Gracer - Algarve Tourism Society, SA
1. Background, scope and general principles
Gracer - Algarve Tourism Society, SA / Ozadi Tavira is a business group that operates in the tourism and hotel sector, with the exploration of units
hotels and tourist villages.
In order to develop its business activity, Gracer - Sociedade de Turismo do Algarve, SA / Ozadi Tavira generally conducts processing of personal data of customers or potential customers, users of the site (https://ozaditavirahotel.com), partners, of service providers and suppliers. The processing of personal data is supported on the following principles:
- Transparency and communication - Manage information and communication channels with personal data holders in an accessible and simple manner.
- Legality, lawfulness and purpose of processing - to ensure the processing of personal data in accordance with applicable laws, regulations and standards and for legitimate purposes only.
- Minimization, accuracy and conservation - treat the necessary personal data, accurate and updated, by those who need to intervene in the process; store and-preserve personal data for a specific purpose.
- Security, confidentiality and confidentiality - raise awareness and train employees for the proper management of personal data, information security, the duty of confidentiality and confidentiality, both in relation to personal data and information on the activity of group companies.
Personal data, in accordance with the general data protection regulation in force, is information relating to an identified or identifiable natural person ('data subject'); A natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. Data controller
Gracer - Algarve Tourism Society, SA / Ozadi Tavira is the entity responsible for the processing of personal data, deciding on the types and categories of personal data and on what processing and purposes for which they are used, as well as on the transfers of personal data to third parties, subcontractors.
Personal data may be transferred to providers of the following types of services: information system management, processing, payment and e-invoicing, tour operators and travel agencies, business promotion and marketing, user experience, occupational medicine, consulting, auditing, security, banking, insurance, temporary work, event planners
and business partners, legal services, cleaning, transportation, general maintenance services, among others, as may be necessary for the business activity and development of the business group.
Contacts: Avenida 24 de Junho, 8950-411 Altura, Faro
Email address for privacy and data protection purposes
4. What personal data are processed
Generally, Gracer - Algarve Tourism Society, SA / Ozadi Tavira collects and processes personal data to enter into contracts related to the provision of hotel services and their operations, to comply with legal and security requirements, to manage promotions. or special offers, manage services within the wellness center or user experience, provide information and content on physical and digital media, including site usage, newsletter subscription, registered access, telephone contacts, customer relationship and preferences, customer experience and managing specific occurrences during the stay, preserving the health and vital interest of the personal data subject or to guarantee the public interest.
Personal data may be provided by the owner himself, by telephone, in person or by digital means, or collected indirectly through official entities and authorities, business partners or other companies of the business group.
In response to different purposes, the following categories of personal data may be processed:
- general identification and contact details - name, gender, address, email address, telephone contact, tax and civil identification number, family information when required;
- identification and professional background - function and curriculum, administrative, tax, parafiscal, income, type of employment;
- personal data related to preferences, user experience, billing and payment information, as well as customer-specific requirements for the stay, collected and related to making reservations, contracts, business proposals, provided on information forms and media physical or digital, for later contacts, general context photographs, at events and
campaigns organized by the group's hotel units, as well as others that may prove necessary for the administrative, commercial and institutional activities of the group's hotel units;
- data collected from the use of the company's website, including those provided on the contact form (first name, last name, email, telephone, country, locality, request to place, detailed information related to the type of request and message) , subscription and (uns) subscription to the newsletter and others related to the type of use, browsing or cookies, to improve the experience of
use of the site;
- personal data contained in confidentiality and professional secrecy commitments, agreements with suppliers, partners and subcontractors, as well as data on access and use of information systems in the group's hotel units;
- Data relating to the satisfaction assessment with the services provided by the group's hotel units may also be processed.
5. Purpose, legal basis and retention period applicable to the processing of personal data
i. Purpose: Execution of employment, internship and temporary employment contracts and management of the employment or internship relationship with employees and interns
- Legal basis: Execution of the Contract; Compliance with legal obligation.
