book now

Privacy and Data Policy

1. Context
1.1. This Privacy Policy sets out the terms under which Continental Hotels collects and processes personal data from its customers, both through websites and social media, and directly at the group's hotels and restaurants.
1.2. The protection of personal data and the privacy of our customers and workers is an essential commitment in the context of the digital economy in which we live.
1.3. In fact, we face daily an increasing dependence on technology and the intensification of online interactions, aspects that make the implementation of best security and transparency practices indispensable, ensuring that the fundamental rights of privacy are respected.
1.4. This commitment is central to the trust we establish with our customers and employees.
1.5. On the other hand, privacy and the protection of personal data assume special relevance for Continental Hotels, considering that this hotel group represents brands from international hotel groups.
1.6. Thus, this commitment reflects the respect for global privacy standards and the adoption of practices aligned with the best international guidelines, ensuring the trust of customers and partners, from different markets and in different geographies.
1.7. The processing of the personal data you provide to us implies the knowledge and acceptance of the conditions contained in this Privacy Policy.
1.8. The rules defined herein apply to all hotels managed and operated under the Continental Hotels brand, including their respective food and beverage establishments.
1.9. To learn more about the Continental Hotels universe, visit www.continentalhotels.eu
2. Who is responsible for the collection and processing of data?
2.1. According to Article 4 of the General Data Protection Regulation (GDPR), the data controller is the entity that determines the purposes and means of processing personal data.
2.2. Thus, the entities responsible for processing your personal data, from the Continental Hotels group, are:
• Continoteis – Hotelaria e Turismo, Lda. – NIF 501639144 – Rua Laura Alves, nº 9, 1050-138 Lisboa
• Gitel – Gestão e Hotelaria, Lda. – NIF 501989544 – Rua Laura Alves, nº 9, 1050-138 Lisboa
• Continental - Investimentos Imobiliários SA. – NIF 500334811 – Rua Laura Alves, nº 9, 1050-138 Lisboa
• Morlaix de Portugal - Investimentos Hoteleiros e Turísticos SA. – NIF 502166894 – Rua Laura Alves, nº 9, 1050-138 Lisboa
• Espaçoteis - Imobiliários Turísticos SA. – NIF 501891498 – Rua Laura Alves, nº 9, 1050-138 Lisboa
• Eurocolace - Investimentos Imobiliários SA. – NIF 501936130 – Rua Rodrigo da Fonseca, nº 44, 1250-193 Lisboa
• Casa de Santo António, Lda. – NIF 500058229 – Rua Duque de Palmela, nº 34, 1250-098 Lisboa
• Buckingham Morlaix Hotéis SA. – NIF 512072957 – Rua Laura Alves, nº 9, 1050-138 Lisboa
• Xiratour - Hotelaria e Turismo SA. – 502364688 – Avenida Barranco de Cegos, nº 22, 2600-214 Vila Franca de Xira
• Ermida & Ca Lda. – 500098786 – Praça da Batalha, 127-128, 4000-102 Porto • Continental Hotels Hispania, SL – NIE B62345616 – Calle Pallars, 203 – 08005 Barcelona, Spain
2.3. For methodological reasons, the entities responsible for the collection and processing of personal data will hereafter be generally referred to as Continental Hotels.
2.4. Continental Hotels may, within the scope of its activity, resort to entities subcontracted by it to pursue the purposes that its commercial activity implies.
2.5. Data Controller Obligations: the indicated entities are qualified as data controllers, in accordance with the GDPR, and commit to comply with the obligations defined therein, including the implementation of appropriate technical and organizational measures to protect personal data, ensure transparency in processing and ensure compliance with the principles set out in Article 5 of the GDPR.
3. What is personal data?
3.1. Personal data is any information, regardless of its nature and its support, including sound and image, relating to an identified or identifiable person.
3.2. A person who can be identified directly or indirectly, namely by reference to an identification number or to one or more specific elements of their physical, physiological, mental, economic, cultural, or social identity, is considered identifiable.
3.3. The concept of personal data, defined in Article 4 of the GDPR, is fundamental to understanding its relevance in the digital economy, primarily due to its extensive scope.
3.4. In a context where personal data is a currency for digital services, it is essential to ensure that it is handled with respect for the fundamental rights of the data subjects and in respect of Human Dignity.
4. What personal data is collected and processed?
4.1. Continental Hotels collects and processes, among others, the following personal data:
• For registration and booking management: name, email address, phone number, country, city, address, payment methods, and booking details;
• For contact management: name, email address, phone number, country, city, address;
• For newsletter management and distribution: name and email address;
• For website management: IP address, operating system, browser used, and other technical information.
4.2. For the purposes of this policy and with respect to the data processing mentioned herein, Continental Hotels assumes that such data was provided by the data subject or that the data subject has given authorization for this purpose and presumes that they are true and updated.
5. How is your data collected?
5.1. Personal data may be collected through the following means:
• Email
• Website
• Phone calls
• In person
5.2. The data collected is processed and stored electronically and in strict compliance with personal data protection legislation, being stored in specific databases created for this purpose by Continental Hotels or by entities subcontracted by it.
5.3. Compliance with Information Duties: whenever data is collected, Continental Hotels ensures that data subjects receive clear and complete information, in accordance with the provisions of Articles 13 and 14 of the GDPR, including information on the purpose of data processing, the respective grounds for lawfulness, the rights of data subjects, and the contacts of the Data Protection Officer.
6. What are the purposes and legal grounds for processing your data?
6.1. In accordance with the legal requirements arising from the GDPR, Continental Hotels processes your personal data for specific purposes and when it has a legal basis to do so.
6.2. Continental Hotels uses your data, namely, for the following purposes and based on the following legal grounds:
• Contract execution:
- Booking and stay management
- Preference registration (room, mobility, newspapers/magazines)
- Registration of additional services (gym, parking)
Legal Basis: Article 6(1)(b) of the GDPR (performance of a contract).
• Consent:
- Sending newsletters and marketing campaigns to non-customers
- Conducting advertising campaigns
- Image of workers
Legal Basis: Article 6(1)(a) of the GDPR (consent of the data subject).
• Legal obligations:
- Keeping accounting records
- Reporting foreigners, in Portugal, to UCFE (Unidade de Coordenação de Estrangeiros e Fronteiras), in Spain to_______________________
Legal Basis: Article 6(1)(c) of the GDPR (compliance with a legal obligation).
• Legitimate interest:
- Conducting market research
- Service satisfaction surveys
Legal Basis: Article 6(1)(f) of the GDPR (legitimate interest of the data controller).
7. With whom is your data shared?
7.1. The data collected and held by Continental Hotels may be transmitted, with respect for the duty of confidentiality and in compliance with GDPR requirements, to:
• Entities of the Continental Hotels group;
• International hotel groups that own the brands managed by Continental Hotels;
• Judicial or administrative authorities, when required by law;
• Subcontractors hired to provide services.
7.2. The subcontractors selected by Continental Hotels comply with GDPR requirements, namely under Article 28, through contracts that stipulate confidentiality obligations, security measures, and the restricted use of data according to the instructions of Continental Hotels.
7.3. It is ensured that subcontractors adopt appropriate technical and organizational measures to protect personal data and do not use the data for purposes other than those indicated by Continental Hotels.
8. What are your rights?
8.1. Under the GDPR, the data subject has the following rights:
• Right of access: by which the data subject can obtain confirmation about the processing of their data (Article 15 of the GDPR).
• Right to rectification: by which the data subject can correct incorrect or incomplete data (Article 16 of the GDPR).
• Right to erasure: by which the data subject can request the deletion of their personal data, except when its retention is required by law, or the data controller has a legitimate interest in retaining it (Article 17 of the GDPR).
• Right to data portability: receive your data in a structured format and transfer it to another data controller (Article 20 of the GDPR).
• Right to object: refuse the processing of your data for certain purposes (Article 21 of the GDPR).
• Right to restriction of processing: request the temporary or permanent limitation of the processing of your data under certain conditions (Article 18 of the GDPR).
8.2. Compliance with the GDPR: the response to the exercise of rights will be given under the terms of Article 12 of the GDPR, within a maximum period of 30 days, generally free of charge, except for exceptions specified in the regulation.
8.3. Internal Procedures: Continental Hotels has implemented internal procedures to ensure compliance with legal obligations associated with the exercise of data subjects' rights.
8.4. Automated Decision-Making: Continental Hotels does not process data based on automated individual decisions or profile building, under the terms of Article 22 of the GDPR.
8.5. To exercise any of these rights, you can contact the Data Protection Officer (DPO) of Continental Hotels:

