Date: 11/16/2022
Versions and history of modifications shall be listed
Tierra Brasil Hotel Ltda EPP, a limited liability company established in the City of Porto Seguro – Trancoso – Bahia, Estrada Rio Verde nº 3.000, Sítio Santo Antonio, Cep.: 45.818-000, registered with the CNPJ/ME under No. 09.109.698/0001-52 (called “Hotel” or “We”), considers the security and privacy of your information as a fundamental principle and, therefore, when acting as an agent for the processing of your personal data, understands the extreme relevance of electronic records and personal data left by you (“Owner”) when using the tools, websites, and services provided by the Hotel. For this reason, and to convey all the transparency that the Hotel maintains as essential, the Hotel presents this Privacy Policy (“Policy”) to simply, transparently, and objectively regulate what data and information will be obtained, as well as when it can be used, inform the Owner of their rights, and giving full autonomy regarding the data processed by the Hotel.
This Policy is aimed at the Hotel customers and the other Owners whose data is processed on its digital channels.
This Policy will be available at any time, and the Hotel may update it at any time upon notice to the Owners.
WHAT OWNER DATA IS COLLECTED?
The Hotel collects certain data from the Owner that can be provided directly by the Owner at the time of registration to contact the Hotel, either on the Hotel website or other forms of contact, such as social media campaigns.
Thus, three types of personal data are processed: (i) personal data provided directly by you; (ii) personal data provided by the Hotel’s third-party service providers, and (iii) automatically collected data.
i. Personal data provided directly by you. This is where the greatest variety of data is collected. Here, we can divide the Owner into two categories: (a) Internet Browser Owner and (b) Guest Owner.
As for the Internet Browser Owner, only the data requested to be filled in on the Hotel’s website or in campaigns on social media, where the Owner chooses to provide the data, is collected. This data may include, for example: name, email, telephone number, and address.
As for the Guest Owner, the data is collected before confirming the reservation of the Hotel’s services to start formalizing the provision of services, as well as later to ensure the full provision of services by the Hotel. This data may include information such as: Name, Brazilian Individual Taxpayer ID Number (CPF), National ID Number, email, telephone number, address, age, marital status, payment information, and accommodation preferences.
ii. Personal data provided by third parties. These situations are less frequent. A third party may collect data automatically (Cookies) or directly.
iii. Data collected automatically. The Hotel also collects a range of information automatically, such as: information about your computer, equipment, and browser, potentially including your IP address, browser type, and other software and hardware information.
Third parties may also process this data, e.g., by providing some web hosting service or advertising offer.
Important: data can be collected with the help of cookies installed on the Owners’ machines. Cookies are small text files that do not contain any type of personal data, just an identification key that is only understandable by our systems or third-party systems. The default configuration of internet browsers usually accepts the installation of cookies. You can modify these settings to be notified when the website tries to install a cookie or even to block them. To do so, check your browser’s privacy settings. But please understand that blocking any cookies may prevent you from accessing certain functions or customizations.
HOW DOES THE HOTEL USE THE OWNER’S INFORMATION?
In compliance with the terms of the General Data Protection Act, whenever the Hotel processes any of the Owner’s personal data, the Hotel is strictly restricted to only collecting the minimum amount of data necessary for achieving its purpose and always having a basis to justify such processing. Among the various purposes, the main situations for data processing are:
i. To provide services to the Owner. The purpose of the collected information is to establish a contractual relationship or manage, administer, provide, expand and improve services by adapting them to the Owner’s preferences and tastes, and to create and develop new services of interest to the Owner.
ii. For contact, promotion of products and services, and relationship purposes. Some of the information collected may be used for advertising purposes, such as sending product information, promotions and discounts on the services of the Hotel, as well as partner services, or even to conduct purchase satisfaction surveys and campaigns on social media, always with the Owner’s consent.
Additionally, the Hotel may periodically send promotional materials (if you have agreed) or notifications related to the Hotel’s website and services to the Owner’s registered email address. If the Owner is no longer interested in receiving such materials, they may change their configuration or follow the instructions to terminate their registration, which are found at the bottom of each email.
iii. To comply with a legal or regulatory obligation. In this case, the Hotel must comply with the defined legal and regulatory requirements as a hospitality service provider.
iv. To enrich the database. There are situations in which the collection of the Owner’s personal data will be relevant to guaranteeing quality and complementing the Hotel’s database. This enrichment will always follow the terms of the General Data Protection Act, and, whenever applicable, the Hotel will demonstrate good faith, manage the Owner’s data, and inform them of the purpose of the processing. Depending on the case, the Owner may refuse to consent to data processing. In this case, the Hotel will inform the Owner of the effects of such a refusal.
v. To protect the rights of the Hotel. There are situations that the Hotel may process the Owner’s data and/or disclose their information, including situations in which the Hotel believes that it has acted in good faith and that said disclosure is necessary to: (i) protect, enforce, or defend the rights or property of the Hotel or its staff; (ii) protect the security and privacy of Owners or relevant rights of third parties; (iii) protect against fraud or for risk management purposes; (iv) comply with the law or pass on or to present evidence for an administrative or judicial proceeding; or (v) respond to requests from public authorities.
vi. Within the scope of a corporate transaction or sale of assets. If the Hotel disposes, in whole or in part, of its activities or makes a sale or transfer of its assets or if it is part of a corporate transaction with a third party or transfer of all or a substantial part of its business, the Hotel may transfer the Owner’s information to the party or parties involved in the transaction as part of the transaction, provided that such parties undertake to keep the data confidential and use it only in a manner compatible with this Policy.
DATA STORAGE AND THIRD-PARTY ACCESS
The Hotel uses storage systems operated by third parties. The Hotel requires that third parties follow all the best practices available in the market, involving administrative, technical, personal and physical measures to save/safeguard the data and personal information in its possession against unauthorized use, leaks, disclosure, or modification, respecting all minimum requirements of the General Data Protection Act. In addition, the Hotel physically stores some of the Owner’s data. However, ensuring that access to them is restricted and controlled, including an elimination flow established after the conclusion of the respective purpose.
However, considering the characteristics of the internet, it is not technically possible to guarantee the complete security of the Owner’s information, despite the Hotel employing and demanding that its partners follow all the best protection practices available in the market.
Additionally, the Hotel may share, at its discretion, the Owner’s data with third parties in certain situations, namely:
a. Systems and service providers that are necessary for the Hotel to provide its Services.
b. With authorities, government entities, or other third parties, to comply with regulations and protect the interests of the Hotel in any type of claim by a competent entity or conflict, including lawsuits and administrative proceedings.
c. By court order or at the request of administrative authorities with legal jurisdiction for its requisition.
HOW DOES THE HOTEL KEEP THE OWNER’S DATA SECURE?
The Hotel uses commercially reasonable administrative, technical, personal and physical measures to save/safeguard the Owner’s data and information in their possession against robbery, theft, unauthorized use, disclosure, or modification, respecting all the minimum requirements of the General Data Protection Act.
The Hotel conducts periodic training for all those in charge of protecting the Owner’s data and awareness workshops for all who will have access to the Owner’s personal data.
The Owner’s data has different degrees of access restriction, ranging from public, internal, and restricted. The Hotel conducts a diligent cross-assessment of the leakage risk and the harmful potential of data leakage to define the restriction level for each data type. Thus, greater security is secured for the Owner’s data, particularly that which we understand, and the law interprets as needing greater protection.
The information collected by Hotel will be automatically deleted from their servers when they are no longer useful for the purposes for which they were collected or when the Owner requests their personal data to be deleted. However, the information may be retained for the period necessary to comply with a legal or regulatory obligation, protect the rights of the Hotel, legitimate interest on the part of the Hotel and/or requisitions from authorities, even after an order to delete the personal data linked to the Owner.
THE OWNER’S RIGHTS AND THEIR CONTROL OVER THE PROCESSING
In compliance with applicable regulations and concerning the processing of personal data, the Hotel values transparency and the Owner’s control over their personal data. As such, the Hotel guarantees the Owner the following rights (including submission of requests):
i) confirmation of the processing;
ii) access to the data;
iii) the correction of incomplete, inaccurate or outdated data;
iv) the anonymization, blocking or deletion of unnecessary, excessive or non-compliant data;
v) the portability of their data to another service or product provider upon express request by the User;
vi) the deletion of data processed with the User’s consent;
vii) obtaining information about the public or private entities with which the Hotel shared their data;
viii) information about the possibility of not giving their consent, as well as being informed about the consequences in case of refusal;
ix) the revocation of consent.
The Owner may directly exercise part of these rights through communication via the contact information provided in this Policy. The Owner may make the communication if they are interested in consulting, correcting, updating, or limiting the Hotel’s use of any data and personal information, or better understanding or even exercising their rights.
The Hotel asks that the Owner’s request include the full name, email, and telephone number and specifies the information they would like to consult, delete, correct, or update. Once such complete information is submitted, the Hotel will use its best efforts to comply with the request as quickly as possible under the law.
The Hotel stresses the possibility of the Owner’s request being legally rejected, either for formal reasons (e.g., the impossibility of proving the Owner’s identity) or legal reasons (e.g., request for deletion of data that the Hotel may retain for compliance with a legal obligation). In this case, the Hotel will ensure it provides the appropriate justifications.
ADDITIONAL INFORMATION
Updating the Privacy Policy: The Hotel may modify this Policy. Please review the effective date at the top of this Policy to see when it was last modified. Any changes to this Policy will become effective when posted on the Hotel’s website. The consent request will be redone depending on the update and its changes.
HOW TO CONTACT THE HOTEL
If the Owner wants to talk about their data, they must contact the personal data protection agent at the following email address: juridico@zhouse.com.br
