Wish Serrano Resort

Privacy Policy

I

ntroduction

This Statement of Privacy and Protection of Personal Data applies only to the company VIAJOW OPERADORA DE TURISMO LTDA, which is a Brazilian organization aware of the importance of privacy and protection of personal data. We are a company that promotes the sale of services and products aimed at national and international tourism, both leisure and corporate, selling transport (land, air and sea), accommodation and entertainment services.

Indeed,by virtue of the business activity carried out, the company ends up receiving, processing and handling information, both from individuals and companies.

In relation to individuals, as a rule, the company will have access to registration information, which may be provided by the holder or searched in research systems available in the market or by public bodies or even available on the world wide web. You may have access to data listed as sensitive by current legislation, depending on the product or service contracted with VIAJOW.

On account of this administration of information protected by legislation, it provides this Privacy and Personal Data Protection Declaration and explains the operation and degrees of protection implemented within the company.

This Statement of Privacy and Protection of Personal Data expresses our commitment to the treatment of personal data collected by VIAJOW in a responsible, ethical manner, in line with our principles and values ​​and, especially, in accordance with the rules of Law No. 13,709/2018 ( General Law for the Protection of Personal Data - “LGPD”) and other applicable legislation in force.

By using our services, you agree to the rules for handling your information as described in this Privacy and Personal Data Protection Statement.

As stated above, VIAJOW will have access to information of individuals, in order to provide services for which its corporate purpose is aimed. Such information may even be on the list of sensitive information brought by the legislation

This information will be shared between partners and service providers contracted by VIAJOW, both nationally and internationally, in order to facilitate the acquisition and enjoyment of the contracted services. Sharing may occur, depending on the services contracted with VIAJOW, including on social networks.

VIAJOW, when it comes to sharing information with service providers (national and international) that are part of the service package purchased by the interested party, is subject to the data protection policy of each policyholder, in this particular, and the holder must consultation with such rules, when the situation so requires.

VIAJOW is not responsible for the manipulation, treatment and sharing of data carried out by VIAJOW service providers, nor for the misuse of information considered sensitive by the collector, since the intermediary service providers are the consumer’s choice.

We recommend that our consumers analyze the policy of the chosen service providers and in the event of conflicting points or the need for adaptations, they must expressly communicate any need for adaptation.

If you have any questions about this Statement of Privacy and Protection of Personal Data, please contact our Person in Charge/DPO, ANDRE DIAS ANDRADE, through the following electronic address: <andre@ada.adv.br>;

Summary of the Statement of Privacy and Protection of Personal Data This Privacy and Personal Data Protection Declaration informs that VIAJOW collects, manipulates and shares registration data, data labeled by legislation as sensitive, as well as financial and trend data.

In terms of legislation, we inform you that when working with personal data we store and share it in the ways specified below. We also inform you that we will share information with third parties and that in order to obtain the data processing policy of these third parties, they must be contacted for more information or clarification on this topic.

See sections of this statement below:

· What types of personal data we can handle;

· How we process personal data

· How we use personal data

· What legal grounds do we use to process personal data

· To whom we disclose personal data

· How we protect personal data

· How long we keep personal data

· What are your rights?

· Claims

· Changes to this Privacy and Personal Data Protection Statement

What types of personal data we can handle;

The personal data that we can handle are registration data, data related to professional life, financial data, which may include: your name; age; birth date; nationality, sex; email address; home address; Country of Residence; lifestyle and social circumstances (eg, your hobbies); family circumstances (eg, your marital status and dependents); details about employment or past employment and education (eg the organization you work for, your title and your educational details); financial and tax information (eg, your income and tax residency); your postings on blogs, forums, wikis and any other social media applications and services; claim details; details of how you use products and services; details of how you like to interact and other similar information.

The personal data that we handle for third parties may include sensitive personal data, which is defined by law as personal data about racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, given that relating to health or sex life, genetic or biometric data, when linked to a natural person. In this way, we can manipulate details about health and sexual orientation.

The types of personal data and special categories of personal data that we handle may vary depending on the services contracted with VIAJOW. In some rare circumstances, we may also collect other special categories of personal data about you, either because you provide this data to us or because we are required to collect it as a result of legal requirements imposed on us.

How do we process personal data?

