COOKIES AND PRIVACY POLICY

COOKIE POLICY

This Cookie Policy is a supplementary document to the Privacy Policy of HÓTEIS PONTA VERDE LTDA, available on the company's website. Here, you will find objective and clear information about what cookies are, which cookies we use in our applications, what role they play, and how to configure them.


1. What are cookies?

Cookies are small text files or pieces of information that are downloaded to your computer, mobile phone, or any other internet-enabled device when you visit our website. They contain information about your browsing on our pages and retain only information related to your preferences. This allows this page to store and retrieve data about your browsing habits in order to improve your user experience. It is important to note that they do not contain specific personal information, such as sensitive data. Your browser stores cookies on your hard drive, but they occupy minimal memory space and do not affect your computer's performance. Most of the information is deleted as soon as you end your session.


1.1. Types of Cookies

Cookies, in terms of their owners, can be:

1. First-party cookies: These are cookies set by us or by third parties on our behalf.

2. Third-party cookies: These are cookies set by trusted third parties on our application.

Cookies, in terms of their shelf life, can be:

1. Session or temporary cookies: These are cookies that expire as soon as you close your browser, ending the session.

2. Persistent or permanent cookies: These are cookies that remain on your device for a specified period or until you delete them.

Cookies, depending on their purpose, can be:

1. Necessary cookies: These are essential cookies that enable navigation within our applications and access to all features; without these, our services may perform poorly or not function.

2. Performance cookies: These are cookies that optimize how our applications work by collecting anonymous information about the pages you visit.

3. Functionality cookies: These are cookies that remember your preferences and choices (such as your username).

4. Advertising cookies: These are cookies that target ads based on your interests and limit the number of times the ad appears.


2. WHY DO WE USE COOKIES?

Ponta Verde Hotels uses cookies to provide the best user experience, making our applications easier and more personalized, based on your choices and browsing behavior. Thus, we seek to understand how you use our applications and adjust the content to make it more relevant to you, as well as remember your preferences. Cookies participate in this process by storing, reading, and executing the data necessary to fulfill our objective.


3. WHAT TYPE OF COOKIES DO WE USE?

Below we list all the cookies that may be used by HÓTEIS PONTA VERDE. It is important to remember that you can manage the permission granted for each cookie in your browser. Furthermore, since cookies collect data about you, we advise you to read our Privacy Policy, available on our website.


3.1. Necessary Cookies

ASP.NET_SessionId - Issued by the Microsoft ASP.NET application, this cookie stores session data during the user's visit to the website.

3.2. Advertising cookies

Test_cookie - The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. It expires in 15 minutes.

_fbp - This cookie is set by Facebook to display ads when you are on Facebook or on a digital platform powered by Facebook advertising, after a visit to the website. It expires in 3 months.

3.3. Cookies Analytics

_ga - The _ga cookie, installed by Google Analytics, calculates visitor, session, and campaign data and also tracks website usage for website analytics reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. It expires in 2 years.

_gid - Installed by Google Analytics, the _gid cookie stores information about how visitors use a website, while also creating an analytical report of the website's performance. Some of the data collected includes the number of visitors, their source, and the pages they visit anonymously. Expires in 1 day.

_gat_UA - A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behavior and evaluate website performance. The default element in the name contains the unique identifier number of the account or website to which it relates. Expires in 1 minute.

_hjFirstSeen - Hotjar sets this cookie to identify a new user's first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user. It expires in 30 minutes.

_hjIncludedInPageviewSample - Hotjar sets this cookie to know if a user is included in the data sampling defined by the site's page view limit. Expires in 2 minutes.

_hjAbsoluteSessionInProgress - Hotjar sets this cookie to detect a user's first page view session. This is a True/False flag set by the cookie. It expires in 30 minutes.

3.4. Other Cookies.

_hjSessionUser_983640 - Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category. Expires in 1 year.

_hjSession_983640 - Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category. Expires in 30 minutes.

_pm_id - Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category. Expires in 2 years.

_pm_sid - Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category. Expires in 30 minutes.


