PERSONAL DATA PRIVACY POLICY

ICH processes Personal Data belonging to Users, and therefore, determines all its actions based on a premise of respect and attention to the privacy and security of such personal data. To put You in control, we recommend that You read this Privacy Policy carefully, as it will be applicable during all Processing of Personal Data of Customers and Users carried out by ICH.


We are continually working to improve our Personal Data Processing formats and our Systems, which is why this Policy will be reviewed at least annually. To ensure that you are always up to date with the best privacy protection and information security practices that we have adopted, we recommend that you visit this page to view the publication of any updates. However, do not worry, if relevant changes are made that require your new consent regarding any personal data processing, we will request it again.



1. What is our Privacy Policy?

1.1 Our Privacy Policy provides information about:


The guidelines for the Processing of Personal Data within ICH for Users who access our platforms and/or use our services as a Customer; and


The exercise of the rights of Users, as holders of personal data.


2. What Personal Data Do We Process?

2.1. In general terms, ICH requests the following personal data from Users:

DATA CATEGORIES

DATA EXAMPLES

Identification Data

Name, CPF, ID, affiliation, place of birth, flight reservations, etc.

Property Data

Information on vehicles that pass through the hotel premises, etc.

Contact Details

Address, corporate or personal email, corporate or personal phone, etc.

Purchase Data

Place, date, time, volume, values and types of purchases made in our establishments and with partner suppliers (restaurants, hotels, agencies, etc.), reservation information, participation in loyalty programs, etc.

Professional Data

Information about academic or professional career, job titles.

Location Data

country, location, GPS coordinates/geolocation etc.

Tracking Data

Browsing information, IPs, etc.

Biometric Data

Filming, photography, etc.

Financial Data

PIX key, account holder name, bank branch and account, credit card number, debit card number, credit protection registry registration, etc.

Communications Data

Copies of emails/electronic communications to or from an individual; telephone recordings, voice mail, letters, etc.

Social Media Data

information about an individual's friends and social connections; friends, connections, acquaintances, associations, group memberships, etc.

2.2. We use your personal data in constant compliance with the legal bases that authorize its use and the purpose for which it is intended, in a manner proportional to the Personal Data Processing activities that we will carry out.


2.3. We do not collect data relating to racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or organization of a religious, philosophical or political nature, nor data relating to health or sexual life and/or genetic data, unless you voluntarily provide them to us to provide you with some benefit, such as informing us of your condition in relation to allergies and dietary restrictions, physical, visual, hearing or intellectual disabilities and special needs.


2.4. We reserve the right to collect your image from internal security cameras to provide adequate security to You.


3. Why Do We Collect Your Personal Data?

3.1. We collect personal data from Users to operate, provide, improve, personalize, understand, support, and market our services to You, as well as to ensure that Your experience is comfortable and enjoyable.


3.2. The following table indicates the purpose and legal basis for the processing that we use to collect the personal data of the people covered by this Policy:

PERSONAL DATA

PURPOSES

LEGAL BASIS FOR PROCESSING

Identification Data

Property Data

Purchasing Data

Financial Data

Contact Details

Location Data

Tracking Data

Professional Data

SERVICE AND PRODUCT ADMINISTRATION ACTIVITIES (execution of administrative processes related to accommodation, food, tours or guest travel; managing the maintenance of general and mandatory records; registration of participation in loyalty programs, etc.)

Compliance with legal or regulatory obligations;

Attention to the legitimate interests of the organization; and

Execution of a contract with the holder of personal data.

Identification DataProperty DataPurchase DataFinancial DataContact DataLocation DataTracking DataProfessional Data

MEETING AND EVENT ORGANIZATION AND SUPPORT ACTIVITIES (venue reservations and event management)

Compliance with legal or regulatory obligations;

Attention to the legitimate interests of the organization; and

Execution of a contract with the holder of personal data.

Identification Data

Purchasing Data

Financial Data

Contact Details

Communications Data

Location Data

GUEST COMMUNICATION ACTIVITIES (reservation alerts and confirmations, promotions and information about the accommodation location, responses to your questions and comments)

Execution of a contract with the holder of personal data; and

Attention to the legitimate interests of the organization.

Identification Data

Property Data

Purchasing Data

Financial Data

Contact Details

Location Data

Tracking Data

Professional Data

Social Media Data

MARKETING ACTIVITIES (sending and making available information about ICH products or selected partners to you).

Attention to the legitimate interests of the organization; or

Consent.

Execution of a contract with the holder of personal data.

