Book Now

Privacy Policy

Reservation
Privacy Policy
Privacy Policy

Jardim da Luz


Our establishment recognizes the importance of privacy, security, and data protection for its customers and for all users whose personal or other information may be processed through its systems. Thus, we employ our best efforts to provide adequate protections in all operations involving this data, implementing the most consistent and rigorous policies and procedures, in accordance with applicable rules and regulatory frameworks, such as Law No. 12.965/2014 ("Marco Civil da Internet") and Law No. 13.709/2018 ("Lei Geral de Proteção de Dados").

For this reason, this Privacy Policy has been prepared in a transparent and understandable manner, with the purpose of reinforcing our commitment to and respect for privacy and personal data protection rules. Our Privacy Policy covers how we collect, use, disclose, transfer, and store information provided by our clients, investors, partners, and visitors, protecting it against improper use. If any changes are made to this Privacy Policy after the submission of personal data, aiming to use it for purposes not previously expressed, we will notify the data subject whenever possible.

Therefore, and considering that the provision of your personal data implies knowledge... By accepting the terms of this Policy, we ask that you take the time to familiarize yourself with our practices in this regard and that you contact us if you have any questions and/or suggestions. We may also, from time to time, change our privacy policy. Therefore, we ask that you access this privacy policy occasionally to ensure that you are aware of the most recent version that will apply each time you access this website.

COLLECTION AND USE OF PERSONAL DATA

Personal data, for the purposes of this policy, consists of information that can be used to identify a specific person (data subject)[1]. Users of our website may be asked to provide some personal data, which may be used in accordance with this Privacy Policy.

As a rule, simply browsing the portal does not require the provision of any personal data. However, if the user wishes to use certain available services, they must provide some personal data necessary for the requested service[2].

1. DATA WE COLLECT ABOUT OUR USERS, ACCORDING TO ITS PURPOSE Our company collects user information to operate efficiently and offer the best experiences with our services. The specific type of information collected will depend on the context of your interactions with the company and the services used. Examples of information that may be collected, along with its purpose, are as follows:

Promotional Form

By filling out this form on the website, the user authorizes us to send promotional campaigns via email. The information captured is: name and email.

Contact Form

This channel facilitates interaction between the user and our establishment. Through this form, the customer can send us questions, suggestions, or complaints. We collect the following personal data only for the purpose of contacting the customer: name, email, and phone number.

Custom Forms

There may be customized forms on our website that aim to collect user data for internal purposes only. The customer is asked to fill out the form and, at the end, must confirm their knowledge and acceptance of the terms of use of the information provided.

Check-in

This form captures... Personal data is collected to automate the hotel check-in process and facilitate communication between the establishment and the client. Using the captured information, we send important and personalized reminders about your stay via email and/or SMS. The user also completes a full registration form required by the Ministry of Tourism. The following data is captured during check-in:

Name, gender, date of birth, email, phone number, mobile phone number, profession, nationality, number of guests, document origin, CPF (Brazilian tax ID), RG (Brazilian national ID), issuing authority, full address, and details of the next destination (reason for travel, means of transport, check-in date, check-out date).

Cart Recovery

When choosing a lodging offer, the client fills out a form beforehand so that, if the purchase does not go through for any reason, we can send them an email allowing them to resume the purchase. We may also offer a discount upon completion of the purchase. In this case, we capture the following data: name and email.

Completion of Reservation

Before finalizing the reservation, the customer fills out a form in a secure environment with an SSL Security Certificate installed, in order to prevent possible theft and fraud of confidential information.

 

2. HOW WE COLLECT USER DATA

We collect this information in several ways, including:

Information provided by the user: We receive and store information that users provide on our website, or in some other way, such as when they stay at hotels we manage.

The user decides what information to share with us; however, failure to provide essential data may limit their right to use certain services offered (payment information necessary to complete their reservation, for example).

When the customer sends us personal information related to another person (when making a reservation for someone else, for example), they declare that this information is true, that this third party has authorized the sharing, and allows us to use this information in accordance with this privacy policy.

Automatic information: When you use or interact with our website, we receive and store information generated by your activity and information automatically collected from your browser or mobile device.

For example, like many websites, we obtain certain information when your internet browser accesses our site, including your IP address, browser type, operating system, mobile network data, pages viewed, and access times. This information helps us communicate with our customers and understand them better.

Information from other sources: through a channel management system, we unify all reservations made through various sales channels (OTAs, operators, etc.) in one place. In this way, we capture some information from reservations made on sales channels with which we are integrated.

Age limitations: we do not intentionally collect personally identifiable information from anyone under the age of 18, except in operations related to the guest registration process, but always with the prior consent of parents or legal guardians.

3. DATA SHARING

We share some data provided by our users at the time of booking with platforms integrated with our establishment. These platforms allow us to manage front-office resources, such as reservations, guest check-in/check-out, room assignment, room rate management, and billing.

We may share data with other hotel systems such as: PMS, RMS, Reviews, Check-in and Check-out, Wi-Fi, Big Data, financial systems, among others.

In addition, we may share the data provided by our users with marketing companies such as Facebook, Google, Instagram, and others.

The data obtained may also be shared with employees or third parties, such as accommodation and technology companies that have valid profiles and passwords.

However, regarding credit card data, this will only be shared with hotel employees previously authorized for this function, with a two-factor authentication token sent to their email.

4. DATA SECURITY

The information collected during access to our portal travels securely over the internet, using end-to-end encryption. Credit card data is stored on dedicated servers with double encryption and in accordance with PCI Certification standards, which the company requires of system providers.

We also adopt appropriate systems and procedures to protect and safeguard the information provided by our users, preventing unauthorized access and misuse of data.

It is also important to note that we do not request personal data from our users via email. If this information is requested through this channel, it is possible that some type of fraud has occurred. In this situation, disregard the request and inform us of the incident via the email address provided in the contact forms.

Only the information published on our portal, available in the contact forms, is official. All our communications will be made with links to the company's portal.

5. DATA RETENTION PERIOD

We will retain your personal data for as long as we deem necessary to allow you to use our services, to comply with applicable laws, to resolve disputes with any party, and, where necessary, to allow us to conduct our business, including the detection and prevention of fraud and other illegal activities. All personal data retained will be subject to this Privacy Statement.

However, credit card data is stored for up to 60 days after the guest's check-out, or when it has been viewed 3 times by an authorized employee.

Similarly, the client may request the deletion, modification, or anonymization of data at any time.

7. HOW TO ACCESS PROVIDED DATA

If the data subject wishes to access, modify, delete, or restrict the use of, or object to the processing of, their personal data, they must make this request via the email provided in the contact forms.

This document was updated on October 8, 2020.

8. CONTACT INFORMATION

Data Protection Officer (DPO): Example

Email: example@example.com.br

 

[1] In accordance with Article 5 of Law No. 13.709/2018 (General Law on the Protection of Personal Data):

Personal data: information relating to an identified or identifiable natural person;

Sensitive personal data: personal data concerning racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person;

Anonymized data: data relating to a data subject who cannot be identified, considering the use of reasonable and available technical means at the time of its processing;

Database: a structured set of personal data, established in one or more locations, in electronic or physical format;

Data subject: the natural person to whom the personal data being processed refers.

[2] Some concepts regarding the collection and processing of data are provided by Law No. 13.709/2018 (General Law on the Protection of Personal Data), in Article 5. 5th:

Controller: a natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data;

Processor: a natural or legal person, governed by public or private law, who processes personal data on behalf of the controller;

Pousada Jardim da Luz - Logo Full