Privacy Policy

Date: 11/16/2022 
Versions and history of modifications shall be listed 

Hotel Trijunção Ltda, a limited liability company established in the City Cocos –
Bahia, Estrada Formoso MG/Cocos-Ba Km 25, Zona Rural Cep.: 47.680-
000, registered with the CNPJ/ME under No. 30.892.495/0001-71 (called “Hotel” or
“We”), considers the security and privacy of your information as a fundamental principle and,
therefore, when acting as an agent for the processing of your personal data, understands the
extreme relevance of electronic records and personal data left by you (“Owner”) when using the
tools, websites, and services provided by the Hotel. For this reason, and to convey all the
transparency that the Hotel maintains as essential, the Hotel presents this Privacy Policy
(“Policy”) to simply, transparently, and objectively regulate what data and information will be
obtained, as well as when it can be used, inform the Owner of their rights, and giving full
autonomy regarding the data processed by the Hotel. 
This Policy is aimed at the Hotel customers and the other Owners whose data is processed on its
digital channels. 
This Policy will be available at any time, and the Hotel may update it at any time upon notice to
the Owners. 

The Hotel collects certain data from the Owner that can be provided directly by the Owner at the
time of registration to contact the Hotel, either on the Hotel website or other forms of contact,
such as social media campaigns. 
Thus, three types of personal data are processed: (i) personal data provided directly by you; (ii)
personal data provided by the Hotel’s third-party service providers, and (iii) automatically
collected data. 

i. Personal data provided directly by you. This is where the greatest variety of data is
collected. Here, we can divide the Owner into two categories: (a) Internet Browser Owner and
(b) Guest Owner.  
As for the Internet Browser Owner, only the data requested to be filled in on the Hotel’s website
or in campaigns on social media, where the Owner chooses to provide the data, is collected. This
data may include, for example: name, email, telephone number, and address. 

As for the Guest Owner, the data is collected before confirming the reservation of the Hotel’s
services to start formalizing the provision of services, as well as later to ensure the full provision
of services by the Hotel. This data may include information such as: Name, Brazilian Individual
Taxpayer ID Number (CPF), National ID Number, email, telephone number, address, age,
marital status, payment information, and accommodation preferences.
ii. Personal data provided by third parties. These situations are less frequent. A third party
may collect data automatically (Cookies) or directly. 
iii. Data collected automatically. The Hotel also collects a range of information automatically,
such as: information about your computer, equipment, and browser, potentially including your IP
address, browser type, and other software and hardware information.  
Third parties may also process this data, e.g., by providing some web hosting service or
advertising offer. 

Important: data can be collected with the help of cookies installed on the Owners’ machines.
Cookies are small text files that do not contain any type of personal data, just an identification
key that is only understandable by our systems or third-party systems. The default configuration
of internet browsers usually accepts the installation of cookies. You can modify these settings to
be notified when the website tries to install a cookie or even to block them. To do so, check your
browser’s privacy settings. But please understand that blocking any cookies may prevent you
from accessing certain functions or customizations. 

In compliance with the terms of the General Data Protection Act, whenever the Hotel processes
any of the Owner’s personal data, the Hotel is strictly restricted to only collecting the minimum
amount of data necessary for achieving its purpose and always having a basis to justify such
processing. Among the various purposes, the main situations for data processing are: 
i. To provide services to the Owner. The purpose of the collected information is to establish a
contractual relationship or manage, administer, provide, expand and improve services by
adapting them to the Owner’s preferences and tastes, and to create and develop new services of
interest to the Owner. 
ii. For contact, promotion of products and services, and relationship purposes. Some of the
information collected may be used for advertising purposes, such as sending product
information, promotions and discounts on the services of the Hotel, as well as partner services,
or even to conduct purchase satisfaction surveys and campaigns on social media, always with the
Owner’s consent. 
Additionally, the Hotel may periodically send promotional materials (if you have agreed) or
notifications related to the Hotel’s website and services to the Owner’s registered email address.
If the Owner is no longer interested in receiving such materials, they may change their
configuration or follow the instructions to terminate their registration, which are found at the
bottom of each email. 
iii. To comply with a legal or regulatory obligation. In this case, the Hotel must comply with
the defined legal and regulatory requirements as a hospitality service provider.
iv. To enrich the database. There are situations in which the collection of the Owner’s personal
data will be relevant to guaranteeing quality and complementing the Hotel’s database. This
enrichment will always follow the terms of the General Data Protection Act, and, whenever
applicable, the Hotel will demonstrate good faith, manage the Owner’s data, and inform them of

