Privacy Policy
“We”, “us”, “our” and other similar pronouns mean, depending on the context, the specific Data Controller as specified below.
Thank you for visiting our website and for your interest in our company.
Thank you for visiting our website and for your interest in our company. We really value the trust you have placed in us, which means that we are committed to exercising great care when handling your data and protecting it from misuse.
To make you feel safe and comfortable when visiting our website, we take protection very seriously the your personal data and their confidential processing. For this reason, we only act in accordance with the applicable legislation on the protection of personal data and data security. The purpose of this data privacy information is to provide you with information about the data we store and how we use it in accordance with applicable case law.
This Privacy Policy applies to all hotels managed and operated under the SANA brand. Hotels, their food and drink establishments, as well as their spa and fitness facilities.
All of our companies comply with the EU’s General Data Protection Regulation, the current law implementing the Portuguese GDPR (Law no. 58/2019 of 8 August).
To protect your personal data while using the Internet, we are guided by the Portuguese Decree-Law on Electronic Commerce in the Internal Market and the Processing of Personal Data (Decree-Law no. 7/2004, of 7 January).
Below we explain what information we collect during your visit to our websites and how it is used.
OVERVIEW
NAME AND ADDRESS OF DATA PROCESSOR
The entity responsible for the GDPR and other national data protection laws of the member states, as well as other data protection regulations is the following, according to the website the user is visiting and/or according to the entity that collects and processes their personal data:
SANA HOTELS
https://www.sanahotels.com | https://www.sanaworld.pt
Edifício Myriad Crystal Center, Cais das Naus
Lote 2.15.02
1990-173 Lisboa, Portugal
EPIC SANA ALGARVE
https://www.sanahotels.com/pt/hotel/epic-sana-algarve/
Copta – Companhia Portuguesa De Turismo Do Algarve, S.A.
Falésia Beach, Pinhal do Concelho 8200-593 Olhos de Água Albufeira
COLLECTION, PROCESSING AND USE OF PERSONAL DATA AT SANA HOTELS
1. Description and scope of data processing:
SANA Hotels Portugal, S.A., Edifício Myriad Crystal Centre, Cais das Naus, Lote 2.15.02, 1990-173 Lisbon, Portugal is responsible for making central reservations. To increase our services, we manage all the data received in the central hotel software within the hotel group. The establishment where the booking is made is responsible for this.
The respective booking data can only be viewed by the person responsible. Together, access to a guest's master data is used, for example, to make a reservation for another hotel at a later date, to make a rebooking or to carry out marketing activities centrally. Central services, such as booking and marketing, have access to this data. The legal basis for data processing is our legitimate interest in processing data within the scope of central administration and utilising the data of our customers and business partners within the hotel group.
If the services are used, as a rule only such data is collected as is necessary for the provision of the services. If further data is collected, this is voluntary information. Personal data is processed exclusively for the purpose of fulfilling the requested service and to protect our own legitimate business interests in accordance with Art. 6(1) f) GDPR.
Contact information from bookings may be used later by the sales department for advertising purposes. Advertising campaigns preferably include the sending of e-mails. The use of the e-mail address requires the consent of the guest in accordance with Art. 6(1) a) GDPR.
Your data will only be processed for purposes other than those mentioned above if such processing is in accordance with Article 6(4) of the GDPR and is compatible with the original purposes of the contractual relationship. We will inform you of these processing operations before processing your data in this way.
before processing your data in this way.
2. Legal basis for data processing
The legal basis for processing the data is the conclusion of an accommodation contract with the guest.
.
The data transmitted will be stored in our hotel software and used to conclude the contract. If there is no contractual relationship, the data will be deleted after a year, at the end of the year.
3. Groups of people affected, data and data categories:
In order to fulfil the purposes listed, personal data is collected, processed and used for the following categories:
.
Booking data (specifically address data, contact data, booking data, customer requests, billing data)
.
Other customer data (specifically address, billing and performance data)
4. Recipients to whom the data may be disclosed
The data can be communicated to subsequent recipients:
.
Internal units involved in the execution and fulfilment of the respective business processes (e.g. hotels in the hotel group, central reservation, accounting, sales and marketing, IT organisation) Public bodies that receive data on the basis of legal regulations (e.g. police forces, public authorities)
.
External contractors according to Art. 28 GDPR (service providers)
.
