(+351) 213 210 500
Choose language:

1. USER DATA COLLECTION AND TREATMENT
B BON, LDA, headquartered at AVENIDA DA LIBERDADE Nº 29, 1250-139 LISBOA, with the Vat number 508 840 503, hereinafter referred to as "BessaHotel" within the scope of:
• establishes a contractual relationship with BessaHotel including hotel services, vouchers.
• the provision of information, content, including newsletter or any telephone contacts
• loyalty cards as well as membership to its users (“User”)
May require the User to make personal data available, namely, information provided by Users that allows BessaHotel to identify and/or contact them. (“Personal Information”). As a rule, Personal Data is requested when the User registers on the site, requests a contact and/or sending newsletters, subscribes to a certain service, provides or requests information, acquires a product or establishes a contractual relationship with BessaHotel.
The Personal Data collected and processed essentially consists of information regarding the name, gender, date of birth, telephone, mobile phone, email, address, tax identification number, credit card data (collected for billing purposes only), although other Personal Data may come to be collected that may be necessary or appropriate for the provision or charging of services by BessaHotel.
BessaHotel also collects and processes information about the characteristics of the user’s hardware device and browser/software features, as well as information about the pages visited by the User within the site. This information may include browser type, domain name, access times and links by which the User has accessed the Site (“Usability Information”). We only use this information to improve the quality of the user’s visit to our site.
Usability Information and Personal Data are designated in this Privacy Policy as “User Data”.
For the purposes of this Privacy Policy, a contractual relationship means any contract established between BessaHotel and its related entities, regardless of their purpose.
1.1 SUB-CONTRACTED ENTITIES
In connection with the provision of information or the provision of services to its Users, BessaHotel may resort to or may have recourse to third parties, subcontracted by itself, to provide certain services, which may imply access by these entities to the personal data of Users.

These subcontracted entities may not transmit the User Data to other entities without BessaHotel having given prior written authorization to do so, and are also prevented from contracting other entities without BessaHotel’s prior authorization.
BessaHotel undertakes to only subcontract to entities that offer the maximum security in the implementation of the appropriate technical and organizational measures, in order to guarantee the defence of the User’s rights. All entities sub-contracted by BessaHotel shall be bound by BessaHotel by means of a written agreement which covers: the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the parties.

1.2 DATA COLLECTION CHANNELS
BessaHotel may collect data directly (i.e., directly from the User) or indirectly (i.e. via partner entities or third parties). Such collection may be done through the following channels:
Direct collection: in person, by telephone, via e-mail and through the site.
Indirect collection: through partners or group companies and official entities.
2. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA
In terms of general principles regarding the processing of personal data, BessaHotel undertakes to ensure that the User Data processed by it is:
• Subject to treatment in accordance with the law, as well as being fair and transparent in relation to the User.
• Collected for specific purposes that are objective and legitimate, not being processed subsequently in any way that runs contrary to these purposes.
• Appropriate, justified and limited to what is necessary in relation to the purposes for which these data are processed.
• Accurate and updated whenever necessary with all necessary measures being taken to ensure that inaccurate data, taking into account the purposes for which they are processed, are erased or corrected without delay.
• Kept in a manner that allows the identification of the User only for the period necessary for the purposes for which the data are to be processed.
• Handled in a manner that ensures data security, including protection against their unauthorized or illegal treatment and against their loss, destruction or unforeseen damage, with appropriate technical or organizational measures being taken.
Data processing carried out by BessaHotel is permitted and legal when at least one of the following situations occurs:
• The User has without doubt given their consent to the processing of User Data for one or more specific purpose.
• The processing is necessary for the implementation of a contract in which the User is a party, or for pre-contractual procedures at the request of the User.
• The processing is necessary for the fulfilment of a legal obligation to which BessaHotel is subject.
• Processing is necessary for the defence of the fundamental interests of the User or another individual.
• The processing is necessary for legal interests being pursued by BessaHotel or by third parties (unless the interests or fundamental rights and freedoms of the User requiring the protection of personal data prevail).
BessaHotel undertakes to ensure that the processing of User Data is only done under the conditions cited above and respecting the principles mentioned above.
When the processing of the User Data is performed by BessaHotel based on the User’s agreement, the User has the right to withdraw his consent at any time. Such withdrawal of the consent, however, does not jeopardize the legality of the processing carried out by BessaHotel, based on the consent previously given by the User.

