DATA PROTECTION POLICY WEBSITE
www.amendoeiraresort.com

Personal Data Protection Policy prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR), and Law No. 58/2019 of 8 August (which ensures the implementation of the identified Regulation in Portuguese law) and other applicable legislation.
“Morgado da Lameira” – Tourism and Golf Development, S.A., a public limited company headquartered at Amendoeira Golf Resort, Morgado da Lameira, 8365-006 Alcantarilha, Algarve, Portugal, registered with the Silves Commercial Registry Office under the unique registration and corporate number 500952302, and the operating entity of Amendoeira Golf Resort located at the same address, undertakes the commitment to protect the Personal Data of all its Clients, Website Users hosted at www.amendoeiraresort.com, Newsletter Subscribers, Employees, Job Applicants, and Interns, in all situations where Personal Data is processed. In this context, it has prepared this Policy, which reflects its commitment to respecting Personal Data protection rules, and to complying with and ensuring its Subcontractors comply with the General Data Protection Regulation – GDPR – (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), Law No. 58/2019 of 8 August (which ensures the implementation of the identified Regulation in Portuguese law), and other applicable legislation.

1. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

“Morgado da Lameira” is committed to the protection and confidentiality of Personal Data, having adopted the measures it deems appropriate to ensure the accuracy, integrity, and confidentiality of Personal Data, as well as compliance with the other principles that should guide its processing, which are described below:

Lawfulness Principle: establishes that Personal Data can only be processed if there is a sufficiently legitimate reason to justify it. In accordance with this principle, “Morgado da Lameira” processes Personal Data in the following situations: to comply with legal obligations; to carry out pre-contractual procedures; to execute a contract; because consent was obtained; or due to legitimate interest.

Principle of Fairness:
Respecting this principle, “Morgado da Lameira” processes Personal Data in a balanced manner, taking into account both its own interests and those of its Subcontractors, on one hand, and the interests of the data subjects, on the other.

Principle of Transparency:
This principle means that all information or communications related to the processing of Personal Data must be easily accessible and understandable, and written in clear and simple language. To ensure compliance with this principle, any information or communication regarding the processing of Personal Data is provided by “Morgado da Lameira” in a concise, transparent, intelligible, and easily accessible manner, using clear and straightforward language.

Principle of Purpose Limitation: This principle states that data must be collected for specific, explicit, and legitimate purposes and must not be processed in the future in a way that is incompatible with the purposes for which it was originally collected. “Morgado da Lameira” ensures compliance with this principle by not processing data for purposes other than those for which it was collected.

Principle of Data Minimization: This principle means that the data processed must be adequate, relevant, and limited to what is necessary for the purposes that justify the processing. In line with this principle, “Morgado da Lameira” only processes Personal Data when the intended purpose cannot be reasonably achieved by other means—that is, when the processing is truly necessary.

Principle of Accuracy: This principle requires that Personal Data be correct and updated whenever necessary, and that appropriate measures be taken to ensure that inaccurate data is deleted or rectified without delay. To comply with this principle, “Morgado da Lameira” provides data subjects with all the appropriate mechanisms for data correction.

Principle of Storage Limitation: This principle states that Personal Data must be retained only for the period necessary to fulfill the purposes for which it was collected. “Morgado da Lameira” deletes Personal Data once the pre-established retention period has ended.

Principle of Integrity and Confidentiality: This principle requires that Personal Data be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage. “Morgado da Lameira” has adopted appropriate technical and organizational measures to prevent unauthorized access and use of the data by unauthorized individuals.

Principle of Accountability: This principle requires the implementation of appropriate and effective measures and data protection policies based on risk criteria, adaptability, and proportionality, ensuring compliance with the principles and obligations of the GDPR and, when requested, their demonstration to supervisory authorities. “Morgado da Lameira” ensures compliance with this and the other principles set out in Article 5 of the GDPR and can demonstrate that the technical and organizational measures it has adopted enable such compliance.

Principle of Proportionality: This is a fundamental part of the general principles of European Union law, requiring that any action taken must be suitable to achieve the intended objective and not go beyond what is necessary to achieve it. If there are alternative means that are less likely to affect the privacy of the individuals concerned, those should be observed. “Morgado da Lameira” adopts this principle, always keeping in mind the importance of a proportionate approach to the processing of Personal Data.
Finally, “Morgado da Lameira” ensures that Subcontractors processing Personal Data on its behalf respect the same principles and operate with the same level of confidentiality and security.

2 – WHAT IS PERSONAL DATA

Personal Data refers to any information, regardless of its nature or format, including sound and image, relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to a name, identification number, location data, electronic identifiers, or one or more elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity

3 - WHAT DOES THE PROCESSING OF PERSONAL DATA CONSIST OF

The processing of Personal Data consists of an operation or set of operations performed on Personal Data or sets of Personal Data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, interconnection, restriction, erasure, or destruction of the data.

