account Privacy Policy of B&B HOTELS in Portugal
General Personal Data Protection Policy (B&B HOTELS mobile app and website www.hotel-bb.com)
Date of update: 25/07/2024
Preamble
As part of its business, B&B HOTELS collects and processes the personal data of its contacts, customers, potential customers, suppliers and partners.
The main purpose of this document is to inform its recipients of the conditions under which their data will be processed.
This policy is aimed at users (hereinafter, “Users”) of the B&B HOTELS website https://www.hotel-bb.com/en/pt (hereinafter, the “Website”) and the B&B HOTELS mobile application (hereinafter, the “App”) through which the B&B HOTELS online booking platform (hereinafter, the “Platform”) operates.
Our aim is to inform all Users, in accordance with Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “Regulation” or “GDPR”), about how their personal data collected through our Website and App will be processed in the context of room reservations in the countries where B&B HOTELS has hotel establishments, as well as the B&B HOTELS Club and B&Me loyalty programmes.
Ensuring adequate protection of personal data is a priority for B&B HOTELS, which is why we are committed to doing so in strict compliance with applicable laws and regulations.
1. Definitions
Application: B&B HOTELS mobile application available for IOS and Android devices.
Platform: central online booking system provided by the B&B HOTELS Group on its website and app.
Data controller: The company CBBHP-Hotels in Portugal, S.A., Corporate Tax ID (NIPC) 514820705 and head office at Rua Vasco de Gama, n.5, 2685-244 Portela, in its capacity as data controller, is responsible for managing the data processing operations carried out through the website or application in Spain.
Services: all the services offered by B&B HOTELS through its Platform. All the services available are detailed in the General Conditions of Use (GCU), which can be accessed via the following link https://www.hotel-bb.com/en/conditions-use
Website: B&B HOTELS website, available via the following link https://www.hotel-bb.com/en/pt
User: Any person accessing or browsing the Website or the Application, regardless of whether they are a customer, operator or any Internet user with or without a personal user account.
2. Data controllers
The company responsible for processing the personal data collected through the Website and Application in Portugal is (hereinafter, B&B HOTELS):
- CBBHP-Hotels in Portugal, S.A., with registered offices at Rua Vasco de Gama, n.5, 2685-244 Portela.
Without prejudice, we would also like to inform you that:
a) B&B HOTELS operates through a central online booking system shared by the hotels listed at the following link https://www.hotel-bb.com/en/portugal/hotels-portugal
b) As part of the booking process carried out via the Website or Application, B&B HOTELS is jointly responsible for processing personal data with the companies that operate the hotels where the bookings are made. You can consult the list of hotels at the following link: https://www.hotel-bb.com/en/portugal/hotels-portugal
c) The companies indicated in the following link https://www.hotel-bb.com/en/general-terms-conditions-bb-hotels-club/portugal jointly manage the B&B HOTELS Club loyalty programme. In addition, B&B HOTELS has signed a co-responsibility agreement with the data controllers, which establishes their respective obligations, the terms of which can be consulted by emailing the B&B HOTELS data protection officer at the following address dpdhotelbb@globalsuitesolutions.com
d) The companies indicated in the following link https://www.hotel-bb.com/en/terms-of-use-b-and-me/spain-portugal jointly manage the B&Me loyalty programme. In addition, B&B HOTELS has signed a co-responsibility agreement with the data controllers, which establishes their respective obligations, the general terms of which can be consulted by emailing the B&B HOTELS data protection officer at the following address: dpdhotelbb@globalsuitesolutions.com
3. Transparent and legal collection of personal data
In order to respect the principles of loyalty and transparency, B&B HOTELS guarantees that it informs data subjects about the processing operations it is carrying out, informing them of this fact when their personal data is collected.
All data is obtained lawfully. No data is collected without the data subject’s knowledge or consent.
4. Legitimate and proportionate use of personal data
When B&B HOTELS processes your personal data, it does so for specific purposes: each data processing operation therefore fulfils a legitimate, specific and explicit purpose.
For each of the operations carried out, B&B HOTELS undertakes to collect and use only the pertinent, relevant and strictly necessary data in relation to the purposes for which they are processed.
