1. general information
This Privacy Policy contains information on the collection, use, storage and other activities for processing and protecting the personal data of Users of our Group's institutional website (https://beachpark.com.br), belonging to Beach Park Hotéis e Turismo, CNPJ:11.805.397/0001-05, with the aim of demonstrating absolute transparency on the subject and clarifying to all interested parties the types of data that are collected, the reasons for collection and how Users can manage or delete their personal information.
By using our services, data subjects understand that we will collect and use their personal information in the ways described in this Policy, in compliance with the Data Protection rules (Federal Law no. 13.709/2018 - General Data Protection Law) and other applicable rules of the Brazilian legal system,This document was prepared in accordance with Federal Law no. 13.709/2018 - General Personal Data Protection Law and will be updated as a result of any regulatory updates.
This Privacy Policy should be considered as complementary to the Terms of Use of the https://beachpark.com.br/ website.
For the purposes of this Privacy Policy, personal data means any data relating to an identified or identifiable natural person and Users means any visitor who accesses the website and/or uses its functionalities.
2. How We Collect Your Personal Data
The User's personal data is collected by filling in the online form at the URL https://beachpark.com.br/, when purchasing a ticket to the water park, booking accommodation, online experience products, via e-mail, via the chat on the website, automatically by observing the holder's habits and via cookies.
3. What User Personal Data do we collect?
The personal data collected is as follows:
a) Data that the User provides us with, via the online form at the URL https://beachpark.com.br/, at the time of purchasing a ticket to the water park, booking accommodation and online experience products, via e-mail and chat on the website: data for making the purchase (e-mail, full name, CPF, telephone number with area code, date of birth and zip code) and data relating to payment (credit card details and CPF of the card holder).
b) Data that we collect automatically: browsing data, i.e. data on how the User uses and interacts with our products, which may include the dates on which the User purchased the products and their browsing activities.
4. Cookies and Tracking Technologies
We use cookies to optimize and analyze our website traffic. The main purpose of our cookies is to improve the search experience, such as remembering your preferences, during future visits.
A cookie is a small information file that is sent to the User's browser and stored in the browser or on the computer's hard disk. Cookies do not damage the computer.
The information collected by cookies also helps us to improve our Functionality, estimating usage numbers and patterns, compatibility with User interests, quick searches, etc.
5. For What Purpose We Use Your Personal Data
The purpose of the personal data collected is:
a) Creation of a user to give access to sites for buying and booking accommodation and tickets;
b) Identification of the user who made the payment on the shopping sites;
c) Updating buyers' registration data;
d) Promotional offers - Promote discounts and purchase conditions to buyers and potential customers via e-mail and mobile SMS;
e) Offer targeted advertising - Promote Beach Park to potential buyers by identifying cookies in advertising tools such as Facebook, Instagram and Google;
f) Answering questions from the User;
g) Sending communications, notifications and content via SMS, WhatsApp and e-mail about launches, events and promotions at Beach Park Group establishments.
6. How we process your data
Your data may be processed in the situations described below, in accordance with the law:
a) Compliance with a legal or regulatory obligation;
b) Consent - The purposes of the use of your data will be specific and highlighted in your consent, and you can choose whether or not to accept the processing of the data as indicated.
c) Legitimate interest in promoting the Beach Park Group's activities or in corporate audits and investigations supported by law or regulation. Sensitive personal data will not be processed in accordance with this legal basis.
d) When necessary for the performance of a contract or preliminary procedures relating to a contract to which the data subject is a party, at the request of the data subject;
e) For the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter under the terms of Law No. 9.307, of September 23, 1996 (Arbitration Law).
f) For credit protection, including the provisions of the relevant legislation. Sensitive personal data will not be processed in accordance with this legal basis.
7. How Long Is Personal Data Stored?
We store your data on our servers located in Brazil, as well as in a resource-intensive environment or on servers in the cloud (cloud computing) and we keep your information:
a) In general, the data will be kept for as long as the contractual relationship between the data subject and the undertakings managed by the Beach Park Group continues;
b) For the time required by law;
c) Until the end of the processing of personal data.
We will therefore process your data, for example, during the applicable limitation periods or for as long as necessary to comply with a legal or regulatory obligation. The processing of personal data will cease in the following cases:
When the purpose for which the personal data was collected has been achieved, and/or the personal data collected is no longer necessary or relevant to the achievement of that purpose;
When the data processing period ends;
c) When the Data Subject requests the deletion of their data, respecting the rights of third parties;
d) When there is a legal requirement to do so.
The length of time personal data is stored may be reduced if the data subject requests the deletion of their data, provided that such action does not infringe the rights of the Beach Park Group or third parties or that the retention of the data is not expressly required or authorized by law or applicable regulation. In the latter case, personal data should only be deleted after the legally authorized/required period has expired.
