This Privacy Notice (“Notice”) establishes how Up Mountain Madeira (U.M.M.) protects the privacy of the Personal Data of our employees, customers, partners, or any other entity with which U.M.M. relates in the context of its activity).
Being an activity provider, U.M.M. needs to collect, use, and disclose Personal Data to perform the functions and business activities, including carrying out and managing travel reservations on behalf of our clients. At U.M.M. we are committed to protect the privacy and confidentiality of Personal Data and to maintain the various physical, digital, human and process related controls.
In the context of the General Data Protection Regulation 2016/679 (“GDPR”) U.M.M. is a “data controller” of any personal information that is shared in the context of our relationship with our clients or other interested parties.
By providing us Personal Data, stakeholders agree that this notice apply to how we deal with Personal Data and consent that Personal Data is collected, used, and disclosed as detailed in this Notice. If stakeholders do not agree with all or part of this Notice, the stakeholders should not provide us their Personal Data. If stakeholders do not provide us their Personal Data or withdraw their consent according to this Notice, that could affect our ability to provide the services or negatively affect the quality of the services provided. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. name or email address). We cannot make reservations without this information. There may be cases where local data protection laws impose treatment practices more restrictive than the practices defined in this notice. When that occurs, we will adjust our data processing practices to comply with these local laws data protection.
Personal Data have the meaning given by the local data protection laws and, where the GDPR applies, the meaning given under the GDPR. Personal Data usually mean data related with a living individual who can be identified from that data; or is identifiable from the combination of that data and other available data.
Generally, the type of personal information we collect is necessary to facilitate travel arrangements, support reservations or to arrange services and / or products relating to travel on behalf of our clients.
In this regard, we usually process the following types of Personal Data from our customers:
When our customers contact us for other purposes, Personal Data related to those purposes may also be collected. For example, we may collect personal information so that we may contact our customers about a contest / campaign that has signed up or to respond to a question or comment they have sent us. We also collect data necessary for use in the business activities of U.M.M. and our related entities, including, for example, financial details required to process multiple transactions, video surveillance images used for security purposes, or other relevant Personal Data you may choose to provide us.
In some circumstances, we may collect Personal Data from our customers that may be considered sensitive data in accordance with local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal history and the alleged commission of an offense, affiliation to political, professional, or commercial associations, biometric and genetic information, financial data, and health data. We will only collect sensitive data in accordance with local data protection laws, with explicit consent of the subject and where the data is reasonably necessary or directly related to one or more of our functions or operational activities (for example, travel), unless required or permitted to do so by law. To the extent permitted or required by local data protection laws, our customers consent that we use and disclose your sensitive data solely for the purpose for which it was collected, unless we subsequently receive your consent for another purpose. For example, if our clients provide us with health information related to travel insurance that they wish to do, customers consent that we use and disclose such health information on their behalf in the contacts made with the entity that promotes such travel insurance. Another example is when our customers can divulge their religious beliefs because they are interested, for example, in certain vacation packages, the use and disclosure of this information to make the trip operational. We will not use sensitive data for purposes other than those for which it was collected, unless we receive consent for another purpose.
We will only collect Personal Data in accordance with local data protection laws. We generally collect Personal Data in the context of contacts with our customers. We will collect this data directly from our customers, unless it is unreasonable or impractical to do so.
Generally, this collection will occur when customers:
We may also collect Personal Data when:
Unless they choose to do so under a pseudonym or anonymously, we may also collect Personal Data from our customers in the context of surveys or when they provide feedback.
In some circumstances, it may be necessary to collect Personal Data from our customers from third parties. This includes cases where a person makes a travel reservation on behalf of another person (s) (for example, a family reservation, a group, or a booking made by an employer). When this happens, we have the authority of the person making the travel reservation to act on behalf of any other traveller in the reservation, as well as with the consent of that person to collect, use and disclose Personal Data in accordance with this Notice. Our clients should inform us immediately if they know that their personal information has been provided to us by another person without their consent or if they have not obtained the consent before providing us with the Personal Data of another person.
We make every effort to maintain the accuracy and completeness of the Personal Data we store and to ensure that all Personal Data is up-to-date. However, any interested party may contact us immediately if there is any change to their Personal Data or if they are aware that we have inaccurate Personal Data (see section 13 below). We will not be liable for any losses arising from any inaccurate, inaccurate, defective, or incomplete personal information that the Interested Parties, or anyone acting on your behalf, may provide to us.
We will only process Personal Data when:
When you contact us regarding an inquiry or tour reservation, the purpose for which we collect your personal information is generally to provide you with travel advice and / or to help you book travel-related products and services. However, the purpose of the collection may be different depending on the specific circumstances disclosed in this Notice (e.g. collection of Personal Data for participation in a contest, provision of feedback, etc.).