4. COOKIE MANAGEMENT

The installation of cookies is subject to your consent. Although most browsers are initially configured to automatically accept cookies, you can review your permissions at any time to block them, accept them, or enable notifications when certain cookies are sent to your device. Currently, the first time you access our applications, you will be asked to agree to their installation. They will only be activated after you accept them. You can, at any time and at no cost, change your permissions, block or refuse cookies. However, revoking consent for certain cookies may prevent some platform features from functioning correctly. To manage your browser's cookies, simply do so directly in your browser settings, in the cookie management area.


5. FINAL PROVISIONS

For PONTA VERDE HOTELS, privacy and trust are fundamental to our relationship with you. We are always updating ourselves to maintain the highest security standards. Therefore, we reserve the right to change this Cookie Policy at any time. Changes will take effect immediately after publication, and you will be notified. By continuing to browse our applications after this change becomes effective, you agree to them. We advise you to always check this Policy, as well as our Privacy Policy. If you have any questions about this Cookie Policy, please contact us through the following means:

  • Email: lgpd@hotelpontaverde.com.br

  • Website: http:// https://www.hotelpontaverde.com.br - "CONTACT - LGPD OMBUDSMAN" tab


    • This Cookie Policy was last updated on 17/31/2023.

    PRIVACY POLICY

    At HOTÉIS PONTA VERDE, privacy and security are among our top priorities, and we are committed to transparency in the handling of our users'/customers' personal data. Therefore, this Privacy Policy establishes how your personal data is processed, from collection to disposal, including the use and transfer of information from customers or other individuals who access or use our website and/or applications.


    By using our services, you understand that we will collect and use your personal information in the ways described in this Policy, in accordance with the General Data Protection Law (Law No. 13.709/2018), the Consumer Protection Code (Law No. 8078/1990) and other applicable Brazilian legal regulations. Therefore, HOTÉIS PONTA VERDE LTDA, registered with the CNPJ/MF under No. 12.448.221/0001-06, in its role as Data Controller, is bound by the provisions of this Privacy Policy.


    1. What data do we collect about you and for what purpose?

    1.1. Personal data collected by the website and the app

    We at HOTÉIS PONTA VERDE collect your personal data when you access our website.

    • Clients/Guests: When contacting us to make reservations, you provide us with the following information: full name, CPF (Brazilian tax identification number), contact information (email address and phone number), and credit card number, as well as, optionally, the full name and email of any accompanying person.
    • When checking in for the purpose of accommodation, as well as for sending the National Guest Registration Form (FNRH) to the Ministry of Tourism, the following data is provided: full name, email, telephone, profession, nationality, date of birth, gender, ID, CPF (Brazilian tax identification number), address, last place of origin and next destination, reason for travel and means of transport.
    • Job applicants: When contacting us to submit your resume for the selection process, please provide the following information: full name, date of birth, place of birth, gender, CPF (Brazilian tax identification number), education level, address, contact information (email and phone), whether you have a disability, as well as educational and professional information.

    1.1.1. Personal data collected automatically

    When you access our website on mobile devices, we also automatically collect information about the mobile device and about your use and activity on our mobile applications. We collect the type and version of the mobile operating system of the device, browser type, device type, geolocation data, Wi-Fi network connection data, IP (Internet Protocol) address, device identifiers, access date and time logs, visit duration, and other data.

    All the data above is used for device tracking and to improve your experience on our website.


    1.2. Personal data collected by third parties

    We may receive your personal data when you provide it to third parties for the purpose of making hotel reservations (e.g., Booking, Decolar, Expedia, Trivago, and TripAdvisor, as well as travel agencies). In this process, third parties use their own means to collect data concerning you and, through a contract, allow HOTÉIS PONTA VERDE to also have access to this data so that reservations can be made.

    Third parties that collect data have a legal obligation to obtain the respective consents and authorizations that the data subject freely and unequivocally wishes to give for the processing of their personal data.

    We are not responsible for the processing of personal data. Our responsibility is generally limited to being as transparent as possible about how we access, store, and use your personal data.

    Ponta Verde Hotels does this as a way to establish a relationship of trust with you, and there is no legal obligation on our part to do so.


