Privacy Policy of CARE-a-Bunch Last updated: August 25, 2025
Our Privacy Policy has been crafted with you in mind. Your privacy is a fundamental pillar in our journey of hospitality at CARE-a-Bunch. We understand the importance of protecting your personal information and are committed to doing so with the same dedication and transparency we offer in our services, ensuring you feel secure and welcomed.
This policy details how we collect, use, store, protect, and share your personal data, in compliance with the Brazilian General Data Protection Law (Lei nº 13.709/2018 – LGPD). By interacting with CARE-a-Bunch, you acknowledge and agree to the practices described in this policy.
1. Essential Definitions To facilitate the understanding of this policy, we present some important definitions from the LGPD:
Personal Data: Any information related to an identified or identifiable natural person. Examples include name, email, phone, CPF (Brazilian individual taxpayer registry number), IP address. Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious conviction, political opinion, trade union or religious, philosophical, or political organization membership, data concerning health or sex life, genetic or biometric data, when linked to a natural person. CARE-a-Bunch does not collect sensitive data through its contact channels. Data Subject: The natural person to whom the personal data that is the object of processing refers. In other words, you. Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion, or extraction. Controller: Natural or legal person, public or private, who is responsible for decisions regarding the processing of personal data. For the purposes of this policy, CARE-a-Bunch is the controller of your data. Processor: Natural or legal person, public or private, who processes personal data on behalf of the controller. Data Protection Officer (DPO): Person appointed by the controller and processor to act as a communication channel between the controller, the data subjects, and the National Data Protection Authority (ANPD). Legal Bases: The hypotheses provided in the LGPD that authorize the processing of personal data (e.g., consent, compliance with a legal obligation, execution of a contract, legitimate interest).
2. Personal Data Collected and Method of Collection We collect personal data transparently and only what is strictly necessary to fulfill the informed purposes and provide the best service experience. Your data may be collected through the following contact platforms:
Website Contact Form: When you fill out our form, we request essential information for processing your request: Full Name: To uniquely identify you, personalize communication, and direct service more cordially. Email Address: To respond to your requests, send relevant communications, and, if applicable, information about quotes and reservations. Phone Number (with area code): For direct contact, if necessary, or to facilitate service via WhatsApp, offering faster communication. Message/Request Content: The descriptive information you provide us about your demand, interest, or feedback, allowing us to understand your needs and offer a precise response. WhatsApp: When you contact us via WhatsApp, we collect: Phone Number: Automatically identified by the application, essential for communication via the platform. Name (if configured in WhatsApp profile): Used for identification and personalization of service. Message Content: The information you share in your conversation, including questions, preferences, details for quotes, and any other information relevant to the service. Newsletter Subscription: If you choose to subscribe to our newsletter, we will collect your email address to send you updates, promotions, and news about our services. Your consent for this purpose will be explicitly requested at the time of subscription and can be revoked at any time. Browsing Data (Passive Collection): Although our contact channels are direct, the website may automatically collect certain technical and browsing information through cookies and similar technologies (as detailed in Section 8), such as: IP Address: For security purposes, fraud prevention, and aggregated geographical analysis. Device Type and Browser: To optimize website display and enhance user experience. Pages Visited and Time Spent: To understand user behavior on the site and improve content relevance.
