Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. General Personal Data Protection Policy (B&B HOTELS mobile app and website www.hotel-bb.com)
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

General Personal Data Protection Policy (B&B HOTELS mobile app and website www.hotel-bb.com)

PDF

Date of update: 12/03/2025

 

Preamble 

As part of its business, B&B HOTELS collects and processes the personal data of its contacts, customers, potential customers, suppliers and partners. The main purpose of this document is to inform its recipients of the conditions under which their data will be processed. 

This policy is aimed at users (hereinafter, “Users”) of the B&B HOTELS website https://www.hotel-bb.com/en/pt (hereinafter, the “Website”) and the B&B HOTELS mobile application (hereinafter, the “App”) through which the B&B HOTELS online booking platform (hereinafter, the “Platform”) operates. 

Our aim is to inform all Users, in accordance with Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “Regulation” or “GDPR”), about how their personal data collected through our Website and App will be processed in the context of room reservations in the countries where B&B HOTELS has hotel establishments, as well as the free B&Me and B&me Club payment plan.

Ensuring adequate protection of personal data is a priority for B&B HOTELS, which is why we are committed to doing so in strict compliance with applicable laws and regulations.

 

1. Definitions 

Application: B&B HOTELS mobile application available for IOS and Android devices. 

Platform: central online booking system provided by the B&B HOTELS Group on its website and app. 

Data controller: The company CBBHP-Hotels in Portugal, S.A., Corporate Tax ID (NIPC) 514820705 and head office at Rua Vasco de Gama, n.5, 2685-244 Portela, in its capacity as data controller, is responsible for managing the data processing operations carried out through the website or application in Portugal. 

Services: all the services offered by B&B HOTELS through its Platform. All the services available are detailed in the General Conditions of Use (GCU), which can be accessed via the following link General Conditions of Use

Website: B&B HOTELS website, available via the following link https://www.hotel-bb.com/en/pt

User: Any person accessing or browsing the Website or the Application, regardless of whether they are a customer, operator or any Internet user with or without a personal user account.

2. Data controllers 

The company responsible for processing the personal data collected through the Website and Application in Portugal is CBBHP-Hotels in Portugal, S.A., with registered offices at Rua Vasco de Gama, n.5, 2685-244 Portela (hereinafter, B&B HOTELS). 

B&B HOTELS operates through a central online booking system shared by the hotels listed at the following link Hotels in Portugal - B&B HOTELS

As part of the booking process carried out via the Website or Application, B&B HOTELS is jointly responsible for processing personal data with the companies that operate the hotels where the bookings are made. You can consult the list of hotels at the following link: Hotels in Portugal - B&B HOTELS

2.1. Joint Controllers.

Other companies within the B&B HOTELS Group intervene as joint controllers for the processing of personal data for the following purposes:

1. Management of the Platform and processing of bookings made through it;

2. Direct marketing management;

3. Management of the centralised booking system;

4. Management of the free B&Me loyalty program and the B&Me Club program;

5. Management of the whistleblowing channel;

6. Management of website cookies.

The companies on the list accessible here act as joint controllers for:

(i) Management of the Platform and the processing of bookings made through it;

(ii) Direct marketing management; 

(iii) Management of the centralised booking system.

The companies on the list accessible here act as joint controllers for the management of the free B&Me loyalty program and the B&Me Club program.

B&B HOTELS has signed joint responsibility agreements with the data controllers, which establish their respective obligations. The general lines of which are available upon request by email to the B&B HOTELS at the following address: prt-privacy@hotelbb.com 

3. Transparent and legal collection of personal data 

In order to respect the principles of loyalty and transparency, B&B HOTELS guarantees that it informs data subjects about the processing operations it is carrying out, informing them of this fact when their personal data is collected. 

All data is obtained lawfully. No data is collected without the data subject’s knowledge or consent. 

4. Legitimate and proportionate use of personal data 

When B&B HOTELS processes your personal data, it does so for specific purposes: each data processing operation therefore fulfils a legitimate, specific and explicit purpose. 

For each of the operations carried out, B&B HOTELS undertakes to collect and use only the pertinent, relevant and strictly necessary data in relation to the purposes for which they are processed.

B&B HOTELS guarantees that the data will be kept up to date and will apply procedures that allow incorrect data to be deleted or rectified. 

