Privacy and Data Policy
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation)
This document describes how Details Hotels & Resorts (“Details)”) uses and shares personal data that you provide us with the purpose of managing accommodation reservations that are made through this website or for sending promotional communications. The processing of your data is necessary for the execution of the contract to be concluded between you and the Company, or for carrying out pre-contractual steps at your request. If you do not provide your data, we will not be able to fulfill the contractual obligations assumed.
1. WHO IS DETAILS?
Details Hotels & Resorts is a group of companies whose main focus of activity is the operation and management of hotel establishments, tourist developments and restaurants.
2. WHAT USE DO WE MAKE OF YOUR PERSONAL DATA?
Accuracy of Customer Information
We keep information, including personal data, as Data Controller, whose main purpose and main purpose of its creation, existence and maintenance is the processing of personal data with the aim of managing accommodation reservations that are made through this website or for sending promotional communications.
Statistical analysis, analysis and profiling
Upon prior collection of consent from the data subject, we will use and allow the use of personal data for statistical analysis, and analytical purposes, i.e. personal data can be used to create scorecards, models and variables, to monitor and predict market trends, allowing Details to perfect strategies with a view to improving the services provided in our hotels, restaurants and other points of sale, in order to understand customers' needs and exceed their expectations; customize services and even send newsletters, promotions and advertising materials.
Customers can cancel their subscription to the newsletter service by email by clicking on the newsletter link that we send by email;
Use as required or permitted by law
Whenever required by law, your personal data will be used for other purposes, namely when Details is obliged to provide them at the request of the official authorities.
3. WHAT ARE OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA?
We use the following legal grounds for processing personal data:
• Fulfillment of a contract to which the data subject is a party, or for pre-contractual procedures at the request of the data subject;
• Legitimate interest pursued by Details or by third parties (except if the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail);
• Compliance with a legal obligation to which Details is subject.
• The processing is necessary to defend the vital interests of the data subject or another individual
Below we describe the actions we take in relation to your data, the legal grounds underlying the treatment, as well as explaining our legitimate interest, when this constitutes the reason for the treatment.
- Hotel services and associated services (restaurant, bar, spa)
- Participation in advertising programs
- Training and Quality
- Legal Obligations
- Safeguarding the holder's vital interests
Reason(s) for Treatment
- Fulfillment of a contract
- Legitimate interest
- Compliance with Legal Obligation
- Defense of vital interests
- Management of reservations and stays;
- Budget requests, information and confirmation of reservations;
- Registration of preferences (preferred room, mobility, newspapers/magazines, etc.) Invoicing and verification of means of payment;
- Provision of the necessary information for your stay at the Hotel;
- Client support;
- Newsletters subscription;
- Sending marketing actions offers/promotions;
- Loyalty programms;
- Collaboration in customer surveys and/or comments, competitions;
- Carrying out satisfaction questionnaires related to your stay;
- Conducting market studies, evaluation surveys and statistical analyses;
- Contact book;
- Complaints management;
- Compliance with other legal and regulatory obligations.
The use of personal data is subject to an extensive framework of safeguard measures, which help to ensure the protection of customers' rights. This includes information given to customers regarding how their personal data will be used and how they can exercise their rights to obtain their personal data, correct or limit them, object to treatment or complain, if they are dissatisfied. These safeguards help maintain a fair and appropriate balance so that our activities do not override the interests, rights and fundamental freedoms of the data subject.
4. WHAT KIND OF PERSONAL DATA DO WE USE AND WHERE DO WE GET IT?
We obtain and use information from various sources, so we often have different information and personal data about each customer. All the information we keep about customers falls into the following categories.
Type of information:
Customer Key Identifiers
We keep personal data, which can be used to identify the customer; that includes:
- Full name
- National identification numbers.
- Date of birth and age.
- Contacts, including phone and email, current and previous. Additionally, we will keep the contacts marked as inaccurate, in order to prevent their further use.
- Credit card data
- information from minors
- Other informations
These personal data are included in all data sources.
For example, names, addresses and dates of birth are collected so that correspondence can be made and associated with all other data that Details holds about that person.
Data provided directly by customers when interacting with Details or with our Subcontractors.
Type of information:
Credit card data
Credit card data is integrated into the Details system via a card reader (which guarantees data encryption)
Type of information:
Information from minors
- Full name
- National identification numbers.
- Date of birth and age.
The data is obtained directly by the legal representative, at the time of booking or check-in.
