RESERVE SU ESTANCIA EN NUESTRA PÁGINA WEB OFICIAL
-
-
TIPOS DE HABITACIONES EXCLUSIVAS -
DESCUENTOS EXCLUSIVOS -
CANCELACIÓN FLEXIBLE
Jupiter Hotel Group
PRIVACY POLICY
Jupiter Hotel Group is committed to complying with all national and European laws and regulations in the maintenance of policies, procedures, work instructions and technical measures appropriate for the protection of privacy of personal data, the handling and / or processing of which is under its responsibility .
Personal data are classified as being of restricted access, according to the levels indicated in DOC 7.6 - Classification of the ISMS (Information Security Management System).
This policy applies to all personal data held by the Jupiter Hotel Group, whether in digital or physical form, collected directly from a subject or from third parties.
The Jupiter Hotel Group will ensure that all collaborators will be informed and understand this policy as well as any other policies and procedures that it implements to support compliance.
In cases where this policy has in any way been infringed, a disciplinary proceeding may be opened and may lead to civil or criminal lawsuits based on the gravity and impact resulting from the transgression.
We recommend that you carefully read this Privacy Policy so that your decision on whether or not to disclose your personal information and to have us keep it is unimpeded, informed and voluntary.
This Data Protection and Privacy Policy applies to all hotels managed and operated by the Jupiter Hotels Group. For further information about us, access https://www.jupiterhotelgroup.com.
Goal
This policy describes how the Jupiter Hotels Group operates in relation to the handling of personal data, the purposes for which we may use data, the handling of personal data under our responsibility, with whom it is shared, for how long data is kept and the means available for you to contact us in order to exercise your rights.
Who we are
The Jupiter Hotels Group is the company (or group of companies) that will be responsible for handling your personal data. Thus, and in compliance with the current legislation at national and European levels, you may contact our services via e-mail: dpo@jupiterhotelgroup.com in order to resolve or clarify any matter related to the handling / processing of your personal data.
Data collection
As a rule, personal data are collected directly from the user when he / she registers on our website, visits one of our hotels, requests a contact and / or our newsletter or restaurant menu, makes a request by phone, e-mail or by chat, purchases a product or enters into a contractual relationship with any company that is part of the Jupiter Hotels Group, either online or in person. Data may also be collected indirectly, when it comes to data sent by partner entities or third parties, as is the case of reservations made via a tour operator, for example.
Third Parties
In processing user data, the Jupiter Group may use or may resort to third parties contracted by the Group to process such personal data, always in accordance with the indications and determinations imposed by the Jupiter Group and always in accordance with the current national and European legislation as well as this personal data privacy policy.
Third parties performing any kind of data processing under the responsibility of the Jupiter Hotel Group are not allowed to transmit these data to other parties without the Jupiter Hotel Group determining and informing in writing that such transfer should occur, nor can they sub-contract other entities for the processing of data without prior authorisation from the Jupiter Hotel Group.
Third parties contracted by the Jupiter Hotel Group offer maximum security in data processing, ensuring that there are adequate technical and organisational measures in place for the safeguard of the rights and guarantees of data subjects. The relation between the Jupiter Hotel Group and third parties is always effected by a written agreement in which the object, duration of handling, nature and purpose, types of personal data, categories of subjects, as well as rights and obligations of both parties are established and regulated.
Purposes of treatment
The Jupiter Hotel Group will process data under its responsibility for the purposes inherent to its collection.
• Relationship with employees / suppliers / service providers / third parties
In this context, data processing is necessary for the continuation of contracts to be concluded between data holders and the Jupiter Hotel Group, or for making the necessary pre-contractual arrangements. Should data not be available, the Jupiter Hotel Group will not be able to fulfill the contractual or even legal obligations required for each type of contractual relationship.
Data for this purpose will be kept for the duration of the contract / contractual relationship in question without prejudice to compliance with legal provisions that may require a longer retention period. Data collected for this purpose may also be processed for the purpose of litigation management, its legality being the legitimate interest on the part of the Jupiter Hotels Group, in which case data will be kept for the period that is required to exercise their legitimate interest.