    1.3. Personal data collected during the stay

    The Ponta Verde Hotels pride themselves on providing excellent hotel services.

    1.3. Personal data collected during the stay

    To provide more efficient and personalized service, we collect, store, and use guests' personal data during their hotel stay.

    The data collected may include characteristics, preferences, and history of each guest, such as dietary restrictions, allergies, specific requests, likes, preferences, aversions, and habits.

    This data is processed for the benefit of the guest, with the aim of providing a personalized service. Because it is individual and private, it is kept confidential and secure, accessible only to the internal team, and used as necessary for service.

    We understand that service personalization improves over time and through shared experiences with guests. Therefore, upon check-in, guests understand and agree that their data may be collected and used during their stay or for future stays.

    Guests have the right to request the deletion of their personal data, in accordance with the LGPD (Brazilian General Data Protection Law) and this Privacy Policy.


    1.4. Personal data collected by surveillance cameras

    In compliance with the LGPD (Brazilian General Data Protection Law), HOTÉIS PONTA VERDE informs about the capture of images by security cameras, where the data controller is the hotel itself.

    There is internal monitoring via cameras distributed throughout the premises, properly identified and marked. Video surveillance is used for:

    • To detect, investigate and prosecute criminal offenses;
    • To protect the safety of people who frequent the hotel facilities.

    The legal basis for processing this data is to protect employees, customers, and visitors, increasing security without violating the fundamental rights and freedoms of data subjects (legal basis: Article 6, VI, and Article 11, paragraph “e” of the LGPD).

    The images are treated confidentially, stored for up to 30 days, and may be retained for longer in case of security incidents, and made available to the courts when necessary.


    1.5. Other purposes

    In addition to the purposes mentioned, personal data may be used for:

    • Manage Wi-Fi networks in hotels, bars, and restaurants;
    • Allow personalized promotions and recommendations from the hotel and partners;
    • Implement and improve remote sales tools and user experience;
    • To communicate information resulting from activities on the website;
    • Answer questions and requests;
    • To comply with legal or judicial orders;
    • Maintain up-to-date contact information for authorized users via phone, email, direct mail, or other means.


    2. DATA ON CHILDREN AND ADOLESCENTS

    The Ponta Verde Hotels only collect or process children's data with the proper authorization from their parents or guardians and strictly for the purpose of carrying out check-in and offering the necessary services during their stay.


    3. How do we collect your data?

    In this regard, your personal data is collected as follows:

  • Forms on the Website;

  • National Guest Registration Form – FNRH;

  • Form at Check-in.


    • 4. CONSENT

    Some purposes will require your consent.

    Consent is the free, informed, and unequivocal expression by which you authorize HOTÉIS PONTA VERDE to process your data.

    Your consent will be obtained specifically for each necessary purpose, demonstrating the commitment of HOTÉIS PONTA VERDE to transparency and good faith towards its users/clients, in accordance with relevant legislative regulations.

    By using the hotel's services and providing your personal data, you are aware of and consent to the provisions of this Privacy Policy, and you understand your rights and how to exercise them.

    You may revoke your consent at any time and at no cost.

    It is important to note that revoking consent for data processing may prevent the proper functioning of some website features that depend on its operation. Such consequences will be communicated beforehand.


    5. Sending messages via electronic means and advertising on digital media.

    Information about the services offered by HOTÉIS PONTA VERDE may be sent to you through any channel, including, but not limited to, electronic means such as email, SMS, WhatsApp, or social media.

    Ponta Verde Hotels may send you periodic communications regarding information of specific interest to you, for marketing purposes, satisfaction surveys, and campaigns with promotional offers provided by the company and its partners. You acknowledge and accept that your personal data may be used to maintain a commercial and institutional relationship, noting that only data strictly necessary for this purpose will be used. To stop receiving our promotional campaigns and requests to participate in surveys via electronic means, such as email or SMS, you must contact our Ombudsman, whose contact information is available in item 9 of this document.