Other external organisations (e.g. credit institutions, companies, provided that the data subjects have given their written consent or that the transmission is permitted for overriding legitimate interests)
5. Purpose of data processing
The main purpose of collecting, processing or using personal data is the administration, care and hospitality of guests within the framework of the accommodation contract, in accordance with Art. 6(1) b) of the GDPR.
6. Duration of storage
The legislator has decreed various obligations and retention periods. After the expiry of these periods, the corresponding data and data records are routinely deleted or anonymised if they are no longer required for the fulfilment of the contract.
7. Option for opposition and deletion
The user may object to the processing of personal data at any time. To this end, we have set up the e-mail addressprivacy@sanahotels.com
CONTACT FORM / E-MAIL CONTACT
1. Description and scope of data processing:
To the extent that a contact form is provided on our website, this can be used to establish contact electronically. If a user contacts us via the contact form, the data entered in the input template will be transferred to us and stored. This data includes: title, name and surname, address, e-mail address, telephone number and reason for contact. You can also contact us via the e-mail address provided. In this case, the user's personal data transmitted together with the e-mail must be stored.
2. Legal basis for data processing:
Our legitimate interest in processing data in the context of contact with you is the initial legal basis for processing data. If the purpose of the contact is to conclude a contract, the initiation of a business relationship or a contractual relationship will constitute the additional legal basis for data processing.
3. Purpose of data processing:
We only process personal data taken from the input template of the contact form for the purpose of establishing contact. If we are contacted by e-mail, we also have a legitimate interest in processing the data. Other personal data processed during the submission process is used to prevent misuse of the contact form and to guarantee the security of our computer systems.
4. Duration of storage:
Data is deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. In the case of personal data sent by e-mail, the data is deleted when the correspondence with the user has ended. The correspondence ends when it can be inferred from the circumstances that the matter in question has been conclusively resolved. If the contact is made on the basis of a pre-contractual relationship (offer or booking request), the data transmitted will be additionally stored in our hotel and/or event software and used for the execution of contracts. If no contractual relationship arises, the data will be deleted after a period of one year from the end of the year.
5. Option for opposition and deletion
Data is deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. In the case of personal data sent by e-mail, the data is deleted when their correspondence with the user has ended. The correspondence ends when it can be inferred from the circumstances that the matter in question has been conclusively resolved.
The enquirer (data subject) can revoke their consent to the processing of personal data at any time. To this end, we have set up the e-mail address privacy@sanahotels.com. In the event of an objection, correspondence cannot continue and we cannot continue to make offers, etc. In this case, all personal data stored when the contact was made will be deleted.
ONLINE BOOKINGS VIA THE WEBSITE
1. Description and scope of data processing
The conclusion of an accommodation and/or Food and Beverage service contract with the user will constitute the legal basis for data processing.
.
The data transmitted will be stored in our hotel software and used to conclude contracts. If no contractual relationship arises, the data will be deleted after a period of one year from the end of the year.
2. Legal basis for data processing
The legal basis for processing the data is the conclusion of an accommodation contract with the guest.
.
The data transmitted will be stored in our hotel software and used to conclude the contract. If there is no contractual relationship, the data will be deleted after a year, at the end of the year.
3. Purpose of data processing
We only process personal data taken from the input template of the contact form for the purposes of processing booking enquiries and completing payment transactions.
4. Duration of storage
Data is deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as the national, commercial, statutory or contractual retention requirements have been met.
5. Option for opposition and deletion
The user may object to the processing of personal data at any time. To this end, we have set up the e-mail addressprivacy@sanahotels.com.
We would like to draw your attention to the fact that, if you object, we will not be able to complete the booking or continue sending you correspondence.
SUPPORT, ADVICE AND PUBLICITY FOR CORPORATE CLIENTS
1. Description and scope of data processing
For the support, counselling and advertising of corporate clients, in addition to information about the business partner or potential business partner, we also collect and use information about the contact person, telephone number and postal address. Information is obtained from various sources, either by requesting it (by email or telephone) or at events, fairs, business cards received by our sales team, etc.
2. Legal basis for data processing
Our legitimate interest in processing data will otherwise constitute the legal basis for processing data. If the purpose of the contact is to conclude a contract, the start of a business relationship or contractual relationship will constitute the additional legal basis for data processing. To improve our services, we manage all the data received in the CRM module of our hotel software.
