Privacy Policy


1- Thank you for consulting our Privacy Policy, we are at your disposal to provide any clarifications and information about the way we process your personal data.

2- S.Bento Residences absolutely respects your privacy and the personal data whose processing you entrust to us, and we consider this respect to be essential and one that is foundational of our activity as a responsible organization.

3- We comply with and enforce the currently binding personal data protection legislation, namely the General Data Protection Regulation (Regulation (EU) 2016/679), hereinafter GDPR, and law 58/2019 of August 8, which executes the GDPR in the Portuguese legal order.

4- We are fully committed to protecting your privacy and personal data and, at the same time, provide you with the best experience using our website, which we designed and created for you.


1- Controller is, according to the GDPR, “the natural or legal person, public authority, agency or other body that, individually or jointly with others, determines the purposes and means of processing personal data ”.

2- In the context defined above, NQI São Bento Residences Lda, (hereinafter “S.Bento Residences”), with the taxpayer nº. 514 405 198, registered office at Rua do Campo Alegre, 830 – 9º Andar, 4150-171 Porto, is the controller of your personal data, within the meaning of article 4, point 7) of the General Data Protection Regulation.


1- The user can access, browse, and use this website without providing any personal information. However, the use of certain tools on the website, namely, creating a user account to make a reservation, as well as to subscribe to newsletters, for the purpose of receiving promotional material and news from S.Bento Residences, may imply the supply and provision of personal identification data (name, taxpayer number, among others), contact details (address, email), and other necessary details for booking purposes.

2- S.Bento Residences as the controller is responsible for collecting and processing the personal data of website users, under the terms and for the purposes indicated in the applicable data protection legislation. Such data will be collected, stored and used by S.Bento Residences with the aim of answering the questions you ask us.


1- This policy reflects the way we act when we provide our services and whenever, in any way, we interact with you and process your personal data.

2- The processing of personal information is carried out only by those who are duly authorized by us, and by no one else.

3- Our concern with your personal data is established by design and by default, in our website and in everything we do, in the way we provide our services, how we act within the scope of our relationship with you and our partners, and in all initiatives that we may develop. Your data is processed on a strictly necessary basis and with strict control over its access.

4- We search, evaluate, and implement the most appropriate solutions to protect your personal information, and we do it with the purpose to continuously improve the services we provide.

5- All of us at S.Bento Residences have received training and know that your personal data belongs to you, as the data subject.

6- We always assume that the protection of your personal data begins with the rigor and qualitative level of the information we provide, always seeking to improve its content and ensuring that it is clear, accessible, and understood by everyone.

7- We always act with the belief that transparency and information must be the basis of everything we do and that they constitute the pillar of trust that unites us with our clients and that sustains lasting relationships.

8- We review what we do, we accept our mistakes and ensure that they do not reoccur, and, although we know that there are no perfect individuals or organizations, we believe that there is always room to improve, do better, and serve in an exemplary manner those who trust us.


1- Accessing our website and making your personal data available implies and assumes that you are aware of the content of this policy.

2- We advise you to carefully read our Terms and Conditions, as well as our Cookies Policy, documents that you will find at the bottom of our website’s homepage.


1- Estes são alguns dos conceitos inerentes à proteção de dados pessoais:

a) What is “Personal Data”?

Any information relating to an identified or identifiable natural person, where an identifiable natural person is considered to be a natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific elements of their physical, physiological, psychological, economic, cultural or social identity.

b) What is meant by “Processing”?

This regards an operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, broadcast or any other form of availability, comparison or interconnection, limitation, erasure or destruction.

c) Who is the “Controller”?

The natural or legal person, public authority, agency or other body which, individually or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to its nomination may be provided for by Union or Member State law.

d) What is “Consent”?

Consent is given by you, as the data subject and when legally applicable, translating a free, specific, informed and unequivocal expression of will, by which you accept, through a declaration or unequivocal positive act, that the personal data concerning you will be subject to treatment.

e) What is a “Personal Data Breach”?

It means a breach of security that causes, accidentally or unlawfully, the unauthorized destruction, loss, alteration, disclosure, or access to personal data transmitted, stored or subject to any other type of processing.


1- The personal data we process is adequate, relevant, and limited to what is necessary for the purposes of the hotel.

2- The categories and types of personal data that we process, for the purpose of providing our services, are as follows:

a) Os seus dados de identificação:
i) name;
ii) date of birth;
iii) citizen card data;
iv) nationality.

b) Your contact details:
i) address;
ii) phone number;
iii) email.

c) Your billing details:
i) the tax identification number;
ii) billing address.

3- Personal data is processed electronically and stored in databases.

