Privacy Policy

Date: dec 15th 2021

Rituaali Empreendimentos Turísticos Ltda, a private legal entity, registered in the CNPJ/ME under nº 13.783. 966/0001-09, headquartered at Rua Harry Bertel, 400, Penedo, Itatiaia/RJ (referred to as "Rituaali" or "We"), has the security and privacy of your information as one of its pillars of operation and, therefore, when acting as a processing agent of your personal data, understands the extreme relevance of electronic records and personal data left by you ("Holder") in the use of tools, websites and services provided by Rituaali. For this reason and in order to transmit all the transparency that Rituaali maintains as essential, Rituaali presents this Privacy Policy ("Policy") to regulate, in a simple, transparent, and objective manner, which data and information will be obtained, as well as when they may be used, informing the Holder of his/her rights, as well as giving full autonomy as to the data processed by Rituaali.

This Policy is directed at Rituaali's customers and other data subjects whose data are processed in Rituaali's hotel services and digital channels.

This Policy will be available for reading at any time and may be updated by Rituaali upon notice to the Data Subjects.

WHICH HOLDER DATA IS COLLECTED?

Rituaali collects certain data from the Holder that may be provided directly by the Holder at the moment of registration. This data may be provided on Rituaali's website or other forms of contact, such as Whatsapp and campaigns on social networks.
There is, in essence, the treatment of three types of personal data: (i) personal data provided directly by you; (ii) personal data provided by third-party service providers of Rituaali; and (iii) data collected automatically.

Personal Data provided directly by you. This is where there is the greatest variety of data collected. Here we can divide the Data Subject into two categories: (a) the Web Browser Data Subject and (b) the Guest Data Subject.

As for the Internet Browser Holder, only data requested for completion on the Rituaali website or in campaigns on social networks, where the holder himself chooses to provide the data, are collected. This data may include, for example, your name, e-mail, phone number, and address.

As for the Guest, data is collected prior to the confirmation of the reservation of Rituaali's services. This is to start the formalization of services provision, along with the need to ensure the full provision of services by Rituaali. These data may include, for example, name, e-mail, telephone, address, age, marital status, payment information, health data, and preferences regarding lodging, among others.

Personal data provided by third parties. These are rare cases. The data may be collected by a third party, either automatically (cookies) or directly (service providers, e.g. companies specializing in blood tests). Such data can include, for example, behavioral and health data.
Automatically collected data. Rituaali also collects a variety of information automatically, such as information about your computer, equipment, and browser. This information includes your IP address, browser type, and other software and hardware information.

This collection is accomplished through cookies and other tracking technologies and comprises various data. Cookies work in such a way that websites, apps, and other services send this data to the Card Holder's browser when he/she accesses a page for the first time and, subsequently, store the data on the Card Holder's computer so that the website can access the information when the Card Holder makes subsequent requests for pages of the website itself, in order to make it possible to provide a browsing experience that meets the Card Holder's preferences.

Third parties can also process data, for example, by providing hosting services, and advertising offers, among others.

Important: Internet browsers usually accept cookies. Be aware that you can modify these settings to be notified when the site installs a cookie, or even block them. To do so, check your browser's privacy settings. But please understand that by blocking cookies, you may not have access to certain features or customizations available to you.

HOW DOES RITUAALI USE THE HOLDER'S INFORMATION?

In accordance with the General Law of Data Protection, every time Rituaali processes any personal data of the Card Holder, Rituaali is strictly limited to the use necessary to achieve the purpose of data collection, and always has a legal basis justifying such processing. Among the various purposes, here are the main hypotheses for data treatment:

To provide services to the Card Holder. The purpose of the information collected is to establish a contractual relationship or to manage, administer, provide, expand, and improve its services, adapting them to the preferences and tastes of the Card Holder, as well as to create and develop new services of interest to the Card Holder.
To deliver relevant publicity. Some of the information collected may be used for advertising purposes. This includes sending information about Rituaali's products, promotions, and discounts, as well as partner services. It may also be used for purchase satisfaction surveys and campaigns on social networks, always with the Card Holder's consent.
To contact the Card Holder. Rituaali may periodically send to the registered e-mail address of the Card Holder promotional materials (in case he/she agrees) or notifications related to Rituaali's website and services. If you no longer wish to receive such materials, you may change your settings or follow the unsubscribe instructions at the bottom of each e-mail sent to you.
To fulfill a legal or regulatory obligation. In this case, Rituaali, as it also provides healthcare and hotel services, must comply with certain legal and regulatory requirements. These requirements include keeping medical records, and registering medical appointments, among others.
To enrich the database. The Card Holder's personal information is sometimes required in order to ensure quality and complement Rituaali's database. This enrichment will always be carried out in accordance with the General Law of Data Protection. Whenever it occurs, Rituaali will demonstrate good faith, manage the Card Holder's data, and inform him/her of the treatment purpose. Depending on the case, the Card Holder may deny his/her consent, and Rituaali will inform him/her of the effects of the refusal.
To protect the Rituaali's rights. There are instances in which Rituaali may process data and/or disclose information of the Cardholder, including situations in which Rituaali believes it has acted in good faith and that such disclosure is necessary to: (i) protect, enforce or defend the rights or property of Rituaali or its employees; (ii) safeguard the security and privacy of the Data Subjects or relevant rights of third parties; (iii) guard against fraud or for risk management purposes; (iv) comply with the law or decide on or instruct an administrative or judicial proceeding; or (v) respond to requests from public authorities.
To complete a merger or asset sale. If Rituaali disposes, in whole or in part, of its activities or makes a sale or transfer of its assets or is a party to a merger or transfer of all or a substantial part of its business, Rituaali may transfer the Holder's information to the party or parties involved in the transaction as part of the transaction, provided that the parties undertake to keep the data confidential and use it only in a manner consistent with this Policy.