4. DATA CONTROLLER

The entity responsible for the processing of Personal Data is “Morgado da Lameira” - Empreendimento Turístico e Golfe, S.A., a public limited company headquartered at Amendoeira Golf Resort, Morgado da Lameira, 8365-006 Alcantarilha, Algarve, Portugal, registered with the Silves Commercial Registry Office under the unique registration and corporate entity number 500952302. It can be contacted regarding the subject “Personal Data Privacy”:
- by postal mail to the following address: Amendoeira Golf Resort, Morgado da Lameira, 8365-006 Alcantarilha
- by email to the following address: data.protection@amendoeiraresort.com

5. WHEN AND HOW PERSONAL DATA IS COLLECTED

As a rule, Personal Data is collected and processed when the User registers or browses the Website, requests contact and/or the sending of various information or promotions, subscribes to a specific product or service, provides or requests information, purchases a product, or establishes a contractual relationship with “Morgado da Lameira” through a golf or accommodation booking, or in response to a job offer or unsolicited application. Personal Data may also be collected through direct contact at the Resort’s receptions, by telephone, email, postal mail, or through newsletter subscriptions, always ensuring, when necessary, the prior consent of the Data Subject for the processing of their Personal Data.
Some Personal Data is essential for the execution of the contract, and in the absence or insufficiency of such data, “Morgado da Lameira” will not be able to provide the requested product or service.
“Morgado da Lameira” may also process Personal Data collected and transmitted by THIRD PARTIES, who are responsible for these processing operations. These third-party entities that collect and transmit Personal Data to “Morgado da Lameira” are trustworthy, with the necessary skills and technical knowledge to comply with and enforce all Personal Data Protection regulations, thereby offering high levels of protection.

6. TYPES OF PERSONAL DATA PROCESSED

“Morgado da Lameira” collects and processes the Personal Data necessary for the exercise of its activities and for the management of its Website and social media platforms. Below are examples of the categories and types of data that “Morgado da Lameira” may collect and process:

7. SENSITIVE DATA

Among the data considered “sensitive,” Morgado da Lameira only processes biometric data, monitoring data (video surveillance and geolocation), data necessary for occupational preventive medicine purposes, and data for assessing work capacity.
The data necessary for occupational preventive medicine and for assessing work capacity are processed under the responsibility of a professional bound by a duty of professional confidentiality. Morgado da Lameira only accesses the result of the medical evaluation, which indicates whether the individual is “fit,” “unfit,” or “conditionally fit.”

Biometric data is used by Morgado da Lameira for attendance control, registering only the fingerprint and/or facial image template.
The collection of information regarding the employee’s location and movement history arises exclusively from the use of geolocation devices in vehicles (GPS), for the purpose of protecting people and property.
Morgado da Lameira uses video surveillance cameras exclusively for the protection and safety of people and property. These cameras are properly identified and restricted to areas open to the public or spaces accessible to individuals outside the company, where there is a potential risk of offenses against persons or property.

8. PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Morgado da Lameira processes the Personal Data of its clients, Website users, Newsletter subscribers, employees, job applicants, and interns for the purposes of carrying out pre-contractual procedures, executing and entering into contracts, complying with legal obligations, pursuing its legitimate interests, or because it has obtained the consent of the respective data subjects.

Personal Data will be processed for the following purposes:

A) Based on the legal obligation compliance grounds, Morgado da Lameira processes Personal Data for the following purposes:
• Provision of tourism services: to process and confirm accommodation, golf, and other service requests.
• Billing and payments.
• Contracting mandatory insurance policies.
• Mandatory communications to public authorities.
• To comply with legal obligations related to employee hiring.
• Fulfillment of other legal or regulatory obligations.
• Document archiving.

B) Based on the grounds of carrying out pre-contractual procedures, Morgado da Lameira processes Personal Data for the following purposes:
• To evaluate and process job applications, including CV analysis and interview scheduling.
• Presentation of commercial proposals to clients and potential clients, with the aim of providing accommodation, golf, event, and other services.

C) Based on the execution of a contract, Morgado da Lameira processes Personal Data for the following purposes:
• Management of contractual relationships with clients, including communication with the client to provide information about their bookings, promotions, special offers, or changes to services.
• Management of contractual relationships with suppliers.
• Management of contractual relationships with employees (employment contracts).

D) Based on consent, Morgado da Lameira processes Personal Data for the following purposes:
• Sending newsletters.
• Obtaining and sharing images, including photographs.
• Improving our services: to conduct analyses, research, and enhance user experience.

