Privacy Policy
Private Policy Private policy and data treatment of Ameris Independent Hotel Chain LTDA Corporate Name: AMERIS – REDE DE HOTÉIS INDEPENDENTES LTDA.
Address: SRTVS, Quadra 701 Bloco O, nº 110, salas 629 a 634, Edifício MultiEmpresarial, Asa Sul, Brasília – DF, Cep: 70.340-000
CNPJ: 30.249.497/0001-47
Through this Policy, the Ameris website program demonstrates its commitment to privacy and the protection of Personal Data, as well as establishing, in a clear and transparent way, the rules regarding the Processing of Personal Data of Users of the website www.amerishoteis.com.br (“Ameris Hotels website” or “website”), in accordance with current legislation.
As a condition of accessing and using the website, the User declares that they have read this Policy in its entirety and with attention, fully acknowledging it, and confirming their free and express agreement with the terms stipulated herein, including the collection of the Data mentioned herein, as well as its use for the purposes specified below. If the User does not agree with the provisions of this Policy, they must discontinue their access or use of the website.
This Policy applies to all services provided by the Ameris Hotels website, with specific terms for certain products, which will be communicated to the User in due course. 1. Data that the Ameris website collect from the user
1.1. Users of the website may access it for various purposes, whether to join the program, make reservations, or obtain information about services provided by the Ameris website.
1.2. During this usage, the Ameris website may collect User Data when it is submitted or when the user interacts in the manner mentioned above:
1.3. Whenever the User actively chooses to formalize the reservation, the information will be transmitted in its entirety to the chosen establishment, and it will no longer be possible for the Ameris website to delete their personal data held by the recipient hotel.
1.4. Necessary data. Our services directly depend on certain data provided in the table above, especially registration data. If the User chooses not to provide some of this data, we may be unable to provide our services fully or partially.
1.5. Data Update and Accuracy. The User is solely responsible for the accuracy and truthfulness of the provided data or for its lack of updating. It is the User’s responsibility to ensure the data is updated and accurate.
1.5.1. Similarly, the Ameris website is not obligated to process or handle any of your Data if there are reasons to believe that such processing or handling may subject us to any violation of any applicable law, or if the User is using the website for any illegal, unlawful, or immoral purposes.
1.6. Database. The database formed through the collection of Data is owned by the Ameris Hotels website and is under our responsibility, and its use, access, and sharing, when necessary, will be carried out within the limits and purposes of the business described in this Policy.
2. What are the user’s rights and how to exercise them
2.1. Basic User Rights. The User may request confirmation of the existence of Personal Data processing, as well as the display of their Personal Data, by contacting the Data Protection Officer.
2.1.2. As long as the User maintains interest in keeping their data in our database, the correction of their Personal Data should be carried out by contacting the Data Protection Officer.
2.2. Limitation, opposition, and deletion of data. By contacting the Data Protection Officer, the User may also request:
-
Express their opposition and/or revoke consent regarding the use of their Personal Data; or
-
Request the deletion of their Personal Data collected by the Ameris website.
2.2.1. If the User withdraws their consent for fundamental purposes to the proper functioning of the website and formalization of reservations, the services will become unavailable, including the points they have accumulated within the program.
2.2.2. If the User requests the deletion of their Personal Data, in which case they will immediately lose access to the services of the Ameris Hotels website, it may occur that the Data needs to be retained for a period longer than the deletion request, in the terms of the Article 16 of the General Data Protection Law, for (i) compliance with legal or regulatory obligations, (ii) research by a research institution, and (iii) transfer to a third party (subject to the data processing requirements set forth in the same Law). In all cases, provided that the Personal Data is anonymized, if possible.
2.2.3. Once the maintenance period and legal necessity have expired, Personal Data will be deleted using secure disposal methods or used in anonymized form for statistical purposes.
