Privacy Policy
1. GENERAL
1.1. COLLECTION AND PROCESSING OF USER DATA 

This Privacy Policy aims to provide Users of the websites hosted at www.hotelmiracorgo.com, hereinafter and in abbreviated form ("Site"), with detailed information on how Alves, Gomes & Carvalho, Lda., hereinafter referred to as Hotel Miracorgo, a limited liability company based at Avenida 1º de Maio, n.º 76/78, 5000 – 651 Vila Real, registered at the Vila Real Commercial Registry Office under the unique registration number and corporate number 501243720, as the data controller or as a subcontractor, processes their personal data.

As a rule, Personal Data is requested when the User registers or navigates on the Site, requests contact and/or newsletters, subscribes to a particular product or service, provides or requests information, purchases a product, or establishes a contractual relationship with Hotel Miracorgo through a reservation for a stay at our establishment.

The Personal Data collected and processed essentially consists of information related to the name, gender, date of birth, phone number, mobile phone, email, address, tax identification number, credit card information (collected only for payment purposes), although other Personal Data that may be necessary or convenient for the provision or collection of services by Hotel Miracorgo may be collected.

Hotel Miracorgo also collects and processes information about the characteristics of your hardware device, your IP, and the characteristics of browser/software, as well as information about the pages visited by the User within the Site. This information may include your browser type, domain name, access times, and the hyperlinks through which the User accessed the Site ("Usability Information"). We use this information to improve the quality of your visit to our Site and, if you consent, to analyze your user profile and browsing habits on the Site, measure ad conversion on the Site, and send commercial and marketing information tailored to your profile.

Usability Information and Personal Data are referred to in this Privacy Policy as "User Data."

For the purposes of this Privacy Policy, a contractual relationship is understood to mean any contract established between Hotel Miracorgo and the entities related to it, regardless of their respective object.  
**1.2. RECIPIENTS OF THE DATA**  
User Data collected by Hotel Miracorgo is not shared with third parties without the User's consent, except in the situations referred to in the paragraph below. However, if the User contracts services from Hotel Miracorgo that are provided by other entities responsible for the processing of personal data, the User's Data may be transmitted and/or accessed by these entities, to the extent necessary to provide the services in question.

Under the applicable legal terms, Hotel Miracorgo may transmit or communicate User Data to other entities if this transmission or communication is necessary for the execution of the contract established between the User and Hotel Miracorgo, for pre-contractual actions at the request of the User, to comply with a legal obligation to which Hotel Miracorgo is subject, or if necessary to comply with the legitimate interests of Hotel Miracorgo or third parties. In the event of a transfer of User Data to third parties, reasonable efforts will be made to ensure that the transferee uses the User Data transmitted in accordance with this Privacy Policy.  
**1. I) Subcontracting Entities**  
In the context of the processing of User Data, Hotel Miracorgo uses or may use third-party entities, sub-contracted by it, to process User Data, on its behalf, and in accordance with its instructions, in accordance with applicable law and this Privacy Policy. These subcontracted entities may not transmit User Data to other entities without prior written authorization from Hotel Miracorgo. Hotel Miracorgo is committed to subcontracting only entities that offer the maximum security in the implementation of technical and organizational measures appropriate to ensure the defense of User rights. All entities subcontracted by Hotel Miracorgo are bound to the latter by a written agreement that regulates, in particular, the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, and the rights and obligations of the parties and other requirements provided for in Article 28 of the GDPR.  
**In accordance with the information duty to which Hotel Miracorgo is subject, the following are the categories of subcontractors to whom the personal data of website users and Hotel Miracorgo customers are communicated:**  
Categories of subcontracted entities Purposes of personal data processing Companies licensing, maintaining, supporting, and providing technical assistance for software and systems Management/maintenance/support for the systems and software that support Hotel Miracorgo's business  
Companies providing payment processing services, EDI services, electronic invoicing, accounting, tax and administrative management, and support software services Economic and accounting management of customer billing, suppliers, and service providers  
Commercial promoters Promotion/sale of Hotel Miracorgo services  
Direct marketing support companies/digital marketing partners Assisting in the management of email marketing, performance and user profile analysis, and advertising impact and dissemination  
Companies evaluating customer satisfaction Sending customer satisfaction questionnaires  
Security/surveillance companies and preventive and corrective maintenance of security systems Surveillance and Security for the safety of people and property  
Companies managing customer stays Providing services associated with customer stays in the various Hotel Miracorgo commercial establishments  
Customer service provision companies Customer service and contact services for customers

1. II) Third-party Entities

**1.3. DATA COLLECTION CHANNELS**

Hotel Miracorgo may collect data directly (i.e., directly from the User) or indirectly (i.e., through partners or third parties). Data collection can be carried out through the following channels:

- **Direct collection:** in person, by phone, by email, and through the Site;
- **Indirect collection:** through partners and official entities.

