This document holds UNU Hotels and Resorts’ Personal Data Production and Privacy Policy on its institutional site, access to which is included through its official channels on the website. Its purpose is to establish rules regarding the collecting, storage, use, handling, sharing and exclusion of data and any information that has been potentially collected through its digital platforms maintaining absolute transparency.

With this in mind, we hope that the users who access our website have the best possible experience in order to enjoy our services while we ensure that their privacy is respected. In order to so, you can enable your preferences for tailored services according to the offer or demand that you are looking for (profile).

Our goal is that all clarifications and any practical aspects necessary for answering possible queries are available in a transparent manner.

Data controller

UNU Administração Hoteleira e Comercial Ltda.

Tax ID: 34.606.733/0001-96

Av. Iraí, 280 – Conj. 406
CEP 04082-000
São Paulo – SP

Trading name

UNU Hotels & Resorts

Nature of the data to be handled

Personal data that is provided by users and/or collected automatically

Purpose of personal data handling

Improve the browsing experience on the website, institutional information, publicity campaigns, discounts, event publicity, diverse programs, payment history, preferences or research.

Legal basis

  • Legitimate interest;
  • Contract execution;
  • Consent.


Service providers and operators that are essential for the development of our activities.

Data protection

Preventative measures aiming to provide security and confidentiality of the collected data, in compliance with legal principles, technological capacity and administrative technical processes.

Holders’ rights

Confirmation of the existence of personal data handling, rectification/correction, deletion etc.


The website contains all institutional information of public interest. Within its scope, the website is aimed at those who essentially seek:

  1. Information about products and services available to customers, launches, deals, campaigns offered by UNU Hotels & Resorts and its partners;
  2. Answers to user queries.

The data used, or handled, stems from: (i) that which has been supplied by the users themselves; (ii) that which has been collected automatically to optimize the running of the website.

  1. Information provided by the user, such as full name, social security number (CPF), email, telephone contact and, whenever necessary, data which has been filled out on forms to enable access to a specific area such as one for the customer, campaign participation, gaining discounts, events, satisfaction surveys and diverse programs;
  2. Automatically collected information such as IP (Internet Protocol) address, characteristics of the browser of the device used for access, information regarding clicks, pages and screens that have been visited. Use will be made of existing technology that is well-established in the market, meeting the necessary and suitable standards with the best practices, including the use of cookies, pixel tags, beacons, local shared objects, among others, which will be used towards providing better browsing experience as per the feedback given by the user’s preferences.


The collected information, should it be of interest to UNU Hotels & Resorts, will possibly be shared: (i) with partner companies, whenever necessary in order to provide the suitable services, aiming for data minimization, safety and suitability; (ii) for complying with standards or regulations; (iii) to protect UNU Hotels & Resorts’ interests in any type of conflict; and (iv) in the case of any judicial decision or request by the governing authorities.

Over time, data sharing may occur with companies that provide technological infrastructure, processes and operationalization which are strictly necessary to the undertaking of UNU Hotels and Resorts’ activities.

Data holders may request to access, update, add or correct, as well as delete their data through their Data Protection Officer via the following email:

In the body of the email, the data holder shall set out the details of their request, which will be answered and/or processed in due course whilst complying with the concerning legislation and further guidelines to be established by the National Authority of Data Protection.


Users/visitors are informed that UNU Hotels & Resorts uses cookies to collect and store information regarding personal preferences for website access, such as: sending one or more cookies or anonymous identifiers that collect data related to browser preferences and the visited pages. The handling is carried out in an automatized manner with no personal contact with the obtained data.  

The data handling intends to improve and personalize the browsing experience on our website. We are committed to observing the principles of data protection and ensuring that it is used in accordance with the indicated objectives, in such a way that it will not be allowed to be used for diverse and/or unconnected purposes.

We guarantee that the users have option to disable the cookies or personalize them according to their interests at any time. This can be done through tools from the browser itself to prevent the installation of cookies or the removal of those already installed, enabling the self-management of them. Potential alterations may interfere in the user interaction with our website, including the possibility of errors in some of its features. Some cookies are essential to the fluid navigation and use of the available resources and without which, some services/features will not be accessed and provided.