3. Sharing of data and personal information
3.1. Scenarios for sharing data. In addition to sharing with hotels, the collected Data and recorded activities may be shared:
I. With credit consulting companies.
II. Service providers of the Ameris website.
III. With competent judicial, administrative, or governmental authorities, whenever there is a legal determination, requirement, request, or court order; and
IV. Automatically, in case of corporate transactions, such as merger, acquisition, and incorporation.
3.2. Data anonymization. For the purposes of market intelligence research, data disclosure to the press, and advertising, the data provided by the User will be shared in anonymized form, that is, in a way that does not allow their identification.
4. Data protection
4.1. Password sharing. The User is also responsible for the confidentiality of their Personal Data and must always be aware that sharing passwords and access logins violates this Policy and compromises the security of their Data and the website.
4.2. Precautions Users Should Take. It is crucial for the User to protect their data against unauthorized access to their computer, account, or password, and to always ensure to click on “log out” when ending their browsing on a shared computer. It is also important for the User to know that the Ameris website will never send electronic messages requesting data confirmation or with attachments that can be executed (extensions: .exe, .com, among others), or links for potential downloads.
4.3. Access to Personal Data, Proportionality, and Relevance. Internally, the Personal Data collected are accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy in accordance with this Policy.
4.4. External Links. When the User uses the website, they may be directed, via a link, to other portals or platforms that may collect their information and have their own Data Processing Policy.
4.4.1. It is the User’s responsibility to read the Privacy and Data Processing Policies of such third-party portals or platforms and, it is their responsibility to accept or reject them. The Ameris website is not responsible for the Privacy and Data Processing Policies of third parties nor for the content of any websites, content, or services linked to environments other than our own.
4.4.2. Partner Services. The Ameris website has commercial partners who may occasionally offer services through features or websites that can be accessed from the Ameris Hotels website. The Data provided by the User to these partners will be their responsibility, and thus subject to their own data collection and usage practices.
4.5. Third-Party Processing under Ameris Website Directive. If third-party companies carry out, on behalf of the Ameris Hotels website, the processing of any Personal Data we collect, they will respect the conditions stipulated here and the information security standards, mandatorily.
4.6. Email Communication. To optimize and enhance communication, when the Ameris website sends an email to the User, it’s possible that the Ameris website program receives a notification when they are opened, provided this functionality is available. It’s important for the User to be aware that emails are sent only from the domain(s): @amerishoteis.com.br.
5. How the Ameris website program stores personal data and activity registers
5.1. The personal data collected and activity registers are stored in a secure and controlled environment for a minimum period following the provisions of the General Data Protection Law.
5.2. Extended storage periods. For audit, security, fraud control, credit protection, and preservation of rights purposes, the Ameris website may retain the user data record history for a longer period in cases where the law or regulatory norm so establishes or for the preservation of rights.
5.3. The collected data will be stored on servers located in Brazil, as well as in cloud environment or servers.
6. General Information
6.1. Change of content and updates. The User acknowledges the right of the Ameris Hotels website to change the content of this Policy at any time, according to its purpose or necessity, as well as for legal compliance with laws or regulations of equivalent legal force, and it is the User’s responsibility to check it whenever accessing the website or using our services.
6.1.1. In case updates are made to this document that require new consent collection, the User will be notified via their email address and/or their first access on the platform (website or app) after the change.
6.2. Inapplicability. If any point of this Policy is deemed inapplicable by a Data Authority or judicial entity, the remaining conditions shall remain in full force and effect.
6.3. Electronic Communication. The User acknowledges that all communication made via email (provided in the registration), SMS, instant messaging applications, or any other digital form, are also valid, effective, and sufficient for the disclosure of any matter related to the services provided by the Ameris website, the Data, as well as the conditions of their provision or any other matter addressed therein, with the exception of what this Policy provides otherwise.
6.4. Contact Channels. In case of any doubt regarding the provisions of this Privacy and Data Processing Policy, the User may contact via email: encarregadodados@amerishoteis.com.br
6.5. Applicable law and jurisdiction. This Policy shall be interpreted according to Brazilian legislation, in the Portuguese language, with the forum of your domicile elected to settle any controversy involving this document, except for specific personal, territorial, or functional competence by applicable law.