5. Data processed 

B&B HOTELS collects and processes the following categories of personal data for the purposes indicated in the following section: 

  • Identification data: name, surname, address, telephone number, e-mail address, date of birth, age and customer code. 
  • Professional details: the company where you work and its address. 
  • Browsing data: logs and connection data, computer hardware identification data, language preferences, geographical location data, data relating to the use of the Platform and the Services, including data provided to our teams when you make requests (language preference, etc.) and data collected through cookies or other similar technologies. 
  • Booking details: arrival and departure dates, details of the other people who will be occupying the room booked (name and age, preferences such as whether they want a smoking room, floor, etc.). If the invoice is requested in the name of a company with an address other than the personal address, the name, registered office, VAT number, etc. must be indicated. 
  • Transactional data: transaction number, data relating to the means of payment, details of the purchase, subscription or service subscribed to, data relating to the payment of invoices, payment terms, discounts granted, receipts, balances and unpaid invoices. The bank card number, expiry date and encrypted code are used for payment.

6. Purposes, legal grounds and data retention periods 

Each processing operation carried out by B&B HOTELS has an express, legitimate and specific purpose, based on the performance of an agreement, the fulfilment of a legal or regulatory obligation, the User’s consent or a legitimate interest. However, the data will only be kept for the period strictly necessary for the purposes for which it is used. 

The purposes for which Users’ personal data may be processed, their legal basis and the retention period are set out below:

PURPOSE 

LEGAL BASIS 

RETENTION PERIOD

Manage bookings and monitor the commercial relationship with customers in relation to these, including the management of complaints, if any.

Execution of the agreement signed with customers 

Active Bases: 

The data required to manage customer relations will be kept for as long as necessary for the performance of the agreement. 

Intermediate files: 

For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure has been concluded, and/or for the duration of the proceedings until ordinary and extraordinary remedies have been exhausted. 

Data relating to payments made by bank card will be kept for 13 months from the date of payment, extended to 15 months in the case of deferred debit cards, without prejudice to being kept for the purposes of defence, exercise or defence of rights for as long as the limitation period for said rights has not elapsed.

Creation and management of user accounts on the website

Execution of the agreement signed with customers

Active bases: 

The data required to manage the relationship with the customer will be kept for as long as necessary for the performance of the agreement. 

Intermediate files: 

For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure has been concluded, and/or for the duration of the proceedings until ordinary and extraordinary remedies have been exhausted.

Improving the services offered by B&B HOTELS, namely: 

- Satisfaction surveys 

- Management of comments received about the services provided.

Legitimate interests of B&B HOTELS

The time needed to carry out satisfaction surveys or manage customer feedback, but not exceeding a maximum of one year.

Collection of commercial statistics

Legitimate interests of B&B HOTELS

The time necessary to analyse the statistics that are compiled, without however exceeding the maximum period of one year or until the User exercises their right to object, whichever occurs first.

Keeping records and tax obligations

Compliance with legal obligations

Provisional archives: 

To be kept for the period legally prescribed for each of the obligations (for example, accounting data is kept for a period of 10 years).

Marketing: - Sending a newsletter. 

- Customer acquisition campaigns (email, telephone and regular mail). 

- Invitations to events 

- Organisation of competitions

- User consent for operations carried out by electronic means (e-mails, text messages, etc.). 

- B&B HOTELS’ legitimate interests for operations carried out by post or where personal intervention is required (i.e. non-automated operations).

The data will be kept until the data subject revokes their consent or for a period of 3 years from the data subject’s last communication with B&B HOTELS.

Administration and management of subscriptions to the B&B HOTELS Club loyalty programme.

The execution of the agreement signed with B&B HOTELS and the other subsidiaries of the B&B HOTELS Group.

Active bases: 

They will be kept for the duration of the programme. 

Intermediate files: 

For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure has been concluded, and/or for the duration of the proceedings until ordinary and extraordinary remedies have been exhausted.

The management of requests from Users to exercise their rights in relation to their personal data

Compliance with the obligation imposed in Article 12 et seq. of the GDPR

During the time necessary to process the request and prove fulfilment of the legal obligation, as long as the limitation period for the corresponding rights has not elapsed.

The proper functioning and improvement of the Platform and its features, including the measurement of web audience

- B&B HOTELS’ legitimate interest in guaranteeing the proper functioning and security of the website. 

- The user’s consent to cookies that are not strictly necessary.

The duration of the cookie or similar technology will not exceed 6 months. 

The data collected by cookies and similar technologies will be kept for a maximum period of 25 months.