4- In the event that we process special categories of personal data (“sensitive data”), such as health data, this will only occur based on the exceptions provided for in article 9, paragraph 2 of the GDPR.


1- As part of our activity, we may use processors who process your data on our behalf, as provided for in the GDPR.

2- Whenever this happens, we adopt the following procedure:

a) We carefully choose our processors, whom we previously evaluate, determining in advance whether they comply with the GDPR and other applicable legislation, and this evaluation takes place before any contract is in place;

b) By doing so we verify whether or not they present sufficient and adequate guarantees for the execution of technical and organizational measures designed to protect your personal data and that they will act only in accordance with our instructions, which are documented;

c) We enter into a written contract with our processors, therefore complying with the legal requirements established in article 28 of the GDPR.


1- As a rule, your data will always be processed within the European Economic Area, and we choose, if necessary and preferably, providers that are located within this geography.

2- If we communicate personal data to third countries or international organizations, outside the European Economic Area, we will strictly comply with the applicable legal provisions, not carrying out international personal data transfers to entities that do not offer guarantees of maintaining the level of protection required by the GDPR.


1- In advance, we want to inform you the purposes of the processing of your personal data, below, which are determined and legitimate, complying with the principle of purpose limitation.

2- We process your personal data for the following purposes:
a) to identify you as our client;
b) to provide our services;
c) if you ask us for information, so that we can inform you;
d) for marketing purposes (only with your consent or in accordance with our legitimate interest, duly considered and justified);
e) to inform you of changes to the conditions for providing the contracted services;
f) to optimize visits and navigability on our website;
g) for managing our contractual relationship and its execution;
h) to adapt the services we provide to the needs of our customers;
i) for billing purposes;
j) to comply with legal obligations;
k) for events and their advertisement
l) for recruitment and selection processes


1- It is our firm intention that you are always duly and previously informed, as a data subject, about the processing we carry of your personal data, so that you can exercise real and effective control over it, without surprises.

2- If we intend to process your personal data for purposes other than those stated here, we will take the initiative to inform you and provide the necessary information, as well as any other details that, in the context, are relevant and appropriate, aiming to put in place a transparent and equitable processing and relationship with you.


1- Depending on the circumstances, the processing of your personal data may be carried out on the following legal basis:

a) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
b) compliance with legal obligations to which we are subject;
c) your consent, which we will ensure is given by you freely, specifically, informed and unequivocally;
d) our legitimate interests, and we will ensure that they do not override your interests, rights, and freedoms, otherwise we will not invoke them.


1- In the context of the services we provide, it may happen that we have to process children's data, taking into account the recipients of the services we provide and their scope, always regarding the special protection that is necessary when processing children's data.


1- We follow the legal rule that data must be kept only for the time necessary and for the purposes that motivated its processing, after which it will be deleted or anonymized;

2- Please be aware that there are legal requirements that oblige us to retain data for a minimum period of time and, in these circumstances, we are obliged to respect these deadlines for as long as legally provided;

3- If the processing is based on your consent, we will retain the data until you withdraw your consent or if the purpose we pursue no longer make sense;

4- In order to have a standard internal procedure, we have developed a data conservation policy, which everyone knows, complies with, and enforces.


1- As the data subject, you have the following rights:

a) Right of access - (article 15 of the GDPR)
You have the right to request from us, among others, information regarding whether or not your data is being processed, what data we process and for what purposes.

b) Right to rectification - (Article 16 of the GDPR)
Right to have, without undue delay, rectification of inaccurate personal data concerning you and for incomplete data to be completed.

c) Right to erasure - (Article 17 of the GDPR)
Also known as the right to be forgotten – you can request, in certain circumstances, that your personal data be erased from our records, without undue delay, whenever any of the reasons set out in the GDPR apply.

d) Right to object - (Article 21 of the GDPR)
You have the right to object, for reasons related to your particular situation, to certain types of data processing provided for in the GDPR, such as processing for direct marketing purposes, in which case we will cease processing for that purpose.

e) Right to restriction processing - (article 18 of the GDPR)
The right to obtain restriction of the processing of your personal data, when you wish, for example, to contest the accuracy of your personal data for a period of time that allows us to verify its accuracy, when the processing is unlawful or if you have deduced your right of opposition.

f) Right to data portability - (article 20 of the GDPR)
You have the right to transfer your personal data that we keep to another organization or to receive it in a structured, commonly used, and machine-readable format.

g) Right to withdraw consent - (Article 7(3) GDPR)
If consent is legally necessary for the processing of personal data, the data subject has the right to withdraw consent at any time, easily, although this right does not compromise the lawfulness of processing carried out based on previously given consent.

