This page describes how this website is managed with regard to the processing of users’ personal data. This is information that is provided pursuant to Art. 13 of EU Regulation 2016/679, which came into force on 25 May 2018 – the General Data Protection Regulation (hereinafter referred to as the GDPR) and applicable to those who interact with the web services of Hotel A.S. Lisboa accessible electronically at the web address:
The information provided applies only to the website www.hotel-aslisboa.pt. and not to any other websites that may be consulted by the user by following links on the original site, and complies with Recommendation No.2/2001 on certain minimum requirements for collecting personal data on-line in the European Union, adopted on 17 May 2001 by the Article 29 Data Protection Working Party.
Pursuant to Art. 4, Item 7 of the GDPR 2016/679, the Data Controller is Hotel A.S.Lisboa Based in: Avenida Almirante Reis, 188
1000-055 Lisboa Portugal
tel: +351 218429360
DATA PROTECTION OFFICER
Pursuant to Art. 37 of the GDPR 2016/679, Hotel A.S.Lisboa has officially appointed a Data Protection Officer (hereinafter referred to as the DPO), whose contact details are Paulo Soares
The DPO is available to respond to any requests for information from interested parties concerning the processing of their personal data and the exercise of their rights.
DATA PROCESSING LOCATION
Data processing carried out in connection with the web services provided by this site takes place at the headquarters of the owner and the data processor. No data obtained from these web services is communicated or disseminated to third parties.
Personal data submitted by users who request informational material are used only to provide the service or services requested, whereas the data subject’s personal data acquired through certain forms on the site may be forwarded to service providers to fulfill the contract and supply the services requested.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to run this website record some personal data during their normal operation, the transmission of which is implicit in the use of Internet protocols. This data is not collected to identify data subjects but, by its very nature, may make it possible to identify users when processed and used in conjunction with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and IT environment. These data are only used to gather anonymous statistics about the use of the website and to check that it is functioning correctly. They are deleted immediately after processing. The data could be used to identify those responsible in cases of hypothetical computer crimes perpetrated against the site. In all other cases, web contact data is currently retained for no more than thirty days.
Data submitted voluntarily by users
The optional, express, and voluntary emails sent to the addresses given on this website necessarily entail the acquisition of the sender’s address, which is required to reply to requests, and any other personal data included in the messages. A summary of the specific information provided will be regularly made available or displayed on the web pages prepared for specific on-demand services.
The use of the session cookies (which are not permanently stored on the user’s computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) that are required to provide the user with a secure and efficient browsing experience. The use of session cookies on this website avoids the need to employ other IT techniques, which are potentially detrimental to the confidentiality of user data created during navigation of the site, and does not permit any personal data that identifies the user to be collected.
Personal data are processed by automated tools for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, the illicit or incorrect use thereof, and unauthorized access.
PURPOSE, LEGAL BASIS, AND NATURE OF THE PROVISION (EXAMPLE)
The Personal Data you provide through the site will be processed by Hotel A.S. Lisboa for the following purposes:
a) purposes related to the execution of a contract to which the data subject is party, or to the execution of pre-contractual measures taken at their request (e.g., for requests submitted using the contact form, booking requests, participation in special offers, etc.). Consent is not required. The legal basis is Article 6, Paragraph 1b, the processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
b) purposes related to promotional and commercial material sent out by email following the voluntary registration to the hotel’s newsletter. This requires the explicit consent of the data subject or the use of “soft spam” (direct marketing by email). The legal basis is Article 6, Paragraph 1b, of the GDPR 2016/679, which requires the consent of the interested party, or subscription to the newsletter, pursuant to Article 6, Paragraph 1f of the GDPR 2016/679, and is a legitimate interest on the part of the data controller.
d) for statistical research and analysis of anonymous aggregate data to assess the functionality of the website, the amount of traffic, the site’s usability, and to make it more user-friendly and useful. Consent is not required, as this does not involve the processing of any personal data.
e) purposes related to compliance with laws and regulations. Consent is not required. The legal basis is Article 6, Paragraph 1c of the GDPR 2016/679.
f) to establish, exercise, or defend a right in court or whenever the courts exercise their judicial functions. Consent is not required. The legal basis is Article 6, Paragraph 1f of the GDPR 2016/679, where processing is necessary for the purposes of the legitimate interests pursued by the controller.
g) for compliance with a legal or regulatory obligation to which the controller is subject. Consent is not required. The legal basis is Article 6, Paragraph 1f of the GDPR 2016/679, where the processing is necessary to fulfill a legal obligation to which the data controller is subject.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES OR INTERNATIONAL ORGANISATIONS
Some of the personal data obtained from the interested party are transferred to recipients who are located outside the European Community. Hotel A.S. Lisboa ensures that the electronic and paper processing of your personal data by the recipients is carried out in compliance with the applicable law, which has legal status outside the EU.
Otherwise, transfers of data are subject to an adequacy decision or compliance with the Standard Contractual Clauses approved by the European Commission or, in cases of transfers to the USA, compliance with the Privacy Shield policy.
SCOPE OF THE TRANSMISSION OF PERSONAL DATA
Personal data acquired through the website in question may be disclosed to:
• the web agency D-Edge S.A.S.selected to manage the site and provide technical support.
• public offices and organizations as a function of legal and/or contractual obligations.
• third-party companies that host the website.
An up-to-date list of any external managers appointed may be requested from the data controller, pursuant to Art. 28 of the GDPR 2016/679.
Hotel A.S. Lisboa will process the user’s personal data only for the time strictly necessary to achieve the purposes outlined in this document and up to the time allowed by Italian law, to safeguard the users’ interests (Art. 2947 (1)(3) of the Italian Civil Code).
The user continues to be subscribed to the company’s newsletter until they exercise their right of cancellation, which can be done by simply clicking on a link in every email sent out.
SECURITY BOOKING SYSTEM
FastBooking uses the credit card details provided at the time of booking, in accordance with the PCI DSS (Payment Card Industry Data Security Standard) security protocol. All information sent to this site, during an SSL session, is encrypted and protected from disclosure to third parties.
RIGHTS OF DATA SUBJECTS
The user can freely exercise the rights referred to in Articles 15 et seq. of the GDPR 2016/679 or:
• withdraw their consent at any time. Users may revoke their consent to the processing of their personal data as described above.
• the right to object to the processing of their data. Users may object to the processing of their data when it is carried out on any legal basis other than consent.
• the right to access their data. Users have the right to obtain information on what data is being processed by the Controller and on particular aspects of the processing methodology, and to obtain a copy of any data processed.
• the right to rectification of inaccurate personal data. Users may verify that their data is correct and ask for it to be updated or corrected as necessary.
• the right to restriction of the processing. In certain circumstances, users may ask for restrictions to be set on the processing of their data. In this eventuality, the Data Controller may not process the data for any purpose with the exception of storage.
• the right to have their personal data removed or erased. In certain circumstances, users may request the erasure of their data by the Data Controller.
• the right to receive the personal data concerning him or her or transferred to another controller. Users have the right to receive their data in a structured, commonly used, and machine-readable format, where technically feasible, and to have it transferred without hindrance to another controller. This provision is applicable where the data is processed automatically, and the processing is based on the user’s consent or a contract to which the user is a party or contractual provisions connected to it.
• the right to lodge a complaint. Users may lodge a complaint with the competent supervisory authority responsible for personal data protection or take legal action.
How to exercise your rights
Hotel A.S.Lisboa has an organizational process in place to facilitate the exercise of the rights of the interested parties. Simply contact the company management at: firstname.lastname@example.org
UPDATES AND REVISIONS