    5.1. Anti-spam and anti-phishing commitment:

    Ponta Verde Hotels operates in accordance with best practices in the digital market. Marketing communication is only carried out with those who request to receive messages or who have had prior contact with us. Therefore, we recommend that if you receive an email in our name and suspect fraud, do not open any attachments or click on any links or buttons. You can also contact us so that we can take the necessary measures to combat cybercrime.


    6. What are your rights?

  • Ponta Verde Hotels guarantees its users/clients their rights as data subjects as stipulated in Article 18 of the General Data Protection Law. Therefore, you can, free of charge and at any time:
  • Confirm the existence of data processing, in a simplified manner or in a clear and complete format.
  • Access your data, requesting a legible copy in printed form or through secure and reliable electronic means.
  • Correct your data by requesting its editing, correction, or updating.
  • Limit your data when unnecessary, excessive, or processed in violation of the law through anonymization, blocking, or deletion.
  • Request the deletion of your data processed based on your consent, except in cases provided for by law.
  • Revoke your consent, disauthorizing the processing of your data.
  • Be informed about the possibility of not providing your consent and the consequences of refusal.


    • 7. How can you exercise your rights as a data subject?

  • To exercise your rights as a data subject, you must contact HOTÉIS PONTA VERDE through the following available means:
  • Email: lgpd@hotelpontaverde.com.br
  • Website: https://www.hotelpontaverde.com.br - “CONTACT - LGPD OMBUDSMAN” tab

    • In order to ensure your correct identification as the data subject of the request, we may request documents or other proof to verify your identity. In this case, you will be informed beforehand.


    8. HOW AND FOR HOW LONG WILL YOUR DATA BE STORED?

    Your personal data collected by HOTÉIS PONTA VERDE will be used and stored for the time necessary to provide the service or to achieve the purposes listed in this Privacy Policy, considering the rights of data subjects and controllers.

  • Generally, your data will be kept for as long as the contractual relationship between you and the hotel lasts. Once the personal data storage period has ended, it will be deleted from our databases or anonymized, except in the cases legally provided for in Article 16 of the General Data Protection Law, namely:
  • Compliance with a legal or regulatory obligation by the controller;
  • Study by a research body, ensuring, whenever possible, the anonymization of personal data;
  • Transfer to a third party, provided that the data processing requirements set forth in this Law are respected; or
  • Exclusive use by the controller, prohibiting access by third parties, and provided that the data is anonymized.

    • That is, personal information about you that is essential for complying with legal, judicial, and administrative requirements and/or for exercising the right to defense in judicial and administrative proceedings will be retained, despite the deletion of other data that is not necessary for such processing.

    Once the retention period and legal requirements have expired, the data will be deleted using secure disposal methods or used in an anonymized form for statistical purposes.

    The storage of data collected by HOTÉIS PONTA VERDE reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions capable of guaranteeing the confidentiality, integrity, and inviolability of your data. Furthermore, we also have security measures appropriate to the risks and access control to the stored information.


    9. What do we do to keep your data safe?

    To keep your personal information secure, we use physical, electronic, and managerial tools designed to protect your privacy.

    We apply these tools taking into account the nature of the personal data collected, the context and purpose of the processing, and the risks that any violations would generate for the rights and freedoms of the data subject whose data is collected and processed.

  • Among the measures we have adopted, we highlight the following:
  • Only authorized persons have access to your personal data;
  • All those involved who have access to your personal data sign and agree to a Confidentiality Agreement;
  • Your personal data is stored in a secure and reliable environment with the adoption of all necessary technical measures to guarantee confidentiality and protection.

    • Ponta Verde Hotels is committed to adopting the best practices to prevent security incidents. However, it is important to emphasize that no website is entirely secure and risk-free. Despite all our security protocols, problems caused exclusively by third parties may occur, such as cyberattacks by hackers, or also due to negligence or recklessness on the part of the user/customer.

    In the event of security incidents that may pose a significant risk or harm to you or any of our users/clients, we will notify those affected and the National Data Protection Authority of the incident, in accordance with the provisions of Article 48 of the General Data Protection Law.


    10. With whom may your data be shared?

    In order to protect your privacy, HOTÉIS PONTA VERDE will not share your personal data with any unauthorized third party.

