Privacy Policy – Pedra Dura

For this Privacy Policy, the entity responsible for data processing will always be identified in the specific context in question, as described further below. Whenever this policy uses the pronouns “we,” “us,” or “our,” as well as similar expressions, they shall be understood as a reference to the entity responsible for data processing.

We thank you for visiting our website and for your interest in the Pedra Dura restaurant.

The relationship we maintain with our clients and visitors is based on trust. This trust implies a strong commitment to protecting your data and preventing any misuse. Therefore, we treat this responsibility with the utmost care and respect.

To ensure you feel safe and comfortable when visiting our website, we take the protection of your data and its confidential handling very seriously. For this reason, we act strictly by applicable legislation on personal data protection and data security.

The purpose of this privacy notice is to provide you with information about the data we store and how we use it, in compliance with the applicable legal framework.
This Privacy Policy applies to the Pedra Dura restaurant and its associated communication channels, as well as its reservation management systems.

All our operations comply with the EU General Data Protection Regulation (GDPR) and the Portuguese GDPR Implementation Law (Law No. 58/2019, of August 8).

To protect your data while using the Internet, we also follow the Portuguese Decree-Law on E-commerce in the Internal Market and Personal Data Processing (Decree-Law No. 7/2004, of January 7).

Below, we explain which information is collected during your visit to our websites and how it is used.

OVERVIEW

NAME AND ADDRESS OF THE DATA CONTROLLER
The entity responsible under the GDPR and other national data protection laws of EU Member States, as well as other data protection regulations, is:

Brantuas Brotherhood, Lda.
www.pedra-dura.pt
Rua Dr. Eduardo Burnay, 36 A
2655-370 Ericeira, Portugal
VAT No.: 510894585
Email: info@pedra-dura.pt

CONTACT FORM / EMAIL CONTACT

1. Description and scope of data processing
When a contact form is provided on our website, it can be used to establish electronic communication. If a user contacts us via the contact form, the data entered in the input fields will be transmitted to us and stored. These data include: title, first and last name, address, email address, telephone number, and reason for contact. You can also contact us directly via the email address provided. In this case, the personal data transmitted by the user, together with the email, will also be stored.

2. Legal basis for data processing
Our legitimate interest in processing data in the context of responding to inquiries constitutes the initial legal basis for data processing. If the purpose of the contact is to conclude a contract, the initiation of a business or contractual relationship will serve as an additional legal basis for data processing.

3. Purpose of data processing
We process personal data collected through the contact form solely to establish communication. If contact is made via email, we also have the necessary legitimate interest to process the data. Other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of personal data transmitted by email, the data will be erased when the correspondence with the user has ended.

Correspondence is deemed concluded when it can be reasonably inferred that the matter in question has been definitively resolved.

Suppose the contact is made based on a pre-contractual relationship (such as an offer or reservation request). In that case, the data transmitted will also be stored in our hospitality and/or event management software and used for contract execution.

If no contractual relationship is established, the data will be deleted one year after the end of the calendar year.

5. Option for objection and deletion
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of personal data transmitted by email, the data will be erased when the correspondence with the user has ended.

Correspondence is deemed concluded when it can be reasonably inferred that the matter in question has been definitively resolved.

The inquirer (data subject) may revoke consent for the processing of personal data at any time. For this purpose, we have set up the email address privacy@sanahotels.com. In the event of an objection, correspondence will cease, and we will be unable to make further offers, etc. In this case, all personal data collected during the contact establishment process will be deleted.

COLLECTION, PROCESSING, AND USE OF PERSONAL DATA

1. Description and scope of data processing
Brantuas Brotherhood, Lda., Rua Dr. Eduardo Burnay, 36 A, 2655-370 Ericeira, Portugal, is responsible for reservation management and customer service. To improve our services, we manage the collected data through a centralized system.

The establishment where the reservation is made is responsible for processing the data. Reservation data are only accessible to authorized personnel. Access to a customer’s master data may be used for rescheduling, future communications, or marketing campaigns. The legal basis for this processing is our legitimate interest in managing and utilizing the data efficiently. When our services are used, only strictly necessary data is collected. Additional data is voluntary and processed only with the user’s consent. Contact information collected from reservations may be used by the marketing department for future campaigns (preferably via email), based on the user’s permission.

2. Legal basis for data processing
The legal basis for data processing is the conclusion of a contract for the provision of restaurant services.

3. Categories of data subjects, data, and data categories
Personal data of customers is processed (such as name, contact details, preferences, billing information, and reservation history).

4. Recipients to whom data may be disclosed
– Internal team (kitchen, service, reservations);
– Public authorities, where legally required;
– Subcontracted service providers (e.g., management systems, marketing);
– Others, with the user’s consent.

5. Purpose of data processing
To ensure the provision of services, effective communication with customers, and internal management.

