Privacy Policy
Published and in force since April 2024
We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose and protect your personal data when you interact with websites, applications and services offered by our hotel, owned, and managed under the Sofitel brand.
By browsing this website (the “Website“) and providing us with your personal data, you acknowledge and accept that your data will be processed by Lisbonne Hotel Invest S.A.S. – Sucursal em Portugal, in its capacity as data controller, under the terms of this Privacy Policy.
We therefore recommend that you read this statement carefully to understand our practices with respect to your personal data.
Index
1. DATA CONTROLLER
2. SCOPE OF THIS PRIVACY POLICY
3. HOW WE COLLECT YOUR PERSONAL DATA
4. PURPOSES FOR WHICH WE COLLECT DATA AND LEGAL BASIS FOR COLLECTION
5. THE DATA WE COLLECT ABOUT YOU
6. SHARING OF PERSONAL DATA
7. INTERNATIONAL TRANSFERS
8. DATA RETENTION
9. YOUR RIGHTS
10. DIRECT MARKETING
11. CONTACTS
12. DATA SECURITY
13. LIABILITY
14. CHANGES TO THIS PRIVACY POLICY
1. DATA CONTROLLER
The purposes and means of processing personal data defined in this Privacy Policy are determined by LISBONNE HOTEL INVEST S.A.S. – SUCURSAL EM PORTUGAL (permanent representation in Portugal of LISBONNE HOTEL INVEST SAS, headquartered at 19 espace Méditerranée 66000 Perpignan, France), headquartered at Avenida da Liberdade, nº 127, 1269-038 Lisbon, Portugal, registered under the single registration and legal person number 980 821 061.
When we refer to “we”, “us” or “our” in this Privacy Policy, we are referring to LISBONNE HOTEL INVEST S.A.S. – SUCURSAL EM PORTUGAL.
2. SCOPE OF THIS PRIVACY POLICY
This Privacy Policy applies to personal data that we collect through:
• Online Services: websites owned or controlled by any of us, web and mobile applications, social media pages, HTML email messages, Wi-Fi connectivity and other digital channels; and
• Offline interactions: When you visit or stay at our hotel, participate in events and activities organized by us, contact our customer service center or through other offline interactions.
Collectively, we refer to the above as our “Services.”
This Privacy Policy does not apply to personal information we collect about employees, business partners and other personnel in connection with their employment relationship with us, or to personal information we collect about candidates. We may also collect, generate, use, and disclose aggregated, anonymous, and other non-identifiable data in connection with our Services, which is not personal data subject to this Privacy Policy.
3. HOW WE COLLECT YOUR PERSONAL DATA
We use different methods to collect the data:
Direct interactions: You may provide us with your personal data by filling in forms or by correspondence by post, telephone, email or otherwise. This includes personal data that you provide online when you book an accommodation, subscribe to a newsletter or participate in a survey, contest or promotional offer. We collect personal data offline when you visit our hotel or use our Services, such as restaurant, childcare and spa services.
Automated technologies or interactions: You may provide us with your personal data by filling in forms or by mail, telephone, email or otherwise. This includes personal data that you provide online when you make a booking, subscribe to a newsletter or participate in a survey, competition or promotional offer. We collect personal data offline when you visit our hotel or use our Services, such as restaurants, childcare services, and spas.
The data requested in the forms on the Website are mandatory (unless otherwise indicated in the corresponding field) in order to provide services or fulfill your request. If you do not wish to provide the required personal information, we will not be able to comply with your request, but you may continue to view the content of the Website.
We collect other personal data through the use of cookies, web beacons and other similar technologies (for more information see our Cookie Policy).
Security systems: When you visit our hotel, information about you may be collected through closed-circuit television systems, electronic keys and other security systems.
Third parties or sources available in the public domain: We receive personal data about you from various third parties and sources in the public domain, including business partners, franchisees, travel agents, and aggregators.
4. PURPOSES FOR WHICH WE COLLECT DATA AND LEGAL BASIS FOR COLLECTION
Protection of vital interests of the data subject
Finalidade | Performance of a contract. |
Provide you with the Services. | Dato 1,2 |
Manage room reservations and accommodation requests, including drafting/completing documents required by law. | Necessary for the pursuit of our legitimate interests. Compliance with a legal obligation (e.g. the legal regime for the entry, stay, exit and removal of foreigners from the national territory, in the case of a foreign citizen) |
Manage your stay at the hotel: • Management of access to rooms • Control of the use of services (telephone, bar, pay TV, etc.) |
Performance of a contract. Necessary for the pursuit of our legitimate interests. |
Manage our relationship with guests before, during and after their stay: | Performance of a contract. |
• Management of loyalty programs; • Sending marketing communications (including newsletters, promotions, tourist, hotel or service offers) or telephone contacts; • Prediction and anticipation of future customer behaviors; • Develop statistics, business results and report on them; • Provide contextual data to our marketing tools (e.g. when a customer visits the Website or makes a booking); • Analyze and manage the preferences of new or returning customers; |
Necessary for the pursuit of our legitimate interests. Consent. |
Conducting surveys and analysis of customer questionnaires and comments; • Management of complaints/comments; • Providing information about our Services. |
Performance of a contract. Necessary for the pursuit of our legitimate interests. |
Maintain and improve your use of the Website: • Improve navigation; • Maintenance and support; and • Implementation of security and fraud prevention. |
Necessary for the pursuit of our legitimate interests. |
Internal management of the lists of guests who have behaved inappropriately during their stay at the hotel (aggressive and anti-social behaviour, non-compliance with safety rules, theft, damage and vandalism or payment incidents). | Necessary for the pursuit of our legitimate interests. |
Secure payments by determining the level of associated fraud risk. Prevention of non-payment situations. |
Necessary for the pursuit of our legitimate interests. |
Security of property and people. | Necessary for the pursuit of our legitimate interests. |
Use of search services for people staying at the hotel in case of serious events affecting the hotel (natural disasters, terrorist attacks, etc.), or use of the data in case of medical emergencies. | Protection of vital interests of the data subject |
5. THE DATA WE COLLECT ABOUT YOU
Personal data is any information relating to an identified or identifiable natural person. We may collect, use, store and transfer different types of personal data about you:
• Contact information (email address, address, country and telephone number);
• Payment information (card number, billing address, and bank account information);
• Demographic data (gender, age, and preferred language);
• Information relating to your reservation, stay or hotel visit (including the date of arrival and departure and the goods and services purchased, interests and preferences);
• Information necessary to fulfill your special requests and/or specific accommodations;
• Customer Preferences;
• Professional information (such as company name, job title, and business contact information) to respond to requests for proposals or fulfill contractual agreements;
• Copies of your correspondence if you contact us;
• Feedback and responses to surveys;
• Information collected through the use of closed-circuit television systems, key cards and other security systems;
• Information relating to your use of and interaction with our Website and social media; and
• Information requested by government authorities to comply with our legal obligations.
