1. Introduction
The aim of this document is to provide a concise policy declaration on data protection obligations that will be implemented in all companies that are part of and make up the West Lake Resort (Priority Goal, S.A, hereinafter the “West Lake Resort”). This policy details the obligations of West Lake Resort in terms of personal data processing, aimed at complying with relevant legal requirements, from the point of view of focusing efforts towards a continually changing reality, so to address the most relevant risks.
2. Grounds
West Lake Resort must comply with data protection principles established in current legislation. This Policy applies to all personal data processing operations, including data collection, processing and storage by all companies of West Lake Resort of personal data belonging to their employees, service providers and clients during the course of their activities.
3. Scope
The Policy covers all personal data, including data regarding special personal data categories, which are processed in relation to the data subjects by West Lake Resort, as the Data Controller or Subcontractor. This Policy also applies to personal data processed manually provided this date is included in a structured file. All personal data related to special personal data categories will be processed with extra care by West Lake Resort. Both categories are equally referred to as “Personal Data” in this Policy, unless stated otherwise.
4. Who processes your data
In the course of their daily activities, West Lake Resort companies may acquire, process and store personal data. According to European and Portuguese data protection legislation, this data must be lawfully, fairly and transparently acquired and managed. West Lake Resort is committed to ensuring that your team is sufficiently aware of data protection laws and practices, in order to be able to anticipate and identify any data protection issues that may arise. Under these circumstances, the team must ensure that the Controller is informed, so that appropriate and necessary corrective actions may be taken, and to protect the rights, freedoms and guarantees of the Data Subjects. West Lake Resort may share Personal Data of their Data Subjects with Processors provided it is necessary for the normal provision of services. Regarding the obligations of West Lake Resort, Processors’ access to Personal Data shared by the West Lake Resort is regulated by the contract made with their Processors. Therefore, West Lake Resort contractually ensures and regularly verifies that Processors are reliable entities that offer appropriate protection guarantees and that no more data is sent to them than is required to provide the contracted service. During the course of their duties as Data Controller, West Lake Resort may also share the Personal Data of their Data Subjects with other Data Controllers so to perform processing operations required for providing the contracted services. Within the scope of the aforementioned joint responsibility, West Lake Resort makes an agreement with the other controller, in which the purposes and responsibilities are clearly identified in compliance with the applicable data protection legislation, ensuring compliance with the Rights and Freedoms of Data Subjects by establishing appropriate communication channels to respond to requests from Data Subjects. Regardless of the existing relationship between personal Data Recipients, West Lake Resort shall outline, by means of a written formal written contract, the personal data obligations, the specific purpose or the purposes of their involvement, and the understanding that they perform data processing operations according to the Portuguese Data Protection Law.
5. Your data may be shared with the following Recipients:
- Providers of digital, technical, and operational support services.
- Entities of West Lake Resort.
- Related entities, or entities the share a common management with West Lake Resort and the B&G Group
- Entities to which companies of West Lake Resort provide services
- Judicial bodies, and bodies of the Criminal Police and Administrative Authorities.
6. What we do with your data:
As Data Controller, West Lake Resort ensures that all Personal Data:
- Is obtained for specific, lawful, and clearly defined purposes. The Data Subject may question the purpose(s) for which West Lake Resort collects and maintains the data, and West Lake Resort must clearly and precisely state what those purposes are.
- Will be compatible with the purposes for which the data was acquired.
- Will be stored with appropriate security measures - implemented or to be implemented - to protect the data against unauthorised access, or against modification, destruction or disclosure of any Personal Data held by West Cliffs Resort as Data Controller.
- Will be stored complete, accurate, and updated as necessary.
- Will be limitedly collected and only stored for the time that is strictly necessary. Excess data will not be collected and/or processed. Thus, West Lake Resort has implemented a procedure to respond to the Data Subjects’ requests in order to efficiently and appropriately manage such requests within the time limits set out in the legislation. West Lake Resort has implemented or is implementing available levels of Personal Data security and protection, as well as technical and organisational measures to protect against the loss, misuse, change, or unauthorised access of Personal Data, as well as against any other form of unlawful processing.
All Employees of West Lake Resort are also subject to confidentiality standards.
7. Purposes and Lawfulness of the Processing Operations:
- Clients: West Lake Resort processes the Personal Data of their Clients to ensure compliance with the service agreement made with the Data Subjects or the Joint Data Controllers (regarding data and Data Subjects they collect, such as counterparts, employees and others). The personal data identified herein, which is subject to processing operations, is required for the execution of a contract or for pre-contractual arrangements or for compliance with legal obligations, or in the case of marketing, the data may fall under consent. Special Category data on Clients, or obtained from Clients, will be subject to appropriate processing operations, insofar as the data is required for important public interest reasons, such as preventing money laundering and financing terrorism. The processing of Personal Data belonging to Clients, or obtained from Clients, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations..
- Employees: West Lake Resort processes the data of their employees to enforce the work contract. The data processed is required to enforce a contract to which the Data Subject is a party, or for the purpose of pre contractual arrangements at the request of the Data Subject. The personal data of employees is also collected and processed for the purpose of complying with legal obligations that the Data Controller is subject to. Operations relating to the processing of Special Category data collected from Employees are required for the purpose of complying with legal obligations and exercising the specific rights of the Data Controller or the Data Subject in terms of labour, social security and social protection law, and also for the purpose of preventive or occupational healthcare, and to assess the employee’s work capacity. The processing of Personal Data belonging to Employees, or obtained from Employees, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.
- Service Providers: West Lake Resort processes the Personal Data of their Service Providers to ensure compliance with the service agreement made with the Data Subjects or the Joint Data Controllers (regarding data and Data Subjects they collect, such as counterparts, employees and others). The Personal Data identified herein, which is subject to processing operations, is required for the execution of a contract or for pre-contractual arrangements or for compliance with legal obligations. Special Category data on Service Providers or obtained from Service Providers will be subject to processing operations, insofar as the data is required to declare, exercise or defend a right in a legal procedure, or if the processing is required for the purpose of complying with obligations and exercising the specific rights of the Data Controller or the Data Subject in terms of labour, social security and social protection law or if the data is of public interest. The processing of Personal Data belonging to Service Providers or obtained from Service Providers, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.
8. Criteria for Calculating Retention Periods:
West Lake Resort will store Personal Data for the period they deem necessary and sufficient for the purposes behind the data collection and processing. The data storage time will vary according to the purpose for which the data is processed and according to legal standards demanding data storage. At the end of this period, the data will be deleted pursuant to the appropriate technical and operational guarantees, as documented in each of the relevant processes.
9. Right of Access and Exercise of Rights:
Data Subjects can exert their rights under the applicable data protection law by writing to the following email address: priority@dataprotection.pt West Lake Resort has also appointed a Data Protection Officer, in accordance with best practices in the field, who can be contacted at the following email address: priority@dataprotection.pt
