Please read this GDPR Policy carefully, as the processing of personal data that you provide to us implies knowledge and acceptance of the conditions stated herein.
Who is responsible for collecting and processing data?
Hotel Miracorgo, with the fiscal designation of ALVES, GOMES & CARVALHO, LDA., headquartered at Avenida 1.º Maio, 76/78, 5000 – 651, Vila Real, and tax identification number 501243720, is the entity responsible for collecting and processing personal data. As part of its activities, it may use subcontracted entities to pursue the purposes indicated here.
What are personal data?
Personal data refers to any information, of any nature, and regardless of its medium, including sound and image, relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identification number or one or more specific elements of their physical, physiological, mental, economic, cultural, or social identity.
What personal data is collected and processed?
Hotel Miracorgo collects and processes the following personal data, among others:
**Reservations:** name, email address, phone number, address, payment method, and reservation details.
**Recruitment:** name, email address, and resume.
**Newsletter:** email address.
When browsing the website, Hotel Miracorgo may collect information about the computer, including the IP address, operating system, and browser used, for administrative purposes and information aggregation for its advertisers.
Miracorgo assumes that the data has been provided by the data subject or that the data subject has given authorization for this purpose, and it presumes that the data is accurate and up-to-date.
How are your data collected?
Personal data may be collected through the following means:
3. Phone calls.
5. Social media.
The collected data is processed and stored electronically, strictly following personal data protection legislation, and is stored in specific databases created for this purpose by Hotel Miracorgo or entities subcontracted by them.
Some personal data collected on the website is mandatory, and in case of absence or insufficiency of this data, Hotel Miracorgo may not be able to provide the requested services or information. In each specific case, Hotel Miracorgo will inform you of the mandatory nature of providing the relevant personal data.
What are the purposes and legal bases for processing your data?
In accordance with data protection principles, Hotel Miracorgo may only process your personal data for specific purposes and when it has a legal basis to do so. Hotel Miracorgo uses your data for the following purposes and based on the following legal grounds:
A - With the basis of the service contract you have entered into with us, we process your data for the following purposes:
a) Reservation and stay management.
b) Requests for quotes, information, and reservation confirmations.
c) Recording of preferences (preferred room, mobility, newspapers/magazines, etc.).
d) Invoicing and payment method verification.
e) Providing the necessary information for your stay at the hotel.
f) Customer support.
B - With your consent as the basis, we process your data for the following purposes:
g) Sending newsletters (if you are not our customer).
h) Sending marketing campaigns (if you are not our customer).
i) Loyalty programs.
C - To fulfill legal obligations, we process your data for the following purposes:
j) Handling complaints.
k) Compliance with other legal or regulatory obligations.
D - As our customer, and because we have a legitimate interest in providing you with better service, we process your data for the following purposes:
l) Conducting satisfaction surveys related to your stay.
m) Conducting market studies, evaluation surveys, and statistical analysis.
n) Contact agenda.
E - When we are in the context of pre-contractual negotiations, we process your data for the following purpose:
To achieve the purposes mentioned above, Hotel Miracorgo may interconnect the collected data to update and complete such data.
What are your rights?
Under the Personal Data Protection Law, we guarantee your right to access, rectify and/or delete, portability, restrict processing, and object to your personal data. You can also file complaints with the National Data Protection Commission.
Right to Access: You can inquire whether we process your personal data and, if so, obtain access to the data in the form of a copy. When fulfilling an access request, we will also provide you with additional information, such as the purposes of processing, the categories of personal data involved, and any other necessary information to enable you to fully exercise this right.
Right to Rectification: You have the right to request the rectification of your data if it is inaccurate or incomplete. Upon request, we will correct incorrect personal data about you and, considering the purposes of processing, complete incomplete personal data, which may require a supplementary statement.
