PRIVACY POLICY – Hotel Relicário Website

  1. General Information

This Privacy Policy contains information regarding how we handle, fully or partially, automated or not, the personal data of users who access our website. Its purpose is to clarify the types of data that are collected, the reasons for the collection, and how the user can update, manage, or delete such information.

This Privacy Policy was created in accordance with Federal Law No. 12,965 of April 23, 2014 (Brazilian Internet Civil Framework), Federal Law No. 13,709 of August 14, 2018 (General Data Protection Law), Regulation EU No. 2016/679 of April 27, 2016 (General Data Protection Regulation – GDPR), and the General Law on Protection of Personal Data (LGPD).

This Privacy Policy may be updated due to new regulations, and users are invited to periodically review this section.

  1. User Rights

The site is committed to complying with the LGPD’s rules, respecting the following principles:

– The user’s personal data will be processed in a lawful, fair, and transparent manner (lawfulness, fairness, and transparency);

– The user’s personal data will be collected only for specific, explicit, and legitimate purposes and will not be processed in a manner incompatible with those purposes (purpose limitation);

– The user’s personal data will be collected in an adequate, relevant, and limited way to what is necessary for the purposes they are processed (data minimization);

– The user’s personal data will be accurate and updated whenever necessary, with inaccurate data being erased or rectified when possible (accuracy);

– The user’s personal data will be kept in a way that allows the identification of the data subjects only for the period necessary for the purposes for which they are processed (storage limitation);

– The user’s personal data will be processed securely, protected from unauthorized or unlawful processing, loss, destruction, or accidental damage, by adopting appropriate technical or organizational measures (integrity and confidentiality).

The website user has the following rights under the General Data Protection Law and LGPD:

Right to Confirmation and Access: The user has the right to obtain confirmation from the website that their personal data is being processed and, if so, the right to access their personal data.

Right to Rectification: The user has the right to obtain, without undue delay, the rectification of inaccurate personal data concerning them.

Right to Erasure (Right to be Forgotten): The user has the right to have their data deleted from the website.

Right to Restriction of Processing: The user has the right to restrict the processing of their personal data in certain situations, such as when disputing the accuracy of data or when the website no longer needs the data for the intended purposes.

Right to Object: The user has the right to object, at any time, to the processing of personal data concerning them, particularly in the case of profiling for marketing purposes.

Right to Data Portability: The user has the right to receive their personal data in a structured, commonly used, and machine-readable format and the right to transmit those data to another controller.

Right Not to Be Subjected to Automated Decisions: The user has the right not to be subject to decisions made solely by automated processing, including profiling, that produces legal or similarly significant effects on them.

The user can exercise their rights through written communication sent to the site with the subject “GDPR-https://hotelrelicario.com.br,” specifying:

– Full name or corporate name, CPF (Brazilian Individual Taxpayer Registry) or CNPJ (Brazilian National Registry of Legal Entities), and the user’s email address and, where applicable, their representative;

– The right they wish to exercise;

– Date of request and user’s signature;

– Any document that can demonstrate or justify exercising their right.

The request should be sent via email to: contato@hotelrelicario.com.br, or by post to the following address:

Av. José de Brito, 777 – St. Anhanguera, Araguaína – TO, 77818-530

The user will be informed in the event of rectification or deletion of their data.

  1. Duty Not to Provide Third-Party Data

While using the site, to safeguard and protect third-party rights, the website user must only provide their personal data and not that of third parties.

  1. Collected Information

The collection of user data will be carried out in accordance with this Privacy Policy and will depend on the user’s consent, except in cases provided for by law under Article 11, II, of the General Data Protection Law.

4.1. Types of Data Collected

4.1.1. User Identification Data for Registration

Certain functionalities of the site will require user registration, in which case the following user data will be collected and stored:

– Full name – Email address – Postal address – Phone number – CPF number – CNPJ number

4.1.2. Data Related to Contract Execution

For executing a sales or service agreement between the site and the user, other data may be collected and stored, including the content of any communication with the user.

4.1.3. Access Logs

Under Article 15 of Federal Law No. 12,965/2014 (Internet Civil Framework), access logs will be collected and stored for at least six months.