Biometric Data

SECURITY CAMERA FILMING ACTIVITY (to ensure the safety and security of guests and visitors and to prevent potentially prohibited or illegal activities)

Attention to the legitimate interests of the organization; and Protection of the life and physical safety of the holder and third parties.

Identification Data

Purchasing Data

Financial Data

Contact Details

Location Data

Tracking Data

Professional Data

PRODUCT AND SERVICE DEVELOPMENT AND IMPROVEMENT ACTIVITIES (analysis of aggregated data and statistics, creation of indicators, audits, popularity surveys of services and products offered)

Attention to the legitimate interests of the organization.

Identification Data

Contact Details

Tracking Data

SERVICE EMAIL ANALYTICS ACTIVITIES (click-through rate, email opening, email subscription/unsubscription)

Attention to the legitimate interests of the organization.

Identification Data

Purchasing Data

Financial Data

Contact Details

Communications Data

Location Data

GUEST COMMUNICATION ACTIVITIES (reservation alerts and confirmations, promotions and information about the accommodation location, responses to your questions and comments)

Execution of a contract with the holder of personal data; and

Attention to the legitimate interests of the organization.

Identification Data

Purchasing Data

Financial Data

Contact Details

Location Data

Tracking Data

Professional Data

Communications Data

RELATIONSHIP ACTIVITIES (answering questions, customer service, relationships, after-sales, satisfaction survey)

Execution of a contract with the holder of personal data;

Attention to the legitimate interests of the organization; and Compliance with legal or regulatory obligations.

3.3. Other new activities that require the execution of Personal Data Processing by ICH that may not be reported above will be duly included in this Policy and informed to the holders of the personal data.


3.4. ICH processes Personal Data of children and adolescents. In this case, specific and highlighted consent will be collected from at least one parent or legal guardian.


4. How Do We Collect Your Personal Data?

4.1. ICH may collect User personal data in the following ways:

4.1.1 Data provided by You. Data that You voluntarily send to us by email, chat, telephone, applications, electronic forms, website, etc., to use the accommodation, restaurant, event promotion and other related services. If you do not provide this data, you will not be able to use our services.


4.1.2 Data we collect automatically. Data we collect through the use of the website, through the integration of technology applications, cookies, which includes how You use our services, diagnostic files, faults, performance records, connection and device data, information about systems operational, location data, data extracted from mandatory and/or optional cookies. Read our Cookies Policy [https://www.intercityhoteis.com.br/cookies/].


a) Cookies: Internet files that store information about your use of websites and blogs, such as browsing history and preferences. ICH has cookies on its websites and blogs. You can disable cookies at any time, but some parts of the pages may stop working (mandatory cookies).


4.1.3 Third-party data. We work with third-party service providers to help us operate, execute, improve, and customize our services, such as integrations of technology applications and electronic forms. Third parties will have their own privacy policy that is independent of ICH.


4.1.4 Third-party services. Personal Data provided by partners contacted by You to use our services, such as travel agencies, event organizers, reservations through third-party websites, etc. Third parties will have their own privacy policy that is independent of ICH.


5. With whom do we share your Personal Data?

5.1. ICH does not sell, rent or trade any Personal Data to third parties.


5.2. ICH shares your personal data on a need-to-know basis to help us operate, provide, improve, understand, customize, support, and advertise its services and activities:


5.2.1 Economic Group. Companies, units, ventures and/or hotels of the same economic group of which ICH is a part may share personal data with each other, as long as it is for purposes consistent with those set out in this Privacy Policy – such as the centralization of personal data management to increase the effectiveness of its protection.


5.2.2 Third parties. Suppliers, service providers and/or business partners, when necessary for the administration and operation of our activities, advertising, product optimization and achievement of commercial objectives. In such cases, these specialized service providers will be subject to the adoption of a contract that ensures the secrecy and confidentiality of your Personal Data.


5.2.3 Government agencies. In order to comply with legal and regulatory obligations, by judicial and/or administrative order from a public authority, we will share your Personal Data.


5.2.4 Merger, Acquisition and Incorporation. We may transfer your Personal Data to third parties that are part of any transaction involving the purchase, transfer, sale and/or restructuring of ICH assets (such as, for example, in the case of a merger, acquisition or transfer of assets between companies). In this case, the change in control of your Personal Data will be duly informed to You.


6. International Data Transfer

6.1. We reserve the right to transfer personal data collected outside of Brazil. Any international data transfer will only be carried out to locations and entities that ensure similar and adequate levels of data protection.