3. Purpose of data processing
We use this contact information exclusively for our own purposes and to design our own sales activities based on demand.
4. Duration of storage
No specific deadline has been set for disposal. However, if our sales department has not had contact with a corporate contact for a period of three years, the sales team will decide whether the corporate contact person's data will be deleted.
If the contact is for a pre-contractual relationship (offer, reservation or booking request), the data transmitted will be stored additionally in our hotel software and used for the execution of contracts. If no contractual relationship arises, the data will be deleted after a period of one year from the end of the year.
5. Option for opposition and deletion
The corporate contact can object to the processing of their personal data at any time. To this end, we have set up the e-mail address privacy@sanahotels.com.
In this case, all personal data of the contact person stored for the business partner will be deleted.
ONLINE EVALUATIONS
1. Description and scope of data processing
Former customers can rate the establishment after they have checked out. We would like to send you an e-mail within 14 days of your departure to ask you to submit an evaluation of the establishment. On request, reviews can be published anonymously. If you did not enjoy your stay at our hotel, or did not feel comfortable in our hotel, we would like to take the opportunity to contact you.
If you submit an online review on our website, the data will be stored in the REVIEW RANK, S.A., Calle Aribau, 240, 6-M, CP-08006 Barcelona, Spain rating tool. REVIEW RANK, S.A. has undertaken to process your transmitted data in a manner compatible with data protection. You have taken all organisational and technical measures to protect your data.
If you, as a former customer, have the opportunity to submit an online evaluation, the data entered in the evaluation template will be stored. This data includes: e-mail address and voluntary information such as name, surname and language, as well as evaluation statements.
2. Legal basis for data processing
Our legitimate interest in processing data will otherwise constitute the legal basis for processing data.
3. Purpose of data processing
The purpose of the establishment review is to communicate and summarise the opinions of hotel guests on our website and on third-party websites so that interested parties can form their own opinion of our services. The results are also used for our internal quality management.
The data is used exclusively for publishing reviews and for mediation in the event of negative reviews.
4. Duration of storage
The data must not be deleted.
5. Option for opposition and deletion
You can object to the use of your e-mail address to send an evaluation e-mail in the registration form. You can also delete the published review at any time (right to be forgotten). To this end, we have set up the e-mail address privacy@sanahotels.com
Tell us which evaluation your request relates to!
NEWSLETTER SERVICE
1. Description and scope of data processing
You can subscribe to the newsletter service Al Quimia in our website. If you use this option, the data entered in the input template (name, e-mail address, telephone number, preferences) will be transmitted to SANA Hotels Portugal, SA, Edifício Myriad Crystal Centre, Cais das Naus, Lote 2.15.02, 1990-173 Lisboa, Portugal and stored. If we receive an e-mail address where the recipient clearly informs us that they would like to receive our newsletter, we will collect their data via the entry template on our website.
2. Legal basis for data processing
The legal basis for processing data is the consent of the recipient. This is ensured by a double authorisation procedure for data collection.
3. Purpose of data processing
We only process personal data for the purpose of sending individual newsletters.
4. Duration of storage
The data will be deleted as soon as the newsletter service is cancelled.
5. Option for opposition and deletion
As a recipient of newsletters, you have the option of objecting to the use of your data for advertising purposes at any time. Each newsletter gives you the option to unsubscribe from the newsletter service. We have also set up the e-mail address privacy@sanahotels.com.
Please give us your e-mail address when you place your order!
APPLYING FOR A JOB OFFER
1. Description and scope of data processing
On our website and via Internet portals (especially hotelcareer.de), you have the opportunity to apply for advertised vacancies. If you choose this option, as a candidate, the data transmitted to us can be stored and used. These data are:
Title, first name, surname
Contact information (e-mail address, telephone number)
Cover letter
Detailed application attached
Initially, the data is not shared with third parties in this context. Otherwise, the data is used exclusively for processing the application by the specialised department and for communication.
2. Legal basis for data processing
The legal basis for processing the data is the process of negotiating a contract or entering into a contract with the user. We will obtain your prior consent for the long-term storage of application documents and for passing on the application to third parties.
3. Purpose of data processing
Personal data is only processed to enable us to deal with the application.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to fulfil the purpose for which it was collected, no later than 6 months after rejection. In the case of a contractual relationship, we will delete the data received as soon as the national, commercial, statutory or contractual retention requirements have been met.