Right to Erasure: You also have the right to request the erasure of your personal data, meaning that your data will be deleted by us to the extent possible and by any other data controller to whom we have previously provided your data. Deletions of your personal data only occur in certain cases provided by law and listed in Article 17 of the General Data Protection Regulation. This includes situations where your personal data is no longer needed for the initial purposes for which it was processed, as well as situations where it has been processed unlawfully. Due to the way we maintain certain services, it may take some time for backups to be deleted.
Right to Data Portability: Your right to data portability means that you can request that we provide your personal data in a structured, commonly used, machine-readable format and that this data be transmitted directly to another data controller, whenever this is technically possible. Upon request and whenever it is technically possible, we will transmit your personal data directly to another data controller.
Right to Restrict Processing: You have the right to obtain the restriction of processing of your personal data, meaning that we suspend the processing of your data for a certain period. Circumstances that may give rise to this right include situations where the accuracy of your personal data has been contested, but some time is needed for us to verify its accuracy/inaccuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
Right to Object: You also have the right to object to the processing of your personal data, which means you can request that we stop processing your personal data. This only applies in cases where 'legitimate interests' (including profiling) constitute the legal basis for processing.
You can object at any time and at no cost to direct marketing purposes if your personal data is processed for these purposes, including profiling to the extent that it is related to such direct marketing. You can always exercise this right by withdrawing your previously given consent, following the instructions in the relevant marketing communication. If you exercise this right, we will stop processing your personal data for these purposes.
There may be situations where we have the right to refuse or restrict the rights described in this paragraph. In any case, we will carefully assess the applicability of such an exemption and inform you accordingly. For example, we may deny your access request if it is necessary to protect the rights and freedoms of other individuals or refuse the deletion of your personal data if the processing of it is necessary to fulfill legal obligations. The right to data portability, for example, does not apply if the personal data was not provided by you or if we processed the data not based on your consent or for the fulfillment of a contract.
You can also contact us if you have questions, comments, or complaints regarding this privacy statement. If you have unresolved issues, you also have the right to file a complaint with your data protection authority.
You can also contact our customer support or our Data Protection Officer (DPO) via email at firstname.lastname@example.org or at the following address: Avenida 1.º de Maio, 76/78, 5000-651, Vila Real, to exercise any of the rights granted to you by applicable data protection laws.
Please note that we may ask you to provide additional information to confirm your identity.
How Long Are Your Data Stored?
The period during which data is stored and retained varies according to the purpose for which the information is processed. Whenever there is no specific legal requirement, the data will be stored and retained for the minimum period necessary for the purposes that motivated its collection or subsequent processing, after which it will be deleted.
Are Your Data Treated Securely?
Hotel Miracorgo is committed to ensuring the protection and security of your data. To achieve this, it has adopted various technical and organizational security measures to protect the personal data you provide against dissemination, loss, misuse, alteration, unauthorized access, or any other form of unlawful processing.
Hotel Miracorgo requires its subcontractors and partners to adopt security measures equivalent to those it practices.
Despite the security measures implemented by Hotel Miracorgo, users should take additional security measures, including ensuring they use up-to-date, securely configured equipment and browsers with active firewalls, antivirus, and anti-spyware. They should also verify the authenticity of websites they visit on the internet and avoid websites with questionable reputations.
Hotel Miracorgo acknowledges that it may communicate user data within the scope of merger, acquisition, and/or incorporation processes in which it is involved. This communication is not considered a transfer of data to third parties, nor does it constitute subcontracted processing.
Hotel Miracorgo may also transmit data to third parties in the context of investigations, inquiries, and judicial and/or administrative proceedings, or similar processes, provided this is duly ordered by a court.
If data transfers to third countries outside the European Union or the European Economic Area may occur, Hotel Miracorgo will comply with the law, particularly regarding the adequacy of the destination country in terms of personal data protection and the requirements applicable to such transfers. Personal data will not be transferred to jurisdictions that do not offer guarantees of security and protection.
The use of Hotel Miracorgo's social media networks may involve the transmission of data to social media service providers that may be based outside the European Union or the European Economic Area. Hotel Miracorgo is not responsible for the data you provide on social media.