3. Purpose of Data Collection and Processing and Legal Bases The personal data collected is used for the following specific purposes, always supported by the LGPD’s Legal Bases:
Customer Service and Support (Legal Basis: Legitimate Interest and Contract/Pre-Contract Execution): To answer your questions, requests, quotes, provide detailed information about our hotel and hospitality services, and offer continuous support throughout your journey with us. Processing is essential for the provision of the service requested by you. Communication and Marketing (Legal Basis: Legitimate Interest and, when applicable, Consent): To send information about our services, promotions, news, and offers that may be of interest to you. For direct marketing communications, we will request your express consent, which can be revoked at any time. Service and User Experience Improvement (Legal Basis: Legitimate Interest): To analyze feedback, interactions, and browsing data (anonymized or pseudonymized) to improve the quality of our service, optimize the functionality of the website and communication channels, and develop new services. Security and Fraud Prevention (Legal Basis: Legitimate Interest and Compliance with Legal Obligation): To protect CARE-a-Bunch and its users against fraudulent activities, unauthorized access, misuse, and other cyber threats. Compliance with Legal or Regulatory Obligations (Legal Basis: Legal Obligation): To comply with requests from competent authorities, court orders, or other legal requirements applicable to our operation. Data Analysis and Statistics (Legal Basis: Legitimate Interest): To perform aggregated and anonymized statistical analyses on the use of our services for strategic planning and business decision-making.
4. Data Storage and Protection The security of your information is our non-negotiable priority. We implement a robust set of technical and administrative measures to protect your personal data against unauthorized access, misuse, alteration, disclosure, or destruction.
Secure Servers: Your data is stored on secure servers, located in controlled environments, with restricted access and protected by advanced encryption technologies (both in transit – TLS/SSL – and at rest – AES-256). Rigorous Access Controls: Only authorized and properly trained employees have access to the data, and this access is limited to what is strictly necessary for the performance of their duties (principle of “least privilege”). Access audits are performed regularly. Security Technologies: We use state-of-the-art firewalls, intrusion detection and prevention systems (IDS/IPS), antivirus, anti-malware, and other security tools to protect the data infrastructure against external and internal threats. Anonymization/Pseudonymization: Whenever possible and applicable, we use anonymization or pseudonymization techniques for data that does not require direct identification for the intended purpose, reducing the risk of identifying the data subject. Training and Awareness: Our employees receive regular training on best practices for information security and data privacy, reinforcing the data protection culture within the organization. Incident Response Plan: We have a data security incident response plan, which defines clear procedures for detection, containment, eradication, recovery, and notification of any data breaches, in compliance with the LGPD. Retention Period: We retain your personal data only for the time necessary to fulfill the purposes for which it was collected, or as required by law. For example, contact data for service is maintained as long as the service relationship or potential service lasts, or for the legal period for auditing and compliance purposes. After this period, the data is securely deleted or anonymized.
5. Data Sharing CARE-a-Bunch does not sell, rent, or lease your personal data to third parties for marketing purposes. Data sharing may only occur in strictly necessary situations and with partners who adhere to our security and privacy standards, always under appropriate legal bases:
Service Providers: We may share data with partners and suppliers who assist us in providing services (e.g., website hosting platforms, CRM systems, email marketing tools, IT service providers). These partners act as Data Processors and are contractually obligated to protect your personal data with the same level of security and confidentiality as CARE-a-Bunch, through Data Processing Agreements (DPAs) that ensure compliance with the LGPD. Legal Obligation or Court Order: As required by law, regulation, legal process, or applicable governmental request. Acquisitions and Corporate Restructuring: In the event of a merger, acquisition, asset sale, or service transition to another company, your personal data may be transferred as part of the company’s assets, always ensuring that the new entity commits to this Privacy Policy or a policy with an equivalent level of protection. With Your Consent: In other situations, if there is a need to share your data with third parties, we will request your prior and express consent. International Data Transfers: Should it be necessary to transfer your personal data to countries outside Brazil (for example, if our service providers use servers located abroad), we ensure that such transfers occur only to countries that have an adequate level of data protection, or through the adoption of specific contractual safeguards (such as the EU Standard Contractual Clauses or equivalent mechanisms approved by the ANPD) that ensure the protection of your data in accordance with the LGPD.
