1. Privacy Statement
SANA Hotels is committed to the respect and protection of your personal data, and for this reason, we have developed an ongoing service in order to guarantee the security and confidentiality of the data provided.
The collection and processing of the information you have provided us is performed in accordance with the SANA Hotels security and confidentiality policies and procedures, in strict compliance with the applicable legislation, namely the Personal Data Protection Law, Law No. 67/98, of 26/10 (“DPL”) and the General Data Protection Regulation (“GDPR”).
SANA Hotels is responsible for processing your personal data and does so in your own exclusive interest.
As a service provider, SANA Hotels needs to collect and maintain information about you necessary for the execution of the respective contract, compliance with legal obligations and the pursuit of lawful interests, as well as for the protection and defence of SANA Hotels in the event of a dispute.
Should you decide not to provide the information requested, we will be unable to fulfil our obligations, which may lead to an inability to execute the contract.
The collection of any additional personal data and the processing of personal data for purposes other than those provided for herein, or the collection and processing of personal data regarded as sensitive (such as data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.) will be preceded by, and subject to your express consent, unless such processing is permitted on other legal grounds.
2. What information will we collect?
We will only collect and process data necessary for complying with the relevant purposes. SANA Hotels will not collect any data that we do not need.
In order to comply with the purposes specified below, the following information will be collected: Personal and contact information (name, professional/home address, email, phone number, date of birth, nationality), family information (name and dates of birth), information about services provided, customer preferences, comments, credit card data, information for the purposes of SPA treatments, CCTV images in public areas, technical information (IP address, log-in data, browser type and version, location and time zone, language, operating system and platform), information shared publicly on social media, and/or information that the data subject decides to share in connection with our accounts.
Your credit card details, used as a means of payment for a reservation made on our website, are not collected or stored by SANA Hotels. The information is collected and processed by a third-party entity, bound by obligations to ensure security and privacy.
SANA Hotels will not have access to the aforementioned information. We keep a log file of the transactions performed on our website that leaves out the details of any credit card used.
3. What will we do with your personal data?
Your data will be collected and stored by SANA Hotels so we are able to provide the contracted services and comply with contractually-assumed obligations.
Therefore, your personal data will be processed by SANA Hotels in accordance with the following purposes:
a) Reservations management;
b) Check-in, invoicing and payment;
c) Compliance with legal standards;
d) The pursuit of SANA Hotels’ lawful interests (namely, people and asset security and product research and development);
e) Service provision and treatment suitability in SPAs;
f) Response to requests for information and inquiries (quote requests, reservation confirmations, etc.);
g) Personal preferences management (smoker/non-smoker; preferred floor; limited mobility; newspapers and magazines, etc.).
The purposes identified above may legitimise the processing of your personal data even if the contractual relationship ends, for a period of time deemed reasonable and justifiable.
In addition to the purposes referred to above, the personal data collected may be used, with your consent, for the following purposes:
a) Subscription to newsletters;
b) Creation and customisation of advertising campaigns and promotions, special offers information, communication of new services/new ventures;
c) Management of loyalty programmes;
d) Management of comments, complaints/claims;
e) Notification of changes made to our websites.
4. Disclosure of information to third parties
We may transfer your personal data to other companies belonging to the SANA Hotels group when such transfer is related to the service provision, or the achievement of SANA Hotels’ objectives.
Your personal data may be provided and accessed by companies providing us with IT services (recording/storing the files containing your personal data), as well as companies that provide us with the software (through which your personal data is stored and processed), namely in the event of technical assistance. All the aforementioned companies are bound by confidentiality obligations.
In addition to the case above, we will only disclose your personal data to a third party if and to the extent that we are legally required to do so.
5. Your Rights
Under the terms of the GDPR you are granted certain rights related to your personal data.
You will have the right to request from us the access, correction and deletion of your personal data, the right to restrain the processing of such data and, in certain circumstances, the right to portability of your personal data.
In case we are processing personal data based on your consent, such consent may be withdrawn at any time, in which case the processing will have to cease. Therefore, should you wish to stop receiving communications for the purposes of advertising and marketing, please send an email to firstname.lastname@example.org.
In order to exercise the rights referred to above, you should contact us via email at email@example.com.
When exercising your rights, this does not entail the payment of any fee. However, unjustified, repetitive or excessive requests may be subject to a fee charge.
