Privacy Policy

Índice:

  1. Glossary
  2. Data Controller (Vila d’Este);
  3. Specific purpose of the treatment;
  4. Form and duration of treatment;
  5. Responsibilities of agents responsible for processing;
  6. Rights of the data subject (article 18 of the LGPD1).

1. Glossary:

Personal Data: information related to an identified or identifiable natural person;
Sensitive Personal Data: personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or religious, philosophical or political organization, data referring to health or sex life, genetic or biometric data, when linked to a natural person.
Data Processing: every operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
Data Holder: person who provides their data;
Treatment agents: data holders.

2. Data controller:

Vila d’este Handmade Hospitality Hotel:
VILA D’ESTE HANDMADE HOSPITALITY HOTEL, with corporate name DL ANGELO TURISMO EIRELI, registered with CNPJ 02.844.293/0001-19, with headquarters Alto do Humaitá, 11 – Centro, Búzios – RJ, 28950-000 and according to the definition provided by the General Data Protection Law “LGPD” (Federal Law No. 13.709.2018), presents the privacy policy used.
Vila is a house of exclusivity and personalization, which uses data provided with full consent to ensure that the customer experience is, in fact, tailor-made.
Following our commitment to transparency, below we explain the operation of legally adopted data policies.

3. Specific purpose of the treatment:

3.1. Data collected for the reservation:

At the time of booking, any data relevant to the FNRH may be collected, and in case of cancellation of non-refundable reservations, the data will be kept in the system to comply with Ordinance No. 177 of September 13, 2011 of the Ministry of Tourism and with the aim to subsidize the issuance of a tax document in case of collection.

3.2. Mandatory data collected during registration for Check-In:

The data of the holder of the reservation and his/her companion will be collected in accordance with Ordinance No. 177 of September 13, 2011 of the Ministry of Tourism.
• Full name;
• Email address;
• Phone number;
• Phone number;
• Profession;
• Nationality;
• Date of birth;
• Gender;
• Identity and issuing body or passport and issuing country;
• CPF – Only Brazilians;
• Address;
• Purpose of travel;
• Means of transport;
• For foreign visitors: last origin and next destination.

3.3. Data collected for membership of the perks club:

• E-mail address for sending promotions, news, gifts and exclusive benefits for subscribers. The data is stored and used with the unequivocal consent of the customer at the time of subscription, but its use will be interrupted when the customer requests the disconnection of the benefits program, which can be done by email marketing@viladeste.com.br.

3.4. Information that may be collected even if the user is not registered in the systems (cookies):

• The IP Address used to access our systems;
• Pages visited on other sites;
• View count;
• Data about the device used for navigation;
• Items, Services, Information and categories searched or viewed.

3.5. Other information may be collected:

• Data from social media;
• Information about you that you have made public or that is publicly available on the internet;

4. Form and duration of data processing:

• After giving consent for data processing taking into account the specified purpose, the sectors responsible for them will use them as proposed by the terms of responsibility.
• Although the holder of the information has the right to request the revocation of his consent, rectify data or delete them from the bank, it should be remembered that the information that is necessary for the fulfillment of legal or regulatory obligations must be kept in the databases of the organization.
If the customer is a subscriber to the club of advantages and wishes to give up the program, his data will no longer be processed for this purpose – however, they may remain stored in the database if the information is relevant to Ordinance No. 177 of September 13, 2011 of the Ministry of Tourism.

5. Responsibilities of the agents responsible for the treatment:

• Treatment agents must adopt security, technical and administrative measures, able to protect personal data from unauthorized access and accidental or illegal situations of destruction, loss, alteration, communication or any form of inappropriate or illegal treatment.
• The controllers and operators, within the scope of their competences, for the processing of personal data, individually or through associations, may formulate rules of good practices and governance that establish the organizational conditions, the operating regime, the procedures, including holders’ complaints and petitions, security norms, technical standards, specific obligations for the various parties involved in the treatment, educational actions, internal mechanisms of
supervision and risk mitigation (including immediate notice to authorities) and other
aspects related to the processing of personal data.

6. Rights of the data subject (Article 18 of the LGPD):

• “Art. 18. The holder of personal data has the right to obtain from the controller, in relation to the data of the holder processed by him, at any time and upon request: I – confirmation of the existence of treatment; II – access to data; III – correction of incomplete, inaccurate or outdated data; IV – anonymization, blocking or elimination of data that is unnecessary, excessive or processed in violation of the provisions of this Law; V – portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets; VI – deletion of personal data processed with the consent of the holder; VII – information from public and private entities with which the controller carried out shared use of data; VIII – information on the possibility of not providing consent and on the consequences of the refusal; IX – revocation of consent.”