We collect personal data. As a rule, all data handled by us are provided by the consumer of our services, who may be the data subject or someone who speaks for him. Indeed, we handle personal data in the course of our provision of services to our customer. In rare exceptions, we may collect or obtain such data because you provide it to us or because it is publicly available. However, on these occasions, data will be collected as a result of some specific demand from our customers. How we use personal data The use of personal data by our company specifically meets the command of the recipient of the provision of services. VIAJOW does not use personal data for its own purposes. What legal grounds do we use to process your personal data We are required by law to establish in this document the legal grounds for processing personal data that may be manipulated as a result of service provision contracts signed by VIAJOW, mainly related to the legal hypotheses defined by the LGPD. As a result, your personal data will be processed in the following cases: (a) observation of applicable legal and regulatory obligations that may require the collection, storage and sharing of your personal data in order to comply with legal and regulatory provisions, such as (i) record keeping for tax purposes or providing information to a body public or law enforcement agency; (ii) compliance with labor and social security obligations; (iii) compliance with anti-corruption, money laundering, fraud and irregular conduct obligations. (b) to perform any contract, as well as to provide our services to you or our customer. (c) to regularly exercise our rights, for example, to exercise our right of defense in any judicial or administrative proceeding. (d) protection of your life or physical safety or that of a third party; (e) protection of your health.

Likewise, sensitive personal data will be processed in the following cases:

(a) When necessary to comply with applicable legal or regulatory obligations that may require the collection, storage and sharing of your personal data in order to comply with legal and regulatory provisions, such as (i) maintaining records for tax purposes or providing information to a public body or law enforcement agency; (ii) compliance with labor and social security obligations; (iii) compliance with anti-corruption, money laundering, fraud and irregular conduct obligations.

(b) protection of your life or physical safety or that of a third party.

(c) guardianship of health.

(d) to regularly exercise our rights, for example, to exercise our right of defense in any judicial or administrative proceeding.

(e) guarantee of fraud prevention and its security, in the processes of identification and authentication of registration in electronic systems.

To whom we disclose your personal data

VIAJOW never discloses personal data on its own. Any disclosure will result from the provision of services and preceded by a prior analysis of the authorization taken by the service holder, which will be taken together with the formalization of the contract for the acquisition of VIAJOW products or services.

How we protect your personal data

We use a number of physical, electronic and managerial measures to ensure that your personal data remains secure, accurate and up to date. These measures include:

· Education and training of responsible staff so that they are aware of our privacy and data protection obligations when dealing with personal data;

· Administrative and technical controls to restrict access to personal data, subject to the need for knowledge;

· Technological security measures, including firewalls, encryption and antivirus software;

· Physical security measures, such as employee security passes to access our facilities.

Although we use appropriate security measures, once we receive your personal data, the transmission of data over the internet (including via email) is never completely secure. We strive to protect your personal data, but we cannot guarantee the security of data transmitted to or by us.

Aiming at the proper protection and treatment of your personal data in accordance with the LGPD, in addition to other applicable laws, we are committed to:

· Adopt security, technical and administrative measures to protect personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or any form of inappropriate or illicit treatment;

· Keep a record of personal data processing operations carried out, especially when based on legitimate interest;

· Communicate, within a reasonable period, to the National Data Protection Authority and to the holder of the occurrence of a security incident that may cause significant risk or damage to the holders;

· Use systems for the processing of personal data that are structured in order to meet security requirements, standards of good practices and governance and the general principles provided for in the LGPD;

· Deleting personal data after the end of its treatment, within the scope and technical limits of the activities, authorized for conservation for the purposes provided by law; and

· Observe the guidelines, rules and regulations issued by the National Data Protection Authority (ANPD).

How long will we keep your information?

We will keep your personal data on our systems for the longer of the following periods:

(i) as long as necessary for the relevant activity or services;

(ii)  any retention period required by law;

(iii) the end of the period in which disputes or investigations in relation to the Services may arise;

(iv)  as long as your consent is valid, in the applicable cases;

(v) pursuant to current legislation.

Your rights

You have several rights in relation to your personal data, which can be exercised at any time, free of charge, through a request registered by you to our DPO / Person in Charge, who responds by the following email: ANDRE DIAS ANDRADE <andre@ada .adv.br>;

In particular, you have the right to:

· Obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;

· Asking us to update the personal data we hold about you or to correct data that you feel is incorrect or incomplete;

· Withdraw the consent granted to the processing of your personal data, as well as request its deletion (to the extent that such processing is based on consent);

· Request the portability of the personal data we have about you to another supplier of products or services, provided that commercial and industrial secrets are respected, as well as applicable confidentiality;

· Obtain information about who we share your data with;

· Request that your personal data that you understand as unnecessary, excessive or treated in disagreement with the LGPD, be anonymized, blocked or eliminated;

· Request the review of decisions made solely on the basis of automated processing of personal data.

To exercise any of your rights, or if you have other questions about the use of your personal data, please contact our DPO / Person in Charge via the following email: ANDRE DIAS ANDRADE, <andre@ada.adv.br> ;

Claims

If you are not satisfied with the way we handle your personal data or with any question or request related to your privacy, you can forward your complaint or request to our DPO/Person in Charge via the following email: ANDRE DIAS ANDRADE, <andre @ada.adv.br>;

Changes to this Privacy and Personal Data Protection Statement

We may modify or amend this Privacy and Personal Data Protection Statement from time to time.

Therefore, we encourage you to periodically review this Statement to be informed of how we are protecting your information.