In Portugal
Email: RGPD@continentalhotels.eu
Address: Rua Laura Alves, nº 9, 1069-169 Lisboa, Portugal
• In Spain Email: RGPDCHH@continentalhotels.eu Address: Calle Pallars, 203, 8005 Barcelona, Spain
9. Data Protection Officer (DPO)
9.1. Continental Hotels has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the GDPR and ensuring the protection of personal data of customers and employees.
9.2. The DPO acts as a point of contact for any questions related to privacy and data protection.
9.3. Impact of the DPO appointment:
• Higher level of protection and security for personal data.
• Higher level of compliance with the GDPR.
• Greater transparency in the processing of personal data.
• Efficient response to requests and complaints from data subjects.
• Adoption of proactive measures to minimize privacy-related risks.
• Continuous monitoring of GDPR compliance practices.
9.4. To contact the DPO, use the email address or the postal address mentioned in the previous section.
10. Principles of personal data processing
10.1. Continental Hotels commits to fully respect the principles established in the GDPR, ensuring their application throughout the entire lifecycle of personal data (collection, use, organization, storage, transmission, deletion).
10.2. These principles include:
• Lawfulness, fairness, and transparency: data is processed lawfully, fairly, and transparently to the data subject;
• Purpose limitation: data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those original purposes;
• Data minimization: only data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed is collected;
• Accuracy: data is kept accurate and up to date, and measures are taken to ensure that inaccurate data is erased or rectified without delay;
• Storage limitation: data is kept only for the period necessary for the purposes for which it is processed, in accordance with legal time limits, or due to the legitimate interests of the data controller;
• Integrity and confidentiality: data is processed in a manner that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical or organizational measures;
• Accountability: Continental Hotels commits to demonstrate compliance with the principles described above, as well as with other GDPR standards and requirements.
11. Security measures
11.1. Continental Hotels adopts robust technical and organizational measures to protect personal data, including:
• Encryption: data is protected by adequate encryption mechanisms to prevent unauthorized access;
• Access controls: access to data is restricted based on access profiles;
• Audits: regular audits are conducted to identify vulnerabilities and ensure compliance;
• Pseudonymization and Anonymization: masking techniques are used to protect sensitive information whenever applicable;
• Training: employees receive regular training on security, privacy practices, and data protection.
11.2. Continental Hotels regularly evaluates the technical and organizational measures it implements to ensure their suitability for the risks involved.
12. International Data Transfers
12.1. Continental Hotels does not carry out international transfers of personal data, except those resulting from reservation requests made by the customers themselves, and only if such transfers are necessary for the execution of the agreed services.
12.2. Whenever personal data is transferred outside the European Economic Area, Continental Hotels will ensure that it is protected in accordance with GDPR requirements, namely through Standard Contractual Clauses.
13. Changes to the Privacy Policy
13.1. Continental Hotels reserves the right to change this Privacy Policy.
13.2. Any changes will be published on the official website.

