Who is responsible for collecting and processing the data?
Henceforth, Qde Quinta do Esteval Lda, with the use of the brand Once upon a Day, is the entity responsible for the collection and processing of personal data, and may, in the context of its activity, resort to entities subcontracted by it to pursue the purposes indicated herein. .
What is personal data?
Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person. An identifiable person is considered to be a person who can be identified directly or indirectly, namely by reference to an identification number or to one or more specific elements of their physical, physiological, psychological, economic, cultural or social identity.
What personal data is collected and processed?
Once upon a Day collects and processes, among others, the following personal data:
Reservations: name, email address, telephone number, address, payment method and reservation details
Recruitment: name, email address and resume
Newsletter: email address.
When browsing the website, Once upon a Day may collect information about your computer, including IP address, operating system and browser used, for administrative and information aggregation purposes for its advertisers.
Once upon a Day assumes that the data was provided by the owner of the same or that he has given authorization to do so and assumes that the same is true and up to date.
How is your data collected?
Personal data can be collected through the following means:
The data collected is processed and stored by computer and in strict compliance with the legislation for the protection of personal data, being stored in a specific database created for this purpose by Once upon a Day or by its subcontractors.
Some personal data collected on the website is mandatory and, in case of lack or insufficiency of such data, Once upon a Day may not be able to provide you with the services or information requested by you. In each specific case, Once upon a Day will inform you of the mandatory nature of the provision of the personal data in question.
What are the purposes and grounds for processing your data?
In accordance with the Data Protection Principles, Once upon a Day may only process your personal data for specific purposes and if it has a legal basis to do so. Once upon a Day uses your data for the following purposes and on the following grounds:
Based on the tourist entertainment services contract you entered into with us, we process your data for the purposes of:
Based on your consent, we process your data for the purposes of:
Sending newsletters (if you are not our customer)
Sending marketing actions (if you are not our client)
In order to comply with legal obligations, we process your data for the purposes of:
Compliance with other legal or regulatory obligations
Because you are our customer and we have a legitimate interest in wanting to increasingly provide you with a better service, we process your data for the purposes of:
Because we are in the scope of pre-contractual diligence, we process your data for the purposes of:
For the pursuance of the purposes identified above, Once upon a Day may proceed with the interconnection of the collected data, in order to update and complete such data.
Who is your data shared with?
Data collected and held Once upon a Day may be transmitted, with respect for the duty of confidentiality and the principle of purpose for which it was collected, to the following entities:
What are your rights?
Under the Personal Data Protection Act, we guarantee you the right to access, update, rectify, delete, portability and erasure your personal data. It may also file complaints with the National Data Protection Commission.
We also grant you the right to object to the use of the data provided for marketing purposes, for the sending of informative communications or inclusion in lists or information services. If you did not do so when collecting the data, you can send a request later.
These rights must be exercised through the following email address firstname.lastname@example.org or the address of Once upon a Day – Quinta do Esteval, Estrada Nacional 10, Km 33,5 2900 – 722 Setúbal Portugal.
How long is your data stored?
The period of time for which data is stored and preserved varies according to the purpose for which the information is processed. Whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that motivated its collection or subsequent processing, after which it will be deleted.
Is your data handled securely?
Once upon a Day is committed to ensuring the protection of the security of your data. For this purpose, it has adopted several security measures, of a technical and organizational nature, in order to protect the personal data that it makes available to us against its dissemination, loss, misuse, alteration, processing or unauthorized access, as well as against any other form of illicit treatment.
Once upon a Day requires its subcontractors and partners to adopt security measures equivalent to those it practices.
Notwithstanding the security measures practiced by Once upon a Day, the user must adopt additional security measures, namely, ensure that they use equipment and a browser that are updated in terms of security, properly configured, with an active firewall, antivirus and anti-spyware, as well how to ensure the authenticity of the websites you visit on the internet, and avoid websites whose reputation you do not trust.
Once upon a Day recognizes that it may communicate User data in the context of merger, acquisition and/or incorporation processes in which it is found, not considering such communication as a transfer of data to third parties, nor existing any subcontracted treatment.
Hotel Casa Palmela may also transmit data to third parties in the context of investigations, inquiries and judicial and/or administrative proceedings or of a similar nature, provided that, for this purpose, it is duly ordered by a court order in this regard.
If data transfers to third countries that do not belong to the European Union or the European Economic Area may occur, Once upon a Day will comply with the law, in particular with regard to the suitability of the destination country with regard to the protection of personal data and the requirements that apply to these transfers, not being transferred personal data to jurisdictions that do not offer guarantees of security and protection.
The use of Once upon a Day's social media may involve the transmission of data to social media service providers, which may be based outside the European Union or the European Economic Area. Once upon a Day is not responsible for the data that the user makes available on social networks.