When a customer makes a reservation or organizes travel-related products and services with our support, we generally act as an agent for travel service providers (e.g. for a hotel). In this case, we process Personal Data as necessary to provide the requested services. This usually includes the collection of Personal Data for internal purposes as described in this Notice, and for the travel service provider for whom we act as an agent (for example, to provide contracted services). For example, if you book a boat tour through U.M.M., we will use the Personal Data to allow the tour to be booked and we will disclose the Personal Data to the tour provider to allow it to provide the tour service.
We may share data with our travel service providers (hotels, airlines, car rental companies or other providers related to travel reservations). These travel service providers may also use the Personal Data as described in their respective privacy policies for additional information that facilitates booking the trip or providing the services requested. We recommend that our Customers review the privacy policies of any travel service providers that are purchased through U.M.M. We will provide copies of all relevant terms, conditions, and privacy policies of travel service providers upon request.
We can act as agents for or on behalf of many tour service providers, so it is not possible to refer in this Notice to all the tour service providers for which we operate.
If there is any concern regarding the transfer of Personal Data to a tour service provider, or if further information is required, please refer to section 13 of this Notice.
The purposes for which we collect Personal Data also include:
Where permitted by local data protection laws, we may use Personal Data to perform marketing activities related to our (and third party) products and services that we believe may be of interest to our Customers, unless they have requested to not receive such data. information. These campaigns may include, but are not limited to, email submissions, digital marketing, and other electronic notifications. Personal Data will be used to send digital marketing material (including newsletters, e-mail, SMS, MMS, and IM) if the Customers have chosen to receive it. Customers can sign up to receive newsletters and other promotional / digital marketing materials by following the relevant links on our website or requesting that one of our team members do so.
Any individual who does not wish to receive promotional / marketing material from us, participate in market consultations or receive other types of communication should refer to sections 8 and 13 of this Notice.
At U.M.M. we do not sell, rent, or exchange Personal Data. Personal Data will only be disclosed to third parties in accordance with the provisions of this Notice and in accordance with local data protection laws (note: in this Notice the reference to “disclosing” includes transferring, verbal, or written sharing, sending, or making available data to another person or entity).
Personal Data may be disclosed to the following types of third parties:
In addition to the above, we will not disclose personal information without consent, unless we believe disclosure is necessary to reduce or prevent a threat to life, health or safety of an individual, public health or safety, or for an action (e.g. prevention, detection, investigation, or punishment of criminal offenses), or where such disclosure is authorized or required by law (including applicable data protection / privacy laws).
On the websites or social networks of U.M.M., users may choose to use certain third-party resources with which we associate. These features, which may include social networking tools and geo-localization, are operated by third parties, and are clearly identified as such. These third parties may use or share Personal Data in accordance with their own privacy policies. We recommend consulting third-party privacy policies if you consider these relevant tools.
We may disclose personal information to certain recipients abroad as described below. We will ensure that such international transfers are necessary for the execution of a contract between our Customers and third parties abroad or that are subject to appropriate or adequate safeguards as required by local data protection laws (e.g. GDPR). We will provide copies of the relevant safeguards documents upon request (see section 13 below).
It is possible that Personal Data are transferred for a foreign entity located in a jurisdiction where it is not possible to guarantee a data protection level equal to that in the context of GDPR. In these cases, U.M.M. cannot be responsible for how these recipients handle, store, and process your Personal Data.
(a) Related entities abroad
U.M.M. operates a global business, including operations in foreign countries outside of Europe. Personal data may be disclosed with our related entities abroad for support in the travel reservation and / or to enable administrative, consultative, or technical services, including the storage and processing of such data.
(b) Travel service providers located abroad
To provide our services, it may be necessary for us to disclose personal data to relevant suppliers of travel services abroad. We deal with many different travel service providers around the world, so the location of a relevant travel service provider will depend on the travel services provided. Relevant travel service providers will in most cases receive personal data in the country in which they will provide the services or on which their business is based.
(c) Our service providers located abroad
We may also have to disclose personal data to service providers located abroad for supporting the provision of services, including the storage and processing of such data. Generally, we will only disclose personal information to such recipients abroad in the context of a travel reservation and / or to allow the provision of administrative and technical services provided on our behalf.
If there is any specific doubt as to where or for whom personal data can be sent, see section 13 of this Notice.
