Data Protection Policy

Privacy Policy


1. Personal Data Protection Framework


HC2F, Lda. (hereinafter referred to as a company or Hc2F) bases its actions on respect, security, lawfulness, confidentiality and rigor in the application of measures necessary for the protection of personal data, in accordance with the legal principles applicable to it, namely those defined in the General Data Protection Regulation (RGPD), approved by Regulation (EU) No. 2016/679, of April 27, 2016, in its current wording and other legislation, as well as the legal and ethical principles in force in national legislation , European and international Privacy and Protection of Personal Data regarding the information or personal data that are communicated, either in the context of browsing the Quinta da Romã and Villa Laguna website, or in the context of the relationship with the company and establishments.

The Personal Data Processing Policy systematizes the relevant information regarding the processing of personal data and information that is provided by the user/customer, when browsing the site, or when booking, requesting information and staying at Quinta da Romã and da Villa Lagoon.

As a result of browsing the website and filling out a reservation or information request form, the client/user expressly authorizes, in a free and conscious manner, that their personal data submitted in the website’s form, as well as the personal data submitted by e-mail, telephone contact, at the time of booking, check-in, and stay are processed in the archive of personal data of the Hc2F company and accommodation establishments.

2. What personal data is collected?

To guarantee a perfect stay and services, it is necessary to collect information about the Clients/users and the people who accompany them, namely: personal and contact information (for example, name and surname, date of birth, nationality, number of phone, email); information for contract and billing purposes (eg tax identification number, credit card; information related to children (eg first name, date of birth); information on an identity card – citizen’s card, passport or letter driving; the departure and arrival days of the client/user.


To improve the conditions of the stay, data may be requested regarding preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bed, type of magazines/newspapers, sports, cultural interests, food and beverage preferences, etc.);

Information collected from persons under 16 years of age is limited to full name, nationality and date of birth only and can only be provided to us by an adult.

If a minor under 18 sends data without the adult’s consent (especially via the Internet), you can contact the Personal Data Protection Department to request the deletion of this information via email:

3. When is the data collected?

Personal data can be collected at different times and in different ways, namely when the Customer/user subscribes to the newsletter, requests contact or information through the website, by filling out the reservation, by telephone or by email, in person at the time of check-in in and payment, or during the stay.


4. Responsible for processing personal data

The company Hc2F, Lda, headquartered at Rua da Igreja, 1105, Maia, with the following contacts: e-mail –, and telephone number +351913926015, is responsible for the processing of personal data, assuming all obligations related to the purposes , means of processing, procedures, subcontracting the processing of personal data, risk mitigation measures, recording of processing activities and control tools.

The Data Protection Officer (DPO) can be contacted via the Data Controller’s address or alternatively via email –

Hc2F, Lda. does not assume any responsibility when, for reasons unknown or unknown, there is an error, damage, dissemination or unauthorized access arising from the transmission of electronic data that may occur between the company and the data subject.

5. For what purposes the data is used

Given the nature of the services provided, accommodation, data processing by HC2F, Lda. is a necessary condition for the provision of services.

The data are strictly necessary to fulfill the purposes of managing clients before, during and after the stay; marketing and advertising, namely newsletter sending, invoicing, contractual and pre-contractual steps, booking, accommodation, invoicing, complaints management; satisfaction surveys and service quality control.

Data can also be used for historical and statistical purposes and compliance with legal obligations.

The company excludes the provision of other types of data, such as relating, for example, to philosophical or political beliefs, party or union affiliation, religious faith, private life and racial or ethnic origin.

Communications relating to the services of Villa Laguna and Quinta da Romã do not constitute a legal or contractual obligation. The processing is based on the consent of the holder, who has the right to withdraw his consent at any time.

6. Access to personal data

The customer/user’s personal data can be shared with a limited number of people and authorized services in order to guarantee the best stay, by compliance with contractual or legal obligations, always complying with current legislation.

Your data may have access to: accommodation staff; marketing services; medical services if needed in an emergency; accounting Service; external service providers for example rent-a-car, tour services, business partners, always and only when requested by the user and authorities when it is mandatory to provide information by law or judicial inquiry.

As a rule, the Personal Data provided by the customer/user are not transferred to third countries. They may only be shared within and outside the European Union when required by law or to respond to legal process, to protect lives, to maintain the security of our services, and to protect property or company rights as required by law.


7. Data Veracity

The client/user must fill in the forms with true, accurate, complete and up-to-date data, being solely responsible for any false or inaccurate statements made that cause damage to Hc2F, Lda.

The user must not enter third-party data, and the user is solely responsible for any damage or loss that he directly or indirectly causes to third parties by filling in third-party data.

The user must not use the website or its services for illegal or harmful purposes or effects of the company or any of the accommodations or third parties.


8. Navigation Security

The sites and have secure browsing using secure protocols such as https, keeping both information sent and received on the site private.

The website includes functions provided by third parties, such as maps, analytics, social buttons, etc.

These sites integrate the functions of Google Inc., such as Google analystics and Mapbox. By using this site, the user authorizes the processing of their data by Google, as established in its privacy policy

The user’s IP address (i.e. your computer’s individual identification number) is automatically registered by our web server. This feature is used to analyze your interest in the site, as well as to know its location (for example, municipality/city), which will allow us to offer you relevant and tailored information about accommodation and services.


9. Newsletter and email

Newsletter subscription implies express authorization for this purpose.

After subscription, informative emails are sent about Quinta da Romã and Villa Laguna accommodation. If you do not wish to continue receiving the newsletter, you can remove your email address from the mailing list by sending an email to:

10. Hiperlinks

The website may provide links and links to other websites managed and controlled by third parties, in order to facilitate the search for information, content, without being considered a suggestion, recommendation or invitation to visit them, and HC2F is not responsible, Lda, for data management after accessing another page, link.

Hc2F, Lda. does not control or manage content or services available on these sites, and therefore cannot be held directly or indirectly responsible for damages that may arise from access, use, information or services offered on the respective sites, Links .

11. Exercise of the Rights of Data Subjects:

HC2f, LDA. takes all measures, in accordance with applicable law, namely in compliance with the General Data Protection Regulation, to protect your personal data against destruction, loss, alteration, misuse or unauthorized access, through the implementation of measures to ensure confidentiality, integrity of treatment services.

In compliance with the legislation in force, the holder of personal data has the following rights in terms of personal data protection: Right of information and access to data concerning him; right to rectify inaccurate, incorrect, outdated or incomplete data, right to erase data; right to limit the processing of data concerning him in case of application of any of the situations described in art. 18, No. 1 of the RGPD; right to withdraw consent; right to be informed in the event of a breach of personal data, that is, a breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to data transmitted, preserved or subject to any type of treatment and when such violation is likely to imply a high risk for the rights and freedoms of customers/users.

The legal basis for the processing of Personal Data provided is consent, and the candidate has the right to withdraw consent at any time for the purposes described above. However, the withdrawal of consent does not compromise the lawfulness of the processing carried out on the basis of the consent previously given.

To exercise any of these rights, you must contact Hc2F in writing at the following address: expressly indicating which right you intend to exercise and under what terms.

The user’s/client’s consent to the processing of personal data will be revocable at any time without retroactive effect, through the same mechanism mentioned above.

If necessary, the holder may also file a complaint with the National Data Protection Commission (CNPD).

12. Data Storage Term

In the case of data relating to users/clients, they are kept for the minimum limit appropriate to the purposes for which they were collected and compliance with legal obligations.