Selecione Hotel
-
+
-
+
-
+
Selecione a idade das crianças!

Privacy Policies

The Arena Hotéis Group values transparency in its relationships with guests, employees, and partners, and treats the processing of your personal data with great seriousness and respect.


The Arena Hotéis Group ("Arena Hotels") is composed of the companies JDVB ADMINISTRAÇÃO E HOTELARIA LTDA. (CNPJ: 07.037.213/0001-37), responsible for Arena Copacabana Hotel, located at Rua Paula Freitas, 4, Copacabana, Rio de Janeiro - CEP: 22040-010; ARENA LEME HOTEL LTDA (CNPJ: 14.949.199/0001-03), responsible for Arena Leme Hotel, located at Rua Gustavo Sampaio, 111, Leme, Rio de Janeiro - CEP: 22010-011; ARENA IPANEMA HOTEL LTDA (CNPJ: 15.576.251/0001-96), responsible for Arena Ipanema Hotel, located at Rua Francisco Otaviano, 131, Ipanema (Arpoador), Rio de Janeiro - CEP: 22080-040; and ANNA CLASSIC EMPREENDIMENTOS LTDA. (CNPJ: 53.386.057/0001-37), responsible for the accommodations of Anna Arpoador, located at Avenida Treze de Maio, n. 33, sala 2201, Centro, Rio de Janeiro/RJ, CEP: 20.031-920. All these private legal entities, duly registered with their respective National Registries of Legal Entities before the Brazilian Federal Revenue Service, are designated herein as personal data controllers.


This Privacy Policy is subject to Brazilian law, specifically the General Data Protection Law (LGPD - Law 13.709/2018).

In this Privacy Policy, you will find information about our practices regarding the processing of personal data, including what data is collected, for what purposes it is used, shared use, what we do to ensure the security and protection of this information, and how you can exercise your rights as a data subject.


If you wish to exercise your rights as a personal data subject, please send an email to dpo@arenahotel.rio.


You may also contact the Data Processing Officer, as requested at the end of this Policy.



Table of Contents


  1. Collection of personal data;
  2. Purposes of use;
  3. Principles for personal data processing;
  4. Legal bases used for personal data processing;
  5. Sharing personal data with third parties;
  6. International transfer of personal data;
  7. Exercise of rights by personal data subjects;
  8. Security of your personal data;
  9. Retention and Exclusion of personal data;
  10. Data of minors;
  11. Data Processing Officer;
  12. Updates to Privacy Policies.

1. Collection of personal data:


For the purposes of this Privacy Policy, "personal data" refers to all information that can directly or indirectly identify a natural person.


When you stay at our hotels, use our services, or register on our applications, you provide us with personal data, such as your name, address, email, phone number, identification document details, among others.


We may obtain distinct types of personal data depending on your relationship with us, whether as a guest, employee, supplier, or business partner.



1.1 Personal data we may collect::


Identification and contact data: Full name • RG, CPF, RNE, CIR, passport or other identification documents, and their issue dates • Nationality and place of birth • Marital status, and data of spouse or common-law partners • Children or dependents • Email address • Residential address and proof of residence • Phone numbers • Date of birth • Parentage • Gender;


Professional and financial data: Education • Profession and employer • Position or function • Income tax declaration or proof of income • Bank details and credit card information • Negative certificates, score-related data, or legal proceedings;


Accommodation and service data: Booking and check-in/check-out information • Room number and number of guests • Dietary preferences and restrictions • Food intolerances and allergies • Special requests and service preferences • Previous stay history • Ratings and feedback on our services;


Communication and interaction data: Recordings of calls made through our customer service channels • Emails and messages exchanged with the data subject • Interactions on social media • Participation in satisfaction surveys;


Technical and navigation data: Information about the browser and operating system of the device used to access our platforms • IP address, date, and time of connection to our platforms • Cookies and similar tracking technologies • Geolocation data when authorized;


Biometric and security data: Facial biometrics, image, and voice (when applicable for security) • Images from security cameras in public areas of the hotels • Access data to hotel premises.