B&B HOTELS guarantees that the data will be kept up to date and will apply procedures that allow incorrect data to be deleted or rectified.
5. Data processed
B&B HOTELS collects and processes the following categories of personal data for the purposes indicated in the following section:
- Identification data: name, surname, address, telephone number, e-mail address, date of birth, age and customer code.
- Professional details: the company where you work and its address.
- Browsing data: logs and connection data, computer hardware identification data, language preferences, geographical location data, data relating to the use of the Platform and the Services, including data provided to our teams when you make requests (language preference, etc.) and data collected through cookies or other similar technologies.
- Booking details: arrival and departure dates, details of the other people who will be occupying the room booked (name and age, preferences such as whether they want a smoking room, floor, etc.). If the invoice is requested in the name of a company with an address other than the personal address, the name, registered office, VAT number, etc. must be indicated.
- Transactional data: transaction number, data relating to the means of payment, details of the purchase, subscription or service subscribed to, data relating to the payment of invoices, payment terms, discounts granted, receipts, balances and unpaid invoices. The bank card number, expiry date and encrypted code are used for payment.
6. Purposes, legal grounds and data retention periods
Each processing operation carried out by B&B HOTELS has an express, legitimate and specific purpose, based on the performance of an agreement, the fulfilment of a legal or regulatory obligation, the User’s consent or a legitimate interest. However, the data will only be kept for the period strictly necessary for the purposes for which it is used.
The purposes for which Users’ personal data may be processed, their legal basis and the retention period are set out below:
PURPOSE | LEGAL BASIS | RETENTION PERIOD |
Manage bookings and monitor the commercial relationship with customers in relation to these, including the management of complaints, if any. | Execution of the agreement signed with customers | Active Bases: The data required to manage customer relations will be kept for as long as necessary for the performance of the agreement. Intermediate files: For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure has been concluded, and/or for the duration of the proceedings until ordinary and extraordinary remedies have been exhausted. Data relating to payments made by bank card will be kept for 13 months from the date of payment, extended to 15 months in the case of deferred debit cards, without prejudice to being kept for the purposes of defence, exercise or defence of rights for as long as the limitation period for said rights has not elapsed. |
Creation and management of user accounts on the website | Execution of the agreement signed with customers | Active bases: The data required to manage the relationship with the customer will be kept for as long as necessary for the performance of the agreement. Intermediate files: For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure has been concluded, and/or for the duration of the proceedings until ordinary and extraordinary remedies have been exhausted. |
Improving the services offered by B&B HOTELS, namely: - Satisfaction surveys - Management of comments received about the services provided. | Legitimate interests of B&B HOTELS | The time needed to carry out satisfaction surveys or manage customer feedback, but not exceeding a maximum of one year. |
Collection of commercial statistics | Legitimate interests of B&B HOTELS | The time necessary to analyse the statistics that are compiled, without however exceeding the maximum period of one year or until the User exercises their right to object, whichever occurs first. |
Keeping records and tax obligations | Compliance with legal obligations | Provisional archives: To be kept for the period legally prescribed for each of the obligations (for example, accounting data is kept for a period of 10 years). |
Marketing: - Sending a newsletter. - Customer acquisition campaigns (email, telephone and regular mail). - Invitations to events - Organisation of competitions | - User consent for operations carried out by electronic means (e-mails, text messages, etc.). - B&B HOTELS’ legitimate interests for operations carried out by post or where personal intervention is required (i.e. non-automated operations). | The data will be kept until the data subject revokes their consent or for a period of 1 year from the data subject’s last communication with B&B HOTELS. |
Administration and management of subscriptions to the B&B HOTELS Club loyalty programme. | The execution of the agreement signed with B&B HOTELS and the other subsidiaries of the B&B HOTELS Group. | Active bases: They will be kept for the duration of the programme. Intermediate files: For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure has been concluded, and/or for the duration of the proceedings until ordinary and extraordinary remedies have been exhausted. |
The management of requests from Users to exercise their rights in relation to their personal data | Compliance with the obligation imposed in Article 12 et seq. of the GDPR | During the time necessary to process the request and prove fulfilment of the legal obligation, as long as the limitation period for the corresponding rights has not elapsed. |
The proper functioning and improvement of the Platform and its features, including the measurement of web audience | - B&B HOTELS’ legitimate interest in guaranteeing the proper functioning and security of the website. - The user’s consent to cookies that are not strictly necessary. | The duration of the cookie or similar technology will not exceed 6 months. The data collected by cookies and similar technologies will be kept for a maximum period of 25 months. |
Management of the B&Me loyalty programme (awarding benefits and loyalty points) | Execution of the agreement signed with B&B HOTELS and the other subsidiaries of the B&B HOTELS group. | Active bases: For as long as you remain loyal to the B&Me programme. Intermediate files: For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure expires, and/or for the duration of the proceedings, until ordinary and extraordinary appeals have been exhausted. |
Whenever personal data is required for the performance of an agreement or pre-contractual steps at your request, as well as for the fulfilment of legal obligations to which B&B HOTELS is subject, the provision of personal data is mandatory, otherwise we will not be able to respond to your request or conclude the agreement with you or provide you with the requested service. When the processing of data is based on your consent (for example, for marketing purposes) the provision of data is optional and failure to provide it will not affect the pre-contractual or contractual relationship we have with you.