the purpose of the processing. Depending on the case, the Owner may refuse to consent to data
processing. In this case, the Hotel will inform the Owner of the effects of such a refusal. 
v. To protect the rights of the Hotel. There are situations that the Hotel may process the
Owner’s data and/or disclose their information, including situations in which the Hotel believes
that it has acted in good faith and that said disclosure is necessary to: (i) protect, enforce, or
defend the rights or property of the Hotel or its staff; (ii) protect the security and privacy of
Owners or relevant rights of third parties; (iii) protect against fraud or for risk management
purposes; (iv) comply with the law or pass on or to present evidence for an administrative or
judicial proceeding; or (v) respond to requests from public authorities. 
vi. Within the scope of a corporate transaction or sale of assets. If the Hotel disposes, in
whole or in part, of its activities or makes a sale or transfer of its assets or if it is part of a
corporate transaction with a third party or transfer of all or a substantial part of its business,
the Hotel may transfer the Owner’s information to the party or parties involved in the transaction
as part of the transaction, provided that such parties undertake to keep the data confidential and
use it only in a manner compatible with this Policy. 

The Hotel uses storage systems operated by third parties. The Hotel requires that third parties
follow all the best practices available in the market, involving administrative, technical, personal
and physical measures to save/safeguard the data and personal information in its possession
against unauthorized use, leaks, disclosure, or modification, respecting all minimum
requirements of the General Data Protection Act. In addition, the Hotel physically stores some of
the Owner’s data. However, ensuring that access to them is restricted and controlled, including
an elimination flow established after the conclusion of the respective purpose. 
However, considering the characteristics of the internet, it is not technically possible to guarantee
the complete security of the Owner’s information, despite the Hotel employing and demanding
that its partners follow all the best protection practices available in the market. 
Additionally, the Hotel may share, at its discretion, the Owner’s data with third parties in certain
situations, namely: 
a. Systems and service providers that are necessary for the Hotel to provide its Services. 
b. With authorities, government entities, or other third parties, to comply with regulations and
protect the interests of the Hotel in any type of claim by a competent entity or conflict, including
lawsuits and administrative proceedings.
c. By court order or at the request of administrative authorities with legal jurisdiction for its
The Hotel uses commercially reasonable administrative, technical, personal and physical
measures to save/safeguard the Owner’s data and information in their possession against
robbery, theft, unauthorized use, disclosure, or modification, respecting all the minimum
requirements of the General Data Protection Act. 
The Hotel conducts periodic training for all those in charge of protecting the Owner’s data and
awareness workshops for all who will have access to the Owner’s personal data. 
The Owner’s data has different degrees of access restriction, ranging from public, internal, and
restricted. The Hotel conducts a diligent cross-assessment of the leakage risk and the harmful
potential of data leakage to define the restriction level for each data type. Thus, greater security

is secured for the Owner’s data, particularly that which we understand, and the law interprets as
needing greater protection. 
The information collected by Hotel will be automatically deleted from their servers when they
are no longer useful for the purposes for which they were collected or when the Owner requests
their personal data to be deleted. However, the information may be retained for the period
necessary to comply with a legal or regulatory obligation, protect the rights of the Hotel,
legitimate interest on the part of the Hotel and/or requisitions from authorities, even after an
order to delete the personal data linked to the Owner. 

In compliance with applicable regulations and concerning the processing of personal data,
the Hotel values transparency and the Owner’s control over their personal data. As such,
the Hotel guarantees the Owner the following rights (including submission of requests): 
i) confirmation of the processing; 
ii) access to the data; 
iii) the correction of incomplete, inaccurate or outdated data; 
iv) the anonymization, blocking or deletion of unnecessary, excessive or non-compliant data; 
v) the portability of their data to another service or product provider upon express request by the
vi) the deletion of data processed with the User’s consent; 
vii) obtaining information about the public or private entities with which the Hotel shared their
viii) information about the possibility of not giving their consent, as well as being informed
about the consequences in case of refusal; 
ix) the revocation of consent. 
The Owner may directly exercise part of these rights through communication via the contact
information provided in this Policy. The Owner may make the communication if they are
interested in consulting, correcting, updating, or limiting the Hotel’s use of any data and
personal information, or better understanding or even exercising their rights.  
The Hotel asks that the Owner’s request include the full name, email, and telephone number and
specifies the information they would like to consult, delete, correct, or update. Once such
complete information is submitted, the Hotel will use its best efforts to comply with the request
as quickly as possible under the law. 
The Hotel stresses the possibility of the Owner’s request being legally rejected, either for formal
reasons (e.g., the impossibility of proving the Owner’s identity) or legal reasons (e.g.,  request
for deletion of data that the Hotel may retain for compliance with a legal obligation). In this
case, the Hotel will ensure it provides the appropriate justifications. 


Updating the Privacy Policy: The Hotel may modify this Policy. Please review the effective
date at the top of this Policy to see when it was last modified. Any changes to this Policy will
become effective when posted on the Hotel’s website. The consent request will be redone
depending on the update and its changes. 

If the Owner wants to talk about their data, they must contact the personal data protection agent
at the following email address: