Caju Villas Montargil, taking into account the GDPR – General Data Protection Regulation (EU  Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016), hereby  provides you with the following information regarding the collection and processing of your  personal data: 

Grounds and Purposes for Processing 

1.1 The basis for the collection and processing of your personal data is your consent for the  following hotel reservation purposes. 

1.2 The purpose of the information collected and registered in the database is to enable Caju  Villas Montargil to process bookings at any of the accommodation units. 

Categories of Personal Data collected and processed 

2.1 For the purposes mentioned above, Caju Villas Montargil may collect and process the  User’s personal data that is necessary and indispensable for the purposes identified above,  which are as follows: 

Identification and Contacts: name, date and place of birth, nationality, gender, identification  document, address, telephone contact details, e-mail address. 

2.2 The data subject declares that the data they provide to Caju Villas Montargil is true,  accurate, complete and up-to-date. The User is responsible for the veracity of all the data they  communicate and for keeping it duly updated. 

Personal Data Retention Period

3.1 The period of retention of the User’s personal data in the database is: up to 12 months for  booking information; 

Data Controller, Subcontractors and other Recipients 

4.1. Caju Villas Montargil is responsible for processing the personal data collected. You can  contact us at: 

Address: Rua 25 de Abril, nº35, Quinta do Guro, 7425-014, Farinha Branca – Montargil. Email: info@cajuvillasmontargil.com 

4.2 Companies subcontracted to carry out services necessary for managing bookings may also  be recipients of the data. 

4.3. Caju Villas Montargil, as the party responsible for processing the user’s personal data,  declares that it maintains a written agreement with all its subcontractors, through which they  guarantee compliance with the GDPR, and that the user’s personal data is only processed by  them under the terms and conditions described herein, for the purposes mentioned herein,  and to the extent strictly necessary. 

Rights of the User as Data Subject 

5.1. The User is guaranteed the following rights under the terms of the applicable legislation: 

Right of access to their data and to information on processing operations; to know whether or  not their data is being processed; whether it has been passed on to another organisation; what  has been done with it; 

Right to rectification of personal data that is out of date, incorrect or incomplete; 

Right to erasure or right to be forgotten: The data subject has the right to ask the data  controller to erase their data; 

Right to restriction of processing: The data subject has the right to have a mark placed on their  personal data in order to restrict its processing in the future; 

Right to data portability: the data subject has the right to request the personal data concerning  them that they have provided, and also the right to request the transfer of this data to other  third parties who are also data controllers;

Right to object: the data subject has the right to object at any time, on grounds relating to his  or her particular situation, to the processing of personal data concerning him or her which is  based on legitimate interests or public interest, including profiling on the basis of such  provisions. 

The right not to be subject to exclusively automated individual decisions, including profiling; Right to lodge complaints with the supervisory authority: 

Comissão Nacional de Proteção de Dados – CNPD Rua de São Bento, n.º 148, 3º 1200-821  Lisboa Tel: 351 213928400 Fax: +351 213976832 e-mail: geral@cnpd.pt. 

5.2 You can exercise your rights through the following contacts:  

Address: Rua 25 de Abril, nº35, Quinta do Guro, 7425-014, Farinha Branca – Montargil. Email: info@cajuvillasmontargil.com 

Consent of the data subject and the right to change or withdraw this consent 

6.1 The User hereby gives his/her consent to the processing of his/her personal data indicated  above, under the terms and conditions set out in this document, to Caju Villas Montargil, for  the purposes identified herein. 

6.2 The User may change or withdraw their consent at any time, with effect for the future, by  contacting the data controller listed above. 

6.3 If the User withdraws their consent, this does not jeopardise the lawfulness of the  processing carried out up to that date. 

6.4 The processing of the User’s personal data is indispensable for making bookings, so if the  User changes or withdraws their consent, they will be prevented from making the booking.

Transfer of data to third countries 

Complete only if applicable. 

Existence of automated decisions 

Caju Villas Montargil does not make automated decisions based on the data being processed;  all decisions are analysed by human intervention. 

Security measures 

9.1 Caju Villas Montargil declares that it complies with all the provisions of the GDPR – General  Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the  Council of 27 April 2016). 

9.2 Caju Villas Montargil has implemented the necessary technical and organisational security  measures to guarantee the security of the personal data it collects and processes, and to  prevent its alteration, loss and unauthorised processing and/or access, taking into account the  state of the technology, the nature of the data stored and the risks to which they are exposed. 

Breach of personal data 

10.1 When there is a breach of personal data that may involve a high risk to the User’s rights  and freedoms, Caju Villas Montargil must notify the User in good time. 

10.2 This communication must include the nature of the personal data breach; the indication  of a contact point where further information can be obtained; a description of the probable  consequences of the personal data breach; a description of the measures adopted or proposed  by the controller to remedy the personal data breach, including, where appropriate, measures  to mitigate its possible negative effects.