I - Us and our commitment:
Sociedade Concessionária Hotel Roma S.A. is a company that has been established as a public limited company and which henceforth shall be identified as Hotel Roma, dedicated to providing Hotel and Restaurant services.
Taking into account the proportionality and suitability dictated by the capacity to allocate the resources and technical means at its disposal, Hotel Roma is profoundly and genuinely committed and dedicated to protecting its clients and the users of our various media and platforms, whether physical or digital, ensuring their privacy and the processing and movement of their personal data.
II - The personal data collection devices and media that we use:
We have, edit and manage the following personal data media:
IT system consisting of a group of software solutions backed by a group of hardware devices and other similar solutions, including e-mail services and other external digital repositories and communication solutions;
Paper archives kept in cupboards and shelves in rooms with restricted access;
Hotel Roma Website – www.hotelroma.pt.
The same or similar policy shall be accepted contractually with Hotel Roma by the entities that process that personal data on behalf of Hotel Roma.
Hotel Roma shall consider obligatory and shall for all intents and purposes presume, without the possibility of proof to the contrary, that you will read the privacy policies of all the websites that you access.
V - Concept of personal data:
Personal data is understood to mean all information or records of any nature and regardless of the respective media or format, namely sound, image, text, signature or characteristic relating to the natural person that is identified or identifiable.
A person shall be considered identifiable if he or she can be directly or indirectly identified via reference to one or more specific personal data considered individually or jointly, namely his or her physical, physiological, psychological, economic, ethnic, cultural, geographic or social identity or his or her location.
VI - The controller processing the personal data:
The controller responsible for collecting and processing personal data is Sociedade Concessionária Hotel Roma S.A., which in accordance with the relationship that it has with the data subject, establishes, always on a legal and legitimate basis, which data are collected, the means used to process them and the purposes of that collection and processing.
VII - Types of personal data that are collected and processed:
As part of its activity, Hotel Roma collects and processes the following:
1. Personal data that are necessary for the supply of services to its clients, processing for such purposes data that include name, tax number, address, telephone number and e-mail address, among other data that are strictly necessary, proportional and legal.
2. Personal data necessary for complying with the legal obligations ensuing from the supply of accommodation services.
3. Data necessary for managing the contractual relationship with clients; the suitability of the supply of services in relation to the client’s needs and interests; the sending of suggestions; information and marketing actions; creating awareness of campaigns, promotions, advertising and news regarding services; conducting market studies and satisfaction surveys; management of complaints, which entails addresses, telephone numbers and e-mail addresses, among other data that are strictly necessary, proportional and legal.
4. All personal data that are necessary for exercising the rights of Hotel Roma within the scope of the relationships mentioned in the previous numbers and during the performance of its activity and legitimate interest, namely managing its accounts, taxes and administration, managing legal disputes, judicial evidence, detection of fraud, protection of revenue and audits, management of networks and systems, control of the security of information and physical security, and the security of the installations.
Notwithstanding compliance with legal norms or legitimate orders coming from a competent authority regarding the storage and transmission of data, Hotel Roma shall only process the personal data that are necessary for its activity, only in so far as it is strictly needed due to the nature of the contractual relationship or a relationship of another nature established with the data subject or with the latter’s consent, which, should it exist, must be prior, legitimate, legal and informed.
VIII - Moment and mode of collection of personal data:
Hotel Roma collects personal data personally, in writing, by telephone or through its website www.hotelroma.pt.
As a rule, personal data are collected when the contractual relationship or relationship of another nature necessary for the performance of the activity of Hotel Marquês de Pombal is initiated between Hotel Roma and the data subject.
The collection of certain personal data is obligatory and necessary for the start and normal and legal development of the aforementioned relationship or collaboration and as such if there is a lack or insufficiency of such data, the relationship or collaboration shall not begin or continue; in such cases, Hotel Roma shall inform the data subject of such obligatory and necessary collection.
If you wish to cease to receive these communications, you can express your objection at any time.
The collected data shall be processed documentarily, whether in paper or digital format, in strict compliance with the legislation that regulates the protection of personal data, stored and contained in paper archives and specific databases, created and managed for such purposes and with restricted and exclusive access by the staff of Hotel Roma who necessarily must process them while performing their activity. Under no circumstances shall the collected data be used for any purpose other than the one for which the data subject gave consent, when consent is necessary, or other than the legal and legitimate purpose that was the reason for the collection.
IX - Purposes of the collection and processing of personal data:
In general, the personal data collected are used to manage clients, manage the contractual relationship with clients, supply the contracted services, tailor the supply of services to the needs and interests of the client, send suggestions, information and marketing actions, create awareness regarding campaigns, promotions, advertising and news regarding services, conduct market studies and satisfaction surveys, manage complaints, manage accounts, taxation and administration, manage legal disputes, judicial evidence, fraud detection, protection of revenue and audits, management of networks and systems, control information security and physical security, security of the installations, compliance with legal obligations and for all the other purposes which the law recognizes as being of legitimate interest to Hotel Roma.
When the data are collected, or when requested by you, you shall be informed in greater detail regarding the way we process your data.
X - Storage periods of your personal data:
Whenever there is a specific legal requirement that obliges the data to be stored for a minimum period of time, Hotel Roma shall comply with this period of time.
Hotel Roma shall keep your personal data stored during the minimum amount of time that is strictly necessary for the purpose for which the information was collected and processed, after which it shall eliminate the data.
XI - Right of access, rectification, objection, erasure, restriction and portability of your personal data:
Hotel Roma guarantees the data subject right of access, rectification, objection, erasure, restriction and portability of your personal data.
These rights can be exercised via written communication sent to the postal address Avenida de Roma, nº 33, 1749-074 Lisbon, or electronic address firstname.lastname@example.org.
XII - Measures we have adopted in order to secure your personal data:
Hotel Roma follows the best practices and as such it adopts technical and organizational measures appropriate to the risk with regard to security and protection of personal data; accordingly, we have approved and implemented a strict plan for compliance with the objectives, the law and the interests of the data subjects, capable of protecting the data that are provided to us by those persons who in some way interact with us, in order to protect the data from being transmitted, lost, used improperly, altered, processed or accessed without authorization, as well as against all other forms of illegal processing.
As such, the forms for collecting personal data in digital or paper format, both those that are filled in at the physical installations of Hotel Marquês de Pombal and on the website, the latter requiring encrypted browser sessions, are stored securely in our physical repositories and digital systems.
All the personal data that you supply us with are kept in Hotel Roma’s own datacentre or in that of a subcontractor, safeguarded by advanced physical and logistical security measures, which we believe to be indispensable to the protection of your personal data.
Despite these security measures, we caution everyone who uses the Internet that they should adopt additional security measures, namely ensuring that they use an updated PC and browser that are appropriately configured, with an active firewall, anti-virus and anti-spyware software, as well as certifying the authenticity of the websites they visit on the Internet, avoiding websites whose reputation they do not trust.
XIII - Communication of data to other entities, subcontractors or third parties:
Hotel Roma may employ subcontractors in order to collect and process data for the same purposes as those of Hotel Marquês de Pombal, obtaining from the subcontractors, via contract, a guarantee of reputation and obligation to develop suitable technical and organizational measures for protecting the data and ensuring the protection of the rights of the data subjects. Under certain circumstances determined by law, certain personal data may have to be communicated to public authorities, such as the tax authorities, courts and security forces.
As such, any of these subcontracted entities shall process the personal data of our Clients in the name of and on behalf of Hotel Roma and shall be obliged to adopt technical and organizational measures appropriate to the risk, in order to protect the personal data against destruction, whether accidental or illegal, accidental loss, alteration, transmission or unauthorized access and against any other form of illegal processing.
XIV - Transfer of personal data:
In carrying out its activity, Hotel Marquês de Pombal may have to transfer your data outside of Portugal.
If this should occur, Hotel Roma shall rigorously comply with all applicable legal provisions, namely with respect to the determination of the reliability and suitability of the country of destination with respect to protecting personal data and the requirements applicable to such transfers.
XV - Cookies:
“Cookies” are small software tags that are stored on your computer through your browser. As a rule, they only retain information related to your preferences and as such they do not contain your personal data.
Whenever this is not the case, the user shall always be asked for his or her consent to supply the data in accordance with applicable legislation.