Privacy and security are priorities for our hotel in handling data that may be made available by those who access our website.
By visiting our website, you are aware that your personal information may be collected and used in the ways described in this Policy, in accordance with the provisions of the General Law for the Protection of Personal Data (Federal Law No. 13.709/2018), in the provisions provided for in the Consumer Defense Code – CDC (Federal Law No. 8.078/1990) and in other applicable rules of the Brazilian legal system.
1. Data collected and its purposes
Our website may collect and use some of your personal data, such as your name, telephone, address, e-mail, gender, date of birth and, eventually, your resume, in order to enable: the response to queries in general; booking accommodation; offering discounts; the announcement of promotions and; eventually, the offer of job vacancies. In addition to these data, when making reservations, depending on the chosen rate mode, financial data may be required, such as credit card data for processing payment for the services provided.
2. Method of data collection
Data can be collected by filling out forms provided on our website, as well as by sending messages to our email addresses.
In accordance with the General Data Protection Law, the aforementioned data will only be collected, processed and stored with prior and express consent, in this requested act, and the application will be renewed if necessary during the use and access to the website.
It is important to highlight that the revocation of consent for data processing may imply the impossibility of the proper performance of some functionality of the website that depends on the operation.
4. Rights of visitors and users
Visitors and users of the website are guaranteed the rights provided for in article 18 of the General Data Protection Law. Thus, you can, free of charge and at any time: a) confirm the existence of data processing, in a simplified manner or in a clear and complete format; b) access your data, being able to request them in a legible copy in printed form or by electronic, secure and reputable means; c) correct your data, when requesting the editing, correction or update of these; d) limit your data when unnecessary, excessive or treated in violation of the law through anonymization, blocking or deletion; e) delete your data from your request, except in cases provided for by law; f) revoke your consent, disallowing the storage of your data and; g) be informed about the possibility of not giving consent and about the consequences of denial.
5. Exercise of the rights of visitors and users
In order to ensure your correct identification as the holder of the personal data object of the request, we may request documents or other proof that may prove your identity. In this case, you will be informed in advance.
6. Data storage
Once the period of storage of personal data has ended, they will be deleted from our databases or anonymized, except in the cases legally provided for in article 16 general law on data protection, namely: I – compliance with a legal or regulatory obligation by the controller; II – study by a research body, ensuring, whenever possible, the anonymization of personal data; III – transfer to a third party, provided that the data processing requirements set out in this Law are respected; or IV – exclusive use of the controller, its access by a third party being prohibited, and provided that the data is anonymized.
That is, any personal information about you that is essential for the fulfillment of legal, judicial and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be kept, despite the exclusion of other data.
We employ technical protection measures and solutions capable of guaranteeing the confidentiality, integrity and inviolability of your data.
To keep your personal information secure, we use physical, electronic and management tools aimed at protecting your privacy.
We apply these tools taking into account the nature of the personal data collected, the context and purpose of the processing and the risks that any violations would generate for the rights and freedoms of the data subject collected and processed.
Among the measures we have adopted, we highlight the following: a) only authorized persons have access to your personal data; b) access to your personal data is made only after the commitment to confidentiality and; c) your personal data is stored in a safe and sound environment.
There is a commitment to adopt practices to avoid security incidents. However, it is necessary to emphasize that no virtual page is entirely safe and risk-free. It is possible that, despite all our security protocols, problems that are exclusively of third parties may occur, such as cyber attacks by hackers, or also due to the negligence or recklessness of the user/customer.
In case of security incidents that could generate relevant risk or damage for you or any visitor to the website, we will communicate to those affected and the National Data Protection Authority about what happened, in accordance with the provisions of the General Data Protection Law.
8. Data sharing
Seeking to preserve your privacy, our hotel will not share your personal data with any unauthorized third party.
Your data, however, may be shared in the following cases: I – legal determination, application, requisition or court order, with competent judicial, administrative or governmental authorities; II – case of corporate changes, such as mergers, acquisitions and incorporations, automatically; III – protection of the hotel's rights in any type of conflict, including those of a judicial nature.
9. Cookies and navigation data
To manage your browser's cookies, just do it directly in your browser settings, in the Cookies management area.
Any changes will take effect as of their publication on our website and we will always notify you of any changes that have occurred.
By accessing our website and providing your personal data after such modifications, you will automatically be consenting to them.
In addition, we are also committed to seeking technical and organizational conditions that are surely able to protect the entire data processing process.
If the National Data Protection Authority requires the adoption of measures in relation to the data processing carried out, we undertake to follow them.
As mentioned in Topic 6, although we adopt security measures in order to avoid incidents, there is no virtual page that is entirely risk-free. In this sense, we are not responsible for: I – Any consequences arising from the negligence, recklessness or malpractice of users in relation to the provision of their individual data. We guarantee and are solely responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument. We emphasize that the user is responsible for the confidentiality of access data. II – Malicious third-party actions, such as hacker attacks, unless the hotel's guilty or deliberate conduct is proven. We emphasize that in case of security incidents that may generate relevant risk or damage for you or any of our visitors, we will communicate to those affected and the National Data Protection Authority about what happened and we will take the necessary steps. III – Inaccuracy of the information entered by the visitor in the records necessary to access the website and its pages; any consequences arising from false or maliciously entered information are the sole responsibility of the visitor.