Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. PRIVACY POLICY FOR THE B&B HOTELS MOBILE APPLICATIONS AND WEBSITE OF B&B HOTELS Brazil
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

PRIVACY POLICY FOR THE B&B HOTELS MOBILE APPLICATIONS AND WEBSITE OF B&B HOTELS Brazil

PDF

 

Updated on : 16/02/2024

 

Preamble

This privacy policy applies to users (hereinafter referred to as "Users") of the website https://www.hotel-bb.com/pt/br (hereinafter referred to as the "Site") and the mobile applications of B&B Hotels (hereinafter referred to as the "Apps") that provide the online room booking platform of B&B Hotel (hereinafter referred to as the "Platform"). Its purpose is to inform, in accordance with Law No. 13,709 of August 14, 2018, on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter referred to as the "General Data Protection Law - LGPD"), how your personal data may be collected and processed through our Site and Apps in relation to hotel room bookings in countries where we have hotels and the B&B Hotels Club loyalty program.

The B&B Hotels Group is committed to ensuring that the processing of personal data complies with the requirements of the LGPD. 

The purpose of this privacy policy is to inform you about the categories of personal data we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.

Your privacy and the protection of your personal data is a priority for us, which is why we are committed to processing your personal data in strict compliance with the Regulation and the applicable national laws.

  1. Definitions
  2. Identity of data controllers
  3. Categories of processed data
  4. Purposes and legal bases for the processing of personal data
  5. Recipients of data
  6. Data retention period
  7. International Transfer of Personal Data
  8. Exercise of the data subject's rights
  9. Access data and cookies
  10. Social networks
  11. Security
  12. Contacts

 

Article 1: Definitions

Adyen: refers to the online payment platform

Application: refers to the B&B HOTELS mobile applications published by Casper BidCo

B&B HOTELS Group: refers to the Casper BidCo holding company, its subsidiaries and all the B&B HOTELS hotels

Platform: refers to the central online booking system operated by Casper BidCo on the Site and the Applications.

Data controller: refers to Casper BidCo in its capacity as the main data controller on the Site

Services: refers to the services offered by Casper BidCo via the Platform. The Services are detailed in the General Terms and Conditions of Use (GTCU), which can be accessed by clicking here.

Site: refers to the website accessible at the URL address https://www.hotel-bb.com/

Users: refers to any person accessing or browsing the Site and the Applications, as well as all the categories of users of the Platform.

 

Article 2: Identity of the data controllers

Casper BidCo, which is one of the parent companies of the B&B Hotels group, whose legal notice can be accessed by clicking here, is the main party responsible for the processing carried out on the Site and the Applications.

Casper BidCo operates a central bookings system common to the hotels listed here.

As part of the processing of bookings made through the Platform and the Applications, Casper BidCo is jointly responsible for processing your personal data with the companies that operate the hotels whose rooms you book (See the list of hotels here).

The companies, of which the list is available by clicking here, jointly manage the B&B HOTELS Club loyalty programme. The joint controllers of the B&B HOTELS Club loyalty programme are the companies whose list can be accessed by clicking here.

Finally, as an extension of your bookings via the Platform, autonomous processing operations may be carried out by each of these joint controllers. Information relating to these autonomous processing operations is provided to you directly by the controllers concerned.

Legal reminder:

The datacontroller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. Where several persons jointly determine the purposes and means of a processing operation, they are joint data controllers (or co-controllers).

CASPER BidCo is a simplified joint stock company with a single shareholder, with a capital of 12,129,635.92 Euros, located at 29 boulevard Romain Rolland 92120 Montrouge, registered in the Nanterre Register of Companies under the number 850 790 908, legally represented by its Chairman, domiciled at the said headquarters.

CASPER BidCo operates a central booking system shared by the hotels listed here, which are jointly responsible for the processing your personal data in the context of your bookings on the Platform and the Applications.

CASPER BidCo has entered into a joint liability agreement with these joint controllers setting out their respective obligations, the outline of which is available on request sent by email to privacy@hotelbb.com.

The joint controllers of the B&B HOTELS Club loyalty programme are the companies listed here:

These joint controllers have signed a joint liability agreement setting out their respective obligations, the broad outlines of which are available on request sent by email to privacy@hotelbb.com.