6.2. ICH transfers personal data collected outside of Brazil, especially when the company responsible for hosting your information is located in a foreign territory.


7. What are the Rights of Personal Data Holders?

7.1. Users have the right to exercise, at any time:


7.1.1 Right to non-processing. You may choose not to disclose your personal data to ICH, however, some of this data may be necessary to enable access to the Systems and full use of their resources, as well as to complete the marketing of our products.


7.1.2 Right to information about data processing. You can have easy access to information about the processing we perform on your data. You can obtain, upon prior request, information about the use and operation we carry out with your data, whether internally, with other companies or government agencies. You can request explanations and guidance on the possibility of not providing consent and the consequences of this decision.


7.1.3 Right to access data and confirm the existence of processing. You may question whether or not your data is being processed, as well as request a copy of the personal data we hold about you.


7.1.4 Right to correct incomplete, inaccurate or outdated data. You may request the correction or modification of your personal data if you identify that some of it is incorrect, incomplete or outdated. However, in order for this correction to be effective, we will have to check the validity of the data you provide to us.


7.1.5 Right to anonymization, blocking or deletion of data. You may request the deletion, blocking or anonymization of your personal data from our database when they are unnecessary, excessive, processed in non-compliance with the provisions of the legislation on personal data protection or when they were collected based on your consent. All data collected will be deleted from our servers when you so request and when they are no longer necessary or relevant to provide you with access to the Systems and any functionalities, unless there is a relevant reason for their maintenance, such as a possible legal or regulatory obligation to retain data or the need to preserve them to protect rights and activities of legitimate interest of ICH.


7.1.6 Right to object to data processing. When we are processing your data without your consent or when you understand that this impacts your fundamental rights and freedoms, you may object to the way and reason why we process your Personal Data. This does not mean that ICH must accept your objection if there is a relevant reason for its maintenance, such as a possible legal or regulatory obligation to retain data or the need to preserve it to protect rights and activities of legitimate interest of ICH.


7.1.7 Right to data portability. You may request that we provide your personal data to you or to a third party of your choice. This means that we will provide your personal data as requested, but we cannot guarantee that the format shared will be compatible with the destination.


7.1.8 Right to withdraw consent. You have the right to withdraw your consent, however, this will not affect the lawfulness of any processing carried out with your data prior to your withdrawal. If you withdraw your consent, certain products or access to the Systems and their functionalities may no longer be provided to you.


7.2. We reserve the right to request your Identification, Authentication and Contact Data to ensure the exercise of your rights over personal data owned by you or by people that you legitimately and demonstrably represent.


7.3 ICH may contact You to obtain further information regarding Your request through the appropriate Communications Channel.


7.4. ICH makes its best efforts to respond to all legitimate requests within a reasonable time.


8. How Do We Store Your Personal Data?

8.1. ICH uses the best governance, technical, organizational and security practices designed to protect your personal data on our servers, in the cloud contracted with third parties and in physical and digital workstations.


8.2. In order to guarantee the security of your personal data, we adopt practices related to access authentication; encryption of data and information content, whenever possible; periodic monitoring and scanning to detect vulnerabilities; protection against malicious software; traceability mechanisms, access controls and computer network segmentation; and maintenance of backup copies of stored data and information.


8.3. If you identify or become aware of anything that compromises the security and inappropriate processing of your data, please contact ICH.


9. Information Security

9.1. We strive to use commercially acceptable means to protect your Personal Data, but we cannot guarantee its absolute security. No method of transmission over the Internet, or method of electronic storage, is 100% secure.


9.2. Therefore, we also count on your responsibility to adopt reasonable security measures on the devices and software that You use to access our products and services.


10. How Long Will Your Personal Data Be Stored?

10.1. We will only retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy.


10.2. If you request the deletion of your data and/or your registration in our systems, we will delete your data, unless its maintenance is necessary to fulfill the purposes for which the data was collected, legal, contractual, accountability obligations or request from competent authorities.


11. Talk to ICH!

11.1. If You wish to speak to ICH about any type of occurrence and/or requests for guidance and/or curiosities and/or suggestions and/or comments and/or criticisms about the Personal Data Processing that we carry out, You can contact us at the following address:

privacidade@intercityhoteis.com.br


11.2. We want to hear from you!


12. Policy Changes

12.1. This Privacy Policy will be reviewed at least annually and will be republished whenever necessary to publicize its updates.


12.2. If relevant changes are made, such as those that require your new consent, we will request your consent again.

Share by: