Privacy and Data Policy
AZORIS HOTÉIS, SA (hereafter GRUPO AZORIS), legal person 512 006 555, headquartered at Rua de Lisboa s / n; 9500-216 Ponta Delgada, is committed to protecting the privacy and personal data of all individuals with whom it relates, namely customers, suppliers, and employees.
Personal data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, identifiers electronically or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Treatment: Any operation or set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction.
Special categories of personal data: Personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data that uniquely identifies a person, health data or relative data to a person's sexual life or sexual orientation.
Sensitive categories of personal data: Personal data relating to the holder's economic or financial situation, (other) personal data that may lead to stigmatization or exclusion of the data subject, user names, keywords and other registration elements, personal data that can be used for identity fraud.
Responsible for processing: Natural or legal person, public authority, agency or other body that, individually or in conjunction with others, determines the purposes and means of processing personal data.
Subcontractor: Natural or legal person, the public authority, agency or other body that processes personal data on behalf of the person responsible for processing them.
Consent: Expression of will, free, specific, informed and explicit, by which the data subject accepts, by means of an unequivocal positive statement or act, that the personal data concerning him or her be treated.
Violation of personal data: Violation of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, preserved or subject to any other type of treatment.
Privacy by design: It means taking the risk of privacy into account in the whole process of designing a new product or service, instead of considering privacy issues only later. This means carefully assessing and implementing appropriate technical and organizational measures and procedures from the outset to ensure that the processing complies with the GDPR and protects the rights of the data subjects concerned.
Privacy by default: It means ensuring that mechanisms are put in place within an organization to ensure that, by default, only the necessary amount of personal data will be collected, used, and maintained for each task. This obligation applies to the extension of its treatment, the conservation period, and its accessibility. These measures ensure that personal data are not made available without human intervention to an undetermined number of natural persons.
Pseudonymization: Processing of personal data in such a way that they can no longer be attributed to a specific data subject without resorting to supplementary information, as long as that supplementary information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person.
GRUPO AZORIS is dedicated to the provision of hotel and restaurant services and to the management and organization of events, and, within the scope of this activity, proceeds with the processing of personal data.
The data can be collected through personal, telephone and in writing, by email, by fax or through websites.
GRUPO AZORIS 'websites may include links to other websites that are unrelated to GRUPO AZORIS. Links to access the GRUPO AZORIS websites may be included on websites outside the GRUPO AZORIS. GRUPO AZORIS cannot be held responsible for the processing of data carried out through such third party websites.
3. Purposes and grounds for data processing
The personal data processed by the AZORIS GROUP has several purposes and fundamentals.
Management of the contractual relationship: The processing of personal identification and other data is necessary for the celebration and for the fulfillment of the service provision contract entered into between the AZORIS GROUP and its customers. Customers can choose to provide additional information, which will only be used to help GRUPO AZORIS to provide the best service possible. The processing of personal data is also necessary for the fulfillment of contracts for the provision of services and goods between GRUPO AZORIS and its suppliers.
Legal obligations: GRUPO AZORIS is subject to compliance with legal obligations that impose data processing.
Quality: GRUPO AZORIS can analyze the information of its customers, collected through inquiries, complaints and other means, for statistical purposes if it has the respective consent.
Marketing: With the consent of the holders, GRUPO AZORIS can process personal data to send information about promotions, campaigns, newsletters and other relevant information to its customers.
Profiling: GRUPO AZORIS can analyze the commercial information of its customers to identify consumption profiles for statistical purposes and / or, if it has the respective consent, send personalized information to its customers.
Video surveillance: For the safety of customers and employees, GRUPO AZORIS facilities have video surveillance systems, under the terms of the law.
Hobbies and contests: GRUPO AZORIS may promote pastimes and contests for which the processing of personal data is required, according to the applicable regulation.
Recruitment: Candidates can apply for specific vacancies (through internal recruitment or outsorsing) or submit spontaneous applications, and, therefore, must provide personal data necessary for recruitment. The information provided by the candidates will be treated only for the purpose of recruitment and will be maintained for a maximum of 2 years.
