Data Protection Policy
The protection of your personal data is a priority for Hotel Aveiro Center. Navigation through our website is possible without the provision of personal data. However, if a data subject wants to use our reservation service or receive promotion information, we will process your personal data.
As the responsible for the processing, Hotel Aveiro Center has implemented numerous technical and organizational measures to guarantee an enhanced protection of the personal data processed through this site.
The data protection policy is based on the concepts defined by the European legislator in the General Data Protection Regulation (GDPR) and should be readable and understandable for the general public as well as for our clients and business partners.
In this data protection statement, we use, inter alia, the following terms:
a) Personal data: information relating to an identified or identifiable natural person (“data subject”); an identifiable person is considered to be identifiable, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, identifiers by electronic means or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) Processing of Personal Data: an operation or set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as collection, registration, organization, structuring, preservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, erasure or destruction;
c) Profiling: (Definition of profiles) means any form of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects of a natural person, in particular to analyze or predict aspects relating to his professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel;
d) Pseudonimization: the processing of personal data in such a way that it can no longer be allocated to a specific data subject without the use of supplementary information, provided that such supplementary information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person;
e) Responsible for the Data Processing: the natural or legal person, public authority, agency or other body which, individually or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by European Union law or Member State law, the controller or the specific criteria applicable to his appointment may be foreseen by European Union law or Member State law;
f) Subcontractor: a natural or legal person, public authority, agency or other body that treats personal data on behalf of the controller of such data;
g) Third party: the natural or legal person, the public authority, the service or body other than the data subject, the controller, the subcontractor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data;
h) Consent of the data subject, a free, specific, informed and explicit expression of will, by which the data subject accepts, by means of a declaration or an unequivocal positive act, that personal data concerning him/her are processed.
2. Name and Address of the Responsible for the Processing
The responsible for the processing for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws in the Member States of the European Union and other provisions related to data protection is:
Hotel Aveiro Center
Rua da Liberdade, no. 10
Aveiro - Portugal
+351 234 404 190
4. Data collection and general information
The website collects a set of data and general information when an automated system accesses the site. This data and general information is stored in the server log files. The data collected may be: (1) the types of browsers and versions used, (2) the operating system used by the access system, (3) the site from which an access system arrives at our site (so-called referrers), (4) the sub-sites, (5) date and time of access to the Internet site, (6) Internet address (IP address), (7) Internet access provider of the access system and (8) any other data and information that may be used in case of attacks on our information technology systems.
When using this data and general information, the Hotel Aveiro Center does not process personal data. In fact, this information is required to (1) deliver the content of our site correctly, (2) optimize the content of our site as well as its advertising, (3) ensure the long-term viability of our technology systems information and technology on the site and (4) provide police authorities with the information necessary for criminal prosecution in the event of a cyber attack. Thus, the analysis of collected data and information is treated anonymously and statistically, in order to increase our data protection and data security, and ensure a high level of protection for the personal data we process.
5. Registration on our website
The data subject has the possibility of registering on our website with the indication of his personal data. The data entered by the data subject are collected and stored exclusively for internal use by the controller and for specific purposes, namely for the management of the customer card and the sending of promotional campaigns of our services.
When registering, the IP address - assigned by the Internet Service Provider (ISP) and used by the data subject - record date and time are stored. The purpose of storing this data is to prevent misuse of our services and, if necessary, to enable investigation of possible computer crimes. These data are not communicated to third parties, except for imposition resulting from legal norm or for criminal purposes.
The data subject may rectify, update or delete the personal data provided during registration at any time.
6. Period of Storage of Personal Data
The period of personal data storage complies with the provisions of the Law. Personal data for the purposes of managing a customer's data is stored for a period of 4 years from the last stay of the data subject. After the end of this period, the corresponding data are routinely excluded provided they are no longer required for execution of the contract or a legal obligation.
7. Rights of the data subject
a) Right of confirmation
Each data subject has the right consented by the European legislator to obtain confirmation from the responsible for the processing that personal data concerning him/her are being processed. If a data subject wants to exercise this right, he/she can contact the Hotel Aveiro Center by filling in the electronic form available on the website.
b) Right of access
Each data subject has the right consented by the European legislator to obtain information from the responsible for the processing, free of charge, on his/her personal data stored at any time and a copy of that information. In addition, the GDPR establishes the right to provide the following information:
- The identity and contact details of the responsible for the processing and, where appropriate, his representative;
- Contact details of the data protection officer, where appropriate;
- The purposes for which the personal data is processed and the legal basis for the processing;
- Recipients or categories of recipients of personal data, if any;
- Where appropriate, the fact that the responsible for the processing intends to transfer personal data to a third country or an international organization and whether or not there is a compliance decision adopted by the Commission or a reference to the appropriate or appropriate safeguards and the means of obtain copies of them, or where they were made available.
At the time of data collection, the responsible for the processing shall also provide the following information necessary to ensure a fair and transparent processing:
- The period of storage of personal data or, if this is not possible, the criteria used to define this period;
- The existence of the right to ask the responsible for the processing to have access to the personal data relating to him/her, as well as its rectification or deletion, and the limitation of the processing as regards the data subject, or the right to object processing, as well as the right to data portability;
- The right to complain to an inspection authority (www.cnpd.pt);
- Whether the disclosure of personal data constitutes a legal or contractual obligation or a requirement to conclude a contract, and whether the data subject is required to provide the personal data and the possible consequences of not providing such data.
c) Right to rectification
The data subject has the right to obtain from the responsible for the processing without undue delay the correction of incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to provide incomplete personal data and may rectify them by means of an additional declaration.
If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact us through the electronic form available on our website.
d) Right of deletion (right to be forgotten)
The data subject shall have the right to obtain from the responsible for the processing the deletion of personal data concerning him/her without undue delay and the responsible for the processing shall be obliged to delete the personal data without undue delay if any of the following reasons exist: it applies provided that processing is not necessary:
- The personal data are no longer necessary for the purpose for which they were collected or processed;
- The data subject withdraws the consent on which the processing of the data under Article 6 (1) (a) is based;
- The personal data are treated unlawfully;
- Personal data must be deleted in order to comply with a legal obligation under Union law or a Member State law to which the responsible for the processing is subject.
e) Right to withdraw the data protection consent
Each data subject has the right to withdraw their consent for the processing of their personal data at any time.
8. Legal basis for the processing of personal data
Legitimacy for the processing of personal data may be based on the conclusion of a contract, in the context of pre-contractual relations, on the basis of consent or for the fulfillment of legal obligations, eg for tax purposes.
Hotel Aveiro Center. - March 2017
Alternative dispute resolution
Hotel Aveiro Center, informs that in case of litigation the consumer can use the following
Alternative Dispute Resolution Body:
More information at - Consumer Portal - www.consumidor.pt