DATA STORAGE AND THIRD-PARTY ACCESS

Rituaali uses third-party storage systems, of which Rituaali requires that all the best practices available in the market be applied, involving administrative, technical, personal, and physical measures to save/guard the data and personal information in its possession against unauthorized use, leaks disclosure or modification, respecting all the minimum requirements demanded by the General Law of Data Protection. Moreover, Rituaali has physical storage of some of the Holder's data, ensuring that access to them is extremely restricted and controlled. It has even a elimination flow established after the conclusion of the respective purpose.

However, considering the characteristics of the Internet medium, it is not technically possible to guarantee the complete security of the Card Holder's information. This is despite the fact that Rituaali employs and requires its partners to follow the most advanced protection practices available on the market.

Rituaali shares the Holder's data with third parties in certain situations, including:

With partner companies and suppliers, in the development and provision of services to the Holder. These companies include RD Station, BRCore, Blue Account, Linx Microvix, PipeDrive, and Google, among others.
With authorities, government entities, or other third parties, for the protection of Rituaali's interests in any kind of conflict, including lawsuits and administrative proceedings.
In the event of transactions and corporate changes involving Rituaali.
Upon court order or the request of administrative authorities that have the legal authority to request it.

HOW DOES RITUAALI KEEP THE HOLDER'S DATA SECURE?

Rituaali uses commercially reasonable administrative, technical, personal, and physical measures to save/safeguard the Card Holder's data and information in its possession against theft, robbery, unauthorized use, disclosure, or modification. This is done by respecting all the minimum requirements of the General Data Protection Law.

Rituaali conducts periodic training for those responsible for protecting Card Holder data. In addition, it conducts awareness workshops for all those who have access to Card Holders' personal data.

The holder's data, depending on its sensitivity and flow, have different access restriction levels, varying between public, internal, and restricted. Rituaali has performed a diligent cross-evaluation of the leakage risk and the potential damage of data leakage to define the level of restriction of each piece of data. Thus, greater security is provided to the Holder's data, especially those who we understand, in conjunction with the interpretation of the law, need the most protection.

The information collected by Rituaali will be automatically removed from its servers when they are no longer useful for the purposes for which they were collected, or when the Holder requests the elimination of his/her personal data. However, information may be retained for the period necessary for the fulfillment of a legal or regulatory obligation, the protection of Rituaali's rights, legitimate interest on the part of Rituaali, and/or authority request, even after an order to delete the personal data linked to the Cardholder.

HOLDER'S RIGHTS AND PROCESSING CONTROL

In compliance with the applicable regulations and the treatment of personal data, Rituaali values transparency and the holder's control over his/her personal data. Rituaali guarantees the Holder the following rights (including the ability to make requests):

(i) confirmation of data treatment existence;
ii) access to data;
iii) the correction of incomplete, inaccurate, or outdated data;
(iv) to have unnecessary, excessive, or non-conforming data rendered unusable, blocked, or deleted;
v) the portability of their data to another service or product provider, at the express request of the User;
vi) the elimination of data processed with the User's consent;
vii) to obtain information about public or private entities with which JUÇAÍ has shared its data;
viii) information about the possibility of not consenting, as well as the consequences in case of denial;
ix) the revocation of consent.

Part of these rights may be exercised directly by the Data Subject, through communication via the contact information provided in this Policy. The Holder may communicate if he/she is interested in consulting, correcting, updating, limiting Rituaali's use of any data and personal information, understanding more or even exercising his/her rights.

Rituaali requires that the Requesting Party's full name, e-mail address, telephone number, and the information he or she wishes to consult, delete, correct, or update be included in the request. Once such complete information is sent, Rituaali will try to fulfill the request as soon as possible, always respecting the law text.

Rituaali emphasizes the possibility of the Titular's request to be legally rejected, whether for formal reasons (e.g.: impossibility to prove the Titular's identity) or legal reasons (e.g.: request to exclude data that may be retained by the Rituaali to fulfill a legal obligation), being certain that, in this case, the Rituaali will present the due justifications.

ADDITIONAL INFORMATION

Privacy Policy Update: Rituaali may change this Policy. Please review the effective date at the top of this Policy to see when it was last modified. Any changes to this Policy will become effective when posted on Rituaali's website. Depending on the update and its changes, the consent request will be redone.

HOW TO REACH BACK TO RITUAALI

If the Data Subject wants to talk about his/her data, he/she should contact the personal data protection officer at the following e-mail address:

[email protected]

RITUAALI AND COOKIES

Rituaali performs data processing in accordance with the Privacy Policy and by continuing browsing, you agree to these conditions.