**1. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA**

In terms of general principles regarding the processing of personal data, Hotel Miracorgo commits to ensuring that the User's Data processed by it:

- Are processed in a lawful, fair, and transparent manner in relation to the User;
- Are collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
- Are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- Are accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Are kept in a form which permits identification of the User for no longer than is necessary for the purposes for which the data are processed;
- Are processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Data processing by Hotel Miracorgo is permitted and legitimate when at least one of the following situations applies:

- The User has given their free, specific, informed, and unambiguous consent for the processing of User Data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the User is a party or in order to take steps at the User's request before entering into a contract;
- Processing is necessary for compliance with a legal obligation to which Hotel Miracorgo is subject;
- Processing is necessary to protect the vital interests of the User or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Hotel Miracorgo;
- Processing is necessary for the purposes of the legitimate interests pursued by Hotel Miracorgo or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the User which require protection of personal data.

Hotel Miracorgo commits to ensuring that the processing of User Data is carried out only under the above conditions and in compliance with the aforementioned principles.

When the processing of User Data is carried out by Hotel Miracorgo based on the User's consent, the User has the right to withdraw their consent at any time. However, the withdrawal of consent does not affect the lawfulness of the processing carried out by Hotel Miracorgo based on the User's prior consent.

The storage and retention period of data varies according to the purpose for which the information is processed and is archived only for the time necessary to fulfill the purposes for which it is processed, taking into account Hotel Miracorgo's Data Retention Policy. There are legal requirements that require data to be retained for a minimum period. Therefore, as long as there is no specific legal obligation, data will be stored and retained only for the minimum period necessary for the purposes that motivated their collection or subsequent processing, after which they will be deleted.

**Hotel Miracorgo may also communicate with other third-party entities that are not qualified as subcontractors under Article 4(8) of the GDPR. These entities are bound by confidentiality and all of them have provided assurances that they process personal data in accordance with the provisions of the GDPR. Hotel Miracorgo communicates data to other recipients, as detailed below:**

Recipient Categories | Purposes of Personal Data Processing
---|---
Temporary Work Agencies | Temporary assignment of workers
Companies to which the operation of a commercial establishment within Hotel Miracorgo's premises is assigned | Supplementary services and support provided to customers
Insurance Companies | Customer assistance insurance
Companies providing various services during a guest's stay on Hotel Miracorgo's premises | Parking, car rental, and garden maintenance services
Social Media | Marketing campaigns
Travel agencies and tour operators | Reservations of stays and provision of hotel services
Consultants and Lawyers | Provision of consultancy and legal services
Various companies providing additional services requested by customers | Taxi/transfer services, parking, car rental, restaurant reservations, and other customer-requested activities.

**1.3. DATA COLLECTION CHANNELS**

Hotel Miracorgo can collect data directly (i.e., directly from the User) or indirectly (i.e., through partner entities or third parties). Data collection can occur through the following channels:

- Direct Collection: in person, by phone, by email, and through the website.
- Indirect Collection: through partners and official entities.

**1. GENERAL PRINCIPLES APPLICABLE TO USER DATA PROCESSING**

In terms of general principles related to the processing of personal data, Hotel Miracorgo commits to ensuring that User Data processed by them adhere to the following principles:

- Processed lawfully, fairly, and transparently in relation to the User.
- Collected for specific, explicit, and legitimate purposes, not processed further in a way incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and kept up to date, with measures taken for inaccurate data to be erased or rectified without delay.
- Retained in a form that permits identification of the User for no longer than necessary for the purposes for which the data is processed.
- Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Data processing by Hotel Miracorgo is allowed and legitimate when at least one of the following conditions is met:

- The User has given explicit, unambiguous, positive, and free consent for data processing for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the User is a party or for pre-contractual steps at the User's request.
- Processing is necessary for compliance with a legal obligation to which Hotel Miracorgo is subject.
- Processing is necessary to protect vital interests of the User or another natural person.
- Processing is necessary for the legitimate interests pursued by Hotel Miracorgo or third parties (except where overridden by the interests or fundamental rights and freedoms of the User requiring personal data protection).

