Privacy Policy of Hotel Areias Belas Ltda.

1.INTRODUCTION

The purpose of this policy is to demonstrate the commitment of HOTEL AREIAS BELAS LTDA Regarding the privacy and protection of your Personal Data, in addition to establishing the rules on the Processing of Personal Data, within the scope of the services and functionalities of the website below, in accordance with current laws, with transparency and clarity:

https://www.hotelareiasbelas.com.br/

As a condition for accessing and using the Site's features, you declare that you have read this Policy in its entirety and carefully, and are fully aware of and freely and expressly agree to the terms stipulated herein, including the collection of the Data mentioned herein, as well as its use for the purposes specified below.

If you do not agree with the provisions of this Policy, please discontinue your access to or use of the Site.

2. DATA THAT THE AREIAS BELAS HOTEL HANDLES

2.1. How we collect data. Data, including Personal Data, may be collected when you submit it (Registration and Payment Data) or when you interact with the Site (Digital Identification Data).

21.1. The data processed includes:

2.1.2. If you register on the Site using an account from third-party services, such as your Facebook, LinkedIn, or Google profile, we may have access to publicly accessible registration data provided by those services. You will be informed, at the time of registration, about which of these data we will have access to.

2.2. Required information. Some of our services depend directly on certain data provided in the table above, primarily registration and payment information. If you choose not to provide some of this data, we may be unable to provide our services to you in whole or in part.

2.3.Data Update and Accuracy. You are solely responsible for the accuracy, truthfulness, or lack thereof, of the data you provide, or for its being outdated. Please be aware that it is your responsibility to ensure its accuracy and keep it up-to-date.

2.3.1.Similarly, Hotel Areias Belas is not obligated to process or handle any of your Data if there are reasons to believe that such processing or handling may impute to us any violation of any applicable law, or if you are using the Site for any illegal, illicit or immoral purposes.

2.4. Database. The database formed through the collection of Data is our property and is our responsibility, and its use, access, and sharing, when necessary, will be done within the limits and purposes of the business described in this Policy.

2.5.Technologies used. We use the following technology(ies):

(i) Cookies, and it is up to you to configure your internet browser if you wish to block them. In this case, some of the functionalities we offer may be limited.

3. HOW YOUR DATA AND INFORMATION ARE SHARED

3.1.Hypotheses for sharing the data. The data collected and the activities recorded may be shared:

(i) With the third-party payment processing company, responsible for processing payments for reservations made on the Site;

(ii)With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or court order;

(iii)Automatically, in the event of corporate transactions such as mergers, acquisitions, and incorporations.

3.2.Data Anonymization. For the purposes of market intelligence research, dissemination of data to the press, and advertising, the data you provide will be shared in an anonymized form, that is, in a way that does not allow your identification.

4. Protecting Your Data

4.1.Password sharing. You are also responsible for keeping your Personal Data confidential and should always be aware that sharing passwords and login credentials violates this Policy and compromises the security of your Personal Data and the Site.

4.2.WPrecautions you should takeIt is very important that you take the necessary precautions against unauthorized access to your computer/smartphone, account, or password, and that you always click "Log Out" when you finish browsing on a shared computer. It is also very important that you know that Hotel Areias Belas never sends emails requesting confirmation of data or with attachments that can be executed (extensions:

.exe, .com, among others) or even links for possible downloads.

4.3.Information Security. All credit card payment transactions are executed using SSL (secure socket layer) technology, ensuring that your Personal Data is not unlawfully disclosed. Furthermore, this technology aims to prevent information from being transmitted or accessed by third parties.

4.4. Access to Personal Data, proportionality and relevanceInternally, the Personal Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.

4.5.External links. When using the Site, you may be directed, via link, to third-party platforms that may collect your information and have their own Data Processing Policy.

4.5.1.It is your responsibility to read the Privacy Policies of such third-party platforms, and it is your responsibility to accept or reject them. We are not responsible for the Privacy Policies of third parties, nor for the content or services of any websites other than our own.

4.5.2.Partner Services. We have business partners who may occasionally offer services through features or websites that can be accessed from our Site. Personal Data you provide to these partners will be their responsibility and subject to their own data processing practices.

4.6.Processing by third parties under our guidelines.If third-party companies process any Personal Data we collect on our behalf, they will be required to comply with the conditions stipulated herein and information security standards.

