Privacy Policy – Solarium Mantiqueira

The privacy of your personal data is a priority for Solarium Mantiqueira, operated by the company Take Me There (CNPJ: 42.927.255/0001-44). This Privacy Policy explains how we collect, use, share, and protect your personal information when using our website (www.solariummantiqueira.com) and the booking services managed by Hostaway Oy. We are committed to the General Data Protection Law (LGPD) and other applicable regulations, ensuring transparency and security in handling your information.

1. Personal Data Collected

1.1 Information Provided by the User

We collect the following data directly provided by you when making bookings or interacting with us:

  • Full name;
  • Residential address;
  • Phone number and email address;
  • Photo of an identification document;
  • Payment information, such as credit card details (processed exclusively by Hostaway or Rede in the case of payment links);
  • Names of additional guests.

1.2 Automatically Collected Information

While browsing our website, we may automatically collect:

  • IP address;
  • Approximate location data;
  • Type of device, browser, and operating system used;
  • Pages visited, duration of the visit, and interactions on the website.

1.3 Sensitive Data

We do not collect sensitive personal data (such as racial origin, political opinions, or health data) unless strictly necessary to comply with the law or with your explicit consent.

2. Purposes of Data Use

2.1 Primary Purposes

Personal data is used to:

  • Manage bookings and accommodations;
  • Communicate with clients regarding important information, confirmations, and support;
  • Personalize services based on customer preferences;
  • Issue tax documents as legally required.

2.2 Marketing and Promotions

With your prior consent, your data may be used to:

  • Send promotions, updates, and relevant content via email or other communication channels;
  • Analyze preferences to offer services more aligned with your interests.

2.3 Compliance with Legal Obligations

Your data may be processed to comply with legal and regulatory obligations, such as tax, judicial, or administrative requirements.

3. Data Sharing

3.1 Internal Sharing

Your personal data is accessed only by authorized employees of Take Me There for the purposes described in this Policy.

3.2 Service Providers

Data may be shared with essential third parties, including:

  • Hostaway Oy: For booking and payment processing, adhering to strict security standards;
  • IT and website hosting providers responsible for data storage and security.

3.3 Prohibition of Data Sale

Solarium Mantiqueira does not sell, lease, or commercialize the collected personal data to third parties.

3.4 Legal Requirements

If necessary, we may share personal data with competent authorities to comply with legal or judicial determinations.

4. Data Security and Storage

4.1 Security Measures

We adopt technical, administrative, and organizational measures to protect personal data against unauthorized access, alterations, disclosures, or accidental or unlawful destruction. These measures include:

  • Encryption to protect sensitive data, such as payment information;
  • Restricted access controls to data, limited to authorized employees and contracted service providers;
  • Continuous system monitoring to identify and correct vulnerabilities.

4.2 Data Processing Platform

Data is processed on the Hostaway Oy platform, which adheres to international security and data protection standards, including practices aligned with the LGPD and GDPR (General Data Protection Regulation).

4.3 User Responsibility

Although we adopt strict security measures, users are also responsible for protecting their information by using strong passwords and maintaining the confidentiality of their devices and access credentials.

4.4 Data Storage

Personal data is stored on secure servers located in Brazil or other countries that ensure adequate protection levels as authorized by Brazilian law.

5. Cookies and Tracking Technologies

5.1 Definition of Cookies

Cookies are small text files stored on your browser that allow the site to function correctly, personalize your experience, and collect information about your navigation.

5.2 Purposes of Using Cookies

We use cookies to:

  • Ensure basic functionalities of the site, such as login and secure navigation;
  • Improve site performance by analyzing metrics such as browsing time and pages visited;
  • Personalize ads and content based on your preferences, subject to prior consent.

5.3 Managing Cookies

You can configure your browser to reject cookies or alert you about their usage. However, disabling cookies may limit the website's functionality.

5.4 Third-Party Cookies

Some cookies may be managed by third parties, such as analytics providers and advertising networks. We ensure that such third parties adhere to LGPD-compliant practices.

6. Data Retention

6.1 Retention Period

Personal data will be stored as long as necessary to fulfill the purposes described in this Policy unless legal or regulatory obligations require a longer retention period.

6.2 Deletion Criteria

Data will be securely deleted when:

  • The purpose for which they were collected is achieved or becomes unnecessary;
  • The user requests their deletion, except when legal obligations require data retention.

6.3 Backup and Archiving Records

Even after deletion, some data may remain in backups or historical archives, accessible only for specific cases such as audits or legal defense.

7. User Rights

7.1 Rights Guaranteed by the LGPD

As data subjects, users have the following rights regarding their personal data:

a) Access: Obtain confirmation about the existence of data processing and access to the processed data;

b) Correction: Request updates or rectifications of incomplete, inaccurate, or outdated data;

c) Deletion: Request the deletion of personal data, except when retention is required by law or necessary for contract execution;

d) Portability: Request the transfer of their data to another service provider upon express request;

e) Objection: Contest data usage in situations not based on consent or legal obligations;

f) Consent Withdrawal: Revoke consent for data processing when applicable, without affecting the legality of prior processing.

