LGPD is the acronym for General Data Protection LawLaw No. 13,709 of August 14, 2018. This law provides for the processing of personal data, including in digital media, by natural persons or by legal entities governed by public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of natural persons. The LGPD came into force on August 14, 2020.
Rituaali strives to respect the freedom of each individual, ensuring privacy, security and transparency in the use of personal information. Understanding the aspects of the LGPD is very important, after all, this is our data and preserving our privacy is a right guaranteed by law.
Among the aspects, we highlight:
DPO: Tainá Porto
Chairman of the Committee: Lorena Trindade
Effective Member of the Committee: Maria Thais and Artur Miller
Consultants: Renato Cirne and Fernando Martins
Date: dec 15th 2021
Rituaali Empreendimentos Turísticos Ltda, a private legal entity, registered in the CNPJ/ME under nº 13.783. 966/0001-09, headquartered at Rua Harry Bertel, 400, Penedo, Itatiaia/RJ (referred to as "Rituaali" or "We"), has the security and privacy of your information as one of its pillars of operation and, therefore, when acting as a processing agent of your personal data, understands the extreme relevance of electronic records and personal data left by you ("Holder") in the use of tools, websites and services provided by Rituaali. For this reason and in order to transmit all the transparency that Rituaali maintains as essential, Rituaali presents this Privacy Policy ("Policy") to regulate, in a simple, transparent, and objective manner, which data and information will be obtained, as well as when they may be used, informing the Holder of his/her rights, as well as giving full autonomy as to the data processed by Rituaali.
This Policy is directed at Rituaali's customers and other data subjects whose data are processed in Rituaali's hotel services and digital channels.
This Policy will be available for reading at any time and may be updated by Rituaali upon notice to the Data Subjects.
Rituaali collects certain data from the Holder that may be provided directly by the Holder at the moment of registration. This data may be provided on Rituaali's website or other forms of contact, such as Whatsapp and campaigns on social networks.
There is, in essence, the treatment of three types of personal data: (i) personal data provided directly by you; (ii) personal data provided by third-party service providers of Rituaali; and (iii) data collected automatically.
As for the Internet Browser Holder, only data requested for completion on the Rituaali website or in campaigns on social networks, where the holder himself chooses to provide the data, are collected. This data may include, for example, your name, e-mail, phone number, and address.
As for the Guest, data is collected prior to the confirmation of the reservation of Rituaali's services. This is to start the formalization of services provision, along with the need to ensure the full provision of services by Rituaali. These data may include, for example, name, e-mail, telephone, address, age, marital status, payment information, health data, and preferences regarding lodging, among others.
This collection is accomplished through cookies and other tracking technologies and comprises various data. Cookies work in such a way that websites, apps, and other services send this data to the Card Holder's browser when he/she accesses a page for the first time and, subsequently, store the data on the Card Holder's computer so that the website can access the information when the Card Holder makes subsequent requests for pages of the website itself, in order to make it possible to provide a browsing experience that meets the Card Holder's preferences.
Third parties can also process data, for example, by providing hosting services, and advertising offers, among others.
Important: Internet browsers usually accept cookies. Be aware that you can modify these settings to be notified when the site installs a cookie, or even block them. To do so, check your browser's privacy settings. But please understand that by blocking cookies, you may not have access to certain features or customizations available to you.
In accordance with the General Law of Data Protection, every time Rituaali processes any personal data of the Card Holder, Rituaali is strictly limited to the use necessary to achieve the purpose of data collection, and always has a legal basis justifying such processing. Among the various purposes, here are the main hypotheses for data treatment:
Rituaali uses third-party storage systems, of which Rituaali requires that all the best practices available in the market be applied, involving administrative, technical, personal, and physical measures to save/guard the data and personal information in its possession against unauthorized use, leaks disclosure or modification, respecting all the minimum requirements demanded by the General Law of Data Protection. Moreover, Rituaali has physical storage of some of the Holder's data, ensuring that access to them is extremely restricted and controlled. It has even a elimination flow established after the conclusion of the respective purpose.
However, considering the characteristics of the Internet medium, it is not technically possible to guarantee the complete security of the Card Holder's information. This is despite the fact that Rituaali employs and requires its partners to follow the most advanced protection practices available on the market.
Rituaali shares the Holder's data with third parties in certain situations, including:
Rituaali uses commercially reasonable administrative, technical, personal, and physical measures to save/safeguard the Card Holder's data and information in its possession against theft, robbery, unauthorized use, disclosure, or modification. This is done by respecting all the minimum requirements of the General Data Protection Law.
Rituaali conducts periodic training for those responsible for protecting Card Holder data. In addition, it conducts awareness workshops for all those who have access to Card Holders' personal data.
The holder's data, depending on its sensitivity and flow, have different access restriction levels, varying between public, internal, and restricted. Rituaali has performed a diligent cross-evaluation of the leakage risk and the potential damage of data leakage to define the level of restriction of each piece of data. Thus, greater security is provided to the Holder's data, especially those who we understand, in conjunction with the interpretation of the law, need the most protection.
The information collected by Rituaali will be automatically removed from its servers when they are no longer useful for the purposes for which they were collected, or when the Holder requests the elimination of his/her personal data. However, information may be retained for the period necessary for the fulfillment of a legal or regulatory obligation, the protection of Rituaali's rights, legitimate interest on the part of Rituaali, and/or authority request, even after an order to delete the personal data linked to the Cardholder.
In compliance with the applicable regulations and the treatment of personal data, Rituaali values transparency and the holder's control over his/her personal data. Rituaali guarantees the Holder the following rights (including the ability to make requests):
Part of these rights may be exercised directly by the Data Subject, through communication via the contact information provided in this Policy. The Holder may communicate if he/she is interested in consulting, correcting, updating, limiting Rituaali's use of any data and personal information, understanding more or even exercising his/her rights.
Rituaali requires that the Requesting Party's full name, e-mail address, telephone number, and the information he or she wishes to consult, delete, correct, or update be included in the request. Once such complete information is sent, Rituaali will try to fulfill the request as soon as possible, always respecting the law text.
Rituaali emphasizes the possibility of the Titular's request to be legally rejected, whether for formal reasons (e.g.: impossibility to prove the Titular's identity) or legal reasons (e.g.: request to exclude data that may be retained by the Rituaali to fulfill a legal obligation), being certain that, in this case, the Rituaali will present the due justifications.
Rituaali performs data processing in accordance with the Privacy Policy and by continuing browsing, you agree to these conditions.
Tainá Porto - DPO
No training sessions have been scheduled yet.
As training sessions are planned, we will put the name of the session and the date in this tab.
Dr. Cássio Lucas Dias do Prado
CRM 1230000-RJ
Technical Responsible
Acesso A, 310
Penedo – Itatiaia – RJ
® 2024 - All Rights Reserved | Rituaali
