PRIVACY POLICY
Privacy Policy and Security Confidentiality, Security and Protection of Personal Data
1. Introduction
This Privacy Notice (“Notice”) establishes how Cosmos-Viagens e Turismo, S.A. protects the privacy of the Personal Data of our employees, customers, partners, or any other entity with which the Cosmos-Viagens e Turismo, S.A. relates in the context of its activity).
Being a travel agent, the Cosmos-Viagens e Turismo, S.A. need to collect, use, and disclose Personal Data to perform the functions and business activities, including carrying out and managing travel reservations on behalf of our clients. In the Cosmos-Viagens e Turismo, S.A. we are committed to protect the privacy and confidentiality of Personal Data and to maintain the various physical, digital, human and process related controls.
In the context of the General Data Protection Regulation 2016/679 (“GDPR”) the Cosmos-Viagens e Turismo, S.A. is a “data controller” of any personal information that is shared in the context of our relationship with our clients or other interested parties.
By providing us Personal Data, stakeholders agree that this notice apply to how we deal with Personal Data and consent that Personal Data is collected, used, and disclosed as detailed in this Notice. If stakeholders do not agree with all or part of this Notice, the stakeholders should not provide us their Personal Data. If stakeholders do not provide us their Personal Data or withdraw their consent according to this Notice, that could affect our ability provide the services or negatively affect the quality of services provided. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make reservations without this information. There may be cases where local data protection laws impose treatment practices more restrictive than the practices defined in this notice. When that occurs, we will adjust our data processing practices to comply with these local laws data protection.
2. What Personal Data do we collect?
Personal Data have the meaning given by the local data protection laws and, where the GDPR applies, the meaning given under the GDPR. Personal Data usually mean data related with a living individual who can be identified from that data; or is identifiable from the combination of that data and other available data.
Generally, the type of personal information we collect is necessary to facilitate travel arrangements, support reservations or to arrange services and / or products relating to travel on behalf of our clients.
In this regard, we usually process the following types of Personal Data about our customers:
- Contactinformation(such as name, home address / correspondence, telephone number, email address);
- Payment data;
- Passport detailed data;
- Loyalty programs /frequent flyer detailed data;
- Dataondietary needs and health problems (if any);and
- Otherdetails relevant tothetravel plans or required by therelevant travel serviceprovider(s) (e.g. airlines andproviderofaccommodationor tourism).
When our customers contact us for other purposes, Personal Data related to those purposes may also be collected. For example, we may collect personal information so that we may contact our customers about a contest / campaign that has signed up or to respond to a question or comment they have sent us. We also collect data necessary for use in the business activities of Cosmos-Viagens e Turismo, S.A. and our related entities, including, for example, financial details required to process multiple transactions, video surveillance images used for security purposes, or other relevant Personal Data you may choose to provide us.
In some circumstances, we may collect Personal Data from our customers that may be considered sensitive data in accordance with local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal history and the alleged commission of an offense, affiliation to political, professional, or commercial associations, biometric and genetic information, financial data, and health data. We will only collect sensitive data in accordance with local data protection laws, with explicit consent of the subject and where the data is reasonably necessary or directly related to one or more of our functions or operational activities (for example, travel), unless required or permitted to do so by law. To the extent permitted or required by local data protection laws, our customers consent that we use and disclose your sensitive data solely for the purpose for which it was collected, unless we subsequently receive your consent for another purpose. For example, if our clients provide us with health information related to travel insurance that they wish to do, customers consent that we use and disclose such health information on their behalf in the contacts made with the entity that promotes such travel insurance. Another example is when our customers can divulge their religious beliefs because they are interested, for example, in certain vacation packages, the use and disclosure of this information to make the trip operational. We will not use sensitive data for purposes other than those for which it was collected, unless we receive consent for another purpose.
3. How we collect Personal Data?
We will only collect Personal Data in accordance with local data protection laws. We generally collect Personal Data in the context of contacts with our customers. We will collect this data directly from our customers, unless it is unreasonable or impractical to do so.
