We, SEVENCOLLECTION PORTUGAL S.A. (SEVENCOLLECTION/we), would like to thank you for visiting our website and for your interest in our holiday residences. In the following, we inform of the type, scope and purpose of the collection and use of your personal data on this website. Personal data is any information relating to an identified or identifiable natural person. Specifically, this includes your name, postal address and email address.
1. Data processing to enable website usage
Every time you access content on our website, access data is transferred to our web server. This access data includes:
- your internet protocol (IP) address
- date and time of the query
- referrer URL
- device numbers such as your unique device identifier (UDID) and comparable device numbers, device information (e.g. device type)
- browser type/version
This access data is neither used to determine a user’s identity nor is it combined with data from other sources. Rather, it serves to make the website available. The data is entirely anonymised at the domain level immediately after it is collected. The legal basis for processing of your data is Art. 6 para. 1(f) GDPR. The data is then stored in an anonymised format for 100 days and processed for statistical purposes.
2. Data processing on request
It is in principle possible to use our website without providing any personal data. You are not obliged to access this website or to provide any personal data. However, personal data must be provided to make a booking or submit a general query, for example. If you do not provide us with your personal data for the purposes detailed hereinafter, you might not be able to use certain functions of this website or individual services.
2.1. User registration
If you want to register with us as a user, we will collect the following mandatory information from you:
- your personal details (e.g. name, postal address, email address, landline telephone number)
When setting up your user account, you have the option of adding further personal information. It is not necessary to register as a user, however this will facilitate the booking process during future queries, as the data already saved can be reused and an overview provided of past bookings. Alternatively, you can also submit booking queries as a guest. In this case, you will not be required to provide a username and password. Moreover, your data will not be stored in a user account for you, meaning you will not have access to a user account.
Your personal data will be processed according to your consent pursuant to Art. 6 para. 1(a) GDPR.
2.2. Booking queries
When you submit a booking query, we will collect the following mandatory information from you:
- your personal details along with those of any fellow travellers
(e.g. name, postal address, email address)
- payment information (method of payment, account and credit card details, billing addresses)
- other information about your booking (e.g. booking period, holiday residence selected)
Personal data is processed pursuant to Art. 6 para. 1(b) GDPR.
In addition, we will save your IP address and the time of your query during the booking query. This is necessary to ensure the security of our information technology systems. In this case, the legal basis for the processing of your data is Art. 6 para. 1(f) GDPR.
2.3. Contact form
If you use the contact form we provide to contact us, your details will be stored so that they can be used to process your query.
The legal basis for processing of your data is Art. 6 para. 1(f) GDPR. Our legitimate interest then lies in responding to your query. In the event that (pre)contractual measures are implemented, the legal basis is Art. 6 para. 1(b) GDPR.
3. Data processing for a needs-oriented website design
In order to make your user experience as pleasant as possible, we use so-called “cookies”. These are small text files, which are sent from a web server to your browser and stored on the hard drive of your end device. This enables us to recognise the end device you are using when you access our website. We are able to determine in this way whether you are logged in as a user, for example. The session cookies used for your booking query are deleted at the end of the browser session. Other cookies remain on your device and allow us to recognise your device on your next visit.
Most browsers are set to accept cookies by default. You can deactivate the storage of cookies in your browser and delete them from your hard drive at any time. However, you can also use your browser to prevent certain cookies (e.g. from third parties) from being stored – to prevent web tracking, for example. See your browser’s help function for more information.
Be aware that if cookies are deactivated, it might not be possible to use all functions of this website to their full extent and a booking query might not be possible.
The legal basis for processing of your data is Art. 6 para. 1(f) GDPR. Our legitimate interest lies in the needs-oriented design of the website. For more information on balancing your interests, please contact our data protection officer (see 13).
4. Cookie consent with Usercentrics
Our website uses the Usercentrics cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document this in compliance with the data protection legislation. This technology is provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, https://usercentrics.com (hereinafter referred to as “Usercentrics”).