This privacy policy concerns the processing of data carried out by CASPER BidCo and its joint controllers via the Site and the Applications in the context of hotel room bookings and the B&B HOTELS Club loyalty programme.

 

Article 3: Data origin and collection

When you visit our Site, use our Applications or provide our Services, we may collect personal data about you.

In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, emails sent to you, notifications on the Platform or via our Cookie Management Tool.

Your data is processed in accordance with the purposes set out at the time of collection and in compliance with ANPD's guidelines on the processing of personal data for the purposes of managing commercial activities.

Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to object to the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you commercial prospecting material or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purposes of measuring the audience for our Site and our Application and to offer you commercial offers and targeted advertising according to your centres of interest.

 

Article 4: Categories of Processed Data

When you use the Site, the Applications and the Services, you are required to send us data and information, some of which may identify you and therefore constitute personal data (hereinafter referred to as the Data).

This is particularly the case when you book a room on the Site or register for our loyalty programme.

In all cases, you are informed of the purposes for which your data is collected by us via various online data collection forms, emails sent to you, notifications on the Platform or via our Cookie Management Tool.

Where necessary, we undertake, depending on the case, to obtain your consent and/or to allow you to object to the use of your data for certain purposes, such as, for example, the possibility of knowing your geographical position, sending you commercial prospecting material or placing third-party cookies on your terminals (mobile phone, computer, tablet) for the purposes of measuring the audience for our Site and our Application and to offer you commercial offers and targeted advertising according to your centres of interest.

At the time of collection of the Data, you will be informed whether certain Data must be filled in or whether it is optional and the possible consequences of a failure to reply are indicated at the time of its collection on the associated forms.

The data being processed is as follows:

  • Data relating to your identity: title, surname, first name(s), address, telephone number, email addresses, date of birth, age, client code, password,
  • Data relating to your professional life: company, location,
  • Data relating to browsing: your logs and connection data, computer hardware identification data, your language preferences, geographical location data, data relating to your use of the Platform and Services, including data communicated to our teams when you make a request (language preference, etc.), data collected via cookies and other tracers,
  • Details of your booking: arrival and departure dates, details of other occupants of the rooms reserved such as names and ages, preferences (smoking room, preferred floor, etc.),
  • Data relating to transactions: the transaction number, data relating to means of payment (bank card number, expiry date, cryptogram, processed exclusively by Adyen which only provides us with a token to proceed with guarantees and payments for bookings), details of the purchase, subscription, product or service subscribed to, data relating to the payment of invoices such as methods of payment, discounts granted, receipts, balances and unpaid amounts,
  • Booking history data for B&B hotels

The B&B HOTELS group ensures that it only collects Data that is strictly necessary for the purpose for which it is processed.

 

Article 5: Purposes and Legal Bases of Personal Data Processing

The processing carried out by the B&B HOTELS Group satisfies an explicit, legitimate and determined purpose, which is based on the execution of a contract, compliance with a legal or regulatory obligation, your consent or legitimate interest.

Where the legal basis for the processing operations is based on the pursuit of a legitimate interest, you have the possibility, upon simple request, to obtain information on the balancing of interests.

Your different data is collected and processed for the following legal bases and purposes:

Proper Operation and Continuous Improvement:

Monitoring the proper operation and improvement of our Platform and Services covers:

  • General administration of the Site and Apps
  • Responding to user requests and inquiries
  • Customer support and assistance
  • Usage statistics for research and development
  • Storage of cookies and other trackers. Details can be found in our Cookie Management Policy

The B&B HOTELS Group also has a legitimate interest in processing the Data of its clients in order to provide them with the best possible commercial relationship and to ensure the best possible quality of our Services. Therefore, the Group relies on the user's consent to store cookies and gather knowledge of their geographical location.
 

Customer Relationship and Bookings Management

Managing the customer relationship includes:

  • Bookings management
  • Commercial follow-up of the relationship
  • Development of commercial statistics
  • Management of feedback on our products, services, and content
  • Customer satisfaction surveys

The B&B Hotels Group processes personal data related to customer relationship management in accordance with the contracts established with its customers. The B&B Hotels Group also has a legitimate interest in processing customer data to provide a better commercial relationship and ensure the highest quality of our services.

