If you find a price lower than that on our website, we guarantee the best price.
1. Introduction
The aim of this document is to provide a concise policy declaration on data protection obligations that will be implemented in all companies that are part of and make up the BLUE & GREEN Group (hereinafter the “B&G Group”). This policy details the obligations of the B&G Group in terms of personal data processing, aimed at complying with relevant legal requirements, from the point of view of focusing efforts towards a continually changing reality, so to address the most relevant risks.
2. Grounds
The B&G Group must comply with data protection principles established in current legislation.
This Policy applies to all personal data processing operations, including data collection, processing and storage by all companies of the B&G Group of personal data belonging to their employees, service providers and clients during the course of their activities.
3. Scope
The Policy covers all personal data, including data regarding special personal data categories, which are processed in relation to the data subjects by the B&G Group, as the Data Controller or Subcontractor.
This Policy also applies to personal data processed manually provided this date is included in a structured file.
All personal data related to special personal data categories will be processed with extra care by the B&G Group. Both categories are equally referred to as “Personal Data” in this Policy, unless stated otherwise.
4. Who processes your data
In the course of their daily activities, B&G Group companies may acquire, process and store personal data.
According to European and Portuguese data protection legislation, this data must be lawfully, fairly and transparently acquired and managed.
The B&G Group is committed to ensuring that your team is sufficiently aware of data protection laws and practices, in order to be able to anticipate and identify any data protection issues that may arise.
Under these circumstances, the team must ensure that the Controller is informed, so that appropriate and necessary corrective actions may be taken, and to protect the rights, freedoms and guarantees of the Data Subjects.
The B&G Group may share Personal Data of their Data Subjects with Processors provided it is necessary for the normal provision of services.
Regarding the obligations of the B&G Group, Processors’ access to Personal Data shared by the B&G Group is regulated by the contract made with their Processors.
Therefore, the B&G Group contractually ensures and regularly verifies that Processors are reliable entities that offer appropriate protection guarantees and that no more data is sent to them than is required to provide the contracted service.
During the course of their duties as Data Controller, the B&G Group may also share the Personal Data of their Data Subjects with other Data Controllers so to perform processing operations required for providing the contracted services.
Within the scope of the aforementioned joint responsibility, the B&G Group makes an agreement with the other controller, in which the purposes and responsibilities are clearly identified in compliance with the applicable data protection legislation, ensuring compliance with the Rights and Freedoms of Data Subjects by establishing appropriate communication channels to respond to requests from Data Subjects.
Regardless of the existing relationship between personal Data Recipients, the B&G Group shall outline, by means of a written formal written contract, the personal data obligations, the specific purpose or the purposes of their involvement, and the understanding that they perform data processing operations according to the Portuguese Data Protection Law.
5. Your data may be shared with the following Recipients:
6. What we do with your data:
As Data Controller, the B&G Group ensures that all Personal Data:
Thus, the B&G Group has implemented a procedure to respond to the Data Subjects’ requests in order to efficiently and appropriately manage such requests within the time limits set out in the legislation.
The B&G Group has implemented or is implementing available levels of Personal Data security and protection, as well as technical and organisational measures to protect against the loss, misuse, change, or unauthorised access of Personal Data, as well as against any other form of unlawful processing.
All Employees of the B&G Group are also subject to confidentiality standards.
7. Purposes and lawfulness of the Processing operations:
The B&G Group processes the Personal Data of their Clients to ensure compliance with the service agreement made with the Data Subjects or the Joint Data Controllers (regarding data and Data Subjects they collect, such as counterparts, employees and others). The personal data identified herein, which is subject to processing operations, is required for the execution of a contract or for pre-contractual arrangements or for compliance with legal obligations, or in the case of marketing, the data may fall under consent.
Special Category data on Clients, or obtained from Clients, will be subject to appropriate processing operations, insofar as the data is required for important public interest reasons, such as preventing money laundering and financing terrorism.
The processing of Personal Data belonging to Clients, or obtained from Clients, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.
The B&G Group processes the data of their employees to enforce the work contract. The data processed is required to enforce a contract to which the Data Subject is a party, or for the purpose of pre-contractual arrangements at the request of the Data Subject.
The personal data of employees is also collected and processed for the purpose of complying with legal obligations that the Data Controller is subject to.
Operations relating to the processing of Special Category data collected from Employees are required for the purpose of complying with legal obligations and exercising the specific rights of the Data Controller or the Data Subject in terms of labour, social security and social protection law, and also for the purpose of preventive or occupational healthcare, and to assess the employee’s work capacity.
The processing of Personal Data belonging to Employees, or obtained from Employees, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.
The B&G Group processes the Personal Data of their Service Providers to ensure compliance with the service agreement made with the Data Subjects or the Joint Data Controllers (regarding data and Data Subjects they collect, such as counterparts, employees and others). The Personal Data identified herein, which is subject to processing operations, is required for the execution of a contract or for pre-contractual arrangements or for compliance with legal obligations.
Special Category data on Service Providers or obtained from Service Providers will be subject to processing operations, insofar as the data is required to declare, exercise or defend a right in a legal procedure, or if the processing is required for the purpose of complying with obligations and exercising the specific rights of the Data Controller or the Data Subject in terms of labour, social security and social protection law or if the data is of public interest.
The processing of Personal Data belonging to Service Providers or obtained from Service Providers, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.
8. Criteria for Calculating Retention Periods
The B&G Group will store Personal Data for the period they deem necessary and sufficient for the purposes behind the data collection and processing. The data storage time will vary according to the purpose for which the data is processed and according to legal standards demanding data storage. At the end of this period, the data will be deleted pursuant to the appropriate technical and operational guarantees, as documented in each of the relevant processes.
9. Right of Access and Exercise of Rights
Data Subjects can exert their rights under the applicable data protection law by writing to the following email address: blueandgreen@dataprotection.pt
The B&G Group has also appointed a Data Protection Officer, in accordance with best practices in the field, who can be contacted at the following email address: blueandgreen@dataprotection.pt
Register for the Be our Guest program to gain exclusive benefits. Enjoy a 10% discount on accommodation and earn points that can be exchanged for credit during your stay.