or Club Amarilis.


1.2. PROCESSORS ENTITIES

The above entities are controller for data processing, undertake to use only processors entities which provide appropriate guarantees to implement appropriate technical and organizational measures in such a way that the processing of personal data complies with the requirements of the GDPR and ensures protection rights of data subjects.


1.3. COLLECTION OF PERSONAL DATA

The hotel units of RR Hotels Group can collect personal data directly, that is, directly from the data subject, or in other cases, indirectly, that is, through partner entities or third parties. The collection can be done through the following routes:

  • Direct collection: in person, by phone, by e-mail and through the website;
  • Indirect collection: through partners or companies of RR Hotels Group and official entities.

The occasions on which personal data may be collected are diverse. These includes:

a) Activities of hotel units (reservation of a room, check-in and payment, consumption in the bar, restaurant and other services, requests, complaints and / or litigation, among others);

b) Participation in marketing programs or events ("frequent customer" program, customer satisfaction surveys, among others);

c) Interaction with third parties (tour operators, travel agencies, among others);

d) Internet interaction (access to hotel websites, online forms, online reservations, among others).


Whenever a certain processing of personal data is carried out based on the consent of the data subject, the data subject has the right to change / remove his / her consent at any time. However, any change in consent does not compromise the legitimacy of the processing made on the basis of the consent previously expressed.


2. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The following principles applies to the hotel units of RR Hotels Group:

1. Transparency: when processing personal data, the data subject is informed about the purposes and recipients of the data.

2. Restriction of purpose: the processing of personal data is carried out only for the purposes mentioned in this Privacy Policy.

3. Minimisation and accuracy of the data: only the personal data that are necessary for the purposes for which they are processed are collected. Appropriate measures are taken to ensure that the personal data we possess is accurate and up-to-date.

4. Storage limitation: the storage of personal data is carried out for the period of time necessary for the purposes for which they are processed and in accordance with the provisions laid down by law.

5. Confidentiality and security: personal data are processed in such a way as to ensure their security, including protection against unauthorized or unlawful treatment and loss, destruction or unforeseen damage, and appropriate technical and organizational measures are taken.

6. Sharing and international transfer: Personal data may be shared between the entities of the RR Hotels Group or with third parties (as business partners and / or service providers) in accordance with the purposes mentioned in this Privacy Policy. Appropriate measures are taken to ensure security at the time of sharing or transfer of such data.


3. USE AND PURPOSES OF THE PROCESSING OF PERSONAL DATA

Personal data will not be used for purposes other than those described in this Policy without this being made known to the data subject or, if applicable, obtained their consent. Nevertheless, in case the data subject requests one of the hotel units of RR Hotels Group to contract services that are provided by other controllers, personal data may be consulted or accessed by those third parties, necessary for the provision of the services requested.


Thus, the purposes may be as follows:

a) Management of reservations of rooms and requests for accommodation;

b) Management of stay in the selected hotel;

c) Management of the contractual relationship with the client, before, during and after the stay;

d) Compliance with legislation in force;

e) Continuous improvement of hotel services.


4. SECURITY MEASURES

To ensure security of processing, technical and organizational measures are implemented to protect personal data against unauthorized access or disclosure, accidental or unlawful destruction, loss and alteration, in respect of data stored or otherwise processed. On a regular basis, the measures implemented are tested and their efficacy assessed to ensure the security of processing.


5. TRANSFER OF DATA OUT OF THE EUROPEAN UNION

There is no provision for the transfer of personal data to third parties established outside the European Union.


6. USE OF COOKIES

The websites of the RR Hotels group record cookies (text files) on the visitor's computer, allowing you to customize the visit according to your preferences. In this case, no personal data will be collected, the cookies being recorded only for the time necessary for the purpose for which they are intended. Modern browsers allow you to block or delete installed cookies. In the "Help" menu of the User's browser you can have instructions for making these settings.


7. RIGHTS OF DATA SUBJECTS

The main rights of data subjects, according to the GDPR, are:

a) right of access;

b) right to rectification;

c) right to erasure;

d) right to restriction of processing;

e) right to data portability;

f) right to object;

g) right to lodge a complaint to the Comissão Nacional de Proteção de Dados (CNPD) or another supervisory authority.


8. PROCEDURES FOR EXERCISE OF RIGHTS

If there is any question regarding our use of your personal data, you should first contact the Departamento de Proteção de Dados by email at protecaodados@rrhotelsgroup.com or by letter to the following address:

Av. Comunidades Lusíadas – Edifício Amarilis, Praia da Rocha, 8500-801 Portimão.


Alternatively, to exercise your rights, you can request the form created for this purpose through the email address protecaodados@rrhotelsgroup.com or by letter to the Departamento de Proteção de Dados, to the following address:

Av. Comunidades Lusíadas – Edifício Amarilis, Praia da Rocha, 8500-801 Portimão.


At any time, you have the right to complaint to the Comissão Nacional de Proteção de Dados (CNPD) or another supervisory authority.


9. UPDATES

This Policy may be updated periodically. It is suggested regular consultation, especially when a reservation is made in one of our hotels.


Last updated and published in May 2018.