 

Conducting Marketing Research and Commercial Prospecting

Carrying out marketing actions includes:

  • Sending our Newsletter
  • Conducting marketing surveys (email, phone, mail)
  • Animation of the Website, Applications, and social media platforms (online community management)
  • Organizing events
  • Conducting audience data surveys by storing cookies and other trackers, details of which can be found in our Cookie Management Table
  • Developing statistics on marketing operations

The execution of marketing actions is based on the user's consent. The B&B Hotels Group also has a legitimate interest in providing the user with commercial offers, especially those related to hotels where the user may have made bookings. In this case, we ensure that:

  • The user has received sufficient information regarding the conducted marketing actions.
  • The user is capable of freely and easily refusing marketing activities at the time of data collection (Opt-Out).

 

Accounting Management and Related Operations, Including Fraud Prevention

Accounting management and related operations include:

  • Payment for Services and monitoring customer billing
  • Management of payable or litigious debts
  • Maintenance of account records and legal supporting documents

Accounting management and related operations are based on our legal obligations stemming from various accounting practices and fee regulations in different countries, accessible here.

The B&B Hotels Group has a legitimate interest in ensuring the proper functioning of accounting practices carried out by Casper BidCo and all the companies operating the hotels, jointly responsible for data processing.

 

Administration and Management of the B&B Hotels Club Loyalty Program

The administration and management of the loyalty program are based on the legitimate interests of the companies, whose list can be consulted here, to reward user loyalty by providing benefits at B&B hotels.

The B&B Hotels Group also relies on a contractual basis for processing data, as the treatment is necessary for the fulfillment and implementation of the B&B Hotels Club loyalty program, of which the user is a member.

 

Management of Requests for Rights Arising from LGPD

This processing encompasses all necessary operations to oversee requests for rights addressed to Casper BidCo or the companies accessible by clicking here (eligibility of the request, investigations, fulfillment of specific technical operations, etc.).

This only applies to cases in which Casper BidCo and/or the list of companies available here act as data controllers.

This processing is carried out based on the legal obligations arising from articles 17 to 20 of the LGPD, and in compliance with good faith, in accordance with the principles of the LGPD, especially the principles of purpose, necessity, transparency, and security.

 

Article 5: Data Recipients

We treat the Data we collect with the utmost care. Only the strictly necessary Data will be processed and/or transferred for processing by third parties.

Within the scope of their respective responsibilities and for the purposes mentioned in Article 4, the potential main recipients who may have access to the data of the Data Subject are as follows:

  • Authorized personnel from our hotel bookings, marketing, sales, administrative, logistics, and IT departments, responsible for improving our services, customer relations, market studies, and quality control,
  • Authorized personnel from our subcontractors and service providers, such as accommodation and cloud storage providers, payment service providers, mail service providers, IT maintenance providers, marketing research service providers,
  • Authorized personnel from the abovementioned joint data controllers, a list of which can be found here,
  • If necessary, competent authorities upon request, especially public authorities, competent courts, mediators, accountants, auditors, lawyers, judicial officers, ministry officials, debt collection agencies, solely for the purpose of fulfilling legal obligations, as well as in cases of identifying those responsible for any internet-related offenses,
  • Third parties capable of placing cookies on the user's terminals (computers, tablets, mobile phones, etc.) when the user gives their consent. (For more details, please refer to our Cookie Management Policy).

The user's personal data will not be disclosed, exchanged, sold, or rented without their prior express consent, in accordance with applicable legal and regulatory provisions.

In our relationships with our subcontractors and in accordance with LGPD, we contractually ensure that they process the data in a manner that ensures its integrity, confidentiality, and security.

 

Article 6: Data Retention Period

We store user data only for the time necessary for the purposes described in Article 4.

For the proper functioning and continuous improvement of our Platform, its features, and services:

Data allowing the identification of users on the Platform is retained for the duration of their registration.

Cookies and other commercial tracking systems may be placed on the user's terminal for a maximum period of 6 months. Beyond this period, raw traffic data associated with an identified user is deleted or anonymized.

Information collected through tracking systems is retained for a period of 25 months. After this period, this Data is deleted or anonymized.

For customer relations and bookings management:

Data used in the context of customer relationship management is kept for the duration necessary for the fulfillment of the contract.