In the event that the processing of personal data is terminated, except in the cases established by the applicable legislation or by this Policy, the personal data will be deleted using secure disposal methods, and this Policy will no longer be applicable to the User.
8. Security of Stored Personal Data
We undertake to apply technical and administrative measures to protect personal data from unauthorized access and from situations of destruction, loss, alteration, communication or dissemination of such data.
Among the measures we have adopted, we highlight the following:
a) Only authorized persons have access to your personal data.
b) Your personal data will only be accessed after you have given an undertaking of confidentiality.
c) Your personal data is stored in a secure and reliable environment.
The personal data stored is treated confidentially, within legal limits. Personal information may be disclosed in the event of a legal obligation.
In the event of security incidents that may generate significant risk or damage to any user, we will notify those affected and the National Data Protection Authority of the incident, in accordance with the provisions of the General Personal Data Protection Act.
9. Data Sharing
We do not trade, rent or use the personal data of its users as a bargaining chip in commercial operations. We may share data with other sectors and other companies in the Beach Park Group. By accessing this site, you agree to the sharing of your personal data between companies in our economic group, including those that may be formed or resulting from any corporate transactions.
We may also share your Personal Data when we believe, in good faith, that we have an obligation to: (i) comply with any law, regulation or court order; (ii) respond to duly authorized requests for information from regulatory and law enforcement agencies and other public authorities, including in cases associated with security threats; (iii) enforce and/or protect our rights and property, including to investigate fraud and help prevent security threats, or other criminal or malicious activities; (iv) protect the legitimate interests of third parties, including the personal safety of our company's employees; or (v) comply with other hypotheses provided for by applicable law.
We may decide to sell, buy, merge or reorganize our business. In such cases, we may share or transfer your Personal Data with/to the interested parties or buyers.
10. Third Party Services and Applications
This Privacy Policy does not apply to third-party websites, products, services, websites or social media resources, which may be accessed through links that we provide for your convenience and information. Accessing these links will cause you to leave our environment and may result in third parties collecting or sharing information about you. We do not control, endorse or make any representations about these third-party sites or their privacy practices, which may differ from ours. We encourage you to review the privacy policy of any website with which you interact before permitting the collection and use of your personal data.
11. Child and Adolescent Data
We do not intentionally collect information from children and adolescents, as defined by Brazilian law. Users under the age of eighteen (18) should not publish or provide personal data to our site without the consent of their parents or legal guardians.
We recommend that Users supervise their children's online activities and consider using available control tools that help provide a suitable Internet environment for children and adolescents.
12. Advertising and Marketing
We may collect, process and use your personal and sensitive personal data for advertising or market research purposes and, in particular, to improve the products and services offered by our company. We may collect, classify and use your personal data, together with that of other customers, in order to improve our services, website and advertisements. We may also allow third parties, such as analytics companies, advertisers and ad networks, to automatically collect information about you through our websites using cookies, web beacons and device identifiers, including personal data about your online activities over time and across different websites, devices, online channels and applications when you use our website. Among other things, this may allow targeted advertising from us or third parties to be shown to you when you are visiting other websites, for example advertising relevant to your age group, your location or for products that you have looked at, recommended, bought or sold (this is known as remarketing, retargeting or behavioral advertising).
13. International Transfer of Personal Data
Your personal data may be transferred to and processed in countries other than the country in which you reside. However, this will only occur in cases where these countries provide a level of personal data protection that is adequate to that provided for in the LGPD. To this end, we have taken security measures to require that your personal data remains protected in accordance with this Privacy Policy. This includes implementing standard contractual clauses for transfers of personal data between our companies. We will also implement similar safeguards with our third-party service providers and partners.
14. Rights of the Holder
Data subjects have certain rights with regard to their personal data and can exercise them by contacting us at dpo@beachpark.com.br.
Confirmation that personal data is being processed;
Access to personal data, under the terms of the applicable legislation;
Correction of incomplete, inaccurate or outdated data;
Data portability;
Deletion of data when it is processed on the basis of the data subject's consent or when the data is unnecessary, excessive or processed in breach of applicable legislation;
Requesting information on the shared use of data. Please note that this Privacy Policy describes Beach Park's personal data sharing activities. To receive more information about how we share your data, please contact us;
Revocation of consent, where applicable;
For security reasons, we can only fulfill your request if we are certain of your identity. Therefore, we may request additional data or information to confirm the identity and authenticity of the Data Subject.
We have a Data Clerk:
Identification: Gaya Advocacia Empresarial (CNPJ No. 44.569.493/0001-50);
Contact: dpo@beachpark.com.br.
15. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy. Therefore, it is recommended that the User reviews it frequently.
Changes and clarifications will take effect immediately after publication. The most up-to-date version of this Policy will be available on the website, and Users should consult it frequently to check the new terms.
By using any service or providing personal information after any modifications, the User demonstrates their agreement with the new rules.
Version updated on 5/6/2023.