Privacy Policy
Privacy and Personal Data Protection Policy – Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda.
In accordance with the General Data Protection Regulation (“GDPR”) and the national legislation in force, our privacy and personal data protection policy has been revised and updated.
1. Privacy and personal data protection statement
2. Responsible for the processing of personal data
Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda., is responsible for the processing of personal data, from its collection, organisation, conservation and until its elimination.
3. Data collected and use
3.1. The personal data collected, specifically the name, email address and telephone number (optional), in a consented, voluntary and informed manner, will only be used by Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. for the presentation of products and promotional offers via email or telephone. Your rights to information, limitation, rectification, opposition and cancellation are guaranteed, simply by requesting it in writing to the general address referred to in point 1. When making this request for cancellation, the data will be deleted, being kept only if there is a legal or contractual obligation to do so. This data will be kept and stored for a period of 1 year from the granting of consent or longer if provided for by law.
3.2. Users are responsible for the accuracy of the data provided.
3.3. The personal data of minors under the age of 18 may only be obtained with the consent of their parents or guardians and Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. will never use this data for purposes inappropriate for their age. Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. will allow parents or guardians of minors to exercise their rights of access, cancellation, rectification, opposition and portability of the data of their children or guardians.
4. Purpose
4.1. Personal data will only be used for the purposes indicated above.
4.2. The data will not be passed on to third parties, nor will it be used for purposes other than those for which users have given their consent.
5. Principles applicable to the processing of personal data
5.1. Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. undertakes to ensure that the user data it processes is:
- Object of a treatment in accordance with the law, fair and transparent in relation to users;
- Collected for specific, objective and legitimate purposes and not further processed in a manner contrary to those purposes;
- Adequate, justified and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and kept up to date where necessary, with all necessary measures being taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or corrected without delay;
- Kept in a form which permits identification of users for no longer than is necessary for the purposes for which the data are processed;
- Processed in a manner that ensures their security, including protection against unauthorised or unlawful processing and against their loss, destruction or accidental damage, and appropriate technical or organisational measures are taken.
5.2. The processing of data carried out by Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. is permitted and legal when at least one of the following situations occurs:
- Users have given their consent without any doubt to the processing of the data for the purposes indicated;
- The processing is necessary for the fulfilment of a contract to which users are a party, or for pre-contractual procedures at the request of users;
- The processing is necessary for the fulfilment of a legal obligation to which Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. is subject;
- The processing is necessary for the defence of the fundamental interests of users or another individual;
- The processing is necessary for the purpose of the legal interests pursued by Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. or by third parties (except if the interests or fundamental rights and freedoms of the User that require the protection of personal data prevail).
5.3. When the processing of users’ data is carried out by Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. based on the agreement of the users, they have the right to withdraw their consent at any time. The withdrawal of consent, however, does not compromise the legality of the processing carried out by Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. based on the consent previously given by the users.
6. Procedures for the exercise of rights by users
6.1. Users may exercise their rights of access, limitation, cancellation, rectification, opposition and portability by writing to the general address referred to in point 1, identifying themselves and specifying their request. To do so, they must present a copy of their identification document, duly cancelled and indicating “copy”.
6.2. Heaven Inn Hotels & Resorts _ Gestão Hoteleira e Empreendimentos Turísticos, Lda. will respond in writing (including by electronic means) to the users’ request within a maximum period of one month from receipt of the request, except in cases of special complexity, where this period may be extended up to two months.
7. Right to complain
If users consider that their data is not being processed in accordance with the applicable legislation, they have the right to lodge a complaint with a supervisory authority (e.g. National Data Protection Commission (https://www.cnpd.pt/bin/duvidas/queixas_frm.aspx)
8. Breaches of personal data
8.1. Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. will adopt the necessary technical and organisational measures to ensure the security of personal data and prevent its alteration, loss or unauthorised access, taking into account the state of the technology, in accordance with the provisions of the GDPR. However, Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. cannot guarantee the absolute infallibility of the Internet and, therefore, a data breach through fraudulent access by third parties.
8.2. In the event of a data breach and to the extent that such breach is likely to entail a high risk to the rights and freedoms of users, Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. undertakes to communicate the breach of personal data to the users concerned within 72 hours of becoming aware of the incident.
8.3. Communication to users is not required in the following cases:
- If Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. has applied appropriate protection measures, both technical and organisational, and these measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data incomprehensible to any person not authorised to access such data, such as encryption;
- If Heaven Inn Hotel And Resorts, Gestão Hoteleira e Empreendimentos Turísticos Lda has taken subsequent measures to ensure that the high risk to the rights and freedoms of users is no longer likely to materialise; or
- If the communication to users involves a disproportionate effort for Heaven Inn Hotel And Resorts, Gestão Hoteleira e Empreendimentos Turísticos Lda. In this case, Heaven Inn Hotel And Resorts, Gestão Hoteleira e Empreendimentos Turísticos Lda will take a similar measure through which the User will be informed.
9. Changes to the privacy policy
9.1. Heaven Inn Hotels & Resorts – Gestão Hoteleira e Empreendimentos Turísticos, Lda. reserves the right to change this privacy policy at any time, namely due to legislative or self-regulation requirements, so users are advised to read it regularly.
9.2. In case of modification of the privacy policy, the date of the last change, available at the top of this page, is also updated. If the change is substantial, a notice will be placed on the website.
10. Applicable law and jurisdiction
10.1. The privacy and personal data protection policy, as well as the collection, processing or transmission of user data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the applicable laws and regulations in Portugal.
10.2. Any disputes arising from the validity, interpretation or execution of the privacy and personal data protection policy, or that are related to the collection, processing or transmission of Users’ data, must be submitted exclusively to the jurisdiction of the judicial courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules.
Lisbon, 20 July 2023