Hotel Miracorgo commits to ensuring that the processing of User Data is carried out under the conditions mentioned above and in accordance with the principles listed.

When User Data processing by Hotel Miracorgo is based on User consent, the User has the right to withdraw consent at any time. However, the withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.

The period for which data is stored and retained depends on the purpose for which the data is processed, and it is archived only for the time necessary to fulfill the purposes for which the data is processed, taking into account Hotel Miracorgo's Data Retention Policy. There are legal requirements that mandate data be retained for a minimum period. Therefore, in the absence of a specific legal requirement, data will be stored and retained for the minimum period required for the purposes that motivated its collection or subsequent processing, at which point it will be deleted.

**1. USE AND PURPOSES OF USER DATA PROCESSING**

In general terms, Hotel Miracorgo utilizes User Data for the following purposes:

- Provision of hotel services and associated services (restaurants, bars, Spa, etc.).
- Acquisition and management of vouchers.
- Managing contacts with the User and responding to requests for quotations.
- Invoicing and billing to the User.
- Informing the User, upon request, about new products and services available on the Website and/or in the hotel unit, special offers, and campaigns, updated information about Hotel Miracorgo's activities, and, in general, for Hotel Miracorgo's marketing purposes and those of its hotel units, through any means of communication, including electronic support.
- Participation in contact collection campaigns or contests on Hotel Miracorgo's social media.
- Ensuring that the Website meets the User's needs by developing and publishing content tailored to requests and User types, improving search capabilities and Website features, and obtaining associated information or statistics regarding the typical User profile (consumer and navigation profile analysis).
- Sending satisfaction surveys.
- Recording telephone calls made in the context of providing information about reservations, vouchers, and other products or services and their commercial and usage terms, as well as establishing any contractual relationship, whether during the contract formation phase or throughout its duration.

Hotel Miracorgo may combine Usability Information with anonymous demographic information for research purposes and may use the result of this combination to provide more relevant content on the Website. With the User's consent, in certain restricted areas of the Website, Hotel Miracorgo may combine Personal Data with Usability Information to provide personalized content.

**1. LEGAL BASIS FOR PROCESSING PERSONAL DATA**

The processing of your personal data serves the following purposes:

* **Processing Activity**:
    * **Purpose of Processing**: Managing the Contractual Relationship
        - **Basis for Processing**: Pre-contractual measures or contract execution.
        - **Legal Basis**: Legitimate interest if the data subject is not a party to the contract.
    * **Purpose of Processing**: Recording electronic communications via webchat in the context of the contractual relationship.
        - **Basis for Processing**: Consent.
    * **Purpose of Processing**: Recording calls within the contractual relationship.
        - **Purpose of Processing**: Recording calls for quality monitoring.
        - **Purpose of Processing**: Acquisition of Vouchers.
        - **Basis for Processing**: Contract execution.
    * **Purpose of Processing**: Adherence and management of stay assistance insurance.
        - **Basis for Processing**: Contract execution.
    * **Purpose of Processing**: Satisfaction Surveys.
        - **Basis for Processing**: Legitimate interest.
    * **Processing Activity**: Commercial Activity and Marketing Communication
        - **Purpose of Processing**: Generalized profile analysis.
        - **Basis for Processing**: Legitimate interest.
    * **Purpose of Processing**: App Download.
        - **Basis for Processing**: Explicit consent.
    * **Purpose of Processing**: Sending commercial communications.
        - **Basis for Processing**: Consent.
        - **Basis for Processing**: Legitimate interest.
    * **Purpose of Processing**: Participation in social media campaigns and contests.
        - **Basis for Processing**: Consent.
    * **Processing Activity**: Compliance with Legal Obligations
        - **Purpose of Processing**: Invoicing.
        - **Basis for Processing**: Legal obligation.
        - **Purpose of Processing**: Communications.
        - **Basis for Processing**: Legal obligation.
    * **Purpose of Processing**: Management of Loyalty Program.
        - **Purpose of Processing**: Adherence and management of the loyalty program.
        - **Basis for Processing**: Contract execution.
        - **Purpose of Processing**: Sending communications from the program.
        - **Basis for Processing**: Contract execution.
    * **Purpose of Processing**: Profile and navigation analysis on the Website.
        - **Basis for Processing**: Consent.
    * **Purpose of Processing**: User conversion analysis.
        - **Basis for Processing**: Consent.
    * **Purpose of Processing**: Implementation of improvements and development on the Website.
        - **Basis for Processing**: Legitimate interest.