h) Right to lodge a complaint with a supervisory authority - (Article 77(1) GDPR)
In Portugal, the control authority is the CNPD - National Data Protection Commission (

i) Right to claim compensation and liability - (Article 82 GDPR)
If you have suffered material or non-pecuniary damage due to a violation of the GDPR, you have the right to receive compensation from the controller or processors for the damage suffered.

j) Right to mandate a non-profit body, organization, or association to, on your behalf, lodge a complaint - (Article 80 of the GDPR)
The data subject has the right to mandate a non-profit body, organization or association, which is duly constituted under the law of a Member State, whose statutory objectives are in the public interest and whose activity covers the defense of rights and freedoms of the data subject with regard to the protection of their personal data, to, on their behalf, lodge a complaint, exercise the rights provided for in Articles 77, 78 and 79 of the GDPR, and exercise the right to receive a compensation referred to in Article 82, if this is provided for in the law of the Member State.

k) Right not to be subject to automated decisions - (Article 22 of the GDPR)
You have the right not to be subject to any decision made exclusively based on automated processing, including profiling, that produces effects in your legal sphere or that significantly affects you in a similar way. This subjection, if it occurs, will only take place, on our part, within the scope of the exceptions provided for in article 22, n.º 2 of the GDPR, and we will apply measures that ensure the right to obtain human intervention, allowing you to express your opinion and contest the decision.

2. For the purpose of the exercise of these rights, please check the “Contacts” section below.
a) After sending your email, or by other means, in which you express that you intend to exercise the rights indicated in subparagraphs a), b), c), d), e), f), g), h), we will act accordingly, sending you the “Form for exercising data subject rights”.


1- We consider that individual and collective responsibility is an essential pre-requisite for trust, we internally appointed a person responsible for the protection of personal data.

2- The Data Protection Officer will respond to your requests regarding processing, in a quick and concise manner, as well as, in a transparent, intelligible, and in a easily accessible way, using clear and simple language, and within a period of 30 calendar days (which may increase to 60 days in case of complexity or depending on the number of requests).

3- The information is provided in writing or by other means, including, when applicable, by electronic means.

4- Upon your request, the information can be provided orally, as long as your identity is duly proven, otherwise, the absence of identification, the Data Protection Officer may refuse to provide you with a response.


1- At S. Bento Residences we have adopted appropriate technical and organizational measures to ensure a level of security that we believe is appropriate to the risk associated with the processing of your personal data, considering the measures provided for in article 32 of the GDPR

2- Aware of technological developments, which are permanent, we periodically review and improve the measures implemented, which guarantee increasingly better and more efficient security, ensuring that your data is protected based on the best possible technology, and considering the risk.

3- We seek to ensure that the availability, authenticity, integrity, and confidentiality of your data are assured, as well as to prevent its loss, alteration, unauthorized disclosure or access or misuse of personal data, or any other form of illicit processing that may take place.

4- We invest decisively and regularly in training our people, ensuring that they have the necessary legal and technical knowledge to process with your personal information, following the applicable legal rules , the best-known practices, as well as complying with the internal procedures defined and implemented.


1-Within the scope of the services we provide, data communication is a necessary requirement to enter into a contract or to send you communications.

2- The lack of such information naturally constitutes an obstacle to enter into a contract, that being the only resulting consequence.


1- The S.Bento Residences website contains links to other websites of interest or partners and is not responsible for the privacy policy, cookie policy or conditions of use of these same websites. We recommend that when accessing other websites, you consult all the information and conditions mentioned above.


1- We use necessary and analytical cookies for the operation of our website.

2-The S. Bento Residences Cookies Policy can be consulted at

3- If you have any questions regarding the terms of operation of the cookies used by S.Bento Residences, you can contact us via


1- NQI São Bento Residences Lda, appointed and communicated to the Portuguese data protection authority- CNPD – Comissão Nacional de Proteção de Dados, the name and contacts of its Data Protection Officer, who fulfills the tasks set out in article 39 of the GDPR.

2- For the purpose of communicating with the Data Protection Officer on topics related to the protection of personal data, please consult the following point.


1- The user may contact S.Bento Residences on all issues related to the processing of their personal data and the exercise of the rights granted to them by applicable legislation, through the following contact details:

Phone: 227 662 770
E-mail: (for commercial questions)
E-mail: (for data protection questions)
Address: Rua do Campo Alegre, no. 830, 9th floor, 4150-171 Porto


1-For various reasons, whether related to legal or technological issues, we may have to change, without prior notice, the content of this privacy policy.

2- If this happens, and because we want you to be permanently informed, we will indicate the changes made on our website and make them available to you.

3- After the changes that may occur are informed and a part of this policy, all users of our website are bound to the new terms.


1- Our privacy policy was approved by the management body of NQI São Bento Residences Lda.


Last update: 16/05/2024