We store information related to the access of the users to our website on our database which may include, but is not limited to, the IP address, the accessed pages, the access times and dates and the device used, all in agreement with the current data protection legislation.

Such information, should it be necessary, shall be used for the regular exercise of rights, such as: complying with judicial orders, defense of rights against users in legal or administrative proceedings, including internal or public investigations, with the aim of investigating practices that may cause damage of any nature, as well as committing crimes in virtual environments.

We may possibly collect personal data from or about users which have been voluntarily input during the browsing experience on the website. We prioritize the users’ email as the main point of contact for communication about possible requests and queries.

We offer the users the right at any time to request the deregistration and exclusion of personal information from the database; this procedure will not be done immediately but will keep to a reasonable timeline for deletion. We stress that in some exceptional cases, we will be prevented from doing so due to legal obligations set out in the Data Protection General Law and current norms referring to data retention. In such situations, the users will be informed about the impossibility of excluding their data.

User personal data shall be used for the following purposes:

(i) consumer profile identification and registration update;

(ii) guaranteeing user security;

(iii) preparation of statistics to measure website access, ensuring the anonymity of the users, including for purposes to enhance and understand the profiles that have demonstrated interest.

The aforementioned policy, in order to remain in line with the best data protection practices, may undergo adjustments at any time without any necessity of prior warning or consent. We therefore commit to maintaining the updated version on the website.

In the case of questions, please get in touch through our communication channels, preferably:


UNU Hotels & Resorts uses cutting-edge technology that meets the highest standard in the market, storing collected information on its own servers or ones that it has contracted. Therefore, the best practices are always followed, such as:

  1. Proof of the use of access encryption, such as the standard SSL – Secure Sockets Layer, set up as a secure access site;
  2. Protection against unauthorized access to the systems;
  • Authorized access only for pre-determined people to handle the collected information;
  1. Data confidentiality with the minimization of collected data and registered access of the internal permissions.

We stress that although the greatest effort to ensure user’s privacy is under the responsibility of UNU Hotels & Resorts, the same applies to its users who shall take suitable self-protection measures by keeping their usernames and passwords confidential, using antivirus software and, above all, taking the due precautions to ensure their rights.

With the aim of guaranteeing the privacy and confidentiality of the collected data, we will adopt continuous precautions to meet the principles and regulations and fundamentals in compliance with the regulatory norms.


The handled users’ personal data will be excluded when:

  1. The data holder requests their deletion from the servers and database;
  2. Throughout the information’s lifespan for legal purposes or according to UNU Hotels & Resorts’ legitimate interest for its legal protection.

Without jeopardizing the aforementioned data, it will be conserved for compliance with legal or regulatory obligations and will be transferred to any third-party responsible for the contract, respecting the handling requisites whenever the anonymization is possible.


In observance of the ethical principles, good practices and, above all, in compliance with the governing regulations for the handling of personal data in Brazil, UNU Hotels & Resorts will keep its commitment to respecting and guaranteeing the provision of services, safeguarding the users’ interests, enabling them to exercise their rights and requests, which can be made as follows:

  1. Access to the registered personal data;
  2. Confirmation of the existence of handling of personal data, from its collection onwards;
  • Correction of registered data, whether it is out-of-date or incorrect;
  1. Anonymize, restrict or eliminate unnecessary data that is not in compliance with the corporate purpose and quality;
  2. Deletion of handled data that has been collected under the user’s consent and not under legitimate interest;
  3. Information regarding which public or private bodies have access to the data;
  • Portability of the data when the National Authority of Personal Protection Data audit.

UNU Hotels & Resorts reserve the right to, after the request has been made by the users, take all possible means to confirm the entitlement of the requester, ensuring the quickest possible response.


This document was prepared based on the current legislation in the Federative Republic of Brazil, especially the Data Protection General Law.


Alex Moreira de Freitas (DPO)