We do not collect the following special categories of personal data about you: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic data, biometrics, and criminal convictions and criminal offences.
6. SHARING OF PERSONAL DATA
We may share your personal data with the following entities:
• Companies in our corporate group: We disclose personal data to other companies in our corporate structure for the purposes described in this Privacy Policy, such as providing Services and personalizing our communication with you.
• Service providers: We disclose personal data to third-party service providers for the purposes described in this Privacy Policy. Examples of service providers include companies that provide website hosting, data analytics, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, and marketing.
• Public administrations and law enforcement: We disclose personal data to public administrations and the police, at the request of or as part of an investigation, to comply with legal obligations, to prevent fraud or money laundering, and to cooperate with them in carrying out their duties. Compliance with law: We may disclose personal data to courts and other authorities if required to do so by law. We require all third parties to protect your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.
7. INTERNATIONAL TRANSFERS
We may transfer your personal data to various jurisdictions. To the extent necessary for this purpose, your personal data may be transferred to the following locations:
• Countries in which we operate or use central reservation systems;
• Countries where our corporate offices are located;
• Countries in which we manage and operate hotels; and
• Countries where our third-party service providers, advisors and consultants are located, which may change from time to time.
When we transfer personal data to third parties outside the EEA (European Economic Area), it will only be transferred to countries that have been identified as providing adequate protection by the European Commission or to a third party with whom we have agreed transfer mechanisms in place to protect your personal data, for example by entering European Commission standard contractual clauses.
If you would like more information about the specific mechanism we use to transfer your personal data, you can contact us.
8. DATA RETENTION
We only keep your personal data for as long as necessary to fulfil the purposes for which we collected it:
• If personal data has been collected for the purpose of performing a contract, it will be stored for the entire duration of the contractual relationship and, once it has ended, until the end of the limitation period.
• If the personal data has been collected for the purposes of complying with legal obligations, it will be stored until the obligation is fulfilled.
• If the personal data has been collected for purposes of legitimate interest, it will be stored until the end of that interest.
• If personal data was collected with your consent, it will be stored until consent is withdrawn. You can withdraw your consent at any time via the link provided in the communications.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there is a prospect of litigation in relation to our relationship with you.
9. YOUR RIGHTS
You can contact us if you would like to exercise the following rights as a data subject:
• Request access to your personal data
• Request correction of your personal data
• Request erasure of your personal data
• Objection to the processing of your personal data
• Request to restrict the processing of your personal data
• Request for portability of your personal data
• Right to withdraw consent
Under certain circumstances, you have the right to lodge a complaint with the competent supervisory authority (Comissão Nacional de Proteção de Dados – CNPD). We may need to ask you for specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise any other of your rights). This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to request more information regarding your request to speed up our response.
You will not have to pay any fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances and we will state the reason for the refusal.
We attempt to respond to all legitimate requests within one month or within the timeframe specified by applicable data protection legislation. Occasionally, it may take longer than a month if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you informed.
10. DIRECT MARKETING
With your consent, or if you have already used our Services, we may send you direct marketing communications relating to our Services. In these cases, we may contact you via electronic messages (email, SMS or website), by post or by other means shared with us.
You have the right to stop receiving marketing communications at any time by contacting us using the details provided in the “Contact Us” section or by clicking on the unsubscribe link in our marketing messages.
Please note that if you opt out of receiving marketing emails, we will continue to send you transactional messages, such as information about your reservations or stays, including confirmation and pre-arrival emails, or account security updates.
11. CONTACTS
If you wish to exercise any of the rights referred to in this Privacy Policy, please contact us at the email address LisbonLiberdade.Data.Privacy@sofitel.com .
12. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, service providers and other third parties who have a business need to know. They will only process your personal data in accordance with our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you, as well as any applicable supervisory authority, of a breach where we are legally required to do so.
13. LIABILITY
This Website is not intended for minors.
You warrant that you have informed any third parties about whom you are providing data, and if you have done so, about the points covered by this Privacy Policy. In addition, you guarantee that you have obtained their consent to provide your data for the purposes indicated.
You will be responsible for any false or inaccurate information provided and for any direct or indirect damages caused to us or any third party.
14. CHANGES TO THIS PRIVACY POLICY
Our Privacy Policy will be reviewed from time to time. At the top of this page, you will see the date on which the Privacy Policy was last revised, which is also the date on which those changes became effective. Your use of the Services following these changes signifies your acknowledgment of and acceptance of the revised Privacy Policy.
It is also important that the personal data we hold about you is accurate and current. Please let us know if there are any changes to your personal data during the term of your business relationship with us.