Privacy Policy
Last Updated: 01/10/2024
At HESTIA, we are committed to protecting your privacy and ensuring that your personal data is handled securely and responsibly. This Privacy Policy explains how we collect, use, and safeguard the information you provide to us in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws in the European Union (EU). By using our website or services, you agree to the practices described below.
1. Who We Are
HESTIA is the commercial name of Serendipity Homes, LDA, a property management company. Our company is legally registered as Serendipity Homes, LDA and operates under the commercial name HESTIA. You can contact us via email at [email protected] or by phone at +351 966 556 648.
2. What Personal Data We Collect
We may collect and process the following personal data:
- Identification details: Name, nationality, and ID number (passport or national ID) as required by local laws.
- Contact information: Email address, phone number, and home address.
- Booking information: Dates of stay, special requests, preferences (e.g., apartment preferences).
- Payment details: Credit card or bank details for processing payments.
- Usage data: Information about how you use our website, including IP address, browser type, and device information (collected via cookies, see section 6).
- Communications: Any information you voluntarily provide via email, phone, or social media.
3. How We Use Your Personal Data
We use your personal data for the following purposes:
- Booking management: To manage reservations, send booking confirmations, and communicate important information about your stay.
- Guest services: To offer personalized service during your stay, including responding to inquiries and requests.
- Compliance: To comply with local regulations, such as guest registration with authorities.
- Marketing: With your consent, we may send promotional offers, newsletters, or updates about our properties (you can opt out at any time).
- Website functionality: To improve the user experience and manage security on our website.
- Legal requirements: To fulfill our legal obligations, such as tax or financial reporting.
4. Legal Basis for Processing Personal Data
We process your personal data based on one or more of the following legal grounds:
- Performance of a contract: To provide accommodation services and fulfill the terms of your booking.
- Legitimate interests: For internal administrative purposes and to improve our services.
- Compliance with legal obligations: To meet legal requirements, such as local laws related to tourism and tax reporting.
- Consent: For marketing and promotional communications, which you may opt out of at any time.
5. How Long We Retain Your Data
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. For example:
- Booking and payment data: Retained for a period of up to 7 years, in compliance with tax and accounting regulations.
- Marketing data: Retained until you withdraw your consent.
6. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to improve the user experience. Cookies are small text files stored on your device that collect information about your browsing habits. We use cookies for:
- Website functionality and performance
- Analytics (Google Analytics or similar) to track user interactions
- Social media features, such as sharing content on Instagram
You can manage your cookie preferences through your browser settings.
7. Sharing Your Data
We do not sell or share your personal data with third parties except in the following circumstances:
- Service providers: We may share data with third-party service providers who assist with operations (e.g., payment processors, website hosting).
- Legal obligations: We may disclose data if required by law or in response to legal proceedings, such as compliance with tourism registration laws in Portugal.
- Business transfers: In the unlikely event of a business restructuring or sale, personal data may be transferred as part of the transaction.
8. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
- Access: Request access to the personal data we hold about you.
- Correction: Request correction of any inaccurate or incomplete personal data.
- Erasure: Request deletion of your personal data where there is no legal requirement for us to retain it.
- Restriction: Request that we limit the processing of your personal data in certain situations.
- Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing purposes.
- Withdrawal of consent: If processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of the processing before withdrawal.
To exercise any of these rights, contact us at [email protected].
9. International Data Transfers
As a company based in Portugal, your data will primarily be processed within the EU. However, if we use third-party service providers that operate outside the EU (such as cloud hosting services), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent agreements, to protect your data.
10. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, loss, or misuse. This includes encryption, access controls, and regular security reviews.
11. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be posted on this page with a revised "Last Updated" date.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us:
Email: [email protected]
Phone: +351 966 556 648
13. Complaints
If you believe your rights under GDPR have been violated, you have the right to lodge a complaint with a supervisory authority, such as the Portuguese Data Protection Authority (CNPD).