Privacy Policy

The Companies Porto Palácio Hotel – Exploração Hoteleira S.A., Aqualuz Troia – Exploração Hoteleira e Imobiliária, S.A., Troiaresort – Investimentos Turísticos, S.A., The Artist Porto Hotel & Bistro – Actividades Hoteleiras, S.A., The House Ribeira Hotel – Exploração Hoteleira, S.A., Aqualuz – Turismo e Lazer, Unipessoal, Lda, Imobeauty, S.A., Golf Time - Golfe e Investimentos Turísticos, S.A., 2Ndroom - Exploração Hoteleira, S.A., The Editory Aliados - Exploração Hoteleira, S.A. and The Editory Garden - Exploração Hoteleira, S.A. operate on the basis of trust and transparency. This commitment is transposed into our daily relationship with our customers, staff and suppliers. The privacy and safety of data which you entrusted us with are our priority.

We undertake to only collect, store, process, convey or eliminate with transparency your personal data, which are essential for providing the best services. Let us tell you how we use your personal data and for what purposes, guaranteeing that we gather, share and keep your personal data according to the best practices in the field of personal data security and protection. When your personal data are gathered, stored, processed, conveyed or deleted by other entities, we demand the same level of privacy and security.

We want you to rely that our personal data are safe with us, since we will always be committed to protecting your privacy. We assume with honesty and engagement our responsibility as regards the protection of your personal data. If you have any question about how we use your personal data, send us your message to dataprotection@editoryhotels.pt so that we may help you.

The companies Porto Palácio Hotel – Exploração Hoteleira S.A., Aqualuz Troia – Exploração Hoteleira e Imobiliária, S.A., Troiaresort – Investimentos Turísticos, S.A., The Artist Porto Hotel & Bistro – Actividades Hoteleiras, S.A., The House Ribeira Hotel – Exploração Hoteleira, S.A., Aqualuz – Turismo e Lazer, Unipessoal, Lda, Imobeauty, S.A., Golf Time - Golfe e Investimentos Turísticos, S.A., 2Ndroom - Exploração Hoteleira, S.A., The Editory Aliados - Exploração Hoteleira, S.A. and The Editory Garden - Exploração Hoteleira, S.A. (referred to hereinafter as Editory Hotels) are jointly responsible for processing your personal data as laid down in the General Regulation on Data Protection and additional legislation on personal data protection in force in the countries in which the company operates.

“Private Data” in this Privacy Policy Statement means the set of information that relates to you and that allows us to identify you directly or indirectly. Your personal data may include, for example your name and contact details (physical or electronic) and your reservations.

We may also receive your personal data from other companies, namely when they have gathered, processed or stored such information in connection with a contract for the provision of services.

Editory Hotels may gather the following sets of personal data:

1. Customer data – full or abbreviated name, address, telephone, email, details of reservation – whenever they book with one of Editory Hotels;

2. Credit card details – card holder name, card type, number, expiration date and security code – when payment is made using a credit card;

3. Customer data for signing up of newsletters – name, email and country;

4. Contact details of user – name, email, telephone, type of question and message – whenever asked to be contacted.

We use your personal data for the following purposes:

1. Management of bookings, claims and payments – for making and processing reservations at the chosen hotel;

2. Marketing and direct marketing – to inform about highlights and offers that may interest you;

3. Customer management – to reply to your contact request.

Your personal data is kept for managing reservations, claims and payments up to 2 years after your last reservation, except for data concerning payments, which are kept up to 10 years in conformity with the VAT Code (CIVA).

For marketing and direct marketing purposes, we keep your personal data for as long as you consent to our processing thereof.

Your personal data is kept up to 2 years after the last contact for customer management (contact).

All personal data will be irreversibly anonymised or destroyed/deleted in a secure manner at the end of the maximum retention period or if you withdraw your consent.

In some cases we can disclose your personal data to other entities, in connection with the services provided by those entities. In such cases, we require that they have the suitable measures in place for protecting your personal data.

We may disclose your personal data where required by law to authorities or third parties, and in such cases we have limited control over how your personal data is protected.

If your personal data is transferred or accessed by suppliers or service providers from outside the European Union, we ensure that such information is processed following the appropriate security and protection measures, in accordance with the measures taken by us.

In some situations, you are entitled to access it or request from us:

1. Additional information on how we use your personal data;

2. Your personal data;

3. The provision to another entity of your personal data that you gave us;

4. The update of your personal data;

5. The deletion of your personal data;

6. The withdrawal of your consent to process personal data;

7. Limited use of your personal data while we correct or clarify possible doubts about its content or how we use it;

8. The availability of a channel for challenging decisions concerning your personal data.

You also have the right to delete or modify, at any time, the consent statements you have given to use your personal data. The exercise of your rights is subject to some exceptions aimed at safeguarding the public interest, namely for crime prevention or detection, or when the personal data is subject to professional secrecy.

To exercise your data protection rights, or if you have any questions about how we use your personal data, send us your message to dataprotection@editoryhotels.pt.

You may also contact our Data Protection Officer by the following means:
Email: dpo@editoryhotels.pt
Tel.: + 351 22 040 29 88

If you are not satisfied with our use of your personal data or our reply after you have exercised any of your rights, you have the right to submit a complaint to the Portuguese Data Protection Committee (CNPD). Address Rua de São Bento, 148 – 3º, 1200-821 Lisboa – Telephone: +351213928400 – Fax: +351213976832 – Email: geral@cnpd.pt.

Editory Hotels uses cookies on its website to improve the performance and browsing experience of our users, increasing, on the one hand, the speed and efficiency of response and, on the other hand, eliminating the need to repeatedly enter the same information. The use of cookies on its website allows Editory Hotels to personalize content and ads, provide social networking features and analyze traffic on its website. Editory Hotels may also share information about our Users' browsing with their social media, advertising and analytics partners, which may combine it with other information that Users have provided to them or that have been collected by partners from the use of the respective services.

See the Editory Hotels Cookie Policy here.

We have several information security measures in place, in line with best national and international practices, to protect your personal data, including technological control, administrative, technical, physical measures and procedures that guarantee data security, preventing possible misuse, unauthorised access and dissemination, loss, undue or inadverted altering, or unauthorised destruction of such information.

In terms of information security we have assumed the same commitment of ongoing improvement as we adhere to in our daily operations.

We have implemented the following, without limitation:
1. Restricted access to your personal data by entities requiring such data and for the aforementioned purposes;
2. Storage and transfer of personal data in a secure manner;
3. Protection of information systems using devices that prevent unauthorised access to your personal data;
4. Mechanisms guaranteeing the preservation of the integrity and quality of your personal data;
5. Ongoing monitoring of information systems to prevent, detect and deter the inappropriate use of personal data;
6. Personal data storage, processing and communication equipment redundancy.

We may disclose your personal data where required by law to authorities or third parties, and in such cases we have limited control over how your personal data is protected.

This Privacy Policy Statement may be updated from time to time, as advertised on the Website.