Management of the B&Me loyalty programme (awarding benefits and loyalty points)

Execution of the agreement signed with B&B HOTELS and the other subsidiaries of the B&B HOTELS group.

Active bases: 

For as long as you remain loyal to the B&Me programme. 

Intermediate files: 

For the purposes of declaring, exercising or defending rights in judicial or pre-judicial proceedings, they will be kept for as long as the limitation period for said rights has not elapsed and until the precautionary measure expires, and/or for the duration of the proceedings, until ordinary and extraordinary appeals have been exhausted.

Management of requests for assistance and contact via the form provided for this purpose on the website

User consent

The data will be retained until the owner revokes their consent or for a period of 3 years from the last communication of the owner with B&B HOTELS

 

Whenever personal data is required for the performance of an agreement or pre-contractual steps at your request, as well as for the fulfilment of legal obligations to which B&B HOTELS is subject, the provision of personal data is mandatory, otherwise we will not be able to respond to your request or conclude the agreement with you or provide you with the requested service. When the processing of data is based on your consent (for example, for marketing purposes) the provision of data is optional and failure to provide it will not affect the pre-contractual or contractual relationship we have with you.

7. Data recipients 

Within the limits of their respective responsibilities and for the purposes mentioned in paragraph 6 of this Policy, the following persons may have access to your personal data: 

  • Authorised B&B HOTELS staff from the reservations, marketing, sales, administration, logistics and IT departments, responsible for improving our Services, relations with customers and potential customers and quality controls. 
  • Authorised personnel of B&B HOTELS’ subcontractors and service providers, including, in particular, providers of hosting and cloud storage services, payment services, identity document control software and online identity verification via facial recognition, courier services, IT support services and, lastly, market research. 
  • Authorised personnel of the companies jointly responsible for processing them.
  • Competent authorities, upon request or in fulfilment of legal obligations, in particular public bodies, courts, as well as mediators, accountants, auditors, lawyers, court officials, police officers and debt collection agencies. They will have access exclusively for the fulfilment of legal obligations, as well as for the investigation of perpetrators of offences committed on the Internet. 
  • Third parties who may place cookies, with your consent, on your devices. For more information, please consult our Cookie Policy.

8. Transfer of data outside the European Union 

B&B HOTELS belongs to the B&B HOTELS Group, which offers its services in many countries. 

In this regard, and for the purposes set out in point 6 of this Policy, personal data may be transferred to entities belonging or not to the Group that are located outside the European Union.

In the absence of an adequacy decision, B&B HOTELS will only transfer data outside the European Union if the appropriate guarantees are met, i.e. by entering into agreements with the entities importing data setting up the standard contractual clauses defined by the European Commission and in strict compliance with the regulations in force. 

You can access all the guarantees and documents relating to the transfer of personal data outside the European Union by contacting our Data Protection Officer. 

  • Via the following e-mail address prt-privacy@hotelbb.com
  • By post addressed to “Data Protection Officer B&B HOTELS” Rua Vasco de Gama, n.5, 2685-244 Portela.

9. Security of personal data 

B&B HOTELS pays special attention to security when processing personal data. Consequently, it has implemented the necessary protection measures, both technical and organisational, taking into account the degree of sensitivity of the data collected, in order to guarantee its integrity and confidentiality and protect it against malicious interference, loss, alteration or disclosure to unauthorised third parties. 

However, data security and confidentiality depend on the good practices of each individual. Data subjects are therefore encouraged to stay informed about best practices.

10. Subcontracting companies 

When B&B HOTELS works with service providers, it only transfers personal data when it has obtained from them the commitment and guarantees that they fulfil the confidentiality and security requirements required for this purpose as well as other contractual obligations arising from Article 28 of the GDPR. 

In fulfilment of its legal obligations, the agreements signed between B&B HOTELS and the subcontracting companies include, in particular, the terms and conditions under which personal data will be processed in accordance with the applicable legislation. 

11. Cookies 

The information about our use of cookies can be found in the Cookie Policy.

12. Social networks 

Our X, Facebook, Instagram, TikTok and YouTube accounts can be accessed by clicking on the corresponding icon for each of them via our Website or App.

Social networks help to improve the use of the Website and our Application, as well as to promote them when they are shared. 

By clicking on the aforementioned icons, B&B HOTELS can access the personal information that the User has indicated as public and accessible from their profiles on X, Facebook, Instagram, TikTok and YouTube. However, B&B HOTELS does not create or use any database independent of X, Facebook, Instagram, TikTok and YouTube, or data relating to your private life. 

To limit third-party access to your personal information on Facebook, X, Instagram, TikTok or YouTube, it is advisable to change the settings of your user profiles and/or the nature of your publications to restrict who can access them.

13. Exercising data protection rights 

B&B HOTELS is particularly committed to respecting the rights of Users in the context of data processing, and its intention is to ensure fair and transparent processing of data, taking into account the specific circumstances and context in which it is processed. 

13.1 Right of access 

In this regard, the User has the right to obtain confirmation as to whether or not their personal data is being processed. If so, you will have the right to access the data being processed and the following information: 

The purposes of the processing. 

The categories of personal data concerned. 

The recipients or categories of recipients to whom the data is communicated, particularly if they are located in third countries or are international organisations. 

If possible, the expected data retention period. If not, the criteria used to determine this period. 

The existence of the right to ask the data controller to rectify or erase personal data, to restrict processing or to object to it. 

The right to lodge a complaint with the competent authorities. 

Information on the origin of the data obtained, when it has not been obtained directly from the data subject. 

The existence of automated decisions, including profiling and useful information about the underlying logic, as well as the importance and expected consequences of this processing for the data subjects. 

13.2 Right to rectification 

Users have the right to ask B&B HOTELS to rectify inaccurate, ambiguous or obsolete personal data concerning them. Furthermore, the data subject has the right to have their personal data completed when they consider it to be incomplete. 

13.3 Right to erasure

Users have the right to ask B&B HOTELS to delete their personal data when the requirements of the legislation in force are met. 

It should be noted that the right to erasure of data is not an absolute right and can only be invoked if any of the grounds laid down in the applicable regulations are met. 

13.4 Right to restriction of processing 

The User has the right to obtain from the Data Controller the restriction of data processing when the conditions laid down in the applicable regulations for this purpose are met. 

13.5 Right to object 

The User has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data, when the legal basis for such processing is the legitimate interest pursued by the Data Controller. 

If the User exercises their right to object, B&B HOTELS will cease processing their personal data, unless it has compelling legitimate reasons to continue processing it. These reasons must prevail over the interests, rights and freedoms of the User or be justified for the purposes of declaring, exercising or defending a right in legal proceedings. 

13.6 Right to data portability 

The data subject has the right to data portability. However, this is not an absolute right and can only be invoked when the data has been processed by automated means, excluding cases where the data has been processed manually or on paper. 

Furthermore, this right is limited to cases where the processing of data is based on the User’s consent or on an agreement. 

This right does not apply when the data is derived or inferred, i.e. in relation to personal data created by B&B HOTELS. 

13.7 Right to withdraw consent 

When B&B HOTELS processes data based on the User’s consent, the User has the right to revoke their consent at any time. In this way, B&B HOTELS will stop processing your personal data without affecting the previous operations for which you have given your consent. 

13.8 Right to complain 

The User has the right to lodge a complaint with the competent authorities, without prejudice to the exercise of other judicial or administrative actions that he/she deems necessary, at the following address: National Data Protection Commission, https://www.cnpd.pt/

The User can submit a complaint using the following standardised form standardised form 

13.9 The right to establish advance directives

In the event of death, the User may express their will regarding the exercise of their rights in relation to personal data that fall into special categories of data or when they relate to privacy, image or data relating to communications. The User also has the right to designate a person they trust to carry out their wishes and has the right to ask the Data Controller to comply with what they have determined. 

The User may communicate their wishes regarding the exercise of their data protection rights processed by B&B HOTELS in the manner described above, including making it impossible to exercise their data protection rights, which may be modified or revoked at any time. 

13.10 How can you exercise your rights? 

All the rights described in the previous paragraphs can be exercised as follows: 

Through the e-mail address prt-privacy@hotelbb.com. Through the web form, selecting the reason for the response as "Personal data". If you have a digital account on the B&B HOTELS website https://www.hotel-bb.com/es, you can access ‘My personal and connection settings’ and delete your personal data from the account. To do this via the B&B HOTELS App, you can go to ‘My profile information’ and click on the option ‘Delete Account’.

By post to Rua Vasco de Gama, n.5, 2685-244 Portela. 

 

In order to fulfil your request, whenever we have reasonable doubts as to the identity of the person making the request, we may request additional information that is necessary to confirm their identity by any means.

 

 

  1. B&B HOTELS
  2. General Personal Data Protection Policy (B&B HOTELS mobile app and website www.hotel-bb.com)