Retention period: 12 years after termination of contractual relationship; thereafter, historical archive and legitimate interest.
ii. Purpose: Managing recruitment processes and spontaneous applications
- Lawfulness: Pre-contractual due diligence.
Shelf life: 2 years; thereafter legitimate interest or opposition to treatment.
iii. Purpose: Commercial management and Relationship management with customers, suppliers and partners (examples: reservations, check in and check out, invoicing, daily operations at hotel units, activities and services offered by hotel units, purchasing, logistics, etc.) ..)
- Lawfulness: Pre-contractual Due Diligence or Contract Execution;
Fulfillment of legal obligation; Consent when applicable.
Retention period: 12 years after termination of contractual relationship; thereafter legitimate interest, legal process, withdrawal of consent or opposition to treatment.
iv. Purpose: Relationship management with service providers
- Lawfulness: Pre-contractual Due Diligence or Contract Execution;
Compliance with legal obligation.
Retention period: 12 years after termination of contractual relationship; subsequently, legitimate interest, court proceedings.
v. Purpose: Marketing, advertising, newsletter, event organization, user experience
- Legal basis: Contract; Legitimate interest; consent where applicable.
Retention period: termination of contract or legitimate interest; withdrawal of consent.
saw. Purpose: Contact management using the company website
- Legal basis: pre-contractual diligence; Legitimate interest; consent where applicable.
Retention period: duration of legitimate interest; withdrawal of consent or opposition to treatment.
vii. Purpose: Satisfaction assessment by customers or other stakeholders; information security and auditing; physical security and video surveillance
- Legal basis: Legitimate interest; in the case of video surveillance, authorization of the supervisory authority.
Retention period: end of legitimate interest; opposition to treatment; In the case of video surveillance, legal term.
6. How and with what measures personal data are processed
The processing of personal data is carried out through automatic and manual processes, with the adoption of appropriate and considered proportionate technological and organizational measures and controls to protect and preserve them. These include authentication and access management of systems and facilities, monitoring of technological infrastructure, access control, misuse and abnormal traffic, incident management through technical support to systems, storage of data with specific security rules, the management of system usage profiles, restricted access to information on any medium, the conclusion of confidentiality and professional secrecy commitments with all staff as well as trainees, and the respective formation and awareness. Depending on the specific needs and requirements of information management, more robust techniques aimed at anonymizing or further protecting information such as encryption or encryption may be used.
Within the historical archives and for statistical purposes, personal data will, where possible, be anonymised and may be preserved for longer periods, as well as used for primary or new purposes, if compatible.
Personal data may be transferred, for the same purposes, to the entities required by law or to third parties. The hotel units of the group may also transfer data to third parties in the context of investigations, investigations and judicial and / or administrative proceedings or similar nature, provided that this is properly ordered by court order. Due to the nature of the hotel activity, and for the execution of contracts with clients, data may be transferred to partners or suppliers, as well as to public or private entities operating in the health area, with a view to preserving the vital interests of customers or employees. If sharing and processing of personal data requires transfers to third parties outside the Economic Area
In the European Union, the group's hotel units undertake to act as stipulated by current legislation and the General Data Protection Regulation within the scope of transfers of personal data.
7. Rights of data subjects
The response to requests for access and information, the collection and consultation of personal data, updating or modification will be ensured, and the deletion, restriction and opposition to the processing and cessation of automatic processing of personal data for profile management may be requested. applications in accordance with current legislation. In cases where consent has been given, it may be withdrawn using the contact: email@example.com
You may also contact the national supervisory authority for personal data protection if it deems it necessary and relevant.
What are cookies? Small software tags stored on the computer through the browser, retaining information related to your preferences.
What are cookies for? To determine the usefulness, interest and number of uses of websites, allowing for faster and more efficient browsing.
How can you manage cookies? All browsers allow the user to accept, decline or delete cookies by selecting the appropriate settings in their browser. You can set cookies in the "options" or "preferences" menu of your browser. By disabling cookies, you may prevent some services from functioning properly, partially or totally affecting website navigation.