Date: dec 15th 2021
This Policy is directed at Rituaali's customers and other data subjects whose data are processed in Rituaali's hotel services and digital channels.
This Policy will be available for reading at any time and may be updated by Rituaali upon notice to the Data Subjects.
Rituaali collects certain data from the Holder that may be provided directly by the Holder at the moment of registration. This data may be provided on Rituaali's website or other forms of contact, such as Whatsapp and campaigns on social networks.
There is, in essence, the treatment of three types of personal data: (i) personal data provided directly by you; (ii) personal data provided by third-party service providers of Rituaali; and (iii) data collected automatically.
As for the Internet Browser Holder, only data requested for completion on the Rituaali website or in campaigns on social networks, where the holder himself chooses to provide the data, are collected. This data may include, for example, your name, e-mail, phone number, and address.
As for the Guest, data is collected prior to the confirmation of the reservation of Rituaali's services. This is to start the formalization of services provision, along with the need to ensure the full provision of services by Rituaali. These data may include, for example, name, e-mail, telephone, address, age, marital status, payment information, health data, and preferences regarding lodging, among others.
This collection is accomplished through cookies and other tracking technologies and comprises various data. Cookies work in such a way that websites, apps, and other services send this data to the Card Holder's browser when he/she accesses a page for the first time and, subsequently, store the data on the Card Holder's computer so that the website can access the information when the Card Holder makes subsequent requests for pages of the website itself, in order to make it possible to provide a browsing experience that meets the Card Holder's preferences.
Third parties can also process data, for example, by providing hosting services, and advertising offers, among others.
Important: Internet browsers usually accept cookies. Be aware that you can modify these settings to be notified when the site installs a cookie, or even block them. To do so, check your browser's privacy settings. But please understand that by blocking cookies, you may not have access to certain features or customizations available to you.
In accordance with the General Law of Data Protection, every time Rituaali processes any personal data of the Card Holder, Rituaali is strictly limited to the use necessary to achieve the purpose of data collection, and always has a legal basis justifying such processing. Among the various purposes, here are the main hypotheses for data treatment:
Rituaali uses third-party storage systems, of which Rituaali requires that all the best practices available in the market be applied, involving administrative, technical, personal, and physical measures to save/guard the data and personal information in its possession against unauthorized use, leaks disclosure or modification, respecting all the minimum requirements demanded by the General Law of Data Protection. Moreover, Rituaali has physical storage of some of the Holder's data, ensuring that access to them is extremely restricted and controlled. It has even a elimination flow established after the conclusion of the respective purpose.
However, considering the characteristics of the Internet medium, it is not technically possible to guarantee the complete security of the Card Holder's information. This is despite the fact that Rituaali employs and requires its partners to follow the most advanced protection practices available on the market.
Rituaali shares the Holder's data with third parties in certain situations, including:
Rituaali uses commercially reasonable administrative, technical, personal, and physical measures to save/safeguard the Card Holder's data and information in its possession against theft, robbery, unauthorized use, disclosure, or modification. This is done by respecting all the minimum requirements of the General Data Protection Law.
Rituaali conducts periodic training for those responsible for protecting Card Holder data. In addition, it conducts awareness workshops for all those who have access to Card Holders' personal data.
The holder's data, depending on its sensitivity and flow, have different access restriction levels, varying between public, internal, and restricted. Rituaali has performed a diligent cross-evaluation of the leakage risk and the potential damage of data leakage to define the level of restriction of each piece of data. Thus, greater security is provided to the Holder's data, especially those who we understand, in conjunction with the interpretation of the law, need the most protection.
The information collected by Rituaali will be automatically removed from its servers when they are no longer useful for the purposes for which they were collected, or when the Holder requests the elimination of his/her personal data. However, information may be retained for the period necessary for the fulfillment of a legal or regulatory obligation, the protection of Rituaali's rights, legitimate interest on the part of Rituaali, and/or authority request, even after an order to delete the personal data linked to the Cardholder.
In compliance with the applicable regulations and the treatment of personal data, Rituaali values transparency and the holder's control over his/her personal data. Rituaali guarantees the Holder the following rights (including the ability to make requests):
Part of these rights may be exercised directly by the Data Subject, through communication via the contact information provided in this Policy. The Holder may communicate if he/she is interested in consulting, correcting, updating, limiting Rituaali's use of any data and personal information, understanding more or even exercising his/her rights.
Rituaali requires that the Requesting Party's full name, e-mail address, telephone number, and the information he or she wishes to consult, delete, correct, or update be included in the request. Once such complete information is sent, Rituaali will try to fulfill the request as soon as possible, always respecting the law text.
Rituaali emphasizes the possibility of the Titular's request to be legally rejected, whether for formal reasons (e.g.: impossibility to prove the Titular's identity) or legal reasons (e.g.: request to exclude data that may be retained by the Rituaali to fulfill a legal obligation), being certain that, in this case, the Rituaali will present the due justifications.
If the Data Subject wants to talk about his/her data, he/she should contact the personal data protection officer at the following e-mail address: