A. GENERAL PART
As part of the provision of the website hosted at www.pestanaportocovo.com (“Site”) and the information and means of contact included therein, URP – URBAN RENEW – PROJECTOS IMOBILIÁRIOS SI SA, headquartered in R. Jau, n.º 54 1330- 314 Lisboa Portugal and NIPC 513762388, as the person responsible for the processing of personal data (hereinafter referred to as “URP”), may request and process certain personal data from the user.
Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person (“Data Subject” or “User”). A person who can be identified directly or indirectly is considered identifiable, namely by reference to an identification number or to more specific elements of their physical, physiological, psychological, economic, cultural or social identity.
2. The personal data collected and processed include information regarding the name, e-mail address and telephone number, and there is also an open field in which the User is allowed to enter the information he wishes
3. URP also collects and processes information about its hardware and software, as well as information about the pages visited by the User within the Site. This information may include: your browser type, domain name, access times and the links through which the User accessed the Site (“Usability Information”). We only use this information to improve the quality of your visit to our Site.
2. Any subcontracted entity in this scope may not transmit the Data Subject’s data to other entities without URP having previously given written authorization to do so, being also prevented from contracting other entities without prior authorization from URP.
3. URP undertakes to subcontract only entities that present sufficient guarantees for the execution of the appropriate technical and organizational measures, in order to ensure the defense of the User’s rights. All entities subcontracted by URP are bound by the latter through a written contract which regulates, in particular, the object and duration of the treatment, the nature and purpose of the treatment, the type of personal data, the categories of data subjects. and the rights and obligations of the Parties.
4. Under the applicable legal terms, URP may transmit or communicate the user’s personal data to other entities in the event that such transmission or communication is necessary for the performance of the contract established between the Data Subject and URP, or for pre- contractual obligations at the User’s request, in case it is necessary for the fulfillment of a legal obligation to which URP is subject or in case it is necessary for the purpose of pursuing the legitimate interests of URP or a third party. This may include communicating your personal data to the Pestana Group companies, when this communication is legally permissible.
5. In case the User contracts with URP services that are provided by other entities responsible for the processing of personal data, the User’s personal data may be consulted or accessed by these entities, insofar as this is necessary for the provision of said services.
URP may collect data directly, that is, directly from the Data Subject.
B. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF DATA HOLDER’S DATA
1. In terms of general principles regarding the processing of your personal data, URP undertakes to ensure that the User’s data processed by it is:
→ Object of a lawful, fair and transparent treatment in relation to the User;
→ Collected for specific, explicit and legitimate purposes, not being further processed in a way that is incompatible with those purposes;
→ Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
→ Accurate and updated whenever necessary, with all appropriate measures being taken so that inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay;
→ Kept in a way that allows the identification of the User only for the period necessary for the purposes for which the data are processed;
→ Treated in a way that guarantees their safety, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, with appropriate technical or organizational measures being adopted.
2. The data processing carried out by URP is carried out in this case based on your consent to contact and to collect cookies.
3. URP undertakes to ensure that the processing of the User’s data is only carried out under the conditions listed above and with respect for the aforementioned principles.
4. The period of time during which the data are stored and kept varies according to the purpose for which the information is processed. There are legal requirements that oblige you to keep data for a minimum period of time. Thus, and whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that motivated their collection or subsequent processing, after which they will be deleted.
5. Specifically, when you contact us expressing interest in Pestana Porto Covo, your data will be processed as long as necessary to respond to your requests and to comply with our legal data retention obligations.
1. In general terms, URP uses User data for the following purposes:
• Provide information to the User about the ongoing project;
• Management of contacts with the User;
• Ensuring that the Site meets the User’s needs, through the development and publication of content as adapted as possible to the requests and type of User, by improving the Site’s search capabilities and functionalities and by obtaining aggregated or statistical information. in relation to the User’s standard profile.
2. In addition, URP may also contact representatives of business customers, for the purpose of presenting URP projects, translating into a legitimate interest of URP to do so, without prejudice to the right to oppose this treatment at any time.
. To ensure the security of the User’s data and maximum confidentiality, URP treats the information provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated according to needs, as well as, in accordance with the legally prescribed terms and conditions.
2. Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the processing to the User’s rights and freedoms, URP undertakes to apply, both when defining the means of processing and at the time of processing itself, the necessary and appropriate technical and organizational measures for the protection of the User’s data and compliance with legal requirements.
3. It also undertakes to ensure that, by default, only the data necessary for each specific purpose of the treatment are processed and that such data are not made available without human intervention to an indefinite number of people.