Generally, this collection will occur when customers:
- contact us in person, by phone, letter, e-mail;
- visit us through our website; or
- contact us through social networks.
We may also collect Personal Data when:
-
- purchase or ask questions about travel plans or other products and services;
<li&ut a contest / campaign that has signed up or to respond to a question or comment they have sent us. We also collect data necessary for use in the business activities of Cosmos-Viagens e Turismo, S.A. and our related entities, including, for example, financial details required to process multiple transactions, video surveillance images used for security purposes, or other relevant Personal Data you may choose to provide us.
In some circumstances, we may collect Personal Data from our customers that may be parties. This includes cases where a person makes a travel reservation on behalf of another person (s) (for example, a family reservation, a group, or a booking made by an employer). When this happens, we have the authority of the person making the travel reservation to act on behalf of any other traveller in the reservation, as well as with the consent of that person to collect, use and disclose Personal Data in accordance with this Notice. Our clients should inform us immediately if they know that their personal information has been provided to us by another person without their consent or if they have not obtained the consent before providing us with the Personal Data of another person.
We make every effort to maintain the accuracy and completeness of the Personal Data we store and to ensure that all Personal Data is up-to-date. However, any interested party may contact us immediately if there is any change to their Personal Data or if they are aware that we have inaccurate Personal Data (see section 13 below). We will not be liable for any losses arising from any inaccurate, inaccurate, defective, or incomplete personal information that the Interested Parties, or anyone acting on your behalf, may provide to us.
4. How do we use Personal Data?
We will only process Personal Data when:
-
-
- Consent has been given for such processing (which may be withdrawn at any time, as detailed in section 8 below);
- Processing is necessary to provide our services;
- Processing is necessary for compliance with legal obligations; and / or
- Processing is necessary for our legitimate interests or for any third party receiving Personal Data (as detailed in sections 5 and 6 below).
-
When you contact us regarding an inquiry or travel reservation, the purpose for which we collect your personal information is generally to provide you with travel advice and / or to help you book travel-related products and services. However, the purpose of the collection may be different depending on the specific circumstances disclosed in this Notice (e.g. collection of Personal Data for participation in a contest, provision of feedback, etc.).
When a customer makes a reservation or organizes travel-related products and services with our support, we generally act as an agent for travel service providers (e.g. for a hotel). In this case, we process Personal Data as necessary to provide the requested services. This usually includes the collection of Personal Data for internal purposes as described in this Notice, and for the travel service provider for whom we act as an agent (for example, to provide contracted services). For example, if you book a flight through Cosmos-Viagens e Turismo, S.A., we will use the Personal Data to allow the flight to be booked and we will disclose the Personal Data to the airline to allow it to provide the flight service.
We may share data with our travel service providers (hotels, airlines, car rental companies or other providers related to travel reservations). These travel service providers may also use the Personal Data as described in their respective privacy policies for additional information that facilitates booking the trip or providing the services requested. We recommend that our Customers review the privacy policies of any travel service providers that are purchased through Cosmos-Viagens e Turismo, S.A.. We will provide copies of all relevant terms, conditions, and privacy policies of travel service providers upon request.
We act as agents for or on behalf of many thousands of travel service providers worldwide, so it is not possible to refer in this Notice to all the travel service providers for which we operate (in particular their locations). For more information on disclosure of Personal Data to travel service providers located outside the RGPD context, see section 6 below.
If there is any concern regarding the transfer of Personal Data to a travel service provider, or if further information is required, please refer to section 13 of this Notice.