Your request for access will be processed as soon as possible. Should we see ourselves unable to respond within a period of 30 (thirty) days after receiving the request, we will let you know the deadline we need to respond to said request.
Should we see ourselves unable to comply with your request, we will let you know the related grounds.
If you believe that SANA Hotels has not allowed you to exercise your rights regarding personal data protection, you may file a complaint with the supervisory and administrative authority - Comissão Nacional de Proteção de Dados [National Data Protection Commission] – CNPD | Rua de São Bento, n.º 148, 3º, 1200-821 Lisbon (Portugal) | Tel.: +351 213928400 | Fax: +351 213976832 | email: firstname.lastname@example.org
We are committed to ensuring the security of your personal data. To protect your personal data from unauthorised access, use, modification, disclosure or illegal copying we have implemented a set of appropriate technical and organisational measures, such as permanently updated anti-virus and anti-spyware protection, SSL encryption for sensitive data (credit card, booking form), firewalls, frequent backups, restricted access to personal data only for those who need it.
While no security measures are 100% effective and secure, we are committed to protecting the integrity and confidentiality of your personal data, wherefore we are continuously reviewing and improving our security measures.
If your access to our websites is done using a username and password that was generated or chosen by you, you are responsible for maintaining its confidentiality.
7. Data Retention Period
Your personal data will be retained for the period strictly necessary for complying with the purposes for which it was collected and processed, or for the period necessary for complying with the applicable legal obligations.
We will cease the processing of your personal data or remove any association of the data to you (“pseudonymisation") as soon as the processing ceases to serve its purposes, the compliance of legal obligations or the lawful interests of SANA Hotels.
8. Personal data of minors
Besides data regarding the name, age and date of birth of your children, which we request from you for the purposes of reservations management and invoicing, you may also be asked for data regarding allergies and food intolerances and other health care issues, for the purposes of staying in our "Kids Club".
SANA Hotels will not request any other data regarding minors apart from the aforementioned. However, it is not possible to determine the age of our websites’ users, nor to ensure that the data provided on our websites has obtained the consent of those responsible for the minor.
10. Cookies Policy
What are cookies? Cookies are small text files that are embedded into the user's device (computer, mobile phone, or tablet) when you visit SANA Hotels websites via a browser. Cookies enable the website to recognise the user’s device.
Cookies and other web crawlers used by SANA Hotels do not collect personal information of any kind, or any other information that enables your identification.
What types of cookies do we use? SANA Hotels uses session cookies, which are deleted once the user leaves the browser or website, and persistent cookies, which remain on your device until they expire or until they are deleted when you use your browser’s features.
Consent. By browsing SANA Hotels websites, you accept the installation of cookies that require consent on your device.
Delete and/or block cookies: Cookies and other web crawlers may be configured, deleted or blocked via the user's browser settings.
Which tools are used by the SANA Hotels website for analytics and user behaviour?
SANA Hotels websites use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Like this, cookies that provide information on the Website’s use are being stored. This data, including the user’s IP address, is transmitted to Google servers.
According to statements issued by Google, data collected by Google Analytics is not related to any other data held by Google.
Users may delete cookies in their browser settings and prevent them from being stored in the future. In this case, however, users may not be able to use all the features on SANA Hotels’ websites.
Users may also deactivate the tool by downloading and installing a browser add-on available from Google: https://tools.google.com/dlpage/gaoptout?hl=en
SANA Hotels websites use components of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter “Facebook”) (e.g.: Facebook Connect and Facebook social plug-ins). When you access a webpage using such components, a connection with Facebook servers is established. This allows Facebook to identify the website that the user is visiting, and potentially store other data such as the IP address. If the user is also connected to Facebook, Facebook may also associate the data with the user’s Facebook account. Should the user wish to prevent this, he/she must log out from Facebook before visiting the webpage.
You can find more information about how Facebook processes data on Facebook website: https://www.facebook.com/about/privacy/.
SANA Hotels websites use buttons from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter “Twitter”). When you access a webpage using such buttons, a connection with Twitter servers is established. This allows Twitter to identify the website that the user is visiting, and potentially store other data such as the IP address. According to Twitter, such data is stored like this only for the purpose of displaying the button. You can find more information about how Twitter processes data on Twitter website: https://twitter.com/privacy
The Data Controller company is SANA Hotels Portugal, S.A., Edifício Myriad Crystal Center, Cais das Naus, lote 2.15.02, 1990-173 Lisbon (Portugal).
Last Update: 22 May, 2018