• Customers
In this context, processing of your personal data is necessary for the execution of the contract between yourself and the Jupiter Hotel Group, as well as for the necessary pre-contractual procedures when you make a request. Should data not be available, the Jupiter Hotel Group will not be able to fulfill the required contractual or even legal obligations. In some instances, you may be asked to provide information about relatives and accompanying persons, such as the names and ages of the children.
Throughout your stay in one of our hotels, we may collect audio and video images through the video surveillance systems located in the public areas of our units, those being for the sole purpose of protection, both yours and ours.
Should you provide us with data related to a third party at the time of reservation or purchase of an offer, it will be deemed that we also have a legitimate interest in this instance to process such personal data in accordance with our privacy policy.
Data for this purpose will be kept for 5 years after your last stay in one of our hotels, without prejudice to compliance with legal provisions regarding data retention for a longer period.
Data collected for this purpose may also be processed for the purpose of litigation management, its legality being the legitimate interest on the part of the Jupiter Hotel Group, in which case data will be kept for the period that is required to exercise their legitimate interest.
• Potential Clients
Processing of your data may be necessary for pre-contractual procedures with a view to concluding a contract between yourself and the Jupiter Hotel Group. If your data is not available, we will not be able to provide you with the requested or pre-contracted services.
Your data will be kept for this purpose for 30 days without prejudice to compliance with legal provisions regarding data retention for a longer period.
• Direct marketing
The Jupiter Hotel Group may process your data for the purpose of sending you information about offers, products and services in your hotel and catering units. This information service and type of data processing will be carried out only with your consent, which will be duly requested in a positive and informed manner at the time of collection of your data by means of a specific form for that purpose or through the subscription of our online newsletter.
Thus, with your consent, you will receive marketing communications via e-mail. In the same e-mail, there will always be an option to withdraw consent.
Your data will be kept for this purpose for a maximum period of 3 years after your consent or renewal of consent has been given, unless you decide to withdraw your prior consent. After the deadline of 3 years, you will receive a request for renewal of consent. Should this not be granted, then your data for this purpose will be deleted.
• Profiling based on survey
The Jupiter Hotel Group will request that you, as a client, complete a satisfaction survey that will be sent to your e-mail address with your consent.
The Jupiter Hotel Group may handle your personal data and combine information regarding personal preferences, interests and behaviour, as well as your responses to the survey in order to improve products and services that we provide.
This data processing will be carried out only with your consent, granted at the time of data collection via a specific form and completed for that purpose.
You may exercise your right of opposition to this data processing at any time.
Your data will be kept for this purpose for a maximum period of 3 years after your consent or renewal of consent has been given, unless you decide to withdraw your prior consent. After the deadline of 3 years, you will receive a request for renewal of consent. Should this not be granted, then your data for this purpose will be deleted.
• Suggestions, complaints and conflicts management
You may find it necessary to contact the Jupiter Hotel Group Group for purposes of making a suggestion, complaint or conflict. This contact may be made directly at any of the hotels in the Group, via telephone or by email to dpo@jupiterhotelgroup.com. Your personal data requested on this interposition will be handled based on the legitimate interests of the Jupiter Group and on your consent. Data are gathered in order to analyse and resolve the situation underlying your suggestion or complaint.
Data collected for this purpose will be kept for the period of time that is necessary to resolve the matter that you have presented and at most until 3 years after its conclusion.
Data sharing
As a result of the purposes for which your personal data are collected, these may be transmitted as follows:
• Within the companies of the Jupiter Hotel Group
In order to maintain quality of service and provide information on news, promotions and services that may better suit you, the information is shared within the Jupiter Hotel Group, provided that you have given consent to the Jupiter Hotel Group for processing.
• Suppliers / service providers / third parties
If you are our customer, collaborator, service provider or supplier, please be aware that your data may be processed by companies sub-contracted by the Jupiter Hotel Group, namely in the hosting of data collected via Web-Site, electronic mail, hotel management system, billing and e-marketing platform. In such cases, personal data essential for the provision of the service concerned will be provided.
• Authorities and Public Administration
Some of your personal data will be transmitted to the competent authorities in compliance with legal commitments such as providing information to Foreigners and Borders Services and to the Revenue Authority.
In case of an investigation and in its proven legitimacy and by legal order, your data may also be shared with the competent police or judicial authorities.
Your Rights
In accordance with the national and European law, you are granted several rights related to your personal data, one of which is the duty to information on the purposes of processing, retention times and transfers, and this is granted herein.
In addition to the right to information at any point, you may ask us to access the information that we keep about you, to rectify the information if not correct or complete, to delete or limit the existing processing and, in cases where data treatment is dependent on your consent and obtained in digital form, to its portability.
The Jupiter Hotel Group undertakes to process your personal data in a careful and organised manner to ensure that your rights are guaranteed. In order to exercise your rights, you may be required to prove your identity to ensure that your rights and freedoms do not interfere with the rights and freedoms of others.
You should be aware that in certain situations and due to legal requirements or police / judicial / litigation investigation your request may not be immediately satisfied.
All requests will have a response from us within a maximum of 30 days, as required by law.
The exercise of your rights does not imply the payment of any fee. However, cases of unfounded, repetitive or excessive requests may be subject to a fee.
In this context, and in order to exercise your rights, you may also make a complaint to the National Data Protection Commission if you believe that your rights have not been safeguarded or guaranteed.
• Access
The data subject has the right to request access to the personal data processed by the Jupiter Hotel Group which concerns him/her.
• Rectification
If inaccuracies are detected or if you are aware of any inaccuracies related to your personal data handled by the Jupiter Hotel Group, you may request that they be rectified.
• Erasing
The right to erase your personal data upon request depending on the following situations:
- They are no longer necessary for the purpose for which they were collected and processed;
- When consent is withdrawn (in the case of processing that is consent-based), and there is no further basis for processing;
- The subject opposes processing and there are no prevailing legitimate or legal interests justifying processing;
• Limitation
The right to limit processing of your personal data upon request depending on the following situations:
- Contesting data accuracy over a period of time to allow for its confirmation;
- In the event of unlawfulness in the processing of data and its holder opposes its erasure, requesting in return the limitation of its processing;
- If there is a need on the part of the holder of data not to erase for legal reasons, or defense in legal proceedings, and these are no longer of interest for processing by the Jupiter Hotel Group;
- If there is opposition to data processing and until it is ascertained whether or not there are legitimate grounds on the part of the Jupiter Hoterl Group to continue processing them.
• Portability
In cases where the processing of the data is dependent on your consent or on a contract entered into with the Jupiter Group and obtained in digital form and processed in an automated manner, you may request your personal data in a structured form and in a computer-readable digital format.
This right does not include data inferred or derived from analyses carried out by the Jupiter Group on the personal data being processed.
Also, in cases where it is technically possible to transfer between controllers, the data subject may request a direct transfer to a responsible party other than the Jupiter Hotel Group.
• Opposition
In cases where the processing of data is legitimised based in legitimate interests alleged by the Jupiter Group, if the data processing is done for purposes of direct marketing or profile definition, you may at any time oppose the processing of your personal data.
Procedures for the exercise of the data subject's rights
All rights of the data holders specified in the previous point may be exercised by the user.
For more information you can contact the Jupiter Group by email: dpo@jupiterhotelgroup.com, by letter to the DPO (or any other reference if there is no DPO) Jupiter Hotel Group Av. Tomás Cabreira nº92, 8500-802 Portimão, Portugal. You may also request the exercise of your rights at the reception of any one of our hotels.
Technical, organisational and security measures implemented
The Jupiter Hotel Group takes the appropriate technical and organisational measures, in accordance with the applicable legal provisions, to ensure against accidental or unlawful destruction, accidental alteration or loss, unauthorised access or disclosure of the personal data entrusted to us. There are technical measures such as up-to-date firewalls and antivirus systems, as well as organisational measures such as monitoring and logging of systems access and internal identity management procedures.
The Jupiter Hotel Group has an Information Security Management System, and the personal data for which we are responsible to process are treated in an absolutely confidential manner, and there are internal security and confidentiality policies and procedures in place, which are updated in accordance with the legal needs and changes that so require.