Type of information:
- Interests and preferences: such as preferred room location, smoking/non-smoking room, preference for room type and requested bed, desired newspaper, etc.;
- Loyalty program card number; Dates of arrival and departure from our hotels / restaurants or other points of sale;
- Possible customer comments during or after a stay at a Details Hotels & Resorts hotel.
This data is obtained directly by the customer, when completing the reservation (booking engine), when completing and signing the customer form.
5. WITH WHOM DO WE SHARE DATA?
This section describes the types of recipients we share data with and our process to ensure they are appropriate entities.
In certain cases, some entities have the legitimacy to oblige us, by law, to disclose certain data for certain purposes
We share information with supervisory authorities as part of our obligations and to help ensure the health of the hospitality sector in Portugal.
In compliance with a legal or regulatory obligation or in order to protect our rights or the rights of others, we may share data with any law enforcement body, regulator, court, government authority or otherwise.
These subcontracted entities may not transmit Personal Data to other entities without Details having previously given, in writing, authorization to do so.
These are categories of subcontracting entities, namely Licensing, maintenance, support and technical assistance companies for software and systems, Payment service processing companies, EDI and electronic invoicing services, accounting, tax and administrative management and activity support software , Direct marketing support companies / digital marketing partners, Customer satisfaction assessment companies, Security / surveillance companies and companies for preventive and corrective maintenance of Security systems.
Personal data may also be accessed by internal and external auditors of Details, with the guarantee that they will be kept confidential and will not be used for purposes other than auditing.
If you chose to make payments by direct debit or credit card, Details will provide the relevant information to the processing companies in order to facilitate the transaction, if applicable.
Customers have the right to obtain copies of their personal data held by Details. Find out how to do this below in section 10.
6. WHERE IS PERSONAL DATA STORED AND WHERE IS IT SENT?
Our customers' personal data are processed within the European Economic Area (EEA), where they are protected by European legislation, more precisely the General Data Protection Regulation (GDPR). Our Company only shares personal data with third parties, provided that it is legally authorized for this purpose. When we do, we establish adequate contractual arrangements and security mechanisms to protect data and comply with data protection, confidentiality and security regulations.
Details is a subsidiary company of Arrow Global Group ("AGG" and/or "Arrow"), based in the United Kingdom. After Brexit, the European Commission issued an adequacy decision, which dates from June 28, 2021, as no additional safeguards are necessary if your data is transferred to the United Kingdom, thus ensuring their protection and safeguard either by UK and European Union privacy legislation.
We only share personal data with other countries outside the EEA, when we are legally entitled to do so, namely when:
- The European Commission has decided that the country concerned has adequate protection rules in place regarding data protection (an "adequacy decision");
- We managed to guarantee, through relevant "standard contractual clauses" (set of obligations in the form of a contract) the lawfulness and suitability of how your data is protected and used with the recipient of your personal data.
We may also justify sharing data based on other legal grounds, such as for the purposes of legal proceedings, investigation or to protect our legal rights.
7. HOW LONG IS PERSONAL DATA KEPT?
Your personal data is stored and maintained in accordance with the purpose for which the information is processed. Whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that motivated their collection or subsequent processing, after which they will be deleted.
We will retain archived data in physical or digital format for business continuity purposes. When data is retained for longer than the period described above, it will not be accessible to unauthorized employees and in the case of digital copies, data will be encrypted. We will take steps to ensure that, if access to these files is essential, we will remove personal information that is not required.
8. WHAT ARE MY RIGHTS UNDER THE GENERAL REGULATION ON DATA PROTECTION?
Rights - Right to be informed
Description - You have the right to be informed about how we collect and use your personal data. This has been described in this privacy notice.
Section - All
Rights - Rights related to automated individual decisions
Description - You have rights in relation to any automated individual decision, which takes effect in your legal sphere or which significantly affects you in a similar way.
Section - 9
Rights - Right of access
Description - You have the right to access your personal data and additional information stored by us.
Section - 10
Rights - Right to data portability
Description - In certain circumstances, you have the right to obtain personal data and reuse it for your own purposes in different services.
Section - 10
Rights - Right of rectification
Description - You have the right to rectify inaccurate data or complete incomplete data.
Section - 11
Rights - Right of opposition
Description - Tem o direito de se opor ao tratamento dos seus dados pessoais
Section - 12
Rights - Right to erasure
Description - In certain circumstances, you have the right to request the erasure or removal of personal data, when there is no compelling reason for its continued treatment.