1.2. Specific data by department:


As mapped in our personal data lifecycle inventory, we collect specific data for different operational purposes:


  • Marketing: Data for promotional campaigns, newsletters, and commercial communication;
  • Human Resources: Employee data, candidates, and selection processes;
  • Sales: Corporate client information and commercial contracts;
  • Information Technology: User data of systems and information security;
  • Financial, Controlling, and Purchasing: Supplier data, payments, and financial control;
  • Pricing: Information for market analysis and rate definition
  • Confectionery: Data for special order fulfillment and dietary restrictions;
  • General Managements: Operational and management data for the three hotels.


You can obtain access to a personalized report of your personal data, as well as a description of the purposes for which such data is processed, and business partners with whom your data may be shared by contacting the Data Controller using the contact details provided in this Privacy Policy.



2. Purposes of use:


Arena Hotels processes personal data for legitimate and specific purposes, informing the data subject about these purposes in a clear, objective and transparent manner.


2.1 Purposes of use of personal data:


Hotel operations and service provision: Execution of hospitality contracts, operationalization, and provision of hotel services • Management of bookings, check-in, check-out, and accommodations • Provision of food services, including catering to dietary restrictions, allergies, or intolerances • Provision of concierge services, room service, and other hotel facilities • Management of events and activities held on hotel premises • Access control to hotel premises and rooms;


Security and prevention: Identity validation to prevent fraud and ensure the integrity and security of our transactions • Assessment, maintenance, and improvement of the security of our physical environments, especially to prevent accidents or potential threats • Monitoring by security cameras in public areas for the protection of guests and employees • Access control to hotel premises to ensure security;

Financial and administrative management: Carrying out risk control and mitigation processes, accounting auditing, billing, negotiation and collection • Payment processing and management of banking and credit card data • Management of suppliers and purchasing processes • Compliance with regulatory duty or legal obligation, for defense in proceedings or by decision of a judicial or administrative authority;


Customer relationship: Creation and management of guest and corporate client registrations • Client prospecting, service offering, customer service, and support • Content creation for social media and sending informative emails • Management of loyalty programs and benefits for frequent guests • Conducting satisfaction surveys regarding our services;


Human resources management: Recruitment, application, selection processes, including background checks • Training and offering benefits to employees • Management of payroll and benefits • Conducting organizational climate surveys;


Marketing and communication: Development and execution of marketing and communication campaigns • Sending newsletters and promotional communications • Management of social media presence and digital platforms • Market analysis and pricing strategy definition;


Information technology: Management of information systems and digital security • Maintenance and improvement of online platforms and applications • Data backup and recovery • Information security monitoring.



2.2. Specific purposes by department:


As detailed in our personal data lifecycle inventory, each department of Arena Hotels processes personal data for specific purposes:


Marketing: Development of promotional campaigns, customer relationship management, market analysis, and institutional communication;

Human Resources: Complete management of the employee lifecycle, from recruitment to termination, including training and benefits;

Sales: Corporate client management, contract negotiation, commercial prospecting, and group service;

Information Technology: Management of technological infrastructure, information security, technical support, and system development;

Financial, Controlling, and Purchasing: Financial management, cost control, auditing, supplier management, and purchasing processes;

Pricing: Market analysis, rate definition, revenue management, and commercial strategies;

Pastry: Fulfillment of special orders, management of dietary restrictions, and provision of personalized products;

General Management: Operational supervision, strategic management, quality control, and inter-departmental coordination.


All these purposes are executed in accordance with Brazilian personal data protection legislation and based on the legal hypotheses provided for in the LGPD.


3. Principles for the processing of personal data:


Arena Hotels bases its personal data processing practices on the principles established in the General Data Protection Law (Law no. 13.709/2018):


Purpose: We only use personal data for purposes authorized or required by law, specific, and duly informed to the data subject through our privacy notices, privacy policies, contracts, and other documents we use to formalize our relationship;


Adequacy: The personal data used in each of our activities are only those adequate for the purpose of our hotel service provision, i.e., personal data that actually contribute to achieving the intended result in the business process, according to the data subject's expectation;


Necessity: The scope of personal data used in our activities is limited to what is necessary to achieve the purpose of service provision. We periodically evaluate whether the scope of processed data is adequate and necessary, applying personal data scope review processes to our business processes;


Free access: We guarantee data subjects who interact with us easy and free access to their processed personal data, as well as information about our personal data protection practices;


Data quality: We value the accuracy of the personal data we use, periodically reviewing our internal processes and providing data subjects with the opportunity to correct, update, or supplement personal data;