Human Resources Management: For the execution of the employment contract, employees must provide personal data to GRUPO AZORIS. If necessary, specific consent will be requested for the processing of data that so requires (for example for special and sensitive data categories).
Cookies are used on GRUPO AZORIS websites to improve the browsing experience and provide the best possible service. Cookies are small files that are stored on the access devices through the browser, retaining only information related to preferences, thus not including personal data. Despite being able to manage cookies directly in the browser, by continuing to browse the site, the user will be consenting to their use; however, by disabling cookies, you can prevent some web services from functioning properly, affecting, partially or completely, website navigation.
5. Rights of holders
Under the terms of the GDPR, data subjects have, among others, the following rights: Right of access; Right of rectification; Right to be forgotten; Right to limitation of treatment; Right to data portability; Right of opposition; Right to revoke consent.
If you intend to exercise any of your rights or clarify any doubts, the holder should contact GRUPO AZORIS, in writing, addressed to “Responsible for privacy”, through the address Rua de Lisboa s / n; 9500-216 Ponta Delgada, e-mail: firstname.lastname@example.org or by filling out the form available at GRUPO AZORIS.
6. Duties of the AZORIS GROUP
The AZORIS GROUP proposes to:
a) collect only data for specific, explicit and legitimate purposes;
b) minimize the collection of data, promoting only the appropriate collection relevant and limited to what is actually necessary in relation to the purposes the appropriate and relevant data;
c) not to use the data collected for purposes other than the collection and the obtained consent;
d) update the data whenever necessary;
e) preserve the data in such a way that their identification is only possible for the period necessary for the purposes for which they were collected;
f) protect data against unauthorized or unlawful processing and against accidental loss, destruction or damage;
g) implement the principles of privacy by design and by default in the activities/processes of processing personal data;
h) adopt a privacy by design reference framework;
i) implement encryption or pseudonymization techniques of the data in use
j) ensure compliance with the GDPR.
Ponta Delgada, August 17, 2020.
This policy will be updated periodically.
Website Centric (Guest Centric)
Applicable to Users of this Hospitality Business when making a reservation.
Data Controller (we): The Hospitality Business which will provide to you, the user, the requested service. Our identification and contact details are available on the website you used to make your reservation / to pose your questions to us. They will also appear on our invoice which we'll send to you.
Data Compliance Officer: Not applicable to Data Controllers' activities.
User: You, who filled-in the reservation form or any other documentation related to it.
Purpose: The purpose of processing the data provided through this form is to manage the reservations made by you, user and/or to answer to the questions / requests you posed.
- Either the need to perform our contract with you, user / the need to take steps at your request prior to entering into a contract.
- Or the consent of you, the user, by ticking in the box of acceptance of the Terms and Conditions of which this Privacy and Personal Data Policy is an integral part.
Duration: We will store the data provided by you, the user, during the time necessary for the management of the reservation you made, as well as of the accommodation services you requested. Once the management is finished, your data will be kept for six (6) months. If you consent to receive marketing and/or commercial information, your data will be stored until you revoke your consent.
Processor: We engage our partner Guestcentric Group (www.guestcentric.com ) for carrying out the reservations engine of our business. Guestcentric acts under our authority and we have signed a contract with Guestcentric Group for the provision of their services. We have instructed Guestcentric Group in written as per how the processing should be done.
Data subjects different from the users: Where you, user, provide us with personal data pertaining to a different data subject from yourself, you are responsible for such acts as well as for obtaining the respective consent of such data subjects for the provisioning of their data.
Transfer of Data: We shall not transfer personal data to a third country outside the EEA (European Economic Area).
Data Subject Rights: Data Subjects can exercise their rights of access, rectification, cancellation and opposition by sending an email or through the postal service to the contact details on our reservation website and on our invoices.
Supervisory Authority: If a data subject considers their rights affected, they can also appeal to the competent supervisory authority of the Member State concerned. More info at: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en