4.1.4. Newsletter

The name and email address registered by the user who chooses to subscribe to our Newsletter will be collected and stored until the user requests to unsubscribe.

4.1.5. Sensitive Data

No sensitive data will be collected from users, as defined in Articles 9 and 10 of the GDPR and Articles 11 and subsequent of the General Data Protection Law. Among other things, we will not collect:

– Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; – Genetic data; – Biometric data used to identify an individual unequivocally; – Health-related data; – Data concerning the user’s sex life or sexual orientation; – Data related to criminal convictions or offenses.

4.1.6. Collection of Data Not Explicitly Foreseen

Occasionally, other types of data not explicitly stated in this Privacy Policy may be collected, provided they are supplied with the user’s consent, or if permitted or required by law.

4.2. Legal Basis for Processing Personal Data

By using the website’s services, the user consents to this Privacy Policy.

The user has the right to withdraw their consent at any time without compromising the lawfulness of data processing before the withdrawal.

The withdrawal of consent can be done by email at: contato@hotelrelicario.com.br, or by post to the following address:

Av. José de Brito, 777 – St. Anhanguera, Araguaína – TO, 77818-530

The consent of relatively or absolutely incapable persons, particularly children under 16 years of age, may only be given if duly assisted or represented, respectively.

Personal data necessary for the execution and fulfillment of services contracted by the user may also be collected.

The processing of personal data without the user’s consent will only be carried out for legitimate interest or other legal bases, including:

– Compliance with legal or regulatory obligations by the controller; – Research purposes, provided that, whenever possible, data is anonymized; – Execution of a contract or pre-contractual procedures requested by the user; – Exercise of rights in judicial, administrative, or arbitration proceedings (Law No. 9,307 of September 23, 1996, Arbitration Law); – Protection of life or physical safety of the data subject or third party; – Health protection, in procedures performed by health professionals or sanitary entities; – Legitimate interest of the controller or a third party, except when overridden by the data subject’s fundamental rights requiring data protection; – Credit protection, including applicable legal provisions.

4.3. Purposes of Processing Personal Data

The personal data collected by the site is intended to facilitate, streamline, and fulfill commitments established with the user and comply with requests made through form completion.

The personal data may also be used for commercial purposes, such as personalizing the content offered to the user and supporting improvements in the quality and functionality of our services.

The site collects data to conduct profiling, i.e., automated processing of personal data to evaluate certain personal aspects, particularly to analyze or predict characteristics related to the user’s professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Registration data will be used to grant the user access to certain content on the site, which is exclusive to registered users.

Data related to executing a sales or service contract with the user will be collected to ensure legal security for the parties and to facilitate and conclude the transaction.

Processing personal data for purposes not provided in this Privacy Policy will only occur with prior communication to the user, in which case the rights and obligations outlined here will still apply.

4.4. Retention Period of Personal Data

The user’s personal data will be retained for a period no longer than necessary to fulfill the purposes for which they are processed.

The retention period is determined based on the following criteria: customer data will be stored while they remain active on our platform.

The user’s personal data may only be retained after processing under the following circumstances:

– Compliance with legal or regulatory obligations by the controller; – Research purposes, provided that, whenever possible, data is anonymized; – Transfer to a third party, provided that the requirements of applicable data processing legislation are respected; – For exclusive use by the controller, with third-party access prohibited, and provided data is anonymized.

4.5. Recipients and Transfer of Personal Data

The user’s personal data will not be shared with third parties and will only be processed by this website.

  1. Personal Data Processing

5.1. Data Controller

The controller, responsible for processing personal data, is the person or entity that determines the purposes and means of data processing.

In this website, the data controller is Katia Neves – Hotel Relicário, represented by Oto Alvarenga Gomes, who can be contacted at: contato@otoalvarenga.com.br or at:

Rua das Mangueiras, 906 Centro. Araguaína/TO. ZIP: 77804-110

The controller is directly responsible for processing the user’s personal data.

5.2. Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for informing, advising, and monitoring the controller and those processing data regarding the website’s obligations under GDPR, the General Data Protection Law, and other national and international data protection regulations.