4.7. Communication via email. To optimize and improve our communication, when we send you an email we can send you a notification when it is opened, provided this feature is available. It's important to note that emails are only sent from the domain “@hotelareiasbelas.com.br”.

5. HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY LOGO

5.1. The Personal Data collected and the activity logs are stored in a secure and controlled environment for a minimum period as per the table below:

5.2 Longer storage periods. For auditing, security, fraud control, credit protection, and preservation of rights purposes, we may retain the registration history of your Personal Data for a longer period in cases where the law or regulatory standard so establishes, or for the preservation of rights.

6. YOUR RIGHTS

6.1. Your basic rights. You may request confirmation of the existence, display, limitation, or objection to the processing of Personal Data, as well as revoke your consent, through our Customer Service Channel.

6.1.1.As long as you maintain an active account with us, you can correct your Personal Data directly in the logged-in area of the Site.

6.1.2.If you withdraw your consent for purposes essential to the operation of the Site's services, those services may become unavailable to you.

6.1.3.If you request the deletion of your Personal Data, it may be necessary to retain the Personal Data for a period longer than the deletion request, pursuant to Article 16 of the General Data Protection Law, for (i) compliance with a legal or regulatory obligation, (ii) study by a research body, and (iii) transfer to a third party (respecting the data processing requirements set forth in the same Law). In all cases, this will be done through anonymization of the Personal Data, whenever possible.

6.1.4.Once the retention period and legal requirement have ended, Personal Data will be deleted using secure disposal methods or used in an anonymized form for statistical purposes.

6.1.5. If you have any questions about personal data protection or need any related information, you can contact the Data Protection Officer.

from Hotel Areias Belas via email: lgpd@hotelareiasbelas.com.br

7. GENERAL PROVISIONS

7.1. Change of content and update. You acknowledge our right to change the content of this Policy at any time, as needed or for adaptation and legal compliance with any law or regulation that has equivalent legal force.

7.1.1. If updates are made to this document, you will be notified through the contact channels you provide.

7.2.Inapplicability. If any point of this Policy is deemed unenforceable by a Data Authority or a court, the remaining conditions will remain in full force and effect.

7.3. Electronic CommunicationYou acknowledge that all communication conducted via email (to the address you provided), SMS, instant messaging applications, or any other digital means, is also valid, effective, and sufficient for the dissemination of any matter relating to the services we provide, your Personal Data, as well as the conditions of its provision or any other matter addressed herein, except as otherwise provided in this Policy.

7.4. Customer Service Channels. If you have any questions regarding the provisions of this Privacy Policy, you may contact us through the Customer Service channels listed below:

(i)Contact Us: https://www.hotelareiasbelas.com.br

(ii) Customer Service Center: or reservas@hotelareiasbelas.com.br

(iii) Official Social Media: @hotelareiasbelas

7.5. Applicable law and jurisdiction. This Policy shall be interpreted in accordance with Brazilian law, in the Portuguese language, and the court of your domicile shall be chosen to resolve any controversy involving this document, unless otherwise specifically provided for by applicable law regarding personal, territorial or functional jurisdiction.

7.5.1. If you are not domiciled in Brazil, and because the services offered by Hotel Areias Belas are only provided within the national territory, you agree to be subject to Brazilian law, therefore agreeing that in the event of a dispute, the action must be filed in the Court of the District of Recife.

8. GLOSSARY

8.1. For the purposes of this Policy, the following definitions and descriptions should be considered for a better understanding:

(iv) Anonymization: The use of reasonable and available technical means at the time of processing, through which data loses the possibility of direct or indirect association with an individual.

(v) Cloud Computing: Or cloud computing, is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g., the Internet), with the goal of reducing costs and increasing the availability of the supported services.

(vi) Account Number: Credentials required to use or access the exclusive features of the Site.

(vii) Cookies: Small files sent by the Site, saved on your devices, that store preferences and a few other pieces of information, in order to personalize your browsing experience according to your profile.

(viii) Personal Data: Data relating to an identified or identifiable natural person.

(ix) Session ID: Identifies a user's session when accessing Our Environments.

(x) IP: Abbreviation for Internet Protocol. It is an alphanumeric code that identifies users' devices on the Internet;

(xi) Logs: Records of the activities of any users who use the Site;

(xii) Processing: Any operation performed with Personal Data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.