In order to facilitate your search, we have several suggestions available in the following category(s):
COMMITMENT TO DATA PROTECTION AND PRIVACY
PORTOBAY complies with all applicable EU and Portuguese legal standards in the field of data protection, privacy and information security.
PORTOBAY is implementing a Personal Data Protection System and Information Security System in order to ensure regulatory compliance and demonstration or disclosure of institutional responsibility for data protection and information security by implementing all the necessary technical and organisational measures, both to comply with the general legal regime of the current Data Protection Law and to comply with the special legal regime of the General Data Protection Regulation applicable from 25 May 2018.
For any clarification or additional information or for the exercise of rights in this area, please contact the Data Protection Officer at PORTOBAY via email firstname.lastname@example.org.
'Personal data' means information relating to an identified or identifiable natural person ('data subject'); an identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier. For example, a name, an identification number, location data, identifiers by electronic means or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that individual are considered as personal identifiers.
‘Processing of personal data’
'Processing' means an operation or a series of operations carried out on personal data or on personal data sets by automated or non-automated means such as collection, registration, organisation, structuring, conservation, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, erasure or destruction.
'Cookies' are small text files with information deemed relevant that the devices used for access (computers, mobile phones or portable mobile devices) carry, through the browser, when a website is visited by the customer or user.
ENTITY RESPONSIBLE FOR PROCESSING
PORTOBAY, Sociedade Porto Bay Hoteis e Resorts, SA, based at Rua do Gorgulho nº 2, Funchal, with share capital of €50,000, registered at the Commercial Registry of Funchal, with corporate tax number 511 140 916, hereinafter referred to as PORTOBAY, is responsible for the websites and the computerised applications, hereinafter referred to as channels or applications, through which users or customers have remote access to PORTOBAY services and products that are presented, marketed or provided, at any time, through these websites.
CONTACT INFORMATION FOR DATA PROCESSING COORDINATOR
To contact the PORTOBAY Data Protection Officer, please send an email to email@example.com, giving the subject matter of the request and an email address, telephone contact details or mailing address.
For any other matter, please contact PORTOBAY using one of the following:
- Postal Address: Rua do Gorgulho nº 2
- Email: firstname.lastname@example.org
- General Enquiries: +351 291 703 711
COLLECTION AND PROCESSING OF PERSONAL DATA
PORTOBAY shall process the personal data strictly necessary to make the information available and to operate its channels according to the uses required by the users or customers, whether the data are provided by users for the purpose of registering requests or obtaining information, for the purposes of subscribing to those channels, or result from the use of the services provided by PORTOBAY channels, such as access, queries, instructions, transactions and other records relating to their use. In particular, the use or activation of certain channel features may involve the processing of a number of direct or indirect personal identifiers, such as name, address, contacts, device addresses or geographical location, whenever the express consent of the user or the customer is required. In all cases, the users or customers will always be informed of the need to access such data for the use of the channel features in question. Personal data collected by PORTOBAY are processed in a computerised way, in certain cases in an automated way, which includes file processing or profile definition as part of the pre-contractual, contractual or post-contractual management relationship in accordance with current Portuguese and EU regulations.
All data processing operations comply with the fundamental legal principles of data protection and privacy, in particular as regards their circulation, lawfulness, transparency, purpose, minimisation, preservation, accuracy, integrity and confidentiality, and PORTOBAY is willing to demonstrate its responsibility to the data subject or any third party who has a legitimate interest in this matter.
BASES OF LEGITIMACY
All data processing operations carried out by PORTOBAY have a basis of legitimacy either because the data subject has given their consent to the processing of their personal data for one or more specific purposes, or because the processing is deemed necessary for the execution of a contract in which the data subject is a party, or for pre-contractual arrangements at the request of the data subject, either because the processing is necessary to fulfil a legal obligation to which the controller is subject or because processing is necessary for the legitimate interests pursued by PORTOBAY or by third parties.
PURPOSE OF PROCESSING
All personal data processed by PORTOBAY channels are intended exclusively for the provision of information to users or the provision of services contracted by customers and, in general, the management of pre-contractual, contractual or post-contractual relationship with users or customers. The personal data collected may also be processed for statistical purposes, for information dissemination or promotional purposes, and for commercial or marketing activities, particularly to promote activities to disseminate new features or new products and services, through direct communication, either by correspondence, or by electronic mail, messages or telephone calls or any other electronic communications service. While there is always prior notification and collection of express authorisation for the latter purposes, users or customers may at any time exercise their right to oppose the use of their personal data for other purposes that go beyond the management of the contractual relationship, such as for marketing purposes, for sending information communications or for inclusion in lists or information services. To do so, they should send a written request to the PORTOBAY Data Protection Office, according to the procedures below.