6. Duration of storage
Data are retained for as long as necessary to fulfill contractual obligations and comply with legal requirements.

7. Option for objection and deletion
The user may object to the processing of their data at any time by contacting info@pedra-dura.pt.

ONLINE RESERVATIONS THROUGH THE WEBSITE

1. Description and scope of data processing
The conclusion of a reservation contract at the Pedra Dura restaurant constitutes the legal basis for processing personal data.

Data transmitted through reservation forms will be stored in our system and used for reservation management. If no contractual relationship is established, the data will be deleted one year after the end of the calendar year.

2. Legal basis for data processing
The legal basis for data processing is the conclusion of a contract for the provision of restaurant services.

3. Purpose of data processing
We process personal data entered into the reservation form exclusively to handle reservations, manage the customer experience, and potential billing.~

4. Duration of storage
Data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the event of a contract, the data will be retained for the legally required period.

5. Option for objection and deletion
The user may object to the processing of their data at any time. For this purpose, please contact info@pedra-dura.pt. Please note that in the event of objection, it may not be possible to complete the reservation or maintain communication.

SUPPORT, ADVICE, AND ADVERTISING FOR CORPORATE CLIENTS

1. Description and scope of data processing
In the context of support, advice, and communication with corporate clients, we collect information such as the contact person’s name, job title, telephone number, and email address. This information is collected through direct contact (email, telephone), events, meetings, trade fairs, and the exchange of business cards.

2. Legal basis for data processing
Our legitimate interest in data processing constitutes the legal basis. If the contact is related to a pre-contractual or contractual relationship, that relationship serves as an additional legal basis for processing. The data are managed through our CRM system.

3. Purpose of data processing
We use this data exclusively for business purposes and to communicate with partners and potential corporate clients on a personalized basis.

4. Duration of storage
If no contact is made within three years, the need to retain the data will be reassessed. If no contractual relationship exists, the data will be deleted one year after the end of the registration year.

5. Option for objection and deletion
The corporate contact may object to the processing of their data at any time by contacting info@pedra-dura.pt. In such cases, all data will be deleted.

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Description and scope of data processing
Whenever this website is accessed, our system automatically records data and information from the computer, smartphone, or other mobile device used to access the site. The following data are collected as part of this process:
– Information about the type of browser and the version used;
– The user’s operating system;
– The user’s IP address;
– Date and time of access;
– Websites from which the user’s system accessed our website;
– Websites accessed by the user’s system through our website.

These data are also stored in the system’s log files. They are not stored together with the user’s other personal data. In this respect, it is not possible to create individual user profiles. The stored data will be evaluated only for statistical purposes.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is the safeguarding of our legitimate interests.

3. Purpose of data processing
The system temporarily stores the user’s IP address to deliver the website to the user’s device. For this to occur, the user’s IP address must be stored during the session. Storage in log files is performed to ensure the website’s functionality. The data also helps us optimize the website and ensure the security of our IT systems.

The stored data may be evaluated for statistical purposes or to trace cyberattacks on the website carried out by third parties. This also constitutes our legitimate interest in data processing.

4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. When data are collected to provide access to the website, this occurs at the end of the respective session. When data are stored in log files, they are deleted, at the latest, after seven days. Storage beyond this period is possible. In such cases, users’ IP addresses are deleted or anonymized so that they can no longer be attributed to the requesting client (data subject).

5. Option for objection and deletion
The collection and storage of data for the website are essential for its operation. Therefore, the user has no option to object.

USE OF COOKIES

1. Description and scope of data processing
Cookies are small files that allow us to store specific information related to the user on their computer when visiting our website. Cookies help us determine how many users have accessed our website, how frequently they do so, and they allow us to organize our products and services most conveniently and effectively possible for you.

We use “session cookies,” which are temporarily stored on your computer while you use our website. Session cookies are stored on your device and used to ensure specific settings and functionalities of our website are maintained through your browser. The cookies we use are deleted at the end of the browser session, i.e., when you close your browser.

We also use cookies on our website to analyze user browsing behavior. In this way, the following data may be transmitted: search terms entered, frequency of page views, and use of website functions. Technical measures are taken to anonymize the user data collected in this way. Thus, it is not possible to assign data to an inquirer (data subject). The data will not be stored together with other personal data of the user.

When visiting our website, users are informed about the use of cookies for analytical purposes. Consent to the processing of personal data is also obtained in this context. At the same time, the user is referred to this Privacy Policy.

2. Legal basis for data processing
Our legitimate interest in data processing serves as the legal basis for processing personal data using cookies that are technically necessary. The user’s consent for this specific purpose constitutes the legal basis for the processing of personal data through cookies used for analytical purposes.

3. Purpose of data processing
Technically necessary cookies are used to simplify the website’s use for users. Some of the functions of our website cannot be provided without the use of cookies. These services require the browser to be recognized again after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

Analytical cookies are used to improve the quality of our website and its content. These cookies enable us to understand how the website is used, allowing us to optimize our offerings continually.

