Privacy Policy

This Privacy Policy is updated as of 08.02.2024.

This Privacy Policy sets out how Masa Hotel Campo Grande uses the personal data of its customers and potential customers in the context of the hotel services and reservations available on the website and the marketing policy developed by this entity.

Masa Hotel Campo Grande is defined by the highest standards of privacy and security, and we want to ensure that we can rely on your trust in the use of your personal data.

In compliance with Regulation (EU) No. 679/2016 of 27 April, hereinafter abbreviated as GDPR, we inform you that the processing of personal data collected for reservation purposes and/or in the consent form for commercial and marketing purposes by Masa Hotel Campo Grande is the responsibility of "Maria do Céu - Actividades Hoteleiras Lda", with a share capital of € 20,000.00 (twenty thousand euros), headquartered at Praça Francisco Sá Carneiro, 4 1000-159 Lisbon.

Masa Hotel Campo Grande respects the privacy of all its customers and is committed to protecting the personal data that each customer decides to share.

We advise you to read the following information carefully and in full.

Definitions

This Privacy Policy is based on terms used by the European legislator in the General Data Protection Regulation (GDPR). The Privacy Policy should be readable and understandable for the general public, customers, and business partners.

For the purposes of this Privacy Policy:

Personal data – Personal data translates into any information related to each other that allows identifying or making an individual identifiable. Different types of information that, when related to each other, can identify an individual also constitute personal data. Any personal data that has been anonymized, encrypted, or pseudonymized that can, in any way, be re-identifiable constitutes personal data. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data subject – The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

Data processing – Processing means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, regardless of the means by which it is carried out (digital and/or paper).

Data processing restriction – Processing restriction involves identifying stored personal data for the purpose of limiting its processing in the future.

Pseudonymization – Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Data controller – The data controller is the person, singular or collective, public or private, authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor – The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Cross-border data processing – Cross-border processing of personal data occurs when a data controller or processor processes data in multiple Member States or is likely to affect data subjects in more than one Member State.

Consent – The data subject's consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes – by a statement or by a clear affirmative action – by which the data subject agrees to the processing of personal data relating to him or her.

Method of Data Collection

Masa Hotel Campo Grande may collect personal data in the context of online or offline services.

Personal data may be collected when a reservation or purchase of services is made online, by filling out the online reservation form on the Masa Hotel Campo Grande website or by email.

The same personal data may also be requested when telephonic or in-person contact is established.

The collection of personal data for MARKETING purposes and for providing commercial information about services, products, promotions, and events provided or to be provided by Masa Hotel Campo Grande is carried out through the completion of the form available on the website, through personal or telephone contact.

Legal Basis for the Use of Personal Data

In accordance with the GDPR, the collection of personal data is only considered lawful if it is carried out with one of the following grounds:

· Consent has been given to the processing of personal data;

· Processing is necessary for the conclusion of a contract or for its execution;

· The processing is necessary for compliance with legal obligations to which Masa Hotel Campo Grande is subject;

· The processing is necessary for the pursuit of a legitimate interest that overrides the right to protection of personal data;

· The processing is necessary for us to assert, exercise or defend a legal right in a judicial proceeding against you, us or a third party.

In this way, Masa Hotel Campo Grande, in strict compliance with the GDPR, collects personal data for the purpose of entering into and performing a contract, namely through the online booking system available on the websites of Masa Hotel Campo Grande.

For marketing purposes and for providing commercial information about services, products, promotions and events provided or to be provided, Masa Hotel Campo Grande only processes personal data with prior, free and informed consent.

CONSENT OF MINORS

Masa Hotel Campo Grande may only process the personal data of individuals under the age of 13 (thirteen) when prior consent has been obtained from the holders of parental responsibilities of the minor.

The identification of the quality of holder of parental responsibilities over the minor will be verified by the Management/Administration of Masa Hotel Campo Grande, or by whoever is designated by it, through the verification and analysis of relevant documentation and using available technology.

COOKIES

After prior, free, and informed consent, the website of Masa Hotel Campo Grande proceeds to create and store a text file (cookies) on the data subject's computer, for the purpose of facilitating and speeding up the use of the website and personalizing the data subject's preferences.

The use of cookie technology is accepted by most browsers; however, the data subject may delete or automatically block them.

The data subject can configure the browser in the "Help" menu.

Restricting the use of this technology may limit access to and functionality on the website of Masa Hotel Campo Grande.

LINKS

The website of Masa Hotel Campo Grande may contain links that redirect data subjects/users to other websites, whose Privacy Policies may differ from the Privacy Policy present on this website.

Masa Hotel Campo Grande advises that you check the Privacy Policies of these sites before disclosing any personal data.

Masa Hotel Campo Grande does not share any personal data with the provided websites.

Masa Hotel Campo Grande is not responsible for any Privacy Policy, content, or use of cookies on other sites.

PURPOSES OF PERSONAL DATA

The personal data provided by the data subject in the context of entering into or performing a contract may be used for the following purposes:

· Confirming reservations;

· Requesting feedback about Masa Hotel Campo Grande through satisfaction surveys regarding the service provided;

· Sending emails related to the stay/reservation;

· Payments through credit card for advance purchase reservations and advance deposits;

· Responding to requests or inquiries.

The personal data provided by the data subject for MARKETING purposes and providing commercial information about services, products, promotions, and events provided or to be provided, obtained with prior, free, and informed consent, may be used for the following purposes:

· Communication of special offers, events, and commercial promotions;

· Sending commercial proposals;

· Sending newsletters.