Transparency: We inform, through our privacy policies, privacy notices, contracts, terms, and other documents that formalize our relationship, the practices of collecting, using, and disposing of personal data;


Security: We adopt information security standards for personal data protection, managing access to data and monitoring activities developed with them, always seeking to ensure the integrity, availability, and confidentiality of this information;


Prevention: We periodically analyze our activities to improve our practices involving personal data processing and detect potential risks and needs, treating our business processes preventively and mitigatory;


Non-discrimination: We do not process personal data in a way that discriminates against personal data subjects, or practice activities that may be seen as abusive or intrusive in relation to their privacy;


Responsibility and accountability: We maintain governance processes regarding privacy and personal data protection, with the objective of ensuring compliance with laws and timely accountability to personal data subjects and authorities, if necessary.


4. Legal bases used for personal data processing:


Arena Hotels only processes personal data in accordance with the hypotheses provided for in Brazilian legislation. Depending on the activity performed, we process personal data based on the following hypotheses:


Contract execution: when necessary for the negotiation or execution of a hospitality or service provision contract established between data subjects and Arena Hotels;


Compliance with legal obligations: for compliance with a legal or regulatory obligation that determines the processing of personal data, including tax, labor, and security obligations;


Regular exercise of rights: for the regular exercise of rights, including in judicial, administrative, or arbitration proceedings;


Protection of life: for the protection of life or physical integrity of the data subject or a third party, especially in emergency situations on hotel premises;


Legitimate interest: to serve a legitimate interest when disclosing our services to the public, sharing informative content, or for loyalty and retention of our guests, always with due transparency and respecting the rights and expectations of the personal data subject;


Consent: with the provision of consent by the data subject, especially for direct marketing activities, newsletters, and promotional communications.


Depending on the relationship the data subject has with Arena Hotels, their personal data may be used based on legitimate interest for:


  • Quality review processes and satisfaction surveys, indicator training, and improvement of hotel services;
  • Interaction and relationship development processes, including via social media and consumer complaint portals, aiming at acquiring, retaining, or recovering guests;
  • Cookie management to improve the visitors’ experience on our applications, to understand Browse preferences and better direct services;
  • Data analysis for improving the hospitality experience and personalizing services;
  • Security of facilities and protection of hotel and guest assets.


5. Sharing personal data with third parties:


When necessary for the provision of our hotel services, we may share personal data with business partners, but we will always do so with due transparency and in a way that aligns with the expectations of the data subjects who interact with us.


We may share your personal data with partner companies for the development of campaigns and commercial actions, contact updates, service offerings, dissemination of our own or commercial partners' events, and for dealings related to judicial or extrajudicial demands.


Categories of third parties with whom we share data:


  • Hotel service providers: companies that provide complementary services such as laundry, transportation, tourism, entertainment, and gastronomy;


  • Booking systems: online booking platforms, travel agencies, and tour operators;


  • Payment processors: financial institutions, credit card operators, and payment systems;


  • Technology providers: software companies, hotel management systems, information security, and technological infrastructure;


  • Commercial partners: companies in the tourism, entertainment, and service sectors that can add value to the guest experience;


  • Competent authorities: government agencies, tax, police, and judicial authorities, when required by law;


  • Support service providers: auditing firms, legal consulting, accounting, and other professional services.


We may share your personal data with business partners to: (i) validate your identity, prevent fraud and ensure the security of our operations; (ii) issue statements, payment slips or charges; (iii) prospect customers and share informative content; (iv) manage our applications, such as websites and apps; (v) respond to investigations, legal or arbitration proceedings; (vi) store data in the cloud; or (vii) when the data subject authorizes its disclosure.


6. International transfer of personal data:


In accordance with national legislation, the international transfer of personal data may occur to business partners or international organizations based in countries that provide an adequate level of personal data protection as provided for in the Law or ensure the same level of protection contractually.


Arena Hotels may transfer personal data to foreign companies, which store and host data, at the request and under the management of Arena Hotels, with the specific objective of complying with the execution of contracts or carrying out preliminary procedures related to contracts, of which the data subject is a party.

Situations of international transfer:


  • Global booking systems: international booking and hotel distribution platforms;


  • Payment processing: international credit card and payment processing systems;


  • Cloud services: data storage and processing on servers located abroad;


  • International partners: hotel chains, travel agencies, and international operators;


  • International compliance: compliance with legal obligations in foreign jurisdictions when applicable.