The purposes for which we collect Personal Data also include:
-
-
- provide services or tools that our customers choose to use (for example, keeping travel preferences on our website on a wish list or storing Personal Data to enable early filling in of online forms);
- identification of fraud or errors;
- legal or regulatory compliance;
- develop and improve our products and services;
- maintaining or improving the relationship with our Clients, namely by creating and maintaining a customer profile that allows the delivery of a service aligned with their preferences;
- market research, customer satisfaction assessment and feedback on the services we provide;
- facilitate the participation of our Clients in loyalty programs;
- analysis related to our business and services, including, but not limited to, sales and travel destination preference trends;
- internal organization and accounting;
- compliance with applicable legal obligations or applicable customs / immigration requirements related to travel; and
- other purposes as authorized or required by law (e.g. to prevent a life threatening, health or safety protection, or to enforce the legal rights of the Cosmos-Viagens e Turismo, S.A.).
-
Where permitted by local data protection laws, we may use Personal Data to perform marketing activities related to our (and third party) products and services that we believe may be of interest to our Customers, unless they have requested to not receive such data. information. These campaigns may include, but are not limited to, email submissions, digital marketing, and other electronic notifications. Personal Data will be used to send digital marketing material (including e-newsletters, e-mail, SMS, MMS, and IM) if the Customers have chosen to receive it. Customers can sign up to receive e-newsletters and other promotional / digital marketing materials by following the relevant links on our website or requesting that one of our collaborators do so.
Any individual who does not wish to receive promotional / marketing material from us, participate in market consultations or receive other types of communication should refer to sections 8 and 13 of this Notice.
5. What personal information is disclosed to third parties?
At Cosmos-Viagens e Turismo, S.A. we do not sell, rent, or exchange Personal Data. Personal Data will only be disclosed to third parties in accordance with the provisions of this Notice and in accordance with local data protection laws (note: in this Notice the reference to “disclosing” includes transferring, verbal, or written sharing, sending, or making available data to another person or entity).
Personal Data may be disclosed to the following types of third parties:
-
-
- contracted entities, suppliers, and service providers, including:
- in each of the circumstances described in section 4 (“How do we use Personal Data?”);
- providers of ICT solutions that support us in delivering products and services (such as any external data-hosting providers we can use);
- publishers, printers, and distributors of marketing material;
- organizers of events and exhibitions;
- marketing or market consulting agencies;
- courier services or courier services; and
- external consultants (such as lawyers, accountants, auditors, or recruitment consultants);
- travel service providers such as travel wholesalers, tour operators, airlines, hotels, car rental companies, transfer managers and other related service providers;
- any third party to whom we assign or transfer any of our rights or obligations;
- people making travel reservations on behalf of others (for example, a family member, friend, or co-worker);
- Employers, in the context of corporate, corporate or government business trips;
- contact persons (for example, a family member) when our Customers are not contactable, and the contact is in our opinion of Customer’s interest (e.g. where the person is concerned about their well-being or needs acting on behalf of Customer due to unforeseen circumstances);
- as required or authorized by applicable law, and to comply with the legal obligations of the Cosmos-Viagens e Turismo, S.A.;
- customs or immigration services to comply with applicable legal obligations in the context of travel;
- government agencies or public authorities to comply with valid and authorized requests, including court orders or other valid legal process;
- regulatory authorities or law enforcement authorities, including for fraud protection and related security purposes; and
- supervisory agencies where there is suspicion of illegal activity and that the Personal Data are a necessary part for investigation or denunciation of the subject.
- contracted entities, suppliers, and service providers, including:
-
In addition to the above, we will not disclose personal information without consent, unless we believe disclosure is necessary to reduce or prevent a threat to life, health or safety of an individual, public health or safety, or for an action (e.g. prevention, detection, investigation, or punishment of criminal offenses), or where such disclosure is authorized or required by law (including applicable data protection / privacy laws).
On the websites or social networks of Cosmos-Viagens e Turismo, S.A. users may choose to use certain third-party resources with which we associate. These features, which may include social networking tools and geo-localization, are operated by third parties, and are clearly identified as such. These third parties may use or share Personal Data in accordance with their own privacy policies. We recommend consulting third-party privacy policies if you consider these relevant tools.
6. What Personal Data are transferred abroad?
We may disclose personal information to certain recipients abroad as described below. We will ensure that such international transfers are necessary for the execution of a contract between our Customers and third parties abroad or that are subject to appropriate or adequate safeguards as required by local data protection laws (e.g. GDPR). We will provide copies of the relevant safeguards documents upon request (see section 13 below).