7. Data recipients
Within the limits of their respective responsibilities and for the purposes mentioned in paragraph 6 of this Policy, the following persons may have access to your personal data:
- Authorised B&B HOTELS staff from the reservations, marketing, sales, administration, logistics and IT departments, responsible for improving our Services, relations with customers and potential customers and quality controls.
- Authorised personnel of B&B HOTELS’ subcontractors and service providers, including, in particular, providers of hosting and cloud storage services, payment services, identity document control software and online identity verification via facial recognition, courier services, IT support services and, lastly, market research.
- Authorised personnel of the companies jointly responsible for processing them.
- Competent authorities, upon request, in particular public bodies, courts, as well as mediators, accountants, auditors, lawyers, court officials, police officers and debt collection agencies. They will have access exclusively for the fulfilment of legal obligations, as well as for the investigation of perpetrators of offences committed on the Internet.
- Third parties who may place cookies, with your consent, on your devices. For more information, please consult our Cookie Policy.
8. Transfer of data outside the European Union
B&B HOTELS belongs to the B&B HOTELS Group, which offers its services in many countries.
In this regard, and for the purposes set out in point 6 of this Policy, personal data may be transferred to entities belonging or not to the Group that are located outside the European Union.
In the absence of an adequacy decision, B&B HOTELS will only transfer data outside the European Union if the appropriate guarantees are met, i.e. the standard contractual clauses defined by the European Commission and in strict compliance with the regulations in force.
You can access all the guarantees and documents relating to the transfer of personal data outside the European Union by contacting our Data Protection Officer.
- Via the following e-mail address prt-privacy@hotelbb.com
- By post addressed to “Data Protection Officer B&B HOTELS” Rua Vasco de Gama, n.5, 2685-244 Portela.
9. Security of personal data
B&B HOTELS pays special attention to security when processing personal data. Consequently, it has implemented the necessary protection measures, both technical and organisational, taking into account the degree of sensitivity of the data collected, in order to guarantee its integrity and confidentiality and protect it against malicious interference, loss, alteration or disclosure to unauthorised third parties.
However, data security and confidentiality depend on the good practices of each individual. Data subjects are therefore encouraged to stay informed about best practices.
10. Subcontracting companies
When B&B HOTELS works with service providers, it only transfers personal data when it has obtained from them the commitment and guarantees that they fulfil the confidentiality and security requirements required for this purpose.
In fulfilment of its legal obligations, the agreements signed between B&B HOTELS and the subcontracting companies include, in particular, the terms and conditions under which personal data will be processed in accordance with the applicable legislation.
11. Cookies
The use of cookies can be found in the Cookie Policy.
12. Social networks
Our X, Facebook, Instagram, TikTok and YouTube accounts can be accessed by clicking on the corresponding icon for each of them via our Website or App.
Social networks help to improve the use of the Website and our Application, as well as to promote them when they are shared.