Section - 12
Rights - Right to limitation of treatment
Description - In certain circumstances, you have the right to ask us to block or limit the processing of personal data.
Section - 13
If you want to exercise any of these rights, you can contact us:
Details Hotels & Resorts
Address: Urbanização Quinta Pedra dos Bicos, Lote 24, Albufeira and Olhos de Água, 8200-381 Albufeira
9. HOW DOES Details MAKE DECISIONS ABOUT ME (RIGHTS RELATED TO AUTOMATED INDIVIDUAL DECISIONS)?
Scores and Rankings
Details may process your data to send you information about its products and services. This data processing will only be carried out with your consent, provided at the time of booking, check in, through the customer form. If you consent, you will receive marketing communications from Details. Failure to provide your personal data (name and e-mail) makes it impossible for Details to send you commercial communications.
You may, at any time, object to this data processing.
10. WHAT CAN I DO IF I WANT TO VERIFY THE PERSONAL DATA THAT I HOLD ABOUT ME? DO I HAVE A “RIGHT TO PORTABILITY” IN CONNECTION WITH MY DATA KEPT BY DETAILS (“DATA PORTABILITY RIGHT”)?
You have the right to ask us about the data we hold about you. This is called a Data Subject Access Request. You have the right to check the personal data we hold about you.
The new data protection legislation also covers the right to data portability, which may give consumers, in certain processing contexts, the right to receive their personal data in a portable format, when they are processed based on certain grounds, such as consent.
11. WHAT CAN I DO IF MY PERSONAL DATA IS INCORRECT (“RECTIFICATION RIGHT”)?
When we receive personal data, we carry out various checks to detect defects or errors. Ultimately, we rely on our suppliers and customers to provide accurate data.
If the details are found to be incorrect, we will update our records accordingly. If, after completing the checks, we are still confident that the data is correct, we will continue to retain and preserve it – although you can ask us to add a note to your customer record, indicating that you disagree or providing an explanation of the circumstances. Additionally, we need to keep the original incorrect records for auditing purposes.
If you want to do this, please contact us.
12. CAN I OBJECT THE USE OF MY PERSONAL DATA (“RIGHT OF OPPOSITION”) AND REQUEST THEIR DELETION (“RIGHT TO DELETION”)?
As a customer, you have specific rights under the GDPR. You have the right to object to the use of personal information or ask us to delete, remove or stop using it if there is no longer a need for us to keep it. These are called “right of opposition” and “right to erasure” or “right to be forgotten”.
Section 4 details the information we process, and why we need this information, in relation to the activities we carry out. This is why your right of opposition does not automatically imply the deletion of your information, however, we will analyze all requests received and if it is not possible for us to delete your information, we will inform you and clarify why we cannot do so.
13. CAN I LIMIT WHAT THEY DO WITH MY PERSONAL DATA (“RIGHT TO LIMIT THE TREATMENT”)?
In certain circumstances, you can ask us to limit how we use your personal data. This is not an absolute right, and your data may continue to be processed when certain grounds are met. These fundamentals include:
- Your consent;
- For the establishment, exercise or defense of a right in legal proceedings;
- For the protection of the rights of another natural or legal person;
- For reasons of public interest;
Only one of these grounds needs to be demonstrated in order to continue processing the data. We will consider and respond to requests received, including assessing the applicability of these exclusions.
Please note that, given the importance of keeping complete and accurate records, for the purposes described above it will generally be appropriate to continue processing the data.
14. TO WHOM CAN I COMPLAIN IF I AM DISSATISFIED WITH THE USE OF MY PERSONAL DATA?
We try to provide better customer service, but if you are not satisfied, you should contact us in order to look into your queries.
Nome: Details Hotels & Resorts.
Morada - Urbanização Quinta Pedra dos Bicos, Lote 24, Albufeira e Olhos de Água, 8200-381 Albufeira
Website - Home | Details Hotels & Resorts, Algarve
Email - firstname.lastname@example.org
You can also direct your questions to the National Data Protection Commission (CNPD), the entity that regulates the processing of personal data in Portugal:
- Phone: 351 213928400
- In writing to: Av. D. Carlos I, 134, 1st, 1200-651 Lisbon, Portugal
- Through its website at www.cnpd.pt.
Our local data protection officer can be contacted by email to email@example.com or by letter to our address.