This data is then archived for a period of 5 years for evidentiary purposes. Invoices and accounting data issued are retained for 10 years from their date of issuance.

If the contract is not concluded, potential customer data is retained for a period of 3 years from its collection or the last positive contact with the B&B Hotels group.

For conducting marketing actions and commercial prospecting:

Data used in the context of marketing operations are retained for a period of 3 years from the end of the business relationship if the user is a customer, or from their last contact if they are not yet a customer.

If the user has not purchased any products from our company or has not used their account for 27 months and has not subscribed to our Newsletter, we will no longer retain their personal data for commercial purposes.

For account management and associated operations, including fraud prevention:

(i) Bank card

Data relating to bank cards are processed exclusively by Adyen, which only provides us with an identification code for processing guarantees and payments for bookings. This partner's processing complies with PCI-DSS (Payment Card Industry Data Security Standards) requirements. Data relating to bank cards are deleted once the transaction is completed, i.e., after the effective payment of the order. In the case of subscription to the Services, bank data is kept:

  • Until the last payment deadline if the subscription does not provide for automatic renewal;
  • Until the end of the subscription in the case of renewal by tacit agreement, subject to applicable provisions and, in particular, the information of the interested parties before renewal.

Note that for card payments, this Data may be kept in the intermediaries' archives for evidentiary purposes in case of possible transaction disputes or claims, for a period of 13 months after the debit date (extended to 15 months for deferred debit payment cards). 

In any case, data related to the visual cryptogram is not stored, and data related to the bank card used is deleted when its expiration date is reached.

(ii) Other specialized external service providers in payment and transaction services.

(iii) Litigation and pre-litigation actions:

As part of the management of pre-litigation action, Data is deleted as soon as the dispute is settled outside the court or, in the absence thereof, as soon as the corresponding legal action is prescribed.

Data collected and processed within the scope of litigation must be deleted after the end of the period notified to the data subject, taking into account when ordinary and extraordinary remedies are no longer possible against the decision rendered.

For the administration and management of the B&B Hotels Club loyalty program:

Data relating to the administration and management of the B&B Hotels Club loyalty program are kept for the duration of their membership in the program. They will then be archived for the prescription/expiration period for the filing of legal action. 

For the management of legal requests arising from the LGPD:

Data relating to the management of rights requests are retained for as long as necessary to process the request. They will then be archived for the prescription/expiration period for the filing of legal action.

 

Article 7: International Transfer of Personal Data

The B&B Hotels Group is a global organization that provides its services in many countries. International data transfer is essential for our services to ensure that the user receives the same high-quality service wherever they are in the world.

Therefore, and within the scope of the purposes indicated in Article 4 of this Policy, we may transfer the user's personal data to internal and external recipients who may be located in countries outside Brazil.

The B&B Hotels Group has implemented appropriate measures to ensure the international transfer of your data.

All transfers of personal data are supported by a contract.

The transfer of personal data to countries that do not have equivalent personal data protection will only be allowed in cases and in accordance with Articles 33 and following of the LGPD.

Data flows to the United States are only made to entities that have joined the Privacy Shield program.

To access all these documents, please contact our Data Protection Officer via the following email address: lgpdbrasil@hotelbb.com or by mail to the address: Avenida Ataulfo de Paiva, 135, room 410, Leblon. Rio de Janeiro, RJ. ZIP code: 22440-901.

 

Article 8: Exercise of the Rights of the Data Subject

In accordance with articles 17 and 18 of the LGPD, the data subject has the following rights (learn more here):

  • The right to access and information (article 18, II of the LGPD), correction (article 18, III of the LGPD), update, and integrity of their data.
  • The right to erase (or "right to be forgotten") their personal data (article 18, IV of the LGPD) when it is unnecessary, excessive, processed in non-compliance, or when the collection, use, communication, or storage thereof is prohibited.
  • The right to withdraw their consent at any time, in accordance with §5 of article 8 of the LGPD, by explicit expression from the data subject.
  • The right to restrict the processing of their data (article 6, III c-c, article 18, IV of the LGPD).
  • The right to object to the processing of their data (article 18, §2 of the LGPD) in case of non-compliance with the LGPD.
  • The right to data portability for the data they have provided to us, upon explicit request, when their data is subject to automated processing based on their consent or a contract (article 18, V of the LGPD).
  • The right not to be subject to a decision based solely on automated processing; such decisions are currently not applied by the B&B Hotels Group.

