1. Data protection at a glance
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. For more detailed information on data protection, please refer to our data protection statement below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to demand the correction, blocking or deletion of this data.
You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
Analysis tools and tools from third-party providers
When you visit our website, your surfing behaviour may be statistically analysed. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you.
You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration. You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.
2. General notes and mandatory information
Note on the responsible office
The responsible party for data processing on this website is:
Hugo, Rua Oliveira Martins 13, Apt 13, 8200-619 Albufeira, Portugal
Phone: +351 918 474 021
Email: [email protected]
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses or similar).
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. All you need to do is send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If there is an obligation to transmit your payment data (e.g. account number in the case of direct debit authorisation) to us after the conclusion of a contract with costs, this data is required for the processing of payments. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. With encrypted communication, the payment data you transmit to us cannot be read by third parties.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction, blocking or deletion of this data. For this purpose as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Objection to advertising emails
We hereby object to the use of contact data published within the framework of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of these pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam emails.
3. Data collection on our website
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately in this data protection declaration.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Processing of reservation
You can register on our website in order to book or reserve an accommodation on the site. We use the data you enter for this purpose only.
The mandatory information requested during booking / reservation must be provided in full. Otherwise we may reject the reservation. For important changes, for example in the scope of the offer or in the case of technically necessary changes, we will use the email address provided during registration to inform you in this way.
Our booking / reservation system is provided by Smoobu GmbH (Falckensteinstr. 48 10997 Berlin, Germany). The data entered during booking / reservation is processed and stored by Smoobu and based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. For this purpose, an informal communication by email to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Legal retention periods remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of a contract for services and digital content
We only transmit personal data to third parties if this is necessary within the framework of the contract processing, for example to the credit institution commissioned with the payment processing. Further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
4. Analysis tools and advertising
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Objection to data collection
Order data processing
We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics with Google Analytics
This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.
Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account. To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data to define and create target groups for cross-device ad advertising. You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the collected data in your Google account is based solely on your consent, which you can give or withdraw at Google (Art. 6 para. 1 lit. a GDPR). In the case of data collection processes that are not merged in your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the collection of data is based on Art. 6 (1) lit. f GDPR. The legitimate interest results from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes. Further information and the data protection provisions can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Within the framework of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. The cookies cannot be tracked across AdWords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. The storage of “conversion cookies” is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.
Our website uses the visitor action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for conversion measurement. This makes it possible to track the behaviour of page visitors after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy.
You can also deactivate the “Custom Audiences” remarketing function in the settings section for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties. The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the members’ area) remain unaffected by this.
This website uses the services of Sendinblue for sending newsletters. The provider is Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France. Sendinblue is a service with which, among other things, the sending of newsletters can be organised and analysed. If you enter data for the purpose of receiving newsletters (e.g. email address), this data is stored on Sendinblue’s servers in France, Belgium or Ireland. More information here: https://help.sendinblue.com/hc/en-us/articles/360001005510-Data-storage-location
Sendinblue enables us to analyse our newsletter campaigns. When you open an email sent with Sendinblue, a file contained in the email (so-called web-beacon) connects to Sendinblue’s servers in Germany. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want any analysis by Sendinblue, you must unsubscribe from Sendinblue. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website. The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR).
You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you have provided us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
For more details, please refer to the data protection provisions of Sendinblue at: https://www.sendinblue.com/legal/privacypolicy/.
Conclusion of a data processing agreement
We have concluded a so-called “Data Processing Agreement” with Sendinblue, in which we oblige Sendinblue to protect the data of our customers and not to pass it on to third parties. This agreement can be viewed at the following link: https://albufeira.apartments/pdf/dpa_contract_4488458.pdf
6. Plugins and tools
Google Web Fonts
7. Payment provider
On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
On our website we offer, among other things, payment via Stripe. The provider of this payment service is Stripe Payments Europe Limited, C/O A&L Goodbody, Ifsc, North Wall Quay Dublin 1, Dublin (hereinafter “Stripe”). If you choose to pay via credit card, the payment details you enter will be transmitted to Stripe. The transmission of your data to Stripe is based on Art. 6 (1) a GDPR (consent) and Art. 6 (1) b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
8. Data processing procedures
We process the client’s data for the following processes:
- Registration and account administration. We use the data to enable the client and the processor to register and administer the software.
- During the test phase we send help or reminders. Generally, we also send information about new events in your booking calendar by email or SMS.
- We use the information to provide you with customer service.
- We use the information to send you marketing material, to send the newsletter or to inform you about new products.
- Some products allow you to communicate with your guests. The processor generally has access to these communications. We store all these communications.
- Guest data is used to send automated messages when enabled by the client. We never share client data with third parties unless they are specified as subcontractors.
- Guest data is stored in the client database to ensure the smooth flow of booking, communication and payment transactions between the client and its customers.
- Booking periods, guest data and booking details are passed on to subcontractors for further processing, e.g. for the creation of registration forms.
The contractually agreed services or the partial services described below are carried out using the following subcontractors. The Processor shall inform the Client before engaging further subcontractors or replacing listed subcontractors, whereby this may not be refused without good cause under data protection law.
Cloudflare – Content delivery network (CDN) – Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107 USA, https://www.cloudflare.com/en-gb/privacypolicy/
Facebook – Advertising – Facebook Deutschland GmbH , Caffamacherreihe 7, 20355 Hamburg, Germany, https://www.facebook.com/privacy/explanation
GoDaddy – Domain Registrations and Hosting, Legal/Data Protection, Hansestr. 79, 51149 Cologne, Germany, https://de.godaddy.com/agreements/showdoc.aspx?pageid=PRIVACY
Google – Advertising – Gordon House, Barrow Street, Dublin 4, Ireland, Dublin, https://cloud.google.com/security/gdpr/
Hetzner – Webserver – Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, https://www.hetzner.de/rechtliches/datenschutz
Paypal – Payment provider – PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg https://www.paypal.com/de/webapps/mpp/ua/privac y-full?locale.x=en_DE
Sendinblue – Newsletter services – Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany, https://www.sendinblue.com/legal/privacypolicy/
Smoobu – Channel Management, Property Management, Guest CRM, Booking System – Smoobu GmbH, Falckensteinstr. 48 10997 Berlin, Germany, https://www.smoobu.com/en/privacy-policy/
Stripe – Payment Processor – Stripe Payments Europe Limited, C/O A&L Goodbody, Ifsc, North Wall Quay Dublin 1st, Dublin, Ireland, https://stripe.com/de/privacy
According to the Federal Data Protection Act, you have a right to free-of-charge information about your stored data, and possibly entitlement to correction, blocking or deletion of such data. Inquiries can be directed to the following email addresses: [email protected]