Whenever you visit our website, the following personal data is transferred to Usercentrics:
- confirmation of your consent or withdrawal thereof
- your IP address
- information about your browser
- information about your device
- time of your visit to the website
Usercentrics will moreover store a cookie in your browser to be able to assign the consent granted or withdrawal thereof to you. The data collected in this way shall be stored until you ask us to delete it, you delete the Usercentrics cookie, or the purpose for which the data is stored no longer exists. The mandatory statutory storage obligations shall remain unaffected.
A contract has been concluded with Usercentrics for order processing. This contract is stipulated in the data protection legislation, which ensures that Usercentrics only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.
5. Google Analytics
Our website uses the Google Analytics tracking tool. This is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law, registered at Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”). This tracking tool helps us to make our online offers more interesting for you and to improve the user experience. Data on the use of our website is stored in pseudonymised user profiles. Cookies can also be used for this purpose. Data from different devices, sessions and interactions can additionally be linked to a user ID. This information is generally transferred to a Google server in the USA and stored there. Please note that Google Analytics has been extended with the “anonymizeIp” function on our website. This means that your IP address will first be shortened by Google within member states of the European Union and other signatory states to the Agreement on the European Economic Area and only then transmitted to a Google server in the USA. Google has agreed to the EU–US Privacy Shield – see www.privacyshield.gov/EU-US-Framework for details. Google will use the information received to evaluate your use of the website, compile reports on website activity, and provide the website operator with other services relating to use of this website and the internet on our behalf. The pseudonymised user profiles are not combined with personal data about the bearer of the pseudonym unless separate consent has been obtained for this.
For more information on Google Analytics, see: https://support.google.com/analytics/answer/2790010?hl=de
You can moreover prevent Google Analytics from collecting the data by clicking here: Disable Google Tag Manager / Google Analytics. This sets an opt-out cookie, which prevents the collection of your information when you visit our website in the future. If you use different devices, you must implement these measures on each individual device. However, be aware that if you delete your cookies, the opt-out cookie will also be deleted and you may need to reactivate it again.
6. Other Google Tools
6.1 Google Maps
We use Google Maps via an API on our website. This is a service provided by Google. Your IP address must be stored to use the Google Maps functions. This information is generally transferred to a Google server in the USA and stored there. We have no control over this data transmission. Google has agreed to the EU–US Privacy Shield – see www.privacyshield.gov/EU-US-Framework for details. We have also concluded an agreement with Google on mutual responsibility for the processing of personal data – see https://privacy.google.com/intl/de/businesses/mapscontrollerterms. The use of Google Maps is based on your consent pursuant to Art. 6 para. 1(a) GDPR. You give your consent via our cookie banner (see 4).
6.2. Google reCAPTCHA
We use Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) on our websites. This is a Google service. reCAPTCHA serves to check whether a human or an automated program is entering data on our web pages (e.g. in a contact form). reCAPTCHA analyses the website visitor’s behaviour based on various characteristics for this purpose. This analysis begins automatically as soon as the website is accessed. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time visitors spend on the website, user’s mouse movements). The data collected during this analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Visitors to the website are not informed that an analysis is taking place. Data processing takes place pursuant to Art. 6 para. 1(a) GDPR. You give your consent via our cookie banner (see 4).
Our website uses the tracking script of Monotype Webfonts provided by Monotype Imaging Holdings Inc., a Delaware corporation headquartered at 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA (“Monotype”). Monotype Webfont’s tracking code does not collect, process or store any personal data. When you access our website, Monotype collects the (anonymised) project identification number for the web font, the URL of the licensed website linked to our customer number to allow Monotype to identify us and the licensed web fonts, and the URL of the page previously visited. Monotype stores the anonymised project identification number of the web font in encrypted log files containing such data for a period of 30 days to determine the number of monthly page views. The log files are deleted once the number of page views has been ascertained and stored.