4. Duration of storage
Cookies are stored on the user’s computer and transmitted to our website. This gives you, as a user, complete control over the use of cookies. You can disable or restrict the transmission of cookies by changing your internet browser settings.

Previously stored cookies can be deleted at any time. Cookies may also be automatically deleted. If cookies are disabled on our website, some site features may no longer be available.

It is also possible to use our services without cookies or scripts. You can turn off the storage of cookies and scripts in your browser, restrict cookies and scripts to certain websites, or configure your browser to notify you whenever a cookie is activated.

You can delete cookies from your computer’s hard drive at any time. You can also install a browser add-on to block scripts. Examples include NoScript for Firefox and ScriptSafe for Google Chrome. These block all types of JavaScript as well as selected trackers, Java, Flash, and other plug-ins on websites.

If third-party cookies are a concern, you can turn off only those cookies while still allowing cookies that are necessary for our website to function correctly. However, these changes may affect how the website is displayed or limit its functionality.

5. Additional information
In addition to the information above regarding the use of cookies, we draw your attention to the following:

Our website may use Google Analytics, Google DoubleClick Cookies, Google Conversion Tracking, and Google Remarketing. These services are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files stored on the user’s computer, that enable the analysis of how the website is used. The information generated by the cookie about the user’s use of this website is generally transmitted to a Google server in the USA and stored there.

However, IP anonymization is activated on this website. In that case, your IP address will first be truncated by Google within the Member States of the European Union or in other states that are parties to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and truncated there in exceptional cases. IP anonymization is active on this website.

On behalf of the operator of this website, Google will use this information to evaluate website usage, compile reports on website activity, and provide other services related to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting the relevant settings in your browser software; however, in this case, you may not be able to use all the features of this website in full.

You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to using the browser plug-in or in mobile device browsers, click this link to prevent future detection by Google Analytics on this website. An opt-out cookie will be stored on your device. If you delete your cookies, you must click this link again. The explanations above apply accordingly.

Disabling Google advertising:
http://www.google.com/privacy_ads.html

6. Use of social media plug-ins
Social media plug-ins from Facebook, operated by Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into the pages of our websites. Facebook plug-ins can be recognized by the Facebook logo or the “Like” button on our pages. An overview of Facebook plug-ins can be found here: developers.facebook.com/docs/plugins/.

When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook server. This allows Facebook to receive the information that you visited our website from your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to assign the visit to our website to your user account.

As the provider of these website pages, we do not receive any knowledge of the content of the transmitted data or its use by Facebook.

PROTECTION OF MINORS

Overview
This service is specifically intended for adults. Currently, we do not offer any services specifically designed for minors. As a result, we do not knowingly collect age-related information, nor do we intentionally collect personal information from individuals under 16 years of age.

However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal information through our service.

Suppose we discover that a minor under the age of 16 has provided us with personal information. In that case, we will delete that minor’s data from our files to the extent technically possible.

RIGHTS OF THE DATA SUBJECT

Overview
When your data is processed, you become a data subject within the meaning of the GDPR and you are entitled to the following rights against us (“the data controller” ):
– Right of access: You have the right to obtain information about the personal data stored about you, including the purpose of processing, any transfers of data to third parties, and the duration of data storage.
– Right to rectification, erasure, and restriction: If data are incorrect or no longer necessary for the original purpose for which they were collected, you may request that the data be corrected, deleted, or that processing be restricted. By our processing procedures, you may also review and update your data as necessary.
– Right to object: You have the right, at any time, to object on compelling legitimate grounds relating to your particular situation to the processing of your data, provided that the processing is based on legitimate interests. Following an objection, the controller may no longer process your data unless the controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if processing is necessary for the establishment, exercise, or defense of legal claims.
– Right to object to direct marketing: If your data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing or profiling purposes, your data will no longer be used for these purposes.
– Right to withdraw consent: You have the right to withdraw your consent to data protection at any time. The withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Overview
As a data subject, you have the right to complain with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your data infringes data protection legislation.

The supervisory authority with which the complaint has been lodged must inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy.

More information can be found on the website of the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados): www.cnpd.pt

SECURITY

Overview
We are responsible for ensuring the protection of your data. To safeguard your data from unauthorized access, unlawful use, alteration, distribution, or copying, we implement appropriate technical and organizational measures such as antivirus or anti-spyware software (subject to regular updates), SSL encryption of sensitive data (e.g., reservation forms), firewalls, frequent backups, and restricted access to personal data where necessary.

We are aware that no security measure is 100% effective or foolproof; however, we are committed to protecting the integrity and confidentiality of your data. For this reason, we continuously review and enhance our security measures.

When accessing our website using a username and password that you have created or chosen, you are responsible for maintaining the confidentiality and safeguarding of these credentials.