The Jupiter Hotel Group commits itself by default to use the minimum personal data for processing required for the purposes previously defined, and only those individuals who are duly authorised to that end will have access to those data in accordance with the internal identity management system.
Interaction with the Jupiter Hotel Group website is done through secure channels and communications using the HTTPS protocol and the SSL security standard.
There is continuous awareness and ongoing training of internal employees regarding both data security measures and data privacy available in the Group, as well as in respect to the current legislation on data security and privacy.
Whenever possible, anonymisation or pseudonymisation of personal data is carried out, thus making data identification more complicated in the event of a data leakage.
The Jupiter Hotel Group has data backup and recovery systems that allow for a quick reposition of systems and data after an incident.
The Information Security Management System is designed to guarantee information and the confidentiality, availability and authenticity of data processed by the Jupiter Hotel Group are assured both technically and organisationally.
Use of Cookies
When you visit our Site, and in order to allow for better service and a more pleasant navigation, you will be required to consent to the creation and recording of text files (Cookies) in your computer.
Cookies or other similar tracking devices are data packages used to connect to the user's browser and collect information about the browsing and interests of those who use the site. This information can contain, for example, the session ID, location, language, device used, or operating system.
During the validity period of the cookie it stores the state information when the browser accesses several pages of a website or when a browser returns to this same site.
There are two types of Cookies:
• Session, when they are automatically deleted after closing the browser or our website;
• Persistent, when these remain in your device until the expiry date or until they are deleted by using tools available in your browser for that purpose
This type of technology is used for the following purposes and collects the following personal data:
• To manage the authentication of those who visit us online, as well as enable the use of security measures in the reservation and navigation request, ensuring the proper functioning of the authentication module;
• To identify, through location markers, where the visit originates, giving us a better idea of who our guests are and enabling us to customise our services;
• To identify users by marking the social networks used, thus managing, with your consent, customised information on the type of services that are of interest to you (if you have your social network session open when you visit us);
• To monitor our website's performance and ensure updates and navigation improvements to meet the expectations of those who visit us online;
• To optimise the navigation experience by making it easier, in particular by determining the preferred routes for your navigation;
• To carry out usage statistics, this being done in an aggregated manner that excludes individual identification of the data subjects who originated the information;
• To allow for quicker access to your pages by storing data or login information that you have previously entered;
• To adapt our website to the platform that you use to visit us.
This file will allow you greater ease and speed in accessing the Site, as well as its customisation according to your preferences. Most browsers accept these files (Cookies), but you may delete them or automatically set your lock. In the "Help" menu of your browser you will find out how to choose these settings. However, if you do not allow the use of cookies, there may be some features of our website that you will not be able to use.
Regarding the social networking feature that you are logged into when you visit us, we recommend that you read the privacy policies of those same networks to familiarise yourself with how they use the navigation information that they collect.
Violations of personal data
In the event that a personal data breach has been detected, and should impact assessment imply a high risk for the rights and freedoms of the affected data subject, the Jupiter Group undertakes to notify, within 72 hours of becoming aware of the incident, the Control Authority (CNPD) and the affected data subjects on the infringement of personal data.
The data subject will not be notified in the following situations:
• If all appropriate protection measures, both technical and organisational, have been applied to the personal data concerned, in particular measures that make personal data incomprehensible to any individual who is not authorised to access such data, such as encryption or anonymisation;
• If subsequent measures have been taken to ensure that there is no longer any risk to the data subject concerned; or
• In the event that notifying the data subjects requires a disproportionate effort. In this instance, public communication or something similar could be used allowing for data subjects to be informed.
Final provisions
This document is the property of Jupiter Hotel Group and it is its responsibility to ensure that this policy is reviewed in accordance with legal requirements or changes to the type of handling / processing of personal data under its responsibility.
The latest version of this document is available to all employees, suppliers, service providers and business partners on the Group's website at the following link: https://jupiterhotelgroup.com; on hard copies available at the various hotel receptions or by consulting the Group's complete information security management system process. As it does not contain confidential information, it is made openly available to all, including outside parties.
This information security procedure was approved by the Group's Management on (date) and is available in a controlled version under the signature of the CEO of the Jupiter Hotel Group.