By clicking on the aforementioned icons, B&B HOTELS can access the personal information that the User has indicated as public and accessible from their profiles on X, Facebook, Instagram, TikTok and YouTube. However, B&B HOTELS does not create or use any database independent of X, Facebook, Instagram, TikTok and YouTube, or data relating to your private life.
To limit third-party access to your personal information on Facebook, X, Instagram, TikTok or YouTube, it is advisable to change the settings of your user profiles and/or the nature of your publications to restrict who can access them.
13. Exercising data protection rights
B&B HOTELS is particularly committed to respecting the rights of Users in the context of data processing, and its intention is to ensure fair and transparent processing of data, taking into account the specific circumstances and context in which it is processed.
13.1 Right of access
In this regard, the User has the right to obtain confirmation as to whether or not their personal data is being processed. If so, you will have the right to access the data being processed and the following information:
- The purposes of the processing.
- The categories of personal data concerned.
- The recipients or categories of recipients to whom the data is communicated, particularly if they are located in third countries or are international organisations.
- If possible, the expected data retention period. If not, the criteria used to determine this period.
- The existence of the right to ask the data controller to rectify or erase personal data, to restrict processing or to object to it.
- The right to lodge a complaint with the competent authorities.
- Information on the origin of the data obtained, when it has not been obtained directly from the data subject.
- The existence of automated decisions, including profiling and useful information about the underlying logic, as well as the importance and expected consequences of this processing for the data subjects.
13.2 Right to rectification
Users have the right to ask B&B HOTELS to rectify inaccurate, ambiguous or obsolete personal data concerning them. Furthermore, the data subject has the right to have their personal data completed when they consider it to be incomplete.
13.3 Right to erasure
Users have the right to ask B&B HOTELS to delete their personal data when the requirements of the legislation in force are met.
It should be noted that the right to erasure of data is not an absolute right and can only be invoked if any of the grounds laid down in the applicable regulations are met.
13.4 Right to restriction of processing
The User has the right to obtain from the Data Controller the restriction of data processing when the conditions laid down in the applicable regulations for this purpose are met.
13.5 Right to object
The User has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data, when the legal basis for such processing is the legitimate interest pursued by the Data Controller.
If the User exercises their right to object, B&B HOTELS will cease processing their personal data, unless it has compelling legitimate reasons to continue processing it. These reasons must prevail over the interests, rights and freedoms of the User or be justified for the purposes of declaring, exercising or defending a right in legal proceedings.
13.6 Right to data portability
The data subject has the right to data portability. However, this is not an absolute right and can only be invoked when the data has been processed by automated means, excluding cases where the data has been processed manually or on paper.
Furthermore, this right is limited to cases where the processing of data is based on the User’s consent or on an agreement.
This right does not apply when the data is derived or inferred, i.e. in relation to personal data created by B&B HOTELS.
13.7 Right to withdraw consent
When B&B HOTELS processes data based on the User’s consent, the User has the right to revoke their consent at any time. In this way, B&B HOTELS will stop processing your personal data without affecting the previous operations for which you have given your consent.
13.8 Right to complain
The User has the right to lodge a complaint with the competent authorities, without prejudice to the exercise of other judicial or administrative actions that he/she deems necessary, at the following address: National Data Protection Commission, https://www.cnpd.pt/
The User can submit a complaint using the following standardised form https://www.cnpd.pt/cidadaos/participacoes/
13.9 The right to establish advance directives
In the event of death, the User may express their will regarding the exercise of their rights in relation to personal data that fall into special categories of data or when they relate to privacy, image or data relating to communications. The User also has the right to designate a person they trust to carry out their wishes and has the right to ask the Data Controller to comply with what they have determined.
The User may communicate their wishes regarding the exercise of their data protection rights processed by B&B HOTELS in the manner described above, including making it impossible to exercise their data protection rights, which may be modified or revoked at any time.
13.10 How can you exercise your rights?
All the rights described in the previous paragraphs can be exercised as follows:
Through the e-mail address prt-privacy@hotelbb.com
- By post to Rua Vasco de Gama, n.5, 2685-244 Portela.
- In order to fulfil your request, whenever we have reasonable doubts as to the identity of the person making the request, we may request additional information that is necessary to confirm their identity by any means.