1. IDENTIFICATION OF THE DATA CONTROLLER AND THE CYBER OFFICER

SECURITY AND DATA PROTECTION
  • Name: Altis SA
  • NIPC : 500017450
  • Headquarters : Rua Castilho, 11 1269-072 Lisboa - Portugal
  • Phone: +351 21 310 61 14
  • Data Protection Officer: privacy@altishotels.com

Under the law, “personal data” is any information of any nature and regardless of its medium, including sound and image, relating to an identified or identifiable natural person, so the protection does not cover the data of legal persons.

By accepting this Privacy Policy, the user provides informed, express, free and unequivocal consent for the sensitive information, organisational and personal data provided through the website https://www.altishotels.com/ to be included in a file under the responsibility of the Altis Hotels Group, whose processing under the terms of the GDPR complies with the appropriate technical and organisational security measures.

Altis Hotels

2. COMMITMENT of the Altis Hotels Group.

The Altis Hotels Group, in the context of its duties, processes personal data, aiming to ensure with rigour, effectiveness and security the protection of all the data it collects and processes on a daily basis.

Please read this Privacy Policy which describes how we treat your sensitive information, organisational and personal data and how you can exercise your rights as a holder of sensitive information, organisational and personal data processed by the Altis Hotels Group.

3. DATA PROTECTION OFFICER (OFFICER)

Within the scope of its activities and duties, the Altis Hotels Group is the entity responsible for the collection and processing of personal data, which are processed and stored in an automated and non-automated manner.

The Altis Hotels Group has a Data Protection Officer, who can be contacted by e-mail at privacy@altishotels.com .

The Data Protection Officer is responsible, in particular, for monitoring the compliance of the activities involving the processing of your data with the applicable legal and regulatory standards, and is also the point of contact between the Altis Hotels Group and the National Data Protection Commission, as well as between the Altis Hotels Group and its customers and users in matters relating to the processing of personal data.

4. PERSONAL DATA, HOLDERS OF SENSITIVE AND ORGANISATIONAL INFORMATION, AND CATEGORIES OF PERSONAL DATA

What is personal data?

Sensitive information, organisational information and personal data are all information of any kind, collected on any medium, relating to an identified or identifiable natural person. Identifiable information is information that can lead to the identification of a particular person, in particular by reference to an identifier (such as an identification number or location data).

From whom do we collect personal data?
In view of the functional and activity tasks, most of the data are processed from legal persons (companies and associations). However, for the fulfilment of its tasks, data may be collected and processed from the following types of natural persons (non-exhaustive list):
  • Customers/investors and their staff;
  • Service providers and their staff;
  • Specific suppliers and subcontractors;
  • Candidates and trainees of the Altis Hotels Group;
  • Candidates and clients of programmes promoted by the Altis Hotels Group;
  • Participants in events promoted by the Altis Hotels Group;
  • Visitors and customers of Altis Hotels Group facilities.
What sensitive information, organisational and personal data do we process and how do we collect it?
The Altis Hotels Group only collects data that is appropriate, relevant and limited to what is necessary in relation to the purposes and services provided and activities developed.

Your data may be collected orally, in writing (including through forms and contracts), and via the website https://altishotels.com/. As a general rule, we collect your data directly, but sensitive information, organisational and personal data may also be collected through public sources (such as websites and official public lists), as well as from incentive providers or partners.

To fulfil the different purposes, we may collect the following types of personal data:

  • Identification data (such as name, place of birth, national identity card or date of birth);
  • Contact details (such as mobile phone, address or email);
  • Qualification data and professional status (such as level of education and CV);
  • Bank, financial and transaction details (such as IBAN or tax identification number);
  • Location data (such as IP address);
  • Recording images;
  • Images collected through video surveillance systems.

As a rule, the Altis Hotels Group does not collect special data, such as health data or data relating to administrative offences or criminal offences.

5. GROUNDS AND PURPOSES FOR PROCESSING PERSONAL DATA

Why and on what basis do we use your personal data?

All data collected and processed by the Altis Hotels Group is based on one of the following conditions of lawfulness:

  • Consent: when the collection is preceded by your express, specific and informed consent, through written support or via the web. We collect your consent, for example, for purposes related to the Altis Hotels Group, to subscribe to newsletters or to enrol in actions promoted by the Altis Hotels Group;
  • Performance of contract or pre-contractual steps: when processing is necessary for the performance of a contract to which you are a party or for pre-contractual steps. This condition will be fulfilled when we process your data for the purpose of managing funding and cooperation programmes and protocols or supply and service contracts;
  • Compliance with legal obligations: when processing is necessary for the fulfilment of a legal obligation. This includes, for example, the communication of data to other public (national and EU), tax or judicial bodies;
  • The public interest: when the processing is necessary for the exercise of functions in the public interest;
  • Legitimate interest: where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, without adversely affecting the rights and freedoms of its customers and/or users.
This includes all processing resulting from the attributions conferred by law, namely the internal and external publicising of Portuguese entities, at national and international level.
What are the purposes for which we collect your data?
Sensitive information, organisational and personal data collected by the Altis Hotels Group are only processed for specific, explicit and legitimate purposes. Whenever personal data is collected, it is exclusively for the purposes expressly identified at the time of collection.