TYPES OF COLLECTED DATA

For the conclusion or execution of a contract using online or in-person reservation, Masa Hotel Campo Grande processes the following data:

· Name;

· Surname;

· Country;

· Phone/Mobile;

· Email;

· Name of credit card holder;

· Credit card number;

· Credit card expiration date.

For MARKETING purposes and providing commercial information about services, products, promotions, and events provided or to be provided, Masa Hotel Campo Grande processes the following personal data:

· Name;

· Surname;

· Date of birth;

· Address;

· Postal code;

· Locality;

· Country;

· Phone contact; and

· Email.

Only the above-mentioned data will be used for MARKETING purposes and providing commercial information about services, products, promotions, and events provided or to be provided by Masa Hotel Campo Grande.

SECURITY OF YOUR PERSONAL DATA

Masa Hotel Campo Grande employs authentication and encryption methods and tools to help protect and maintain the security, integrity, and availability of your personal data.

Although it is impossible to ensure complete security of data transmitted via the internet or website, Masa Hotel Campo Grande works diligently to keep personal data as secure as possible.

Personal data is protected and maintained with physical, digital, and procedural security measures.

To safeguard the integrity and security of personal data, Masa Hotel Campo Grande employs the following security measures:

• Personal data stored in digital files, safeguarded in a "Cloud" system, with geographic redundancy and encrypted data.
• Data accessible only by authorized users with permissions to do so.
• Access and changes to files where personal data is stored are automatically logged to identify possible security breaches.
• Depending on the type of data stored and if it is considered confidential, there is the possibility to define higher levels of security.

RETENTION PERIOD OF YOUR PERSONAL DATA

Masa Hotel Campo Grande may only process personal data for the period necessary for the purpose for which it was collected.

Personal data collected in a reservation or acquisition of services online or when done through telephone or in-person contact may be processed by Masa Hotel Campo Grande for the entire duration of the contract and as necessary to comply with legal obligations.

For MARKETING purposes and providing commercial information about services, products, promotions, and events provided or to be provided, personal data will be processed for a maximum period of 4 (four) years from the collection of your consent.

As the deadline for the use of this personal data approaches, Masa Hotel Campo Grande may communicate the situation and request new consent.

DESTRUCTION OF PERSONAL DATA

Once the maximum processing period is reached, personal data will be securely destroyed, making data recovery impossible.

Once the maximum processing period of personal data provided for MARKETING purposes and providing commercial information about services, products, promotions, and events provided or to be provided is exceeded, Masa Hotel Campo Grande will proceed with the total destruction of the personal data.

SHARING OF PERSONAL DATA

Personal data provided by the data subject to Masa Hotel Campo Grande may, under certain circumstances, be shared with subcontractors. These service providers are contracted for limited purposes, namely, regarding the online platform, MARKETING, providing commercial information about services, products, promotions, and events provided or to be provided, or communication via email.

Personal data is stored on protected servers that may be processed by subcontractors for the described purposes, exclusively under our Privacy Policy and security standards or equivalent Privacy Policies and standards of our suppliers/service providers.

WITHDRAWAL OF CONSENT

Consent can be withdrawn or modified upon request of the data subject.

This process is free of charge and can be withdrawn at any time.

After consent is withdrawn, Masa Hotel Campo Grande will no longer engage in any communication for MARKETING purposes or providing commercial information about services, products, promotions, and events provided or to be provided.

Personal data will be securely destroyed, with no possibility of recovery.

The latest declaration of consent (whether to withdraw or modify) will prevail over all others previously submitted.

RIGHTS OF DATA SUBJECTS

Masa Hotel Campo Grande, in accordance with the GDPR, informs that the data subject has, depending on the context, the right to information, the right of access to data, the right to query the collected data, the right to rectification of collected data, the right to restriction of processing, the right to erasure of data, the right to be forgotten, the right to data portability, and the right to object to data collection.

The exercise of these rights by the data subject regarding personal data processed in the context of drafting a contract and/or during its execution, when its processing is necessary for compliance with legal obligations to which Masa Hotel Campo Grande is subject or when it is intended to safeguard the public interest, may be limited.

Therefore, the data subject may request from Masa Hotel Campo Grande that:

· Additional information be provided about the use we make of your personal data;

· A copy, in whole or in part, of any personal data submitted by you be provided;

· Your personal data be provided to another data controller, upon your request;

· Changes or corrections be made to the personal data submitted by you;

· Any personal data submitted by you be erased;

· The use of your personal data be limited or suspended until the complaint lodged with the Data Protection Authority is investigated.

The data subject may exercise their rights by written contact with Masa Hotel Campo Grande.

Masa Hotel Campo Grande undertakes to promptly analyze your request and respond within a maximum of 1 (one) month.

CONTACT INFORMATION

Address: Campo Grande 56/56A, 1700-093 Lisboa - Portugal

Email: booking@masahotels-lisboncollection.com

Phone: +351 210 134 450

COMPLAINTS

If the data subject is dissatisfied with the use of their personal data by Masa Hotel Campo Grande or regarding the exercise of a right, the data subject has the right to lodge a complaint with their Data Protection Authority (DPA):

NATIONAL DATA PROTECTION COMMISSION

Rua de São Bento, n.º 148, 3rd floor, 1200-821 Lisbon

Tel: +351 213.928.400 | Fax: +351 213.976.832 | Email: geral@cnpd.pt