6. Rights of Data Subjects (LGPD) In accordance with the General Data Protection Law (LGPD), you, as the data subject, have a series of rights that can be exercised at any time. We are committed to ensuring that you can exercise them easily, transparently, and at no cost:
Right of Access: Request access and obtain confirmation of the existence of processing of your personal data that we hold. Right to Rectification: Request the correction of incomplete, inaccurate, or outdated data. Right to Erasure (Anonymization, Blocking, or Deletion): Request the anonymization (making the data impossible to be associated with you), blocking (temporarily suspending processing), or deletion of unnecessary, excessive, or unlawfully processed data. Right to Data Portability: Request the portability of your data to another service or product provider, upon express request, respecting commercial and industrial secrets. Right to Information on Sharing: Obtain information about public and private entities with which CARE-a-Bunch has shared data. Right to Revoke Consent: Revoke consent at any time, for data processing based on this legal basis, without affecting the legality of processing carried out before revocation. Right to Object: Object to processing carried out based on one of the hypotheses of consent waiver, in case of non-compliance with the LGPD. Right to Review Automated Decisions: Request the review of decisions made solely based on automated processing of personal data that affect your interests, including the possibility of requesting information about the criteria and procedures used. Right to Petition the ANPD: Petition regarding your data against the controller before the National Data Protection Authority (ANPD). To exercise any of these rights, please contact us through the channels indicated in the “Contact for Questions and Requests” section. Our Data Protection Officer (DPO) will respond to your request within 15 days, as per the legal deadline.
Children Under 18 Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18 without parental consent, we will take steps to delete such information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us immediately using the details provided in Section 9.
Use of Cookies and Other Tracking Technologies Our website uses cookies and similar technologies to improve your browsing experience, understand how you interact with our platform, and personalize content.
What are Cookies: Small text files that are stored on your device (computer, tablet, smartphone) by your browser when you visit a website. They contain information that can later be read by the web server that issued them. Types of Cookies Used: Essential/Strictly Necessary Cookies: These are indispensable for the basic functioning of the site, allowing you to navigate and use essential features, such as access to secure areas or forms. Without these cookies, the site may not function correctly. Performance/Analytics Cookies: Collect anonymous information about how visitors use the site (e.g., which pages are most visited, time spent, errors encountered). This data helps us optimize the functionality and performance of the site (e.g., Google Analytics). Functionality Cookies: Remember your choices and preferences (language, region, username) to provide a more personalized and convenient experience. Advertising/Marketing Cookies (if applicable): May be used to display more relevant ads to you and your interests, or to limit the number of times you see an ad. If not used, this section can be removed. Cookie Management: You have control over the use of cookies. Most browsers allow you to manage your cookie preferences directly in the settings (Chrome, Firefox, Edge, Safari, etc.). You can configure your browser to refuse all cookies, accept only certain types, or alert you when a cookie is being sent. Remember that disabling certain cookies (especially essential ones) may affect the functionality and browsing experience on our site. Other Technologies: We may use other tracking technologies, such as web beacons (invisible pixels) or tags, for the purpose of analyzing site usage and performance, always respecting your privacy. 9. Contact for Questions and Requests If you have any questions about this Privacy Policy, wish to exercise your rights as a data subject, or need any clarification, our communication channel with the Data Protection Officer (DPO) is open and ready to assist you:
Email: [Your Privacy Contact Email – e.g., privacy@yourwebsite.com.br] Postal Address (optional): [Your Company Address – if convenient and there is a physical DPO] Our team and the Data Protection Officer (DPO) are prepared to attend to your requests and ensure transparency in the processing of your information, responding within the legal deadline.
Changes to this Privacy Policy This Privacy Policy may be updated periodically to reflect changes in our data processing practices, technological enhancements, or to comply with new legal and regulatory requirements (such as new interpretations of the LGPD by the ANPD). Any significant changes will be communicated on our website in advance, through a prominent notice or other appropriate means. The most recent version will always be available on our website, and the date of the last update will be indicated at the beginning of the document.
Thank you for your trust in CARE-a-Bunch. It is a pleasure to have you in our community and ensure that your experience is as secure as it is delightful.