Skip to main content

Cascade Wellness Resort Privacy Statement

Sunseasand at Praça de Alvaladem º 7, 8º Dtº, 1700-036 Lisboa, Portugal ("we", "us", or "our"), acting in our capacity as data controller, issue the present privacy policy to describe how and why your information is collected, stored, used, and/or shared ("processed") when you use our services ("Services"), such as when you:
  • Visit our website at https://www.cascaderesortalgarve.com/en or any website of ours that links to this privacy policy.
  • Engage with us in other related ways, including any bookings, lodging and meal services, sales, marketing, or events.
Reading this privacy policy will help you understand what data we collect, how and why we handle your data, and your privacy rights and choices.
If you still have any questions or concerns, please contact us at marketing@cascade.pt.
 

TABLE OF CONTENT

  • WHAT INFORMATION DO WE COLLECT?
  • HOW DO WE PROCESS YOUR INFORMATION?
  • WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR INFORMATION?
  • WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  • DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  • IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  • HOW LONG DO WE KEEP YOUR INFORMATION?
  • HOW DO WE KEEP YOUR INFORMATION SAFE?
  • DO WE COLLECT INFORMATION FROM MINORS?
  • WHAT ARE YOUR PRIVACY RIGHTS?
  • CHANGES TO THIS PRIVACY POLICY

WHAT INFORMATION DO WE COLLECT?

- Personal information you disclose to us.
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you make bookings or otherwise participate in activities on the Services, or when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the bookings and Services you use. The personal information we collect may include the following:
  • Name
  • ID Document
  • Tax number
  • Age / birthdate
  • Nationality
  • Email addresses
  • Mailing addresses
  • Mobile number
  • Credit card number (Number, Validity, CVV)
  • Bank details (IBAN, bank name and address)
  • IP address
  • Browser and device characteristics (operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our websites)
  • Individual preferences
  • Stay dates

We may process sensitive information from you, depending on the Services you request from us (such as SPA treatments or meals without allergens). Sensitive information may include:

  • Health related data
  • Food restrictions / allergies.

 

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
- Information automatically collected when browsing our websites.


In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our websites.


We automatically collect certain information when you visit, use, or navigate our websites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. We collect this data even when you do not make a booking with us.


Like many businesses, we also collect information through cookies and similar technologies.


The information we collect includes:

  • Log and Usage Data: Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our websites and which we record in log files.
  • Depending on how you interact with us, this log data may include your IP address device information browser type and settings and information may include your IP address, device information, browser type, and settings and information about your activity in our websites (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data: We collect device data such as information about your computer, phone, tablet, or other device you use to access our websites. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data: We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access our websites. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of our websites.
 
 

HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

Categories of purposes

Purposes
Marketing • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. We may also send you marketing communications if you already acquired Services from us. We may send you marketing and promotional communications after you made a booking through any of our websites. You can opt out of our marketing emails at any time. For more information, see "WHAT ARE YOUR PRIVACY RIGHTS?" below.

 

• To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

 

Customer Management

• To deliver and facilitate delivery of Services to you. We may process your information to provide you with the requested Service.
• To handle invoicing and payments. We may process your information to handle invoicing and payments of any requested Service.
• To respond to your inquiries/offer support to you. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To handle complaints and to request feedback. We may process your information when necessary to handle complaints, to request feedback, and to contact you about your use of our Services.
• To comply with our legal obligation to inform the authority responsible for migrations of any foreigners staying at our hotels.

Website experience • Enhanced Website Navigation. Improve the website navigation based on user preferences to Personalize Website Experience.
Safety • To save or protect our, yours or third parties' interests and rights. We may process your information when necessary to save or protect our, yours or third parties' interests and rights, such as to prevent harm and ensure the protection of persons, properties and assets.