4. In terms of general measures, the URP adopts the following:
→ Regular audits in order to assess the effectiveness of the technical and organizational measures implemented;
→ Sensitization and training of personnel involved in data processing operations;
→ Pseudonymization and encryption of Personal Data;
→ Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems;
→ Mechanisms that ensure the restoration of information systems and access to Personal Data in a timely manner in the event of a physical or technical incident.
1. In principle, the processing operations associated with the Data Subject’s interaction with the Website will not imply the transfer of data or the processing of the same outside the European Economic Area.
2. However, if it becomes necessary to transfer your data outside the European Economic Area, for example in the context of the use of certain providers of IT systems support services, the URP will implement the necessary measures to ensure that these transfers comply applicable legislation, namely Chapter V of the GDPR, and that a level of protection essentially equivalent to the personal data of Data Subjects is guaranteed. This can be achieved, for example, by ensuring the existence of a European Commission Adequacy Decision in relation to the country of destination or by entering into Standard Contractual Clauses and, if necessary, implementing additional measures.
1. The right of access, the right of rectification, the right of erasure, the right of limitation, the right of portability and the right of opposition can be exercised by the User by contacting URP, through the platform made available for this purpose, available at https://pestanahotelgroup.atlassian.net/servicedesk/customer/portal/5.
2. When the processing of the User’s personal data is carried out by URP based on the User’s consent, the User has the right to withdraw his consent at any time. The withdrawal of consent, however, does not compromise the lawfulness of the treatment carried out by URP based on the consent previously given by the User.
3. The table below contains a brief summary of the rights of Holders, as referred to in the paragraphs above.
Right of access
You will be able to obtain confirmation that the personal data concerning you are being processed, as well as access to them, being made available, if you require, and there are no legal restrictions, a copy of the personal data being processed.
Right of rectification
You may request the rectification of your personal data that are inaccurate as well as that your incomplete personal data be completed.
Right to erasure
Under the terms of the law, you can also, at any time, request the deletion of your personal data. URP may refuse to grant your request in certain situations, namely when the data is still necessary for the purpose that motivated the collection or the processing is required to fulfill a legal obligation.
Right to limitation of treatment
The Data Subject may obtain the limitation of treatment when: a) contest the accuracy of the personal data; b) the treatment is unlawful and the holder requests the limitation as an alternative to erasure; c) the URP no longer needs the data for the original purpose, these being required by the holder for the purposes of declaring, exercising or defending a right in a judicial process and; d) when the Data Subject has opposed the processing, until it is ascertained whether the legitimate interests of the person in charge prevail over those of the data subject.
Right to data portability
When the basis for the treatment is the consent or the execution of the contract and there is treatment by automated means, the Data Subject has the right to request the portability of his data. This right cannot, however, prejudice the rights and freedoms of third parties.
right of opposition
When the data are processed on the basis of legitimate interests or public interest, or when the data are processed for the purpose of direct marketing, the data subject has the right to object to the treatment.
Right to withdraw consent
When consent is the legal basis for the processing of data, you are guaranteed the right to withdraw your consent at any time. This does not, however, invalidate the lawfulness of the processing carried out until that date based on the consent previously given.
4. URP will respond in writing (including by electronic means) to the User’s request without undue delay and, in any case, within a maximum period of one month from the receipt of the request, except in cases of special complexity or due to number of requests, where this period can be extended by up to two more months.
5. If the requests made by the User are manifestly unfounded or excessive, namely due to their repetitive nature, URP reserves the right to charge administrative costs or refuse to comply with the request.
6. Without prejudice to any other administrative or judicial remedy, the Data Subject has the right to submit a complaint to the National Data Protection Commission or to another competent control authority under the law, if he considers that his data are not subject to lawful treatment by the URP, under the terms of applicable legislation and this Policy.
1. In the event of a data breach (data breach) and to the extent that such breach is likely to entail a high risk for the User’s rights and freedoms, URP undertakes to report the breach of personal data to the Control Authority within 72 hours of becoming aware of the incident.
2. Additionally, URP will notify the User of this violation when required by law or when URP deems it relevant. Under legal terms, communication to the User is not required in the following cases:
• If the URP has applied adequate protection measures, both technical and organizational, and these measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data incomprehensible to any person not authorized to access such data, such as encryption;
• If the URP has taken subsequent measures to ensure that the high risk to the User’s rights and freedoms is no longer likely to materialise; or
• If the communication to the User implies a disproportionate effort for the URP. In this case, URP will make a public communication or take a similar measure through which the User will be informed.
1. In case of doubts or questions regarding the way in which URP treats your personal data, please contact your Data Protection Officer at firstname.lastname@example.org.
2. You can also contact the URP directly through the forms available on the website.
When you visit any website, some information is stored from your browser, mostly in the form of Cookies. Configure your preferences regarding Cookies here.