5. Opposition and deletion options
You have the option of objecting to the processing of your data at any time. To do this, send an e-mail to the same address used to send the job application. We've also set up the e-mail address privacy@sanahotels.com.
WEBSITE PROVISION AND CREATION OF LOG FILES
1. Description and scope of data processing
Whenever this website is accessed, our system registers data and information from the computer system, smartphone or other mobile device that has been accessed by an automated system. The following data is collected as part of this process:
Information on the type of browser and version used
User's operating system
User's IP address
Access time and date
Websites from which the user's system reached our website
Websites accessed by the user's system through our website
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user. In this sense, it is not possible to create personal user profiles. The data stored will be evaluated for statistical purposes only.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is to safeguard our legitimate interests.
3. Purpose of data processing
The system temporarily stores the user's IP address in order to make the website available on the user's computer. To do this, the user's IP address must be stored during the session. O storage in log files is carried out to guarantee the functional capacity of the website. The data also helps us to optimise the website and ensure the security of our systems it.Thestored data can be evaluated for statistical purposes or to track website cyber-attacks carried out by third parties.This is also the reason behind our legitimate interest in data processing.
4. Duration of storage
Data is deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. When data is collected to make the website available, this is the case when the respective session ends. When data is stored in log files, this happens after a maximum of seven days. Storage can be maintained after this period. In this case, users' IP addresses are deleted or disordered so that they cannot be attributed to the requesting customer (data subject).
5. Option for opposition and deletion
The collection of data to make the website available and the storage of data in log files are necessary for the operation of the website. Therefore, it is not possible for the user to object.
USE OF COOKIES
1. Description and scope of data processing
Cookies are small files that allow us to store specific user-related information on your computer when you visit our website. Cookies help us to determine the number of users who have used our website, as well as their frequency of use, and allow us to organise our products and services in the most convenient and effective way possible for you. We use "session cookies", which are temporarily stored on your computer during the period in which you use our website. Session cookies are stored on your data carrier and are used to ensure specific settings and functionalities on our website via your browser. The cookies we use will be deleted at the end of the browser session, i.e. when you close your browser. We also use cookies on our website to analyse user browsing habits. In this way, the following data can be transmitted: search terms entered, frequency of page views, use of website functions. Technical measures are used to anonymise user data that is collected in this way. It is therefore not possible to assign data to an enquirer (data subject). The data will not be stored together with other personal data of the user. By visiting our website, the user is informed about the use of cookies for analysis purposes. Your consent to the processing of personal data is also obtained in this context. At this point, the user is also directed to the data privacy policy.
2. Legal basis for data processing
Our legitimate interest in processing data is the legal basis for processing personal data using cookies, which are technically necessary. The provision of the user's consent for this specific purpose constitutes the legal basis for processing personal data through analytics-based cookies.
3. Purpose of data processing
Technically necessary cookies are used to simplify the use of the website by users. Some of the functions of our website cannot be provided without the use of cookies. These services require the browser to be recognised again after a page change. User data collected through technically necessary cookies will not be used to create user profiles. Analysis cookies are used to improve the quality of our website and its content. These cookies allow us to learn how the website is used so that we can continually improve our offer.
4. Duration of storage
Cookies are stored on the user's computer, which transmits them to our website. This will give you, as the user, full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Previously stored cookies can be deleted at any time. Previously stored cookies can be deleted at any time. automatically.Case cookies are disabled for our website, some features of our website may no longer be available. available.Also you can enjoy our offers without cookies or scripts. You can deactivate the storage of cookies and scripts in your browser, you can restrict cookies and scripts on certain websites or you can configure your browser so that you are notified whenever a cookie is activated You can delete cookies from your hard drive at any time. computer. You can install a browser add-on to block scripts. Examples of these browser add-ons are NoScript for the Firefox andScriptSafe for Google Chrome. These not only block all types of Javascript as well as blocking selected trackers, Java, Flash and other plug-ins in websites.If third-party cookies are a concern for you, you can disable only these cookies and still enable the cookies that allow our website to work correctly.However, these changes may affect the way in which the website is displayed or limit its functionality.The below we provide more information about the cookies used on our website. These cookies allow us to personalise the features and content of the website to suit you by storing your preferences. Cookies can be used, for example, to store your user data on our forum or to select the language. They can also be used to provide interactive information so that you can view our virtual catalogues or watch videos, for example:
Cookie name
tt-domain-user-id
Function of cookies
The booking function uses this cookie.