 

 

WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with Services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate interests.
The General Data Protection Regulation (GDPR) require us to explain the valid legal basis we rely on in order to process your personal information. As such, we may rely on the following legal basis to process your personal information:
Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent on "WHAT ARE YOUR PRIVACY RIGHTS?" section below.
Performance of a Contract: We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
Legitimate Interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
For example, we may process your personal information to pursue the following legitimate interests:
  • Send you information about special offers and discounts on our products and Services
  • Develop and display personalized and relevant advertising content for you
  • Analyse how our Services are used so we can improve them to engage and retain clients
  • Support our marketing activities
  • Understand how our users use our products and services so we can improve user experience
  • In order to personalize the website experience to users requirements
  • To protect our, yours or third parties' interests and rights, including the protection of persons, properties and assets, in or outside court.
  • To prevent fraud and other criminal conducts in our business.
Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations, such as to comply with our tax obligations, to comply with our legal obligation to inform the authority responsible for migrations of any foreigners staying at our hotels, to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
 
 
 

WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
 
  • Legal authorities - We may share your information with legal authorities when legally bound to do so.
  • Suppliers - We may share your information with the suppliers we use from time to time to conduct our business and improve our customer experience. You can contact us for updated information on suppliers processing your data.
  • Business Transfers - We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • When we use Google Analytics - We may share your information with Google Analytics to track and analyse the use of the Services. The Google Analytics Advertising Features that we may use include: Google Analytics Demographics and Interests Reporting and Google Display Network Impressions Reporting. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout.
    You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. Other opt out means include http://optout.networkadvertising.org/ and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.
  • When we use Google Maps Platform APIs - We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). We obtain and store on your device ("cache") your location for three (3) months. You may revoke your consent anytime by contacting us at the contact details provided at the end of this document.

DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information when you access and use our websites.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store your information when you use our websites. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.
 

IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own. In particular, we may transfer, store, and process your information in countries outside of the European Economic Area.
When accessing our websites, your information (name, email, location, IP address, browser characteristics, device data, log and usage data, Inferences drawn from this personal information to create a profile about user) may be sent to servers located in the United States of America.
To ensure proper safeguards, your data is transferred under the EU-U.S. Data Privacy Framework, which was approved by the European Commission's adequacy decision dated of 10.7.2023. We only resort to suppliers located in United States of America who are certified under Data Privacy Framework (DPF) program, administered by the International Trade Administration (ITA) within the U.S. Department of Commerce.
 

HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). You may contact us to obtain further information on the specific periods we keep your information for any specific purpose at marketing@cascade.pt
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
 

HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
We also have in place appropriate procedures to detect and handle data breaches. In the unlikely event that a data breach which is likely to result in a high risk to your rights and freedoms does occur, we will notify you promptly.
 

DO WE COLLECT INFORMATION FROM MINORS?

In Short: We may collect data from minors when required to provide our Services. We do not knowingly collect data from or market to children under 18 years of age without the supervision and consent of their respective legal guardians.
We may collect data from minors when required to provide our Services (namely, when minors are to accompany their legal guardians in any stays at our hotels). However, any data collected from minors is only processed after consent from their respective guardians is obtained, unless other legal basis apply.
We do not knowingly solicit data from or market to children under 18 years of age without the supervision and consent of their respective legal guardians. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor's use of the Services. If you become aware of any data we may have collected from children under age 18 without the supervision and consent of their respective legal guardians, please contact us at marketing@cascade.pt
 

WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You have the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided below.
You also have the right to complain to your Member State data protection authority. In case of Portugal, the data protection authority is Comissão Nacional de Proteção de Dados - CNPD (you can find further information at www.cnpd.pt).
We also draw your attention to the following rights:
  • Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided below. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor will it affect the processing of your personal information conducted in reliance on legal basis other than consent.
  • Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration of the Services you requested, to respond to service requests, or for other non-marketing purposes.
  • Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features of our websites.
If you want to exercise your rights, or if you have questions or comments about your privacy rights, you may email us at marketing@cascade.pt.
 

CHANGES TO THIS PRIVACY POLICY

We may update or make changes to this privacy from time to time, depending on legal changes, the availability of new products or services or any other relevant business events.
We invite you to regularly check this privacy policy for any changes.
 

Changes to Our Privacy Policy

This privacy policy may change from time to time to conform with legislation and/or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
By entering a valid email address that you have access to, we will inform you any personal information we collect that is associated with that email address and how to manage it.