In this website, the Data Protection Officer is Oto Alvarenga Gomes, who can be contacted at: contato@otoalvarenga.com.br

  1. Data Security

The site is committed to applying technical and organizational measures to protect personal data from unauthorized access, destruction, loss, alteration, or accidental damage.

Security measures are adopted considering appropriate techniques, implementation costs, nature, scope, context, and processing purposes, and the risks to the rights and freedoms of users.

The website uses an SSL (Secure Socket Layer) certificate to ensure secure and confidential data transmission, where data transmitted between the server and user is encrypted.

However, the website is not responsible for unauthorized third-party access, such as hacker attacks, or the user’s fault, such as sharing data with third parties. The website is also committed to notifying users of any security breach that may result in a high risk to their personal rights and freedoms.

A personal data breach is a security breach resulting in the accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access to personal data.

Finally, the site is committed to processing personal data with confidentiality, within legal limits.

  1. Browsing Data (Cookies)

Cookies are small text files sent by the website to the user’s computer that are stored there, containing information related to website navigation.

Through cookies, small amounts of information are stored in the user’s browser, allowing our server to read them later. Examples of stored data include the device used, location, and access time.

Cookies do not allow for extracting files or information from the user’s hard drive, nor do they allow access to personal information that did not originate from the user or their use of the website’s features.

It is important to note that not all cookies contain information that identifies the user, as certain types of cookies are simply used to ensure the site loads correctly or for certain functionalities to work as expected.

Information stored in cookies that may identify a user is considered personal data and is therefore subject to this Privacy Policy.

7.1. Website Cookies

Website cookies are those sent to the user’s device solely by the website.

The information collected by these cookies is used to improve and personalize the user’s experience, and some cookies may be used to remember user preferences and choices, as well as to offer personalized content.

7.2. Third-Party Cookies

Some of our partners may set cookies on users’ devices who access our website.

These cookies generally allow partners to offer personalized content and services to users through data collected from their interactions with the website.

Users can find more information about third-party cookies and their data processing practices, as well as access descriptions of the cookies used, at the following link:

Google Analytics: https://policies.google.com/technologies/cookies?hl=en

Entities responsible for cookie collection may pass information to third parties.

7.3. Social Media Cookies

The website uses social media plugins, allowing users to access these platforms from our website. When doing so, the cookies used by these platforms may be stored in the user’s browser.

Each social media platform has its privacy policy, and they are responsible for the data collected and privacy practices used.

Users can research how their personal data is processed by social media platforms by accessing their respective privacy and cookie policies through the following links:

Facebook: https://www.facebook.com/policies/cookies/

Instagram: https://help.instagram.com/1896641480634370?ref=ig

YouTube: https://policies.google.com/privacy?hl=en

LinkedIn: https://www.linkedin.com/legal/cookie-policy?trk=hp-cookies

7.4. Managing Cookies and Browser Settings

Users can object to the recording of cookies by disabling this option in their browser or device.

However, disabling cookies may affect some of the website’s tools and features, compromising its proper and expected functionality. Another possible consequence is removing preferences saved by users, thereby impairing their experience.

Below are some links to help and support pages of commonly used browsers, which users can access to learn more about managing cookies:

Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/guide/safari/sfri11471/mac

Google Chrome: https://support.google.com/chrome/answer/95647

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Opera: https://www.opera.com/help/tutorials/security/privacy/

  1. Complaints to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority. The complaint may be lodged with the authority of the website’s location, the user’s habitual place of residence, their workplace, or the place where the alleged infringement occurred.

  1. Changes

This version of the Privacy Policy was last updated on: 12/29/2022.

The website reserves the right to modify, at any time and without prior notice, the present terms, particularly to adapt to the evolution of the website, whether by adding new features or modifying or removing existing ones.

Thus, users are encouraged to regularly consult this page to check for updates.

By using the services after changes, users demonstrate their acceptance of the new rules. If users disagree with any changes, they must request to cancel their account immediately and may present their reservations to customer service if they wish.

  1. Governing Law and Jurisdiction

To resolve disputes arising from this instrument, Brazilian law will be applied in full.

Any disputes must be filed in the jurisdiction where the website’s editor is based.