5. Option for opposition and deletion
In addition to the information provided above on the use of cookies, we would like to draw your attention to the following following:Utilisation by Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing.The our website may use Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing These services are provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, EUA (“Google”).This website uses Google Analytics, a web analysis service provided by GoogleInc. (“Google”). Google Analytics uses so-called "cookies". These are of text files stored on the user's computer that make it easier to analyse the use of the website. The information generated by the cookie about the user's use of this website is generally sent to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and truncated there in exceptional cases. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by changing the respective settings in your browser software; however, you may not be able to fully utilise all the features of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to using the browser add-on or in mobile device browsers, click on this link to avoid future detection by Google Analytics within this website. It will store a cancellation cookie on your device. If you delete your cookies, you must click on this link again. The explanations given above in Section XI(1) to (4) apply accordingly.
Deactivation of Google advertising
(http://www.google.com/privacy_ads.html) ou na página de cancelamento da Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp)
Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed by marketing professionals using this interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record personal data. The tool causes other tags to be activated, which in turn can record data under certain circumstances. Google Tag Manager does not access this information. If recording has been disabled at domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
Use of social media plug-ins
Os plug-ins da rede social Facebook, operada por Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into the pages of our websites. It can recognise plug-ins from by the Facebook logo or via the "Like" button on our pages. You can find an overview of the Facebook aqui: developers.facebook.com/docs/plugins/. When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook. Thus, the Facebook receives the information that you have visited our website from your IP address. If you click on the "Like" button on the Facebook while logged into your Facebook,account you can link the content of our pages to your Facebook profile.. Thus, the Facebook you can assign the visit to the pages of our website to your user account. We, as the provider of the pages of our website, do not receive any notification of the content of the data transmitted from the Facebook, nor have we received any notification about its use.
PROTECTION OF MINORS
This service is aimed specifically at adults. We do not currently have any services specifically targeted at minors. As a result, we do not knowingly collect age rating information, nor do we knowingly collect personal information from anyone under the age of 16. However, we advise all visitors to our website under the age of 16 to avoid disclosing or providing any personal information to our service. If we discover that a minor under the age of 16 has provided us with personal information, we will delete that minor's personal information from our files to the extent technically possible.
DATA SUBJECT RIGHTS
When your personal data is processed, you become the data subject within the meaning of the GDPR and have the following rights in relation to us ("the controller"): You have the right to information about the personal data stored about you, including the purpose of the processing, as well as about any transfer of data to third parties and the duration of data storage. If the data is incorrect or no longer necessary for the original purpose for which it was collected, you can request that the data be corrected, deleted or that the data processing be restricted. In accordance with the processing procedures, you can also view and correct your data if necessary. You have the right to object at any time, on compelling legitimate grounds relating to your particular situation, to the processing of your personal data, provided that the processing is based on a legitimate interest. Following an objection, the controller may no longer process the personal data concerning you, unless the controller can prove compelling reasons for the processing which require protection and which override your interests, rights and freedoms, or can prove that the processing is for the purpose of asserting, exercising or defending legal claims. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is directly related to such direct marketing. If you object to processing for direct marketing or profiling purposes, the personal data concerning you shall no longer be used for such purposes. You have the right to revoke your declaration of consent at any time under data protection law. Revocation of consent does not affect the lawfulness of processing carried out on the basis of consent up to the time of revocation.
THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
As a data subject, you have the right to lodge a complaint with a data protection supervisory authority, namely in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data concerning you violates data protection. The regulatory authority with which the complaint was lodged must inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy. More information can be found on the website of the National Data Protection Commission.
SECURITY
We are responsible for ensuring the protection of your personal data. To protect your personal data from unauthorised access and illegal use, alteration, distribution or copying, we take appropriate technical and organisational measures, such as anti-virus or anti-spyware, subject to permanent updates, SSL encryption of sensitive data (credit card, booking form), firewalls, frequent backups or limited access to personal data when necessary. We realise that no security measure is 100% efficient and secure, but we are committed to protecting the integrity and confidentiality of your personal data. To this end, we will continue to review and improve our security measures. When you access our website using a username and password created or selected by you, you are responsible for ensuring the confidentiality and protection of these credentials.
Last updated in February 2023