Privacy Policy
    According to the General Data Protection Regulation (GDPR), “Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Moreover, according to the GDPR, “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    The Privacy Policy (is available on the website applicable to the hotel units of the RR Hotels Group, reflects the commitment to the protection of natural persons with respect to the processing of personal data.

    The entities of the RR Hotels Group are committed to protect the personal data entrusted to them. For this reason, all information of a personal nature is processed and protected with all diligence, always in accordance with the GDPR, in addition to compliance with applicable laws and regulations in Portugal.

    The scope of application of this Policy includes all personal data processing implemented in the entities indicated below and to all the reservation websites of the respective hotel units.

    The RR Hotels Group is composed of the following hotel units and their respective entities controller for data processing:

    • Alvor Baía Resort Hotel and Hotel da Rocha: “KRRK, SA”, fiscal nº 514 287 845, with head office at Av. Comunidades Lusíadas – Edifício Amarilis, Praia da Rocha, 8500-801 Portimão;
    • Club Amarilis: “AMARILIS, SA”, titular do cartão de fiscal nº 504 635 476, with head office at em Av. Comunidades Lusíadas – Edifício Amarilis, Praia da Rocha, 8500-801 Portimão.

    The above entities are controller for data processing, undertake to use only processors entities which provide appropriate guarantees to implement appropriate technical and organizational measures in such a way that the processing of personal data complies with the requirements of the GDPR and ensures protection rights of data subjects.

    The hotel units of RR Hotels Group can collect personal data directly, that is, directly from the data subject, or in other cases, indirectly, that is, through partner entities or third parties. The collection can be done through the following routes:

    • Direct collection: in person, by phone, by e-mail and through the Website;
    • Indirect collection: through partners or companies of RR Hotels Group and official entities.

    The occasions on which personal data may be collected are diverse. These include:
    a) Activities of hotel units (reservation of a room, check-in and payment, consumption in the bar, restaurant and other services, requests, complaints and / or litigation, among others);
    b) Participation in marketing programs or events (“frequent customer” program, customer satisfaction surveys, among others);
    c) Interaction with third parties (tour operators, travel agencies, among others);
    d) Internet interaction (access to hotel websites, online forms, online reservations, among others).

    Personal data is processed legally and only when at least one of the following situations is verified:

    1. Execution of contracts concluded for the provision of services, or in order to take steps at the request of the data subject prior to entering into a contract;
    2. Data necessary for the fulfilment of legal obligations in force, such as the disclosure of data to the Tax Administration or the Serviço de Estrangeiros e Fronteiras (SEF), as well as other authorities;
    3. Obtained consent by signing or accepting a form in digital or paper format, for one or more specific purposes;
    4. Data necessary for the purpose of the legitimate interests pursued by the entities of GRUPO RR Hotels, such as video surveillance, for the protection of persons and property;
    5. Data required for reasons of public interest in the field of public health.

    Whenever a certain processing of personal data is carried out based on the consent of the data subject, the data subject has the right to change / remove his / her consent at any time. However, any change in consent does not compromise the legitimacy of the processing made on the basis of the consent previously expressed.


The following principles applies to the hotel units of RR Hotels Group:

  1. Transparency: when processing personal data, the data subject is informed about the purposes and recipients of the data.
  2. Restriction of purpose: the processing of personal data is carried out only for the purposes mentioned in this Privacy Policy.
  3. Minimisation and accuracy of the data: only the personal data that are necessary for the purposes for which they are processed are collected. Appropriate measures are taken to ensure that the personal data we possess is accurate and up-to-date.
  4. Storage limitation: the storage of personal data is carried out for the period of time necessary for the purposes for which they are processed and in accordance with the provisions laid down by law.
  5. Confidentiality and security: personal data are processed in such a way as to ensure their security, including protection against unauthorized or unlawful treatment and loss, destruction or unforeseen damage, and appropriate technical and organizational measures are taken.
  6. Sharing and international transfer: Personal data may be shared between the entities of the RR Hotels Group or with third parties (as business partners and / or service providers) in accordance with the purposes mentioned in this Privacy Policy. Appropriate measures are taken to ensure security at the time of sharing or transfer of such data.

Personal data will not be used for purposes other than those described in this Policy without this being made known to the data subject or, if applicable, obtained their consent. Nevertheless, in case the data subject requests one of the hotel units of RR Hotels Group to contract services that are provided by other controllers, personal data may be consulted or accessed by those third parties, necessary for the provision of the services requested.

Thus, the purposes may be as follows: a) Management of reservations of rooms and requests for accommodation;
b) Management of stay in the selected hotel;
c) Management of the contractual relationship with the client, before, during and after the stay;
d) Compliance with legislation in force;
e) Continuous improvement of hotel services.

To ensure security of processing, technical and organizational measures are implemented to protect personal data against unauthorized access or disclosure, accidental or unlawful destruction, loss and alteration, in respect of data stored or otherwise processed. On a regular basis, the measures implemented are tested and their efficacy assessed to ensure the security of processing.

There is no provision for the transfer of personal data to third parties established outside the European Union.

The main rights of data subjects, according to the GDPR, are:
a) right of access;
b) right to rectification;
c) right to erasure; d) right to restriction of processing; e) right to data portability;
f) right to object;
g) right to lodge a complaint to the Comissão Nacional de Proteção de Dados (CNPD) or another supervisory authority.

If there is any question regarding our use of your personal data, you should first contact the Data Protection Officer by email at or by letter to the following address: Av. Comunidades Lusíadas – Edifício Amarilis, Praia da Rocha, 8500-801 Portimão.
Alternatively, to exercise your rights, you can request the form created for this purpose through the email address or by letter to the Data Protection Officer, to the following address: Av. Comunidades Lusíadas – Edificio Amarilis, Praia da Rocha, 8500-801 Portimão.

This Policy may be updated periodically. It is suggested regular consultation, especially when a reservation is made in one of our hotels.

Last updated and published on January 27, 2022.