Data Protection Policy


Hotel Alba is committed to protecting your privacy and takes its responsibility regarding the security of your information very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.

This Policy was last updated on 07-05-2019.

By providing us with your personal data, you explicitly agree that we may use it for the purposes described later in this Data Protection Policy.

This Policy sets out the following:

  • Responsibility for the protection of your personal data;
  • What personal information we collect and process about you and your relationship with us as a customer and through your use of our website;
  • The purposes for the use of your personal data, why and for how long;
  • How we store and protect your personal data;
  • To whom we transfer / to whom we disclose the data;
  • How we treat your data protection rights.

All personal data is collected and processed in accordance with Portuguese and EU data protection laws.

In this policy, Hotel Alba may be referred to henceforth as “we”, “us”, “our” or “Hotel Alba”.

Responsible for the protection of your personal data

Hotel Alba is the entity responsible for the control of all personal information that are collected about you and used for the purposes established in the Personal Data Protection Law that transposes into the Portuguese Dir. Nº 95/46/CE. Hotel Alba has the license number 1368 and has its headquarters in Monte Gordo. The customer has the right to make a complaint to the National Data Protection Commission which is Alba’s main Data Protection Supervisor.

What personal data we collect

We may collect personal data from you when you contact us (attendance at the reception, telephone contact, e-mail, via our website or via social networks) or makes a reservation in our Hotel either directly or indirectly through our travel partners.

Specifically, we may collect the following categories of information:

  • Basic information – name, age, gender, identification card and / or passport and their expiration date and country of issue;
  • Contact information – personal address, zip code, e-mail address and telephone number;
  • Financial information: your credit card details, detailed expenses and transaction history;
  • Clinical cases when disclosed that have special medical requirements and / or food requirements;
  • Information you provide about your reservation preferences, as well as your companions or contracted services;
  • When you contact us, for example, to send a question or make a request, any correspondence can be saved and added to your personal information.

Personal details about your physical or mental health, alleged commission or conviction of criminal offences are considered “sensitive” personal data under applicable data protection laws. We will process any such data only if you have given your explicit consent, or it is necessary (for instance if you request special assistance), or you have deliberately made it public.

For what purposes do we use your personal data, why and for how long

Your data may be used for the following purposes:

  1. Provide products and services: we use the information the client give us to perform the services the costumer has asked for in relation to the client booking, including requested booking changes;
  2. Contact you in the event of a booking change or cancellation: we send to client communications about the services the client have asked for and any changes to such services. These communications are not made for marketing purposes;
  3. Credit or other payment card verification/screening: we use your payment information for accounting, billing and to detect and / or prevent any fraudulent activities;
  4. Administrative or legal purposes: we use your data for statistical analysis, systems testing, surveys, maintenance and development, or in order to deal with a dispute or claim. Note that we may perform data profiling based on the data we collect from you for statistical analysis purposes. Any profiling activity will be carried out with your prior consent only and by making best endeavours to ensure that all data it is based on is accurate.
  5. Foreign Services and Borders: we may be obliged to provide your data to border control agencies;
  6. Security, health, administrative, crime prevention/detection:  we may pass your data to government authorities or enforcement bodies for compliance with legal requirements;
  7. Client Services communications: we use your data to manage our relationship with you as our client and to improve our services and enhance your experience with us;
  8. Provide tailored services: we use your data to provide information we believe is of interest to the client, prior to, during, and after client´s booking with us.

We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data for.

In most cases, we will have to process your personal data so that we can enter into our accommodation agreement with you.

We may also process your personal data for one or more of the following:

  1. To comply with a legal obligation (e.g. Immigration or customs requirements);
  2. To protect the vital interests of you or another person (e.g. in case of a medical emergency);
  3. It is in our legitimate interests in operating as a Hotel (e.g. for administrative purposes).

The preservation of your personal data is carried out for the time considered necessary for the purposes of collection and further processing, in particular, with respect to any retention period required under applicable legislation (eg retention of accounting documentation).

We must also consider the periods during which we may need to retain personal data in order to comply with our legal obligations or to respond to complaints, requests for clarification and to protect our legal rights in the event of a claim for compensation.

Security of your personal data

We follow strict security procedures regarding the storage and disclosure of your personal data, as well as their protection against accidental damage, loss or destruction. The data that you provide us is protected on a local server through a specific reservation management program, which is updated and regularly maintained by specialized technicians who have installed the necessary software (adequate to the size, volume and complexity of the data) to protect data from improper access or computer attacks orchestrated by internal or external persons or entities outside from the Hotel.

Access to your personal data is restricted to employees who perform management, reservation and reception functions and are protected by user authentication with their password that is personal and non-transferable. Access to credit card data is granted to employees designated and authorized to execute distance charges.

The personal data provided by e-mail is kept on the e-mail service provider’s own server ( which complies with the best international security and defence practices against computer attacks. Access to company emails is restricted to employees who perform management, reservation and reception functions and is protected by the authentication of a user and the password that only those employees know about.

You are responsible for the credit card data provided by email or telephone, as the Hotel Alba does not have the means or procedures to guarantee their safe transmission and treatment. However, the Hotel Alba guarantees the elimination of all electronic mails with credit card data after the collection of information and introduction into the reservation system.

The data that you provide us through the hotel’s reservation website is protected using Secure Socket Layer technology (SSL). SSL is the industry standard method for encrypting personal information and credit card data so that it can be securely transferred over the Internet.

Hotel Alba has as a priority the selection of external contracting entities that have the appropriate technical and safety measures in force to protect personal data, either from customers or employees, in accordance with the legislation on rules of data protection (eg tour operators, accounting, legal services, etc.).

Personal Data Transfer

Hotel Alba’s business is carried out in a number of jurisdictions, all of which are located in the European Economic Area (EEA) and are therefore covered by the European Data Protection Regulation, thus requiring robust data protection laws. The transmission of personal data as a result of these transactions is only carried out in one way, meaning that we only receive the personal data of customers who make reservations through external entities and are the same entities that collect your personal data. Therefore, Hotel Alba never assumes the role of transmitting your personal data to other jurisdictions.

Sharing your personal data

We may share your personal data with the following entities for the purposes described in this Personal Data Policy:

  1. Government authorities, law enforcement bodies and regulators for compliance with legal requirements;
  2. Tour operators and travel agencies whereby you make the reservation for Hotel Alba;
  3. Credit and debit card companies that facilitate your payments by customers and conduct anti-fraud assessments which may require information about your method of payment and booking to process their payment or ensure the security of the transaction;
  4. Legal and other professional advisers, law courts and law enforcement bodies in order to enforce our legal rights in relation to our contract with you;
  5. Accounting professionals since our Hotel chooses to have external accounting.


Your Data Protection Rights

Under certain circumstances, by law you have the right to:

  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it;
  • Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • Request correction of the personal information that we hold about you. This enables you to correct any incomplete or inaccurate information we hold about you;
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it;
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
  • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
  • Withdraw consent. In the circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you wish to exercise any of these rights, please send an e-mail to or contact our Hotel at Alameda da India in Monte Gordo – Portugal or by phone 281 530 500.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to ask you for specific information to help us confirm your identity and to guarantee your right to access information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to anyone who does not have the right to receive it.