DATA RETENTION DEADLINES
Personal data shall be retained only for the period necessary for the purposes that led to its collection or subsequent processing, and compliance with all applicable legal rules on archiving is guaranteed.
PORTOBAY informs you what type of Cookies are used on its website www.portobay.com.
COMMUNICATION OF DATA TO OTHER ENTITIES
The provision of information or services by PORTOBAY to its users or customers through its channels may involve the use of services of subcontracted third parties, including entities with head offices outside the European Union, for the provision of certain services. This may entail access by these entities to users’ or customers’ personal data. In these circumstances, and where necessary, PORTOBAY shall only apply to subcontracted entities which provide sufficient guarantees for the
implementation of appropriate technical and organisational measures so that data processing meets the requirements of the applicable standards, and these guarantees are formalised in a contract signed between PORTOBAY and each of the third parties concerned.
Except for compliance with legal obligations, in no case shall users or customers’ personal data be communicated to third parties that are not subcontracted entities or legitimate recipients, and no other communication for purposes other than those mentioned above shall be undertaken.
INTERNATIONAL DATA TRANSFERS
Any transfer of personal data to a third country or an international organisation shall only be carried out within the framework of fulfilling legal or guaranteed obligations in conformity with the applicable EU and Portuguese legal rules in this regard.
Taking into account the most advanced techniques, the costs of application and the nature, scope, context and purpose of the processing, as well as the risks, probability and varying severity for users or customers, PORTOBAY and all entities that are its subcontractors shall apply the appropriate technical and organisational measures to ensure a level of security appropriate to the risk. To this end, a number of security measures have been adopted to protect personal data against unauthorised disclosure, loss, misuse, alteration, processing or access, as well as against any other form of illegal processing. It is the sole responsibility of users or customers to keep access codes secret, and not share them with third parties, and in the particular case of the computer applications used to access the channels, to maintain and keep the access devices in a safe and secure condition, and follow the security practices recommended by the manufacturers and/or operators in the installation and update of the necessary security applications, such as antivirus applications.
In view of the need to subcontract services to third parties who may have access to users’ or customers’ personal data, PORTOBAY subcontractors shall be obliged to adopt the organisation’s security measures and protocols and the necessary technical measures to protect the confidentiality and security of personal data, as well as to prevent unauthorised access, loss or destruction of personal data.
EXERCISING THE RIGHTS PERSONAL DATA SUBJECTS
As the subjects of personal data, PORTOBAY users and customers may, at any time, exercise their rights to data protection and privacy, in particular the rights of access, rectification, erasure, portability, limitation or opposition to the processing, under the terms and limitations laid down in the relevant regulations.
Any request to exercise data protection and privacy rights must be addressed in writing by the respective subject to the Data Protection Officer in accordance with the procedure and contact information described below.
COMPLAINTS OR SUGGESTIONS AND REPORTING OF INCIDENTS
PORTOBAY users and customers have the right to submit a complaint either by registering the complaint in the Complaints Book or by submitting a complaint to the regulatory authorities. PORTOBAY users and customers may also make suggestions via email and send them to the Data Protection Officer.
REPORTING OF INCIDENTS
PORTOBAY has implemented an incident management system as part of its data protection, privacy and information security. If any user or customer wishes to report the occurrence of any violation of personal data that causes, accidentally or unlawfully, the unauthorised destruction, loss, alteration, disclosure or access to personal data transmitted, stored or otherwise processed, they may contact the Data Protection Officer or use PORTOBAY’s general contact details as given below.
EXPRESS CONSENT AND ACCEPTANCE
The free, specific and informed disclosure of personal data by its owner implies knowledge and acceptance of the conditions contained in this Policy, considering that, by using the channels or by making their personal data available, users and customers are expressly authorising processing in accordance with the rules laid down in each of the applicable channels or data collection instruments.
DATA PROTECTION OFFICER
To exercise any type of data protection and privacy rights or for any matter relating to the subjects of data protection, privacy and information security, PORTOBAY users and customers may contact the Data Protection Officer via e-mail at email@example.com, giving the subject matter of the request and an e-mail address, telephone contact details or mailing address for reply.