PRIVACY POLICY AND PROCESSING OF PERSONAL DATA
I – Us and our commitment:
Our company, Armando da Silva Antunes SA hereafter named LASA is profoundly committed in maintaining the confidentiality, integrity, and security of personal information of clients, business partners and any person that interacts with LASA through various channels such as websites, digital files, third party social networks.
II – Collection and processing of personal data
We collect personal data from the following sources:
- A computer system consisting of a set of software solutions supported on a set of hardware devices and other similar solutions, including e-mail services and other external digital repositories and communication solutions.
- LASA´s Websites:
- www.lasanet.pt;
- www.lasahotel.pt
III – Personal and material scope of this Privacy Policy
This Privacy Policy refers exclusively to how Personal Data is collected, used, and disclosed.
The same or similar policy will also be assumed, contractually signed with the LASA, by entities that treat the same personal data on behalf of LASA.
The availability through the said LASA website of other links to other websites outside LASA is made in good faith and in the interest of the user, and cannot be held responsible, in any way, for the collection, processing and discloser of the data in those Websites, nor for the reliability, correctness, legality and functionalities available there, being therefore not applicable to them this privacy policy.
LASA considers it mandatory and will presume for all intents and purposes, without the possibility of proof to the contrary, that each individual will read the privacy policies of all the websites acceded to.
IV – The reason for the publication of this Privacy Policy
In addition to implementing it in its organizational processes, LASA has drafted this Privacy Policy to inform and explain the general rules of this Privacy Policy and how personal data is collected, processed and treated, always in strict compliance with relevant laws, policies, and regulations.
For this purpose, the text of this privacy policy will be available in the physical location at LASA and in digital support on the company websites.
What is mentioned in this Privacy Policy complements what is stipulated about this matter in the contracts, formal or informal, celebrated with the LASA.
We kindly ask you to read this Privacy Policy carefully, therefore, the availability of your personal data, either in person or when accessing said Website, implies that you know and accept the conditions contained herein and the treatment of them for lawful and legitimate purposes.
LASA expressly reserves the right to change the present privacy policy at any time, and the result is duly publicized by the same means.
V – Concept of personal data
Personal data means any information or registration, of any nature and regardless of its support or format, namely sound, image, writing, chirograph or feature, relating to the identified or identifiable singular person.
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
VI- The entity responsible for the processing of personal data
The entity responsible for collecting and processing the personal data and that determines the means of their treatment is LASA. Personal data are processed fairly and lawfully, and only to the extent necessary to fulfil their specific and legitimate purpose.
VII – Types of personal data collected and processed
In the course of its daily organisational activities, LASA acquires, processes and stores personal data namely:
- Personal data necessary to provide products to its customers, such as name, tax number, address, telephone number and e-mail address, among others, which are necessary to fulfil their specific and legitimate purpose.
- Personal data necessary to fulfil legal obligations, either to public entities or to private entities.
- Data needed to manage customers and users, to fulfil contractual obligations with customers and suppliers, to satisfy legal obligations, to implement marketing actions, to conduct market studies and satisfaction surveys, to handle complaints. All of these actions involve dealing with personal data such as names, tax numbers, addresses, telephone numbers and e-mail addresses.
- All personal data processed to reach compliance with applicable laws and to pursue LASA’s Group legitimate business interests and legal rights, in particular tax and administrative management, enforcement of legal claims, the performance of compliance investigations and for regulatory and investigative purposes, and to ensure security of the installations.
Under applicable law, personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
VIII – Purposes of the collection and processing of personal data
Personal data is processed for administering inquiries and agreements, as well as providing information and services in connection with such inquiries and agreements. Personal data may also be used for marketing and follow ups as well as for sales and product development with the aim of improving LASA’s Group products and services. Finally, personal data is also processed for tax and administrative management, enforcement of legal claims, the performance of compliance investigations and for regulatory and investigative purposes, and to ensure security of the installations.
At the moment that the personal data is collected, LASA will precisely detail the sort of personal data collected and how it will be treated, held and stored.
IX – For how long will personal data be kept
MAF will store data for the shortest time possible. That period should take into account the reasons why LASA needed to process the data, as well as any legal obligations to keep the data for a fixed period of time. After this period of time the personal data will be erased.
X- Right of Access · Right to Rectification · Right to Erasure · Right to Data Portability · Right to Restriction of Processing
LASA provides data subjects a copy of their processed personal data upon request at our registered office at Estrada Nacional 105, Nº 3344, Nespereira, 4835-517 Guimarães, or by the electronic address info@lasahotel.pt.
If you think your data protection rights have been breached, you can lodge a complaint with the National Data Protection Commission – Av. D. Carlos I, 134 – 1º 1200-651 Lisboa – Tel: +351 213928400 – Fax: +351 213976832 – e-mail: geral@cnpd.pt
XI – How LASA protects Personal Data
LASA took all steps reasonably necessary to ensure that your data is treated securely and
protected against unauthorised access or processing.
All personal data collected through digital or paper forms, whether completed on the physical premises of LASA or on the website (which requires encrypted sessions of the Browser) are stored safely in our physical repositories and digital systems.
All the personal data is stored in a Datacenter owned by LASA, or of its subcontractor, which possesses all the advanced physical and logistic security measures, that LASA considers necessary for the protection of personal data.
Despite of these security measures, it is important to be aware of the risks of the internet. When transmitting personal data over the internet, particularly sensitive personal data, data subjects should ensure the use of an updated PC and Browser in terms of properly configured security patches with active firewall, antivirus and antispyware, and ensure the authenticity of the websites and avoid websites whose credibility is not trust worthy.
The aforementioned security and compliance plan include the existence of a designated Personal Data Protection Officer, who is responsible for, among other things, verifying this Privacy Policy, maintaining clear rules for the processing of personal data and communicating with control authorities, guaranteeing to all those who entrust LASA with the processing of their personal data, the effective knowledge of the way in which they treat them and their rights in that regard.
XII – Appointed data protection officer
LASA has appointed and maintains a Data Protection Officer who can be contacted by letter to LASA´s address at Estrada Nacional 105, Nº 3344, Nespereira, 4835-517 Guimarães, by tel: 253 560 700, or by e-mail address dpo@lasanet.pt
XIII- Communication of data to other entities, subcontractors or third parties
LASA may have to transfer your personal data outside of Portugal. In sush case, LASA will rigorously comply with all applicable legal provisions, namely with respect to the determination of the reliability and suitability of the country of destination with respect to protecting personal data and the requirements applicable to such transfers.
XIV – Cookies
“Cookies” are small software tags that are stored on your computer through your browser. As a rule, they only retain information related to your preferences and as such they do not contain your personal data.
Whenever this is not the case, the user shall always be asked for his or her consent to supply the data in accordance with applicable legislation.