Skip to main content
search

1 – Introduction

Welcome to the website www.palacetesevero.com where Hotel Palacete Severo operates (“Website”).

The privacy and protection of personal data of all users on the Website (“User” or “Users”) is very important to us.

This Privacy Policy establishes how Constellation du Taureau Lda, owner and hereinafter referred to as PALACETE SEVERO, uses Users’ personal data, in accordance with EU Regulation No. 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation – “GDPR”) and with Law No. 58/2019 , of August 8 (together “Data Protection Law”).

2 – Identification of the Person Responsible for the Treatment

Constellation du Taureau Lda with headquarters in Porto, registered under the unique registration, tax and legal person number 515 534 285 (“Responsible for data Processing”) is responsible for the processing of Users’ personal data, collected and subsequently processed within the scope of use of the Website.

Users may, as data subjects, exercise all their rights, provided for in the Data Protection Law, regarding the processing of their personal data within the scope of the Website, with the Data Controller. The Data Controller’s contact details are available in section 9 of this Privacy Policy.

3 – Personal Data processed, Purposes and Legal Basis

Regarding navigation and use of the Website, the Data Controller will use cookies in accordance with the terms described in the Cookies Policy. With the exception of strictly necessary cookies, the use of cookies requires the User’s consent.

Additionally, the Data Controller will process the following personal data (“Personal Data”):

  • First and last name
  • Email address
  • History of stays and services provided by the Hotel (made, paid, received and canceled)
  • Full address

The purposes pursued by the Data Controller with the processing of Personal Data are the following:

  • Management of User registration on the Website, respective use of all its features by the User, including placing and consulting orders, and responding to requests for information and/or clarification made by them (execution and management of the contract with the Data Controller – article 6, paragraph 1, al. b) of the GDPR);
  • Responding to complaints and/or defending the legitimate interests and rights of the Data Controller (legitimate interest of the Data Controller – article 6, no. 1, al. f) of the GDPR;
  • Compliance with legal obligations of the Data Controller, at a fiscal level and with regard to the exercise of the Users’ right to guarantee and (article 6, no. 1, al. c) of the GDPR);
  • Periodically send commercial and promotional communications, including newsletters, with news and promotions, in accordance with the consent collected for this purpose.

The User guarantees that the Personal Data provided on the Website is true, accurate, complete and updated, and is responsible for any damage or loss, direct or indirect, that may be caused as a result of the breach of this obligation.

If the Personal Data provided belongs to a third party, the User guarantees that they have informed the said third party of the information contained in this Policy and obtained their authorization to provide their data to the Data Controller for the purposes indicated above.

4 – Communication of Personal Data

The Data Controller may share Personal Data with other entities, which will process the data exclusively for the purposes identified above.

In particular, Personal Data may be shared with subcontractors in the area of ​​accounting, software supply and maintenance, cloud storage and management of digital platforms, transporters, among others. The Data Controller will, at all times, seek to ensure that its subcontractors will adopt appropriate technical and organizational measures to protect Personal Data.

The Data Controller may also share Personal Data with courts, criminal police bodies and/or other judicial, administrative or regulatory authorities, and lawyers whenever this is necessary for the exercise of its legal defense or rights.

5 – International Transfers of Personal Data

The Data Controller may transfer Personal Data outside the European Economic Area (“EEA”). Whenever there is no adequacy decision in force in the country where the importer of Personal Data is based or in which it provides its service, the Data Controller guarantees that it will adopt the appropriate or adequate guarantees provided for in the Data Protection Law, namely the signing with the importer of Standard Contractual Clauses as, at any time, approved by the European Commission.

To obtain additional information about the appropriate or adequate guarantees that have been adopted, as well as about the means of obtaining a copy of them, or where they were made available, the User must send a request, in writing, to the contact details of the Data Controller who are located available in section 9 of this Privacy Policy.

6 – Security in the Processing of Personal Data

The processing of Personal Data collected and processed within the scope of the Website is protected by appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the most advanced techniques, application costs and the nature, scope , the context and purposes of the processing, as well as the risks, of varying probability and severity, to the rights and freedoms of Users.

7 – Personal Data Retention Periods

Personal Data will only be retained for the period that allows the direct or indirect identification of Users for the period necessary for the purposes for which they are processed.

In particular, and with regard to the retention periods for Personal Data related to the use of cookies, these are available in the Cookies Policy.

Personal data with tax relevance will be kept for a period of 10 (ten) years from the date of collection.

In relation to Personal Data processed for the purpose of managing records on the Website, they will be kept as long as this record remains active. All records whose Users do not access the Website for a period exceeding 24 (twenty-four months) will be deleted, except if the Data Controller understands that they are necessary to exercise their legal defense or rights.

Personal Data intended for sending commercial and promotional communications will be kept for a period of 24 (twenty-four) months from the sending of the last communication or until the User demands their deletion, under legally permitted terms.

8 – Commercial and Promotional Communications

As described above, one of the purposes for which Personal Data is processed is to send commercial and promotional electronic communications.

Communications of this type will be directed exclusively to Users who have previously and expressly authorized them.

If Users wish to stop receiving commercial or promotional communications, they may revoke their previously given consent by sending an email to the following address: palacete.severo@palacetesevero.com or using the link enabled for this purpose.

9 – Exercise of your rights as a Data Subject

In accordance with the provisions of the Personal Data Protection Law, Users may exercise their rights of access, rectification, erasure, limitation of processing, opposition and portability, by requesting it, in writing, to the Contact Point through any of the following means, and specifying the right or rights you wish to exercise:

  • Mail: Rua Ricardo Severo, 21 4050-515 Porto
  • Email: palacete.severo@palacetesevero.com

You may also submit a complaint to the competent supervisory authority if you consider that the processing of your personal data by the Data Controller violates the Data Protection Law. In the case of Portugal, the competent supervisory authority is the National Data Protection Commission, whose contact details are available at www.cnpd.pt.

10 – Changes to the Privacy Policy

The Data Controller reserves the right, at any time, and for any reason it deems pertinent, to make changes or updates to this Privacy Policy, these changes being duly reflected on the Website.

We suggest that Users regularly check the Website to stay up to date with any changes. Without prejudice, if these changes imply a substantial change in the way in which your data will be treated, the Data Controller will notify the Data Holders using the contact details made available to them.