The length of time during which the data is filed and stored varies according to the purpose for which the information is being processed.
Effectively, there are legal requirements that require the data to be preserved for a minimum period of time. Thus, and where there is no specific legal obligation, the data will be stored and kept only for the minimum period necessary for the purposes that led to their collection or subsequent processing, which at the end of the period will be eliminated.
3. USE AND PURPOSE OF USER DATA PROCESSING
In general, BessaHotel uses the User Data for the following purposes:
• Provision of hotel services and associated services (restaurants, bars, etc.).
• Management of contacts with the User.
• Invoicing and billing the User.
• Registration of users on the site.
• Providing information to the User, who has requested it, on new products and services that have been made available on the site and/or at the hotel units, special offers and campaigns, updated information on BessaHotel’s business operations and, generally, for the purpose of marketing BessaHotel and its hotel units, using any means of communication, including electronic media.
• Allowing access to restricted areas of the site, in accordance with previously established terms.
• Ensuring that the site meets the User’s needs by developing and publishing content that is best adapted to the requests made and the type of User, improving the search capabilities and functionalities of the site and obtaining associated or statistical information regarding to the user’s profile (analysis of consumption profiles).
• The provision of services, and other peripherals, such as newsletters, opinion surveys, or other information or products requested or purchased by the User.
• BessaHotel may combine user information with anonymous demographic information for research purposes and may use the result of that research to provide you with more relevant content on its site. In certain restricted areas of the site, BessaHotel may combine Personal Data with Usability Information to provide the User with more personalized content.
The User Data collected by BessaHotel is not shared with third parties without the User’s consent, except in the situations mentioned in the following paragraph. However, in the event of the User contracting services with BessaHotel that are provided by other entities responsible for the processing of personal data, User Data may be consulted or accessed by such entities, to the extent that it is necessary for the provision of such data services.
BessaHotel may transmit or communicate the User Data to other entities in the event of such transmission or communication being necessary for the implementation of the contract established between the User and BessaHotel or for pre-contractual procedures at the request of the User, if necessary for the fulfilment of a legal obligation to which BessaHotel is subject or, if it is necessary, to obtain them in the legitimate interests of BessaHotel or of a third party. In the event of the transmission of User Data to third parties, reasonable efforts will be made to ensure that the transmitting entity employs the User Data transmitted in a manner appropriate to this Privacy Policy.

4. TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES IMPLEMENTED
In order to guarantee the security of the User Data and maximum confidentiality, BessaHotel treats the information you provided to us in an absolutely confidential manner, in accordance with its internal security, and confidentiality policies and procedures, which are updated periodically as required, as well as the terms and conditions legally set out.
As a function of the nature, scope, context and purpose of data processing, as well as the risks arising from the treatment of the rights and freedoms of the User, BessaHotel undertakes to apply, both when defining the method and timing of handling the data, the technical and organizational measures necessary and appropriate for the protection of User Data and compliance with legal requirements.
It also undertakes to ensure that, by default, only data that are necessary for each specific handling purpose are processed and that such data are not made available without human intervention to an indeterminate number of people.
Nevertheless, in terms of general measures, BessaHotel adopts the following:
• Regular audits to identify the effectiveness of the technical and organizational measures implemented.
• Sensitization and training of personnel involved in data processing operations.
• Pseudonymization and coding of personal data.
• Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems.
• Mechanisms to ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incidente.

5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
Personal data collected and used by BessaHotel are not made available to third parties established outside the European Union. If, in the future, such a transfer takes place for the reasons mentioned above, BessaHotel undertakes to ensure that the transfer complies with the applicable legal provisions, in particular with regard to the determination of that country’s appropriateness with respect to data protection and the requirements applicable to such transfers.
6. USE OF COOKIES
When you visit our site, you will be required to consent to the creation and recording of a text file (Cookie) on your computer. This file will provide you with greater ease and speed in accessing the site, as well as its customization in accordance with your preferences. Most browsers accept these files (Cookies), but the User can delete them or block them automatically. In the "Help" menu on your browser you will find how to configure these settings. However, if you do not allow the use of cookies, there may be some functions of the site that you will not be able to use.

USER RIGHTS (DATA OWNERS)
7. THE RIGHT TO INFORMATION

7.1. Information provided to the User by BessaHotel (when data are collected directly from the User):
• The identity and contacts of BessaHotel.
• The purposes of the processing to which the personal data are intended, as well as, if applicable, the legal reasons for the processing.
• If the processing of the data is based on the legitimate interests of BessaHotel or a third party, an indication of such interests.
• If applicable, recipients or categories of recipients of personal data.
• If applicable, an indication that personal data will be transferred to a third country or an international organization, and whether or not a decision on appropriateness has been adopted by the Commission or a reference to suitable or appropriate transfer guarantees.
• Term for the retention of personal data.
• The right to request BessaHotel’s permission for personal data, as well as its correction,
elimination, the right to oppose its processing and the right to access the data.
• If the processing of the data is based on the User’s consent, the right to withdraw it at any time, without compromising the legality of the processing carried out based on the consent previously given.
• The right to file a complaint with the CNPD (Comissão Nacional de Protecção de Dados [National Commission for Data Protection]) or other supervisory authority.
• Indication of whether or not the communication of personal data constitutes a legal or contractual requirement to enter into a contract and whether the holder is required to provide the personal data and the possible consequences of not providing such data.
• If applicable, the existence of automated decisions, including the definition of profiles, and information regarding the basic concept, as well as the importance and expected consequences of such processing for the data subject.
• If the User Data is not collected directly by BessaHotel from the User, in addition to the aforementioned information, the User is also informed about the categories of personal data being processed, as well as the origin of the data and, whether they are from sources accessible to the public.
• In the event of BessaHotel intending to proceed with the further processing of the User Data for a purpose other than that for which the data was collected, before this processing, BessaHotel shall provide the User with information about that purpose and any other information of interest, under the terms referred to above.

7.2. Procedures and measures implemented to fulfil the right to information.
The information referred to in paragraph 7.1. is provided in writing (including by electronic means) by BessaHotel to the User prior to the processing of the personal data in question. In accordance with applicable law, BessaHotel is under no obligation to provide the User with the information mentioned in paragraph 7.1 when and to the extent that the User already has knowledge of them.
This information is provided by BessaHotel at no cost.

8. RIGHT OF ACCESS TO PERSONAL DATA
BessaHotel guarantees the means that allow the user to consult his or her Personal Data.
The User has the right to obtain confirmation from BessaHotel that personal data concerning him or her are processed and, if applicable, the right to access his/her personal data and the following information:
• The purposes of data processing.
• The categories of personal data in question.
• The addressees or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients based in other countries or belonging to international organizations.
• The term for the retention of personal data.
• The right to ask BessaHotel to correct, eliminate the processing of personal data, or the right to prevent such processing.
• The right to file a complaint with the CNPD (Comissão Nacional de Protecção de Dados [National Commission for Data Protection]) or other supervisory authority.
• The right to be informed about the appropriate safeguards associated with the transfer of data to third countries or international organizations.
Upon request, BessaHotel will provide the User, free of charge, with a copy of the User Data that is being processed. The providing of other copies requested by the User may entail administrative costs.
9. THE RIGHT TO CORRECT PERSONAL DATA
The User has the right to request, at any time, correction of his or her Personal Data, as well as the right to have incomplete personal data completed, including by means of an additional declaration.
In the event of limitation of processing of data, BessaHotel shall inform each recipient/entity to whom the data has been transmitted of the limitation, unless such communication proves impossible or involves a disproportionate effort on behalf of BessaHotel.
10. THE RIGHT TO THE DELETION OF PERSONAL DATA (“RIGHT TO BE FORGOTTEN”)
You have the right to obtain, on the part of BessaHotel, deletion of your data when one of the following reasons apply:
• The User Data is no longer required for the purpose for which it was collected or processed.
• The User withdraws the consent on which the data processing is based and there is no other legal basis for such processing.
• The User opposes the treatment under the right of opposition and there are no prevailing legitimate interests justifying the processing.
• If User Data is processed illegally.
• If User Data must be deleted in order to comply with a legal obligation to which BessaHotel is subject.
Under the applicable legal terms, BessaHotel is under no obligation to delete User Data to the extent that the processing proves necessary to fulfil a legal obligation to which BessaHotel is

subject or for the purposes of declaring, exercising or defending BessaHotel’s rights in judicial
proceedings.
In the event of the data being deleted, BessaHotel shall inform each recipient/entity to whom the data has been transmitted of the deletion, unless such communication proves impossible or involves a disproportionate effort on behalf of BessaHotel.
When BessaHotel has made the User Data public and is obliged to delete it under the right of such deletion, BessaHotel undertakes to ensure reasonable measures, including of a technical nature, taking into account available technology and costs of its application to inform those responsible for the effective processing of personal data for which the User has requested deletion of the links to such personal data, as well as copies or reproductions thereof.
11. THE RIGHT OF PORTABILITY OF PERSONAL DATA
The User has the right to receive personal data concerning him/her and which he/she has provided to BessaHotel, in a structured, current and automated reading format, and the right to transmit such data to another person responsible for its processing, if:
• The processing is based on consent or a contract to which the User is a party and the processing is performed by automated means.
The right of portability does not include inferred or derived data, i.e. personal data that are generated by BessaHotel as a consequence of, or resulting from, analysis of the data being processed.
Users are entitled to have their personal data transmitted directly between those responsible for the processing, whenever this is technically possible.
12. RIGHT TO OPPOSE PROCESSING
Users have the right at any time, for reasons relating to their particular situation, to object to the processing of personal data concerning them in the exercising of legitimate interests pursued by BessaHotel or when the processing is carried out for purposes other than those for which personal data were collected, including the definition of profiles, or when personal data are processed for statistical purposes.
BessaHotel shall terminate the processing of User Data unless it can demonstrate urgent and legitimate reasons for such processing that prevail over the User’s interests, rights and freedoms, or for the purposes of declaring, exercising or defending BessaHotel’s rights in legal proceedings.
When User Data is processed for the purpose of direct sales (marketing), Users have the right to oppose at any time the processing of the data that concern them for the purposes of said marketing, which includes the definition of profiles insofar as it relates to direct marketing. If Users object to the processing of their data for the purposes of direct marketing, BessaHotel must cease the processing of the data for this purpose.
Users also have the right not to be subject to any decision made solely on the basis of automated processing, including the definition of profiles, that has an effect in the legal sphere or has a significant similar effect, unless the decision:
• Is necessary for the signing or implementation of a contract between the User and BessaHotel.

• Is authorized by legislation to which BessaHotel is subject.
• Is based on the explicit consent of the User.

13. PROCEDURES FOR THE EXERCISING OF RIGHTS BY THE USER
The right of access, right to make corrections, right of elimination, right of portability and right to opposition may be all exercised by the User by contacting the BessaHotel, in writing to:
B BON, LDA
A/C RESPONSÁVEL PELA PRIVACIDADE E PROTEÇÃO DE DADOS AVENIDA DA LIBERDADE Nº 29
1250-139 LISBOA
BessaHotel will respond in writing (including by electronic means) to the User’s request within a maximum period of one month from the receipt of the request, except in particularly complex cases, for which this period may be extended up to two months.
If the requests submitted by the User are manifestly unjustified or excessive, especially due to their repetitive nature, BessaHotel reserves the right to charge administrative costs or refuse to comply with the request.
14. PERSONAL DATA VIOLATIONS
In the event of data violation and insofar as such a violation is likely to entail a high risk to the User’s rights and freedoms, BessaHotel undertakes to inform the User in question of the personal data violation within 72 hours of learning of the incident.
Under the legislation, communication to the User is not required in the following cases:
• If BessaHotel has applied satisfactory protection measures, both technical and organizational, and these measures have been applied to personal data affected by the personal data violation, especially measures that make the personal data incomprehensible to anyone unauthorized to access such data, such as encryption.
• If BessaHotel has taken subsequent action to ensure that the high risk to the User’s
rights and freedoms is no longer likely to materialize.
• If communication to the User implies a disproportionate effort on behalf of BessaHotel. In this case, BessaHotel will release a public communication or take a similar action by which the User will be informed.

15. ALTERATIONS TO PRIVACY POLICY
BessaHotel reserves the right to make changes to this Privacy Policy at any time. In the case of modification to the Privacy Policy, the version, available at the top of this page, shall also be updated. If the change is substantial, a notice will be placed on the site.
16. APPLICABLE LAW AND LEGAL JURISDICTION
The Privacy Policy as well as the collection, processing or transmission of User Data are all governed by the provisions of EU Regulation 2016/679 passed by the European Parliament and Council on 27 April 2016, and by the laws and regulations applicable in Portugal.

Any litigation arising from the validity, interpretation or implementation of the Privacy Policy, or related to the collection, processing or transmission of User Data, must be submitted exclusively to the jurisdiction of the courts of Porto, without pre