These activities are performed under the legal bases mentioned for each purpose.

 

**1. TECHNICAL, ORGANIZATIONAL, AND SECURITY MEASURES IMPLEMENTED**

To ensure the security and maximum confidentiality of User Data, Hotel Miracorgo processes the information you have provided in strict confidentiality, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as needed, as well as with the legally prescribed terms and conditions.

Depending on the nature, scope, context, and purposes of data processing, as well as the risks it poses to the rights and freedoms of the User, Hotel Miracorgo commits to applying the necessary and appropriate technical and organizational measures for protecting User Data and complying with legal requirements, both at the stage of defining the means of processing and during the actual processing.

Hotel Miracorgo also commits to ensuring that, by default, only data that is necessary for each specific purpose of processing is processed, and that this data is not made available to an indefinite number of people without human intervention. Communication between the user's device and the Hotel Miracorgo Site is carried out through secure communication channels that use the HTTPS protocol and the SSL security standard.

In addition to these general measures, Hotel Miracorgo adopts the following:

* Regular audits to assess the effectiveness of the technical and organizational measures in place.
* Awareness and training of personnel involved in data processing operations.
* Pseudonymization and data encryption.
* Mechanisms to ensure the permanent confidentiality, availability, and resilience of information systems.
* Mechanisms to ensure the rapid restoration of information systems and access to personal data in the event of a physical or technical incident.
 

**1. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION**

Hotel Miracorgo may transfer your personal data to recipients located in countries outside the European Union, which may have different levels of personal data protection. Consequently, Hotel Miracorgo takes measures to ensure the secure transfer of the User's personal data whenever there is a transfer to a third country whose level of personal data protection differs from the country where the personal data is collected.

Hotel Miracorgo commits to ensuring that the transfer of personal data to countries outside the European Union complies with applicable legal provisions, especially with regard to assessing the adequacy of such a country in terms of data protection and the requirements applicable to such transfers.

**2. USE OF COOKIES**

When you visit our website, small text files (Cookies) are created and stored on your computer's hard drive. These text files enable a more personalized and efficient browsing experience. During each visit to the site, your web browser sends these cookies back to the site, allowing the recognition and storage of user identities as well as their usage preferences. These cookies are only installed with your express consent, except in cases where they are necessary for the site's operation.

To get all the information about the cookies we use on the site, including their purposes, categories, duration, and ownership, you can refer to our Cookie Policy. Additionally, you have the option to manage your preferences regarding cookie collection at any time in the preferences manager.

 

1. THIRD-PARTY TOOLS INTEGRATED INTO THE WEBSITE

**Facebook and Instagram:**
The website interacts with Facebook and Instagram through a connection to the servers of these social networks. This allows them to identify the website the user is visiting and potentially store other data, such as the IP address. If the user is logged into their Facebook and/or Instagram accounts, the data will be associated with their accounts. To prevent this, the user should log out of their Facebook and Instagram sessions before visiting the page. Information about data processing by these social networks is available at:
[Facebook Privacy Policy](https://www.facebook.com/about/privacy/)
[Instagram Help Center](https://help.instagram.com/519522125107875)

**B. USER RIGHTS (DATA SUBJECT RIGHTS)**

**1. RIGHT TO INFORMATION**
**1.1. Information provided to the User by Hotel Miracorgo (when data is collected directly from the User):**
* The identity and contact details of the data controller and, if applicable, their representative.
* The contact details of the Data Protection Officer.
* The purposes of the processing to which personal data are intended, as well as, if applicable, the legal grounds for processing.
* If the data processing is based on the legitimate interests of Hotel Miracorgo or a third party, an indication of these interests.
* If applicable, recipients or categories of recipients of personal data.
* If applicable, an indication that personal data will be transferred to a third country or international organization and whether there is an adequacy decision adopted by the Commission or a reference to appropriate or suitable transfer safeguards.
* The storage period of personal data.
* The right to request Hotel Miracorgo for access to personal data, as well as their rectification, erasure, or restriction, the right to object to processing, and the right to data portability.
* If the data processing is based on the User's consent, the right to withdraw it at any time without affecting the lawfulness of processing based on the prior consent.
* The right to lodge a complaint with the CNPD or another supervisory authority.
* An indication of whether the provision of personal data is a legal or contractual requirement, or a requirement necessary to enter into a contract, and whether the data subject is obliged to provide personal data and the potential consequences of not providing such data.
* If applicable, the existence of automated decisions, including profiling, and information about the underlying logic, as well as the significance and expected consequences of such processing for the data subject.

If the User's data is not collected directly by Hotel Miracorgo from the User, in addition to the information mentioned above, the User is also informed about the categories of personal data being processed and, as well as, the source of the data, and if applicable, whether they come from publicly accessible sources.

Should Hotel Miracorgo intend to process the User's data for a purpose other than the one for which the data was collected, prior to such processing, Hotel Miracorgo will provide the User with information about this purpose and any other relevant information, as mentioned above.

**1.2. Procedures and Measures Implemented to Comply with the Right to Information:**

The information described in 1.1 is provided in writing (including electronically) by Hotel Miracorgo to the User prior to the processing of the relevant personal data. According to applicable law, Hotel Miracorgo is not obligated to provide the User with the information mentioned in 1.1 when and to the extent the User is already aware of it.

This information is provided by Hotel Miracorgo at no cost.

 

**1. RIGHT TO ACCESS PERSONAL DATA:**

Hotel Miracorgo ensures the means to allow the User to access their Personal Data. The User has the right to obtain from Hotel Miracorgo confirmation as to whether personal data concerning them is being processed and, where that is the case, the right to access their personal data and the following information:

- The purposes of the data processing.
- The categories of personal data in question.
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations.
- The retention period of personal data.
- The right to request from Hotel Miracorgo rectification, erasure, or restriction of personal data processing, or to object to such processing.
- The right to lodge a complaint with the CNPD or another supervisory authority.
- If the data was not collected from the User, the information available about the source of that data.
- The existence of automated decisions, including profiling, and information about the underlying logic, as well as the significance and the envisaged consequences of such processing for the data subject.
- The right to be informed about the appropriate safeguards related to the transfer of data to third countries or international organizations.

Upon request, Hotel Miracorgo will provide the User, free of charge, with a copy of the User's data in the process of being processed. The provision of further copies requested by the User may incur administrative costs.
 

**1. RIGHT TO RECTIFICATION OF PERSONAL DATA:**

The User has the right to request, at any time, the rectification of their Personal Data, and the right to have their incomplete personal data completed, including by means of an additional statement.

In the case of rectification of the data, Hotel Miracorgo will communicate the rectification to each recipient to whom the data has been transmitted, unless such communication is impossible or involves a disproportionate effort for Hotel Miracorgo.

**1. RIGHT TO ERASURE OF PERSONAL DATA ("RIGHT TO BE FORGOTTEN"):**

The User has the right to obtain from Hotel Miracorgo the erasure of their data when one of the following reasons applies:

- The User's data is no longer necessary for the purpose that prompted its collection or processing.
- The User withdraws their consent on which the data processing is based, and there is no other legal basis for the said processing.
- The User objects to processing under the right to object, and there are no overriding legitimate grounds for the processing.
- The User's data is processed unlawfully.
- The User's data must be erased for compliance with a legal obligation to which Hotel Miracorgo is subject.
- Under applicable law, Hotel Miracorgo is not obliged to delete the User's data to the extent that processing is necessary to comply with a legal obligation to which Hotel Miracorgo is subject or for the declaration, exercise, or defense of a legal right of Hotel Miracorgo in a judicial proceeding.

In the event of data deletion, Hotel Miracorgo will communicate the erasure to each recipient/entity to whom the data has been transmitted, unless such communication proves impossible or involves a disproportionate effort for Hotel Miracorgo.

When Hotel Miracorgo has made the User's data public and is required to erase it under the right of erasure, Hotel Miracorgo undertakes to take reasonable measures, including technical ones, taking into account the available technology and the cost of its implementation, to inform the data controllers responsible for the effective personal data that the User has requested the deletion of links to that personal data, as well as copies or reproductions thereof.
 

