Please read this Privacy Policy carefully, as the processing of personal data provided to us implies knowledge and acceptance of the conditions contained herein.

Who is responsible for collecting and processing the data?

Henceforth, Qde Quinta do Esteval Lda, with the use of the brand Once upon a Day, is the entity responsible for the collection and processing of personal data, and may, in the context of its activity, resort to entities subcontracted by it to pursue the purposes indicated herein. .

What is personal data?

Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person. An identifiable person is considered to be a person who can be identified directly or indirectly, namely by reference to an identification number or to one or more specific elements of their physical, physiological, psychological, economic, cultural or social identity.

What personal data is collected and processed?

Once upon a Day collects and processes, among others, the following personal data:

Reservations: name, email address, telephone number, address, payment method and reservation details

Recruitment: name, email address and resume

Newsletter: email address.

When browsing the website, Once upon a Day may collect information about your computer, including IP address, operating system and browser used, for administrative and information aggregation purposes for its advertisers.

Once upon a Day assumes that the data was provided by the owner of the same or that he has given authorization to do so and assumes that the same is true and up to date.

How is your data collected?

Personal data can be collected through the following means:

1. a) Email
2. b) website
3. c) Phone calls
4. d) In person

The data collected is processed and stored by computer and in strict compliance with the legislation for the protection of personal data, being stored in a specific database created for this purpose by Once upon a Day or by its subcontractors.

Some personal data collected on the website is mandatory and, in case of lack or insufficiency of such data, Once upon a Day may not be able to provide you with the services or information requested by you. In each specific case, Once upon a Day will inform you of the mandatory nature of the provision of the personal data in question.

What are the purposes and grounds for processing your data?

In accordance with the Data Protection Principles, Once upon a Day may only process your personal data for specific purposes and if it has a legal basis to do so. Once upon a Day uses your data for the following purposes and on the following grounds:

Based on the tourist entertainment services contract you entered into with us, we process your data for the purposes of:

1. a) Reserve management
2. b) Budget requests, information and booking confirmation
3. c) Registration of preferences
4. d) Billing and verification of payment methods
5. e) Providing the necessary information for your reservation
6. f) Customer support

Based on your consent, we process your data for the purposes of:

Sending newsletters (if you are not our customer)

Sending marketing actions (if you are not our client)

loyalty programs

In order to comply with legal obligations, we process your data for the purposes of:

Complaints management

Compliance with other legal or regulatory obligations

Because you are our customer and we have a legitimate interest in wanting to increasingly provide you with a better service, we process your data for the purposes of:

1. l) Carrying out satisfaction questionnaires related to your stay
2. m) Conducting market studies, assessment surveys and statistical analysis
3. n) Contacts directory

Because we are in the scope of pre-contractual diligence, we process your data for the purposes of:

1. o) Recruitment

For the pursuance of the purposes identified above, Once upon a Day may proceed with the interconnection of the collected data, in order to update and complete such data.

Who is your data shared with?

Data collected and held Once upon a Day may be transmitted, with respect for the duty of confidentiality and the principle of purpose for which it was collected, to the following entities:

1. a) Group entities in which Once upon a Day is inserted
2. b) Judicial or administrative authorities, in cases where such assignment is mandatory
3. c) Recruitment and selection companies
4. d) Subcontractors who will process the data on behalf of Once upon a Day and in accordance with the purposes determined by it

What are your rights?

Under the Personal Data Protection Act, we guarantee you the right to access, update, rectify, delete, portability and erasure your personal data. It may also file complaints with the National Data Protection Commission.

We also grant you the right to object to the use of the data provided for marketing purposes, for the sending of informative communications or inclusion in lists or information services. If you did not do so when collecting the data, you can send a request later.

These rights must be exercised through the following email address mmateus@ouh.pt or the address of Once upon a Day – Quinta do Esteval, Estrada Nacional 10, Km 33,5 2900 – 722 Setúbal Portugal.

How long is your data stored?

The period of time for which data is stored and preserved varies according to the purpose for which the information is processed. Whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that motivated its collection or subsequent processing, after which it will be deleted.

Is your data handled securely?

Once upon a Day is committed to ensuring the protection of the security of your data. For this purpose, it has adopted several security measures, of a technical and organizational nature, in order to protect the personal data that it makes available to us against its dissemination, loss, misuse, alteration, processing or unauthorized access, as well as against any other form of illicit treatment.

Once upon a Day requires its subcontractors and partners to adopt security measures equivalent to those it practices.

Notwithstanding the security measures practiced by Once upon a Day, the user must adopt additional security measures, namely, ensure that they use equipment and a browser that are updated in terms of security, properly configured, with an active firewall, antivirus and anti-spyware, as well how to ensure the authenticity of the websites you visit on the internet, and avoid websites whose reputation you do not trust.

Communications

Once upon a Day recognizes that it may communicate User data in the context of merger, acquisition and/or incorporation processes in which it is found, not considering such communication as a transfer of data to third parties, nor existing any subcontracted treatment.

Hotel Casa Palmela may also transmit data to third parties in the context of investigations, inquiries and judicial and/or administrative proceedings or of a similar nature, provided that, for this purpose, it is duly ordered by a court order in this regard.

Data transfer

If data transfers to third countries that do not belong to the European Union or the European Economic Area may occur, Once upon a Day will comply with the law, in particular with regard to the suitability of the destination country with regard to the protection of personal data and the requirements that apply to these transfers, not being transferred personal data to jurisdictions that do not offer guarantees of security and protection.

The use of Once upon a Day's social media may involve the transmission of data to social media service providers, which may be based outside the European Union or the European Economic Area. Once upon a Day is not responsible for the data that the user makes available on social networks.

Changes to the Privacy Policy

Once upon a Day reserves the right, at any time, to make adjustments or changes to this Privacy Policy, such changes being duly publicized at: www.hotelcasapalmela.pt.