The user can exercise their rights:

  • By email to: lgpdbrasil@hotelbb.com
  • By mail to: Avenida Ataulfo de Paiva, 135, room 410, Leblon. Rio de Janeiro/RJ. CEP: 22440-901

While providing proof of their identity when required by law.

Finally, the user can also file a complaint with the supervisory authorities, particularly with the ANPD or any other competent authority.

 

Article 9: Access Data and Cookies

In practice, technical cookies allow us to authenticate, identify the user, and accelerate navigation on our Site and our Applications, as well as access their various functions. They can collect data related to the characteristics of the user's operating system, browser, or device (computer, tablet, or cellphone). They also enable the collection of data related to the user's location (particularly the IP address).

The list of cookies, their purpose, and retention period can be accessed here.

Without further options, by continuing to browse our Site or use our Applications, the user consents to the placement of these cookies. However, the user can configure their browser settings at any time to:

  • accept or refuse cookies on our Site or our Applications
  • systematically refuse all cookies
  • request consent for each cookie encountered while browsing the Internet.

To do so, simply consult your browser software and follow its instructions. For example:

  • With Internet Explorer™: Tools Menu ► Internet Options ► Privacy
  • Click the "Advanced" button, and in the next window, you can review "Advanced Privacy Settings." Then, select the "Block" box and then choose "Decline" in the "Third-party Cookies" column.
  • With Firefox™: Tools Menu ► Options ► Privacy and Security
  • Set the "History" menu to "Use custom settings for history." Finally, uncheck the "Accept third-party cookies" option.
  • With Chrome™: Menu ► Settings ► Advanced (located at the bottom of the page).
  • Then click on "Site Settings" and under Cookies, click on the "Block third-party cookies" box and confirm this choice by clicking "OK."
  • With Safari™: Safari (Tools logo) ► Preferences ► Security ► Accept Cookies ► Choose the desired option
  • With Opera™: Tools Menu ► Preferences ► Advanced ► Cookies ► Manage Cookies ► Choose the desired option

However, the user is informed that by choosing to block technical and functional cookies, there is a risk of altering their browsing experience on our Site or our Applications.

For cookies that are not purely technical, we have prepared a Cookie Management Table to provide more specific information about their use, available here.

 

Article 10: Social Networks

While browsing our Site or our Applications, the user can click on the dedicated icons for the social networks Twitter, Facebook, and LinkedIn.

Social networks enhance the use of the Site and our Applications and help promote them through sharing.

By using these buttons, we may have access to personal information that the user has indicated as public and accessible from their profiles on Twitter, Facebook, and LinkedIn. However, we do not create or use any independent databases from Twitter, Facebook, and LinkedIn, and we do not use any data related to the user's privacy in this manner.

To limit third-party access to the user's personal data on Facebook, LinkedIn, or Twitter, we invite the user to configure their profiles and/or the nature of their posts through the dedicated areas of the social networks, in order to restrict public access to them.

 

Article 11: Security

Casper BidCo and B&B comply with applicable data protection laws in terms of the security and confidentiality of user data.

We have implemented all necessary technical and organizational measures to ensure the security of our personal data processing and the confidentiality of the data we collect.

As such, we take all necessary precautions regarding the nature of the data and the risks presented by its processing to preserve its security, particularly to prevent data distortion, damage, or unauthorized access by third parties. These precautions include physical protection of facilities, authentication procedures for individuals accessing data with personal access, secure access through confidential usernames and passwords, secure https protocol, logging and monitoring of connections, encryption of certain data, and PCI-DSS (Payment Card Industry Data Security Standards).

 

Article 12: Contacts

For any questions related to this Policy or any requests related to your Data, we are available through the following means:

By sending a letter to the following address: Avenida Ataulfo de Paiva, 135, room 410, Leblon. Rio de Janeiro/RJ. CEP: 22440-901

  1. B&B HOTELS
  2. PRIVACY POLICY FOR THE B&B HOTELS MOBILE APPLICATIONS AND WEBSITE OF B&B HOTELS Brazil