All international transfers are conducted with the appropriate contractual and technical safeguards to ensure adequate protection of personal data.



7. Exercise of rights by holders of personal data:


Arena Hotels guarantees personal data subjects the exercise of their rights by contacting the Data Protection Officer, using the contact details provided at the end of this Privacy Policy.


Personal data subjects may exercise, free of charge, the following rights:


  • Confirmation of personal data processing: Personal data subjects may request confirmation about the processing of their personal data by Arena Hotels;


  • Access to personal data: Personal data subjects may request access to the scope of personal data processed by Arena Hotels, as well as information about the processing and sharing of personal data with business partners;


  • Portability of personal data: Personal data subjects may request a report of processed personal data for sharing with other companies;


  • Correction, update, or supplementation of personal data: Personal data subjects may request the correction, update, or supplementation of their personal data;


  • Objection to personal data processing: Personal data subjects may request clarification and/or object to the processing of their personal data when they believe that such processing is irregular;


  • Blocking of personal data processing: Personal data subjects may request the temporary blocking of their data processing while correction or objection requests are processed;


  • Deletion or Anonymization of personal data: Personal data subjects may request the deletion of their personal data and/or its anonymization when they believe that such data is not necessary for maintaining their relationship with Arena Hotels;


  • Revocation of consent: When processing is based on consent, data subjects may revoke it at any time, without prejudice to the lawfulness of processing conducted based on previously expressed consent.


Arena Hotels processes requests on behalf of third parties, allowing the exercise of rights by guardians, trustees, curators, and other legal representatives. In these cases, we require the presentation of documents proving legal authorization for this specific purpose, which must be provided by contacting the Data Processing Officer.


Requests are processed within 15 (fifteen) days, which may be extended by another 15 (fifteen) days, with express justification. In complex cases involving a large volume of data, the deadline may be extended as provided by law.



8. Security of your personal data:


We apply appropriate information security measures to protect your personal data. For Arena Hotels, the security of your data is a priority, and we always put our best effort into improving our information security policies, processes, and controls.


We have Information Security processes, policies, and controls designed and implemented to ensure the confidentiality, integrity, and availability of personal data. Access to personal data is limited and controlled according to the need of each developed activity, aiming to protect personal data from unauthorized access or disclosures. Measures are implemented for tracking and recording access to personal data, aiming to monitor interactions, prevent, detect, and quickly remedy any inappropriate situations.



9. Retention and Deletion of personal data:


The retention period for your personal data corresponds to what is necessary to achieve the purpose for which we committed, as described in our privacy policies, contracts, and other documents that formalize our relationship.


Additionally, we may retain your personal data for longer periods when necessary to comply with a legal obligation, regular exercise of rights, or to meet determinations of competent authorities.


At the end of the retention period, personal data is securely deleted or anonymized, so that the data subject cannot be identified.


10. Data oF minors:


Arena Hotels may receive minor guests accompanied by their legal guardians. The processing of personal data of children and adolescents is conducted with particular care and always with specific and highlighted consent given by at least one parent or legal guardian.


For guests under 18 (eighteen) years of age, we always require the presence and authorization of parents or legal guardians for check-in and for any personal data processing that is not strictly necessary for the provision of accommodation services.



11. Person in Charge of Personal Data Processing:


Arena Hotels has appointed a Data Processing Officer (DPO) to act as a communication channel between data subjects, Arena Hotels, and the National Data Protection Authority (ANPD).


Lead Officer:

  • Name: Maurício Lurahy • Phone: +55 (21) 98491-4200 • Email: dpo@arenahotel.rio


Deputy Officer:

  • Name: Maria Paula Comaru • Phone: +55 (21) 981435992 • Email: diretoria.vendas@arenahotel.rio



12. Updates to Privacy Policies::


This Privacy Policy may be updated periodically to reflect changes in our data processing practices, changes in applicable legislation, or improvements in our services.


13. Validity:


This Privacy Policy comes into effect on June 16, 2025, and remains valid until it is replaced by an updated version.


This Privacy Policy has been prepared in accordance with the General Data Protection Law (Law No. 13.709/2018) and other applicable regulations.

Last updated: June 16, 2025