Who we are
Our website address is: https://www.villa-serena.eu.
Villa Serena is a private family property managed directly by the owner. Both the property and this website are managed by Paulo Morais.
Drop me an e-mail at info@villa-serena.eu if you have any question or comment about the website, house or are thinking of visiting Portugal. I’ll be glad to help as well as i can.
Personal data we (do not) collect and why.
The short version:
We value the privacy of our visitors and collect only the information needed to assist the people that want to visit us or contact us directly.
We deliberately do away with external services that collect your data for (their) commercial purposes and avoid tracking visitors and obsessing about statistics and other info. There’s more to life.
Please note that in the cases detailed below some information about you, your devices or communications might be retained for a certain amount of time in order to provide you a service or answer questions or comments.
The longer version:
If you interact with our website when leaving a comment or completing a form, some information will be collected and stored in your device and in our systems. Some information might also be passed to an external service, such as our hosting and e-mail provider, in order to answer your request. Please read below for details.
Website, hosting and e-mail service
This website is built using WordPress (https://wordpress.org/), an open-source content management system.
The website and associated e-mail service are hosted by Cyon GmbH, a Swiss company (https://www.cyon.ch). Both the live content and the encrypted backups are hosted in Cyon’s infrastructure.
Their servers are situated in Switzerland and, to the extent we could verify, we trust their operations and management.
When you visit our website or send us an e-mail, Cyon will need to store some information as part of their normal operations.
Their data protection policy can be found here: https://www.cyon.ch/legal/privacy. In general terms, it follows the Swiss Federal Act on Data Protection and is also aligned with the European Union’s GDPR (link to the European Commission’s website).
Analytics and Social Media plug-ins
We do not use any analytics services (e.g., Google Analytics), social media plug-ins (e.g., Facebook, Instagram, etc), trackers or similar external services that collect user data.
While some of their services are useful, we do not agree with their aggressive business model of collecting and monetising user data, repeated violations of the law and lack of responsible corporate behaviour. We value the privacy of our online visitors higher and expect more from these companies before benefiting them.
Cookies
There are no cookies stored in your device, unless you start a session as a registered user, complete a form for our crowdfunding campaign or to reserve a stay, or leave a comment. In this case, some information might need to be stored in your device while going through the process. You can choose to block or delete these cookies once you are done.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
If/when you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies should be removed.
If you leave a comment on our site you may opt in to saving your name, e-mail address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your e-mail address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service is provided by Automattic. Their Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Embedded content from other websites
We do not embed any content hosted in external websites (e.g. videos, images, articles, etc.). Either it is hosted in our hosting account or then we direct visitors to it with a weblink.
Why? Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
As explained above, some of your data is shared with our hosting and e-mail provider, Cyon GmbH.
If you leave a comment, some additional data might be shared with Gravatar, a avatar detection service run by Automattic.
If we reply to an e-mail using an address you provided, your e-mail provider will obviously receive and keep a copy of the information therein.
If legally required to do so by the competent official authorities, we might need to disclose some of the information we store. This is part of our normal legal obligations.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you.
This does not include any data we are obliged to keep for administrative, legal, or security purposes, such as the one related to reservations or the crowdfunding campaigns.
Where we send your data
Other than the companies indicated above, we do not send your data elsewhere.
Additional information
How we protect your data
We start by reducing the amount of data collected to the minimum. We then actively delete what is no longer necessary, once the required purpose and legal obligations have been fulfilled.
We also use a robust and actively protected IT infrastructure with secure access and encrypted backups. We try to apply as much due diligence and safe practices as possible, accepting that 100% security is nowadays impossible to ensure and risk reduction and mitigation are an essential part of planning.
What data breach procedures we have in place
If we are alerted by our normal monitoring, hosting provider or any external source that a data breach has occurred we will:
- Quickly assess the situation.
- Lock access and change credentials as a first precautionary measure.
- Determine type and extent of breach and necessary remediation measures.
- Contact the affected parties and the relevant official authorities as might be required, depending on the exact case.
- Make the necessary changes to reduce the risk factors and likelihood of a similar situation.
What third parties we receive data from
Asides from our hosting provider, we do not receive any data from external parties.
What automated decision making and/or profiling we do with user data
None.