8. Data transfer
We will only transfer your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation, or if the transfer of data is permissible on another legal basis. Data is for example passed on to seveninvest tourismus GmbH, the respective payment service provider, public authorities, technical service providers and – in the case of company transactions – to interested parties/buyers, etc. Insofar as necessary, we have reached agreements on order processing with the recipients of your data pursuant to Art. 28 GDPR.
Please also note the separate data protection regulations of the payment service provider you selected.
9. Social media
9.1. Links to social networks
9.2. Data processing by SEVENCOLLECTION and legal basis
Our social media accounts (Facebook, Instagram) serve to inform you about SEVENCOLLECTION as well as about new developments and services at SEVENCOLLECTION. Depending on the respective social media provider’s offers, you will have different options to interact via our social media presence (comment, recommend, etc.). User interaction is an important criterion for us for targeted marketing. It allows us to determine which information is popular, for example. We therefore also use the associated statistics provided by the social media providers for our own purposes. If we process the personal data of social media users, the legal basis for this is Art. 6 para. 1(f) GDPR. Our legitimate interest then lies specifically in targeted information/advertising. You will be informed separately by the social media providers of the legal basis justifying their processing of your data for their own purposes.
9.3. Joint responsibility
In individual cases, we may share responsibility for the processing of your personal data with social media providers. In this case, you may assert your rights both against us and against the social media provider (see 13). However, the first point of contact is always the social media provider.
We have concluded an agreement with Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”) on joint responsibility for the processing of personal data. This applies to the processing of so-called “insights data” – page statistics, in particular on the interactions of Facebook users. See here for more information on page insights. Our agreement with Facebook can be viewed here.
10. Data transfers to countries outside the EU
To the extent necessary for our purposes, we will also transfer your data to recipients outside the EU, provided that it is ensured that these data recipients guarantee an adequate level of data protection and that no other interests worthy of protection oppose the data transfer.
11. Storage period for personal data/criteria for determining the storage period
We will store your personal data for as long as this is necessary for the aforementioned processing purposes or in case of an objection that no compelling reasons worthy of protection exist or in case of a withdrawal of consent if no other legal basis for data processing exists. In certain cases (e.g. if there is a legal obligation to store data), your personal data will not be deleted immediately, but rather blocked initially. This particularly applies to contract-related data, which must be stored in accordance with the legal requirements.
12. Security measures to protect your personal data
We use technical and organisational measures to protect your data from unauthorised access, loss or destruction. Our security measures are continuously adapted in line with technical developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and confidentiality.
To protect the personal data of our users, we use a secure online transmission procedure known as “Secure Socket Layer” (SSL) transmission. This can be recognised by the “s” added to the http:// address (“https://”) or the display of a green closed lock symbol. Click on this symbol for details of the SSL certificate used. Display of this symbol depends on the browser version used. SSL encryption guarantees the encrypted and complete transmission of your data.
13. Your rights
Within the framework of the legal requirements, you are in principle entitled to request from SEVENCOLLECTION:
- confirmation of whether SEVENCOLLECTION is processing your personal data
- information about this data and the circumstances of processing
- correction if this data is incorrect
- deletion if there is no justification for processing and no obligation to store your personal data (any longer)
- limitation of processing in certain cases specified by law
- objection in case of data processing based on Art. 6 para. 1(f) GDPR
- transfer of your personal data – insofar as you have provided it – to you or a third party in a structured, common and machine-readable format
If you have given your consent to processing of your personal data, you have the right to withdraw your consent again at any time. Processing of your personal data will then not be allowed in the future. However, this will not affect the lawfulness of the processing carried out with your consent before you withdrew your consent.
Please address your specific request to our data protection officer in writing or via email, clearly identifying your person:
Insofar as we use your data in joint responsibility with third parties in the sense of Art. 26 GDPR, the third party is primarily responsible for the exercise of all data subject rights. However, you are at liberty to also assert your rights against us.
Finally, we would like to draw your attention to your right to lodge a complaint with a supervisory authority.
14. No automated individual decisions
We do not use your personal data to make automated individual decisions.