It is possible that Personal Data are transferred for a foreign entity located in a jurisdiction where it is not possible to guarantee a data protection level equal to that in the context of GDPR. In these cases, the Cosmos-Viagens e Turismo, S.A. you cannot be responsible for how these recipients handle, store, and process your Personal Data.
(a) Related entities abroad
The Cosmos-Viagens e Turismo, S.A. operates a global business, including operations in Angola. Personal data may be disclosed with our related entities abroad for support in the travel reservation and / or to enable administrative, consultative, or technical services, including the storage and processing of such data.
(b) Travel service providers located abroad
To provide our services, it may be necessary for us to disclose personal data to relevant suppliers of travel services abroad. We deal with many different travel service providers around the world, so the location of a relevant travel service provider will depend on the travel services provided. Relevant travel service providers will in most cases receive personal data in the country in which they will provide the services or on which their business is based.
(c) Our service providers located abroad
We may also have to disclose personal data to service providers located abroad for supporting the provision of services, including the storage and processing of such data. Generally, we will only disclose personal information to such recipients abroad in the context of a travel reservation and / or to allow the provision of administrative and technical services provided on our behalf.
If there is any specific doubt as to where or for whom personal data can be sent, see section 13 of this Notice.
7. Information security
At Cosmos-Viagens e Turismo, S.A. we are committed to protecting Personal Data by implementing and maintaining appropriate technical and organizational control measures to ensure a level of safety aligned with the risks related to: accidental or illegal destruction; loss; unauthorized alteration or disclosure; or improper access to Personal Data transmitted, stored, or processed. The Cosmos-Viagens e Turismo, S.A. regularly monitors and reviews security controls and strives to protect Personal Data in the same way that it protects sensitive Business Information.
The Cosmos-Viagens e Turismo, S.A. destroys or de-characterizes Personal Data whenever they cease to be relevant to the business or as required by law.
8. Rights in relation to the Personal Data we collect
Should any interested party that the Cosmos-Viagens e Turismo, S.A. have Personal Data intend to:
-
-
- update, modify, delete, or obtain a copy of Personal Data; or
- restrict or prevent the Cosmos-Viagens e Turismo, S.A. from using any personal information, including withdrawing any consent you have previously given for the processing of such information; or
- obtain a copy of personal information that has been processed based on the consent or as required to perform a contract.
-
Interested parties must formally submit the request to Cosmos-Viagens e Turismo, S.A. through the contacts identified in section 13 of the Notice. After the request will be given an acknowledgment of the same and information will be given on the deadline within which the information will be made available.
The Cosmos-Viagens e Turismo, S.A. will make every effort to respond to such requests within one month or less, although it may be necessary to extend this period for complex requests.
In addition, Cosmos-Viagens e Turismo, S.A. reserves the right to deny access to the Information for any reason permitted by applicable law. If the request for access or correction of the Information is denied, the reasons for such refusal will always be communicated in writing, unless it is unreasonable to do so or when required by local data protection laws.
All communications related to requests for access to Personal Data must be made formally in writing to the Data Protection Officer through the contacts indicated in section 13 of the Notice.
If Cosmos-Viagens e Turismo, S.A. is requested to restrict or stop using Personal Data, withdrawing the consent previously provided for the processing of Personal Data, the ability to provide services or the quality of services may negatively impact the services. For example, most travel reservations must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details), and reservations cannot be made without this information.
Personal Data shared with Cosmos-Viagens e Turismo, S.A. should be accurate and individuals agree to update them whenever necessary. In addition, they agree that, in the absence of any update, Cosmos-Viagens e Turismo, S.A. may assume that the submitted data is correct.
Any individual may at any time ask Cosmos-Viagens e Turismo, S.A. to stop sending marketing communications and may use the cancellation links provided in the marketing emails or through the contacts indicated in section 13 Notice.
In any of the situations listed above, it may be requested to provide a valid means of identification that the applicant proves his / her identity and thus ensure that the Cosmos-Viagens e Turismo, S.A. fulfils its security obligations and prevents the unauthorized disclosure of Personal Data.
The Cosmos-Viagens e Turismo, S.A. reserves the right to charge a reasonable administrative fee following any manifestly unfounded or excessive requests regarding access to Personal Data or for any additional copies of Personal Data requested.
9. Integrations with Social networks
The Cosmos-Viagens e Turismo, S.A. websites and mobile applications can use social networking features and tools (like “Like” and “Share” buttons), (“Social Networks Resources”). These features are provided and operated by outside companies (for example, Facebook) and hosted by outside companies or directly on our website or mobile application. Social Networks Resources may collect data related to the page visited on the website / mobile application, the IP address and may set cookies to allow the RS Feature to function properly.
If the user has activated social networking accounts, then they may be able to share data about visiting and using our website or mobile application with social network accounts. Likewise, interactions with RS resource can be registered by third parties. In addition, the external company may share with Cosmos-Viagens e Turismo, S.A. personal data in accordance with its policies, such as your name, profile picture, friend lists or any other information you have chosen to make available, and we may share data with the outsourced company for promoting the marketing directed through the platform of social networks. Users can manage data sharing and turn off targeted marketing in the privacy settings of their social networks.
All interactions with Social Networks Resources are governed by the privacy policy of the external company that provides them. More information on the data protection practices of these companies should be consulted directly in the privacy policy of these companies.
10. IP Addresses
When a user accesses the website, uses any mobile device or digital matches of the Cosmos-Viagens e Turismo, S.A. servers, they can record data relating to the device or network that the user uses, including the IP address. An IP address is a series of numbers that identify a computer and are usually assigned when you access the Internet.
IP addresses can be used by Cosmos-Viagens e Turismo, S.A. to administer systems, investigate security issues and compile anonymous data about the use of the website and / or mobile applications. IP addresses may also be associated with other personal data available about individuals for the purposes described above (for example, to better tailor marketing and advertising materials, provided the user has chosen to receive digital marketing).
11. Tracking Technologies / Cookies
Cosmos-Viagens e Turismo, S.A. may use web analytics services from outside vendors on their websites and mobile applications, such as those listed in the “Cookies Policy”. Providers of these services may use technologies such as cookies and web beacons to help analyse visitors using websites and applications.
For information on the use of cookies and tracking technologies please refer to the Cosmos-Viagens e Turismo, S.A. Cookies Policy.
12. Associated websites
The Cosmos-Viagens e Turismo, S.A. websites may contain links to third-party sites over which the <ENTITY> has no control. Is not responsible for the privacy practices or the content of any associated websites. Cosmos-Viagens e Turismo, S.A. recommends reading the privacy policies of any associated websites that are visited, as their privacy policies and practices may be different from those of Cosmos-Viagens e Turismo, S.A..
13.Feedback / Claims / Contact
Any questions, comments, or complaints about this Notice or about the processing of personal data; if you wish to inform Cosmos-Viagens e Turismo, S.A. about a change or correction of personal data; if you wish to receive information about the personal data that are treated by Cosmos-Viagens e Turismo, S.A.; or for any claim or comment related to data protection; should be addressed to the Data Protection Officer of Cosmos-Viagens e Turismo, S.A. through the contacts below:
The email: privacidade@cosmos-viagens.pt
Address: Rua Abranches Ferrão, nº 10 – 10ºF, 1600-001 Lisboa
The Cosmos-Viagens e Turismo, S.A. will respond to any queries or complaints received as soon as possible.
14.The changes to notice
This Notice may be changed from time to time. If a change to the Notice is made, the revised version will be published and dated on the Cosmos-Viagens e Turismo, S.A. website. If justified, in addition to updating the Notice, consent may be requested for certain types of treatment.
This Privacy Notice was last updated on June 21, 2021.