7. Data Protection Officer. The Data Protection Officer of the Ameris website currently is Paulo Silva, and you can contact him at any time via email: encarregadodados@amerishoteis.com.br
Definitions
For the purposes of this Policy, the following definitions and descriptions should be considered for better understanding:
I. Data: Any information entered, processed, or transmitted through the website.
II. Personal Data: Data related to an identified or identifiable natural person.
III. Anonymization: Use of reasonable and available technical means at the time of Processing, through which data loses the possibility of direct or indirect association with an individual.
IV. Data Protection Officer: Person appointed by the Ameris website to act as a communication channel between the data controller, data subjects, and the National Data Protection Authority (ANPD).
V. Cloud Computing: It is a virtualization technology of services built from the interconnection of more than one server through a common information network (e.g., the Internet), with the aim of reducing costs and increasing the availability of sustained services.
VI. Website: Refers to the electronic address www.amerishoteis.com.br and its subdomains.
VII. Access Account: Credential necessary to use or access the exclusive features of the website.
VIII. Cookies: Small files sent by the website, saved on the User’s devices, which store preferences and few other pieces of information, with the purpose of customizing their browsing according to the User’s profile.
IX. IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies the Users’ devices on the Internet.
X. Logs: Records of activities of any Users who use the website.
XI. ID Session: Identification of Users’ sessions when accessing the website.
XII. Processing: Any operation performed with Personal Data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, or control of information, modification, communication, transfer, dissemination, or extraction.
Brasília, March 18th, 2022.
Cookies Policy of Ameris Hotels website
This Cookies Policy is a complementary document to the Privacy Policy of the Ameris Hotels website. Here, you will find objective and clear information about what Cookies are, which Cookies we use in our applications, what role they play, and how to configure them.
1.1. What are Cookies:
Cookies are small text files or pieces of information that are downloaded to your computer, smartphone, or any other device with internet access when you visit our website.
They contain information about your browsing on our pages and only retain information related to your preferences. This way, this page can store and retrieve data about your browsing habits to improve the user experience, for example. It is important to emphasize that they do not contain specific personal information, such as sensitive or banking data.
Your browser stores cookies on the hard drive, but they occupy minimal memory space, which does not affect the performance of your computer. Most of the information is deleted as soon as the session ends, as you will see in the next topic.
1.2. Types of Cookies used on the Ameris Hotels website:
Strictly Necessary Cookies: These are cookies necessary for the functioning of the website. They enable security, management, and accessibility functionalities.
User registration data
Authentication token (required for user validation with the API)
Other data indicating the user’s status on the website, such as whether they are active and if they have made any destination requests.
1.3. Security & Hosting
1.4.1. Listing of security mechanisms and procedures adopted:
Hosted with Amazon Relational Database Service (RDS).
MySQL database with a high level of security provided by Amazon.
We use parameterized SQL queries to prevent attacks.
We always keep all systems updated as suggested by Amazon.
We utilize Key Management Service (KMS) and data encryption in transit using SSL.
We adhere to the principle of least privilege for all our systems.
Regular test backups with automated restoration and testing.
We conduct periodic vulnerability and security tests.
1.4. Cookie Management
The installation of cookies is subject to your consent. Although most browsers are initially set to accept cookies automatically, you can review your permissions at any time to block, accept, or enable notifications for when some cookies are sent to your device.
Currently, the first time you access our applications, your agreement to the installation of these cookies will be requested. Only after your acceptance will they be activated.
To do so, we use a system of (information banner or another mechanism that alerts and requests consent) on the homepage. This way, we not only request your agreement but also inform that continued browsing on our sites will be understood as consent.
As mentioned, you can, at any time and at no cost, change permissions, block, or refuse cookies. You can also configure them on a case-by-case basis. However, revoking consent for certain cookies may impair the correct functioning of some site features.
1.5. Final Provisions
For Ameris website, privacy and trust are fundamental to our relationship with you. We are always updating ourselves to maintain the highest security standards.
Therefore, we reserve the right to change this Cookies Policy at any time. The changes will take effect immediately upon publication, and you will be notified.
If you have any questions about this Cookies Policy, please contact us via the following means: encarregadodados@amerishoteis.com.br.
Brasília, March 18th, 2022.