We use first-party and third-party cookies for analytical purposes and to show you advertising related to your preferences, based on your browsing habits and profile. You can configure or block cookies by clicking on “Cookies settings”. You can also accept all cookies by clicking on “Accept all cookies”. For more information, please consult our Cookie Policy.

Cookies Settings:

Cookies and other similar technologies are an essential part of how our Platform works. The main goal of cookies is to make your browsing experience easier and more efficient and to improve our services and the Platform itself. Likewise, we use cookies to show you targeted advertising when you visit third-party websites and apps. Here, you will find all the information on the cookies we use. Furthermore, you will be able to activate and/or deactivate them according to your preferences, except for any cookies that are strictly necessary for the functioning of the Platform. Keep in mind that blocking certain cookies may affect your experience on the Platform, as well as its functioning. By clicking “Confirm preferences”, the cookies selection you have made will be saved. If you have not selected any options, clicking this button will be the same as blocking all cookies. For more information, please consult our Cookie Policy.

These cookies are necessary for the correct functioning of the Platform, and they cannot be deactivated on our systems. Generally speaking, they are configured to respond to actions made by you when requesting services, such as adjusting your privacy preferences, logging in to your account or filling out forms. You can configure your browser to block these cookies or alert you when they are present; however, some parts of the platform will not work without them.

Cookies List:

Name Provider Purpose Expiry
PHPSESSID Guestcentric Used to manage user sessions Session

These cookies allow us to count the number of visits and sources of traffic in order to measure and improve the performance of our Platform. They help us to know which pages are the most and least popular, and how many people visit the website. If you do not allow these cookies, we will not know when you visited our Platform.

Cookies List:

Name Provider Purpose Expiry
_ga Google Used to distinguish users 2 years
_gid Google Used to distinguish users 24 hours
_gat_gcTracker Google Throttle Request Rate 1 minute

These cookies enhance the functionality and personalisation of the Platform. They can be put in place by us or by third parties whose services we have incorporated into our pages. If you do not allow these cookies, some of our services will not function properly.

Cookies List:

Name Provider Purpose Expiry
GCShoppingActivations_<GCID>_BEST_RATE_GUARANTEED Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>_LAST_RESERVATION Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>_LAST_RESERVATIONS Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>_LAST_WEEK_STAYS Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>TODAY_BEST_OFFER Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingVisits_<GCID> Guestcentric Count visits to control popup display 1 Month
GCShoppingRecovery_<GCID>_EXIT Guestcentric Display shopping recovery 1 Month
Cookies Settings
Accept all Cookies