E) Based on our legitimate interest, Morgado da Lameira processes Personal Data for the following purposes:
• Management of social media platforms.
• Website management.
• Conducting satisfaction surveys.
• Initiating and contesting legal actions of various types (civil, criminal, labor, administrative, and regulatory).
• Obtaining and sharing images, including photographs.
• Entry control through image collection.
• Management of vehicle routes using satellite location programs, GPS (Global Positioning System).

9. Retention Period of Personal Data

Personal Data will be stored and retained only for the period deemed sufficient and necessary for the purposes that justified its collection and processing. Once this period ends, the data will be securely deleted, without prejudice to the right to erasure and any legal provisions requiring retention for a longer minimum period.
• Booking data: will be retained for the period necessary to comply with legal and tax obligations.
• Newsletter subscriptions: data will be stored and retained for the duration of the subscription.
• Browsing data: data related to cookies will be retained in accordance with the cookie settings specified in our cookie policy.
• Recruitment data: data of non-selected candidates will be retained for up to 12 months after the end of the recruitment process, unless the candidate requests earlier deletion.
• Hiring and Human Resources Management: Personal Data related to hiring, staff management, and compliance with legal and contractual obligations (such as tax declarations, salary payments, social security benefits, etc.) will be retained during the employment relationship and, after its termination, for an additional period of 5 years, in compliance with applicable tax, labor, and social security obligations, which may vary depending on the nature of the obligation.Data related to health, occupational safety, and workplace accidents will be retained in accordance with legal and regulatory requirements and may be kept for a minimum period of 5 years after the end of the employment relationship.
After the retention period ends, the data will be securely deleted.

10. Rights of Data Subjects

Rights of Access, Rectification, Update, Restriction, Erasure, Objection, and Withdrawal of Consent:
As data subjects, Clients and Website Users are guaranteed the right, at any time, to request access to, rectification, updating, restriction, or erasure of their Personal Data, as well as the right to object to its use for commercial purposes and to withdraw consent, without affecting the lawfulness of the processing carried out under that consent.

Right to Data Portability (Data Transfer):
The data subject has the right to receive the Personal Data they have provided, whenever the processing is carried out by automated means and is based on the performance of a contract or on their consent. Under this right, the data subject also has the right to request the transfer of their data to another entity, which will become the new controller of their Personal Data, whenever technically feasible.

How to Exercise These Rights:
The data subject may exercise these rights by contacting Morgado da Lameira directly, either by postal mail to the company’s headquarters at Amendoeira Golf Resort, Morgado da Lameira, 8365-006 Alcantarilha, or by email to: data.protection@amendoeiraresort.com

11 – RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to the possibility of submitting complaints directly to Morgado da Lameira through the contact details provided for this purpose, the Client/User may also lodge a complaint directly with the Supervisory Authority, which is the National Data Protection Commission (CNPD), using the contact details made available by this entity for that purpose.

12. SECURITY MEASURES

Unauthorized Access

“Morgado da Lameira” ensures the security of Personal Data provided by adopting various advanced technical and organizational security measures to protect Personal Data against disclosure, loss, misuse, alteration, processing, or unauthorized access, as well as against any other form of unlawful processing. This includes locating servers in a specific physical space with restricted access and 24/7 surveillance, with access granted only to duly authorized individuals through logical credentialing tools.

Data Breach

“Morgado da Lameira” is not responsible for the content accessed through any hyperlink that leads its Clients and Website Users to navigate outside its domain, whenever such hyperlinks are the responsibility of third parties.

Data Transmission to Third Parties

“Morgado da Lameira” uses third parties to provide certain services, such as maintenance and technical support, and these may have access to some of the Personal Data of its Clients and Website Users, specifically the data necessary for support purposes. “Morgado da Lameira” ensures that entities with access to the data are trustworthy and offer high levels of protection, and that no data is transmitted beyond what is necessary for the contracted service. Nevertheless, “Morgado da Lameira” remains responsible for the Personal Data provided.

“Morgado da Lameira” may also transmit data to third parties, namely network operators, banks and insurance companies, judicial and administrative authorities, supervisory and regulatory entities, or entities involved in fraud prevention and combat, tax evasion, terrorism, market research, or statistical analysis.

13. Cookies and Similar Technologies

“Morgado da Lameira” uses cookies and similar technologies to enhance your browsing experience on our website. These cookies allow us to personalize content, analyze browsing trends, and optimize the performance of our site.
For more information about the cookies we use, please refer to our Cookie Policy at the following address

14. Changes to the Privacy Policy

A “Morgado da Lameira” reserva-se no direito de reajustar ou alterar a presente Política de Proteção de Dados Pessoais a todo o tempo. Em caso de modificação da Política, a data da última alteração, disponível no final desta página, será igualmente atualizada. Aconselhamos a leitura regular do presente documento.

March 2025