7.2 Exercising Rights

Users can exercise their rights by contacting Solarium Mantiqueira through the channels indicated in Clause 9. Proof of identity may be required to process the request securely.

7.3 Response Deadlines

Solarium Mantiqueira commits to responding to user requests within 15 (fifteen) business days, as stipulated by the LGPD.

8. Data Deletion

8.1 Deletion Requests

Users may request the deletion of their personal data at any time by contacting the channels listed in Clause 9. The deletion will be carried out in compliance with the requirements of the LGPD and other applicable laws.

8.2 Deletion Limitations

Not all data may be deleted immediately due to:

a) Legal and regulatory requirements mandating data retention;

b) Pending contractual obligations between Solarium Mantiqueira and the user;

c) Legitimate use of data by the controller, such as in defense of legal interests.

8.3 Deletion Methods

Deletion will be performed securely, ensuring the data cannot be recovered in the future, except for backups required for compliance or audits.

9. Privacy Contact Information

9.1 Communication Channels

For questions, requests, or complaints about this Privacy Policy and the processing of your personal data, users may contact us through the following channels:

  • WhatsApp: +55 (35) 98407-5652
  • Hostaway Support Email (reservations): support@hostaway.com

9.2 Data Protection Officer (DPO)

Solarium Mantiqueira has appointed a Data Protection Officer (DPO) responsible for addressing privacy and data protection matters.

9.3 Complaints to the National Data Protection Authority (ANPD)

If a user is not satisfied with Solarium Mantiqueira's response, they may file complaints directly with the National Data Protection Authority (ANPD), following the procedure available on the authority’s official website.

10. Changes to the Privacy Policy

10.1 Periodic Updates

Solarium Mantiqueira reserves the right to update this Privacy Policy to reflect changes in its services, applicable laws, or data protection regulations. Updates will be communicated to users via:

a) Notifications on the official website;

b) Registered email, when necessary.

10.2 Effective Date

All updates will become effective on the date indicated in the revised Policy. Users are encouraged to regularly review this document to stay informed about how their data is protected.

10.3 Post-Change Consent

If significant changes requiring new consent are made, such consent will be requested before applying the new terms, ensuring users are fully aware of the changes.

11. General Provisions

11.1 Policy Acceptance

By using Solarium Mantiqueira's services or making reservations through its channels, the user declares that they have read, understood, and agreed to this Privacy Policy.

11.2 LGPD Compliance

This Policy has been drafted in compliance with the General Data Protection Law (LGPD) and other applicable laws, reaffirming Solarium Mantiqueira's commitment to transparency and security in processing personal data.

11.3 User Responsibility

The user is responsible for:

a) Ensuring that the data provided to Solarium Mantiqueira is accurate and up-to-date;

b) Not sharing access credentials with third parties;

c) Complying with the terms of this Policy while using the services and website.

11.4 Validity and Applicability

This Privacy Policy remains valid as long as Solarium Mantiqueira continues operating its services and applies to all users, including data collected before the most recent update of this document.

12. International Data Transfers

12.1 Data Processing Outside Brazil

Personal data may be stored or processed on servers located outside Brazil, including those of technology providers such as Hostaway Oy. We ensure that internationally transferred data is protected by contracts or mechanisms that guarantee a level of protection equivalent to that required by the LGPD.

12.2 Legal Bases for International Transfers

International data transfers are carried out based on:

a) The user’s consent;

b) The necessity for the execution of a contract between Solarium Mantiqueira and the user;

c) Compliance with applicable legal and regulatory requirements.

13. Data Breach Policy

13.1 Security Incident Notification

In the event of a personal data breach that may pose a significant risk or harm to data subjects, Solarium Mantiqueira will notify:

a) The National Data Protection Authority (ANPD);

b) Affected data subjects, where necessary, informing them about the compromised data and measures taken to mitigate impacts.

13.2 Corrective Actions

When a security incident is identified, Solarium Mantiqueira will take the following actions:

a) Immediate investigation to determine the extent of the incident;

b) Correction of vulnerabilities and improvement of security protocols;

c) Transparent communication with the affected parties.

14. Dispute Resolution

14.1 Direct Negotiation

In case of questions, complaints, or disputes related to privacy and data protection, users should initially contact Solarium Mantiqueira through the channels provided in Clause 9.

14.2 Mediation and Arbitration

If a resolution cannot be reached through direct negotiation, the parties may opt for mediation or arbitration, respecting applicable extrajudicial dispute resolution norms.

This Privacy Policy and all related matters shall be governed by and construed in accordance with the laws of the Federative Republic of Brazil.

WhatsApp