**1. RIGHT TO LIMIT THE PROCESSING OF PERSONAL DATA:**

The User has the right to obtain from Hotel Miracorgo the limitation of the processing of the User's Data if one of the following situations applies (limitation consists of marking the personal data retained with the aim of limiting its processing in the future):

- If the User disputes the accuracy of the personal data, for a period that allows Hotel Miracorgo to verify its accuracy.
- If the processing is unlawful, and the User opposes the deletion of the data, instead requesting the limitation of its use.
- If Hotel Miracorgo no longer needs the User's Data for processing purposes, but the User requires it for the establishment, exercise, or defense of a legal claim in a judicial process.
- If the User has objected to the processing, pending verification of whether the legitimate grounds of Hotel Miracorgo override those of the User.

When the User's Data is subject to limitation, it can only be processed with the User's consent or for the establishment, exercise, or defense of a legal claim in a judicial process, to protect the rights of another natural or legal person, or for reasons of significant public interest as provided for by law.

The User who has obtained the limitation of data processing in the cases mentioned above will be informed by Hotel Miracorgo before the limitation is lifted.

In the event of a limitation on data processing, Hotel Miracorgo will communicate the limitation to each recipient to whom the data has been disclosed unless such communication is impossible or involves a disproportionate effort for Hotel Miracorgo.

**1. RIGHT TO DATA PORTABILITY:**

The User has the right to receive the personal data concerning them and that they have provided to Hotel Miracorgo in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another data controller if:

- The processing is based on consent or on a contract to which the User is a party, and
- The processing is carried out by automated means.

The right to data portability does not include inferred or derived data, i.e., personal data that is generated by Hotel Miracorgo as a result of the analysis of the data being processed.

The User has the right for their personal data to be transmitted directly from one data controller to another if it is technically feasible.

**1. RIGHT TO OBJECT TO PROCESSING:**

The User has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them when the processing is based on the legitimate interests pursued by Hotel Miracorgo or when the processing is carried out for purposes other than those for which the personal data was collected, including profiling, or when personal data is processed for statistical purposes.

Hotel Miracorgo will cease processing the User's Data unless compelling legitimate grounds for the processing override the User's interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the User objects to the processing of their data for direct marketing purposes, Hotel Miracorgo will cease the processing of the data for that purpose.

The User also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them, unless the decision:

- Is necessary for the conclusion or performance of a contract between the User and Hotel Miracorgo,
- Is authorized by applicable law to which Hotel Miracorgo is subject, or
- Is based on the explicit consent of the User.

 

**1. PROCEDURES FOR EXERCISING USER RIGHTS:**

For more information, please contact the Data Protection Officer (DPO) of Hotel Miracorgo via email at rh@hotelmiracorgo.com or by sending a letter to the DPO of Hotel Miracorgo at Avenida 1º de Maio, No. 76/78, 5000-651 Vila Real, Portugal.

Hotel Miracorgo will respond in writing (including electronically) to the User's request within one month from the receipt of the request, unless the request is particularly complex, in which case this period may be extended to two months.

If the requests made by the User are manifestly unfounded or excessive, especially due to their repetitive character, Hotel Miracorgo reserves the right to charge administrative costs or refuse to process the request.

**2. PERSONAL DATA BREACHES:**

In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of the User, Hotel Miracorgo is committed to notifying the data subject concerned within 72 hours of becoming aware of the incident.

Under legal terms, notifying the User is not required in the following cases:

- If Hotel Miracorgo has implemented appropriate protection measures, both technical and organizational, and these measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data unintelligible to anyone not authorized to access this data, such as encryption.
- If Hotel Miracorgo has taken subsequent measures to ensure that the high risk to the User's rights and freedoms is no longer likely to occur.
- If notifying the User would involve a disproportionate effort for Hotel Miracorgo. In this case, Hotel Miracorgo will make a public communication or take a similar measure through which the User will be informed.

**3. FINAL PART:**

**2. CHANGES TO THE PRIVACY POLICY:**

Hotel Miracorgo reserves the right to change this Privacy Policy at any time. It is advisable to regularly read this document.

**3. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY:**

You may always lodge a complaint with the competent supervisory authority for the protection of personal data. In Portugal, the supervisory authority is the National Data Protection Commission, located at Av. D. Carlos I, 134 – 1st, 1200-651 Lisbon, with the phone number (+351) 213928400 and email: geral@cnpd.pt.