At U.M.M. we are committed to protecting Personal Data by implementing and maintaining appropriate technical and organizational control measures to ensure a level of safety aligned with the risks related to: accidental or illegal destruction; loss; unauthorized alteration or disclosure; or improper access to Personal Data transmitted, stored, or processed. U.M.M. regularly monitors and reviews security controls and strives to protect Personal Data in the same way that it protects sensitive Business Information.
U.M.M. destroys or de-characterizes Personal Data whenever they cease to be relevant to the business or as required by law.
Should any interested party that U.M.M. have Personal Data intend to:
Interested parties must formally submit the request to U.M.M. through the contacts identified in section 13 of the Notice. After the request will be given an acknowledgment of the same and information will be given on the deadline within which the information will be made available.
U.M.M. will make every effort to respond to such requests within one month or less, although it may be necessary to extend this period for complex requests.
In addition, U.M.M. reserves the right to deny access to the Information for any reason permitted by applicable law. If the request for access or correction of the Information is denied, the reasons for such refusal will always be communicated in writing, unless it is unreasonable to do so or when required by local data protection laws.
All communications related to requests for access to Personal Data must be made formally in writing to the Data Protection Officer through the contacts indicated in section 13 of the Notice.
If U.M.M. is requested to restrict or stop using Personal Data, withdrawing the consent previously provided for the processing of Personal Data, the ability to provide services or the quality of services may negatively impact the services. For example, most travel reservations must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details), and reservations cannot be made without this information.
Personal Data shared with U.M.M. should be accurate and individuals agree to update them whenever necessary. In addition, they agree that, in the absence of any update, U.M.M. may assume that the submitted data is correct.
Any individual may at any time ask U.M.M. to stop sending marketing communications and may use the cancellation links provided in the marketing emails or through the contacts indicated in section 13 Notice.
In any of the situations listed above, it may be requested to provide a valid means of identification that the applicant proves his / her identity and thus ensure that U.M.M. fulfils its security obligations and prevents the unauthorized disclosure of Personal Data.
U.M.M. reserves the right to charge a reasonable administrative fee following any manifestly unfounded or excessive requests regarding access to Personal Data or for any additional copies of Personal Data requested.
U.M.M. websites and mobile applications can use social networking features and tools (like “Like” and “Share” buttons), (“Social Networks Resources”). These features are provided and operated by outside companies (for example, Facebook) and hosted by outside companies or directly on our website or mobile application. Social Networks Resources may collect data related to the page visited on the website / mobile application, the IP address and may set cookies to allow the RS Feature to function properly.
If the user has activated social networking accounts, then they may be able to share data about visiting and using our website or mobile application with social network accounts. Likewise, interactions with RS resource can be registered by third parties. In addition, the external company may share with U.M.M. personal data in accordance with its policies, such as your name, profile picture, friend lists or any other information you have chosen to make available, and we may share data with the outsourced company for promoting the marketing directed through the platform of social networks. Users can manage data sharing and turn off targeted marketing in the privacy settings of their social networks.
When a user accesses the website, uses any mobile device or digital matches of U.M.M. servers, they can record data relating to the device or network that the user uses, including the IP address. An IP address is a series of numbers that identify a computer and are usually assigned when you access the Internet.
IP addresses can be used by U.M.M. to administer systems, investigate security issues and compile anonymous data about the use of the website and / or mobile applications. IP addresses may also be associated with other personal data available about individuals for the purposes described above (for example, to better tailor marketing and advertising materials, provided the user has chosen to receive digital marketing).
U.M.M. may use web analytics services from outside vendors on their websites and mobile applications, such as those listed in the “Cookies Policy”. Providers of these services may use technologies such as cookies and web beacons to help analyse visitors using websites and applications.
U.M.M. websites may contain links to third-party sites over which U.M.M. has no control and is not responsible for the privacy practices or the content of any associated websites. U.M.M. recommends reading the privacy policies of any associated websites that are visited, as their privacy policies and practices may be different from those of U.M.M.
Any questions, comments, or complaints about this Notice or about the processing of personal data; if you wish to inform U.M.M. about a change or correction of personal data; if you wish to receive information about the personal data that are treated by U.M.M.; or for any claim or comment related to data protection; should be addressed to the Data Protection Officer of U.M.M. through the contacts below:
Contact Name: Up Mountain Madeira(DPO)
Address: Rua Imperatriz D. Amélia 60, 9000-018 Funchal
U.M.M. will respond to any queries or complaints received as soon as possible.
This Notice may be changed from time to time. If a change to the Notice is made, the revised version will be published and dated on the U.M.M. website. If justified, in addition to updating the Notice, consent may be requested for certain types of data treatment.
This Privacy Notice was last updated on June 12, 2019.