  • The collected data and recorded activities (logs) may be shared:
  • With the companies and business areas of HOTÉIS PONTA VERDE, which are in accordance with this Policy;
  • With service providers or partner companies, to facilitate, provide or execute activities related to our services (legal, accounting, web development, among others);
  • With marketing and advertising companies, to deliver promotions and information appropriate to your profile;
  • With travel agencies and tour operators with whom the data subject has a signed contract.

    • These companies only receive your data to the extent necessary for the provision of the contracted services, and our contracts are governed by the General Data Protection Law.

  • Furthermore, there are other circumstances in which your data may be shared, which are:
  • Legal determination, request, requisition or court order, with competent judicial, administrative or governmental authorities;
  • In the case of corporate transactions, such as mergers, acquisitions and incorporations, automatically;
  • Government bodies such as the Ministry of Education and the Ministry of Economy, among others;
  • Protection of the rights of HOTÉIS PONTA VERDE in any type of conflict, including those of a judicial nature.


    • 11. COOKIES OR BROWSING DATA

    HOTÉIS PONTA VERDE uses cookies, which are text files sent by the platform to your computer and stored there, containing information related to website navigation. In short, cookies are used to enhance the user experience.

    By accessing our website and consenting to the use of cookies, you acknowledge and accept the use of a system for collecting browsing data through the use of cookies on your device.

    The HOTÉIS PONTA VERDE website uses necessary cookies, advertising cookies, analytics cookies, and other cookies. More details are available in our Cookie Policy.

    You can change your permissions, block, or refuse cookies at any time and at no cost. However, revoking consent for certain cookies may prevent some platform features from functioning correctly.


    12. RESPONSIBILITY

    HOTÉIS PONTA VERDE foresees the responsibility of the agents involved in data processing, in accordance with articles 42 to 45 of the General Data Protection Law.

    We are committed to keeping this Privacy Policy up-to-date, observing its provisions and ensuring its compliance.

    Furthermore, we are also committed to seeking technical and organizational conditions that are securely capable of protecting the entire data processing process.

    Should the National Data Protection Authority require us to take action regarding the data processing carried out by HOTÉIS PONTA VERDE, we commit to complying with it.


    12.1. Disclaimer of Liability

  • As mentioned in Topic 11, although we adopt high security standards to prevent incidents, no virtual page is entirely risk-free. In this sense, HOTÉIS PONTA VERDE is not responsible for:
  • Any consequences arising from the negligence, recklessness, or incompetence of users regarding their individual data. We guarantee and are only responsible for the security of data processing and the fulfillment of the purposes described in this document. We emphasize that the responsibility for the confidentiality of access data lies with the user.
  • Malicious actions by third parties, such as hacker attacks, except if proven culpable or deliberate conduct by HOTÉIS PONTA VERDE.
  • Untruthfulness of the information entered by the user/client in the records necessary for the use of HOTÉIS PONTA VERDE services; any consequences arising from false information or information entered in bad faith are entirely the responsibility of the user/client.


    • 13. Data Protection Officer (DPO)

    A professional appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

  • The Data Protection Officer reports directly to the directors and is responsible for all instructions in this Policy. Therefore, the Data Protection Officer shall, in particular:
  • Maintain a record of the data processing carried out;
  • Train and raise awareness among professionals;
  • Be a point of contact for data subjects regarding this Policy;
  • Inform, receive instructions from, and address requests from Data Subjects regarding their Data Protection rights; and
  • Inform, receive instructions from, and address Data Protection requests from supervisory authorities.

    • If you have any questions about this Privacy Policy or the personal data we process, you can contact our Data Protection Officer through the following channels: Daniely Barbosa Pinto lgpd@hotelpontaverde.com.br

    

    14. CHANGES TO THIS PRIVACY POLICY

    The current version of the Privacy Policy was last drafted and updated on July 31, 2023.

    We reserve the right to modify this Privacy Policy at any time, particularly to adapt to any changes made to our website or by law. We recommend that you review it frequently.

    Any changes will take effect upon publication on our website, and we will always notify you of any changes.

    By using our services and providing your personal data after such modifications, you consent to them.