We list below the main purposes that justify the collection of sensitive information, organisational and personal data by the Altis Hotels Group:

  • Contractualisation and management of programmes and protocols of the Altis Hotels Group;
  • Management of events promoted by the Altis Hotels Group;
  • Contractualisation of supply and service provision;
  • Dissemination of newsletters/publications;
  • Physical security of premises and persons.

6. RETENTION PERIOD OF PERSONAL DATA

The Altis Hotels Group processes and retains your data only for the period necessary for the pursuit or completion of the processing purposes for which they are intended, in compliance with the maximum periods necessary to fulfil contractual, legal or regulatory obligations.

As a general rule, and when there is a contract or provision of services that legitimises the processing of your data, the Altis Hotels Group will keep such data as long as such commercial or contractual relationship is maintained. Other circumstances exist, such as compliance with legal or regulatory obligations (for example, for the purpose of complying with tax obligations, sensitive information, organisational and personal data relating to invoicing must be kept for a maximum period of ten years from the practice of the act), as well as the pendency of a judicial process, which may legitimise that your data be kept for a longer period of time. At the end of the retention period, the Altis Hotels Group will delete said data both in physical and digital form.

7. DATA SUBJECTS' RIGHTS

Under the terms of the legislation in force, from the moment we collect and process your data, there is a set of rights that, at any time, you can exercise with the Altis Hotels Group.

What are your rights?

  • Right of access: right that allows you to obtain information regarding the processing of your data and its characteristics (namely the type of data, the purpose of the processing, to whom your data may be communicated, retention periods and which data you have to provide mandatorily or optionally);
  • Right of rectification: the right to request the rectification of your data, requiring it to be accurate and current, such as when you believe it is incomplete or out of date;
  • Direito de retificação: o direito de solicitar a retificação dos seus dados, exigindo que sejam exactos e actuais, por exemplo, quando considerar que estão incompletos ou desactualizados;
  • Right to restriction: the right to suspend processing or to limit processing to certain categories of data or purposes;
  • Right to portability: the right to request that your data be sent to you in a commonly used digital format that allows the re-use of such data. Alternatively, you may request the transmission of your data to another entity that will become responsible for the processing of your data.
  • Right to object: the right to object to certain purposes, provided that legitimate interests do not outweigh your interests. One example of this right is to object to direct marketing purposes;
  • Right to withdraw consent: a right that allows you to withdraw your consent, but which can only be exercised when your consent is the only condition of legitimacy.

How can you exercise your rights?

All the rights described above may be exercised, subject to the limitations provided for in the applicable legislation, upon written request, to be sent through our form. Likewise, you may send questions related to the processing of your data directly to the Data Protection Officer, through the e-mail indicated in point 2. You may also submit any complaint to the National Supervisory Authority.

8. DATA TRANSMISSION

Who do we share your personal data with?

Given the duties of the Altis Hotels Group and depending on the respective purpose, your data may be shared with third parties, including national and international public bodies and private entities for the purpose of complying with legal or regulatory obligations, contractual or public interest functions.

Your data may also be accessed by service providers of the Altis Hotels Group, deemed necessary for the fulfilment of the purposes described above, namely with regard to information security and archiving services. The Altis Hotels Group guarantees that it only uses service providers that provide guarantees of the implementation of technical and organisational measures necessary and appropriate to protect your personal data.

Transfers of sensitive information, organisational and personal data outside the EEA
The Altis Hotels Group may, exceptionally, transfer your sensitive information, organisational and personal data to third countries (outside the EEA – European Economic Area). In such cases, the Altis Hotels Group will ensure that data transfers are carried out in strict compliance with applicable legal regulations.
Technical information
In addition, and to ensure that each visitor to any of our websites can use and navigate the website effectively, we collect the following:
  • Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
  • Your login information, browser type and version, time zone setting, browser plug-in types and versions;
  • Operating system and platform;
  • Information about your visit, including the sequence of Uniform Resource Locators (URL) clicks to, through and from our website;
  • In the case of "external hyperlinks", the hyperlinks listed as "links" are made outside the Portal and open in a new window. The Altis Hotels Group is not responsible for the contents of these pages, nor for their actuality. Within this framework, our website may include links to other websites for which we are not responsible and the User should consult their privacy policies.

9. SUMMARY OF THE COOKIES POLICY

Cookies are small files that are saved on the customer’s computer and serve only to identify the computer that is accessing the website. These files do not contain any personal information.

Cookies are generally time-limited. No cookie can extract information from the customer’s computer hard drive, steal personal information or read cookie files created by other providers.

Thanks to cookies, it is possible for the Altis Hotels Group to recognise duly registered customers, provided they use the same equipment and browser, without them having to register on each visit to access the areas and services reserved exclusively for them.

You are free to reject our cookies if your browser allows it, but doing so may jeopardise the full functionality of the websites you use.

Our system respects the Do Not Track option set in visitors’ browsers. If you do not want to contribute anonymised information about how you browse the site to our Web Analytics tool, please check the options available on our cookie policy page.

10. COMMERCIAL AND PROMOTIONAL COMMUNICATIONS

One of the purposes for which we process personal data provided by you is to send you electronic communications with information regarding commercial and promotional communications. Whenever we make a communication of this type, it will be directed exclusively to the user who has expressly authorised it in advance.

11. LEGISLATION

The processing of personal data of users and customers carried out by the Altis Hotels Group as well as the sending of commercial communications made by electronic means are in accordance with the national and Community legislation in force, namely the General Data Protection Regulation.