Privacy Policy
Privacy Policy
Zendaya Resort, in its capacity as the Data Controller, presents this Policy in accordance with Law No. 13.709/2018 (“LGPD” – General Data Protection Law). This document aims to clarify how Zendaya Resort collects, uses, stores, and, when necessary, shares personal data within the context of its business activities.
We place our clients, users, partners, and employees at the core of our decisions, as we understand that they form the foundation of all our business relationships. To maintain this standard of quality and ensure a satisfactory experience, it is necessary, under certain circumstances, to process personal data. Such information is used to enable the delivery of our products, services, and solutions at the quality level to which we are committed.
We collect personal data such as full name, email address, CPF number (Brazilian individual taxpayer registry), telephone number, payment details, reservation information, and accommodation preferences. This data is processed for the following purposes: (i) to enable reservations and the check-in process; (ii) to comply with legal and regulatory obligations applicable to the hospitality sector; (iii) to provide personalized service and targeted offers and promotions; and (iv) to ensure physical and digital security within the premises of Zendaya Resort.
The processing of personal data is based on the legal grounds provided by the General Data Protection Law, including, but not limited to: the performance of a contract, compliance with legal or regulatory obligations, the legitimate interests of the controller, the data subject’s consent, and the protection of life or physical safety.
Data subjects may exercise, at any time, the rights provided for in Article 18 of the LGPD, such as: access, rectification, portability, anonymization, blocking, deletion, revocation of consent, and objection to processing, by submitting a request to the Data Protection Officer (DPO) through the available communication channels.
Personal data may be shared with third parties strictly necessary for the operation of the services, such as booking platforms, payment processors, technology support providers, and public authorities, always in accordance with the principles of necessity, purpose, and security established by the applicable legislation.
Last Update: This document was last updated on May 22, 2025.
6. Plug-ins and Tools
YouTube
This website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit a page on this website into which a YouTube has been embedded, a connection with YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited.
Furthermore, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
Google Web Fonts (local embedding)
This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
OpenStreetMap
We are using the mapping service provided by OpenStreetMap (OSM). The provider of this service is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
When you visit any website, into which OpenStreetMap has been embedded, your IP address and other information concerning your behavior patterns on this website will be transferred to the OSMF. Under certain circumstances, OpenStreetMap will save cookies in your browser or uses comparable technologies for recognition.
Furthermore, your location may be recorded if you have permitted this in your device settings, for instance on your cell phone. The provider of this website has no control over this type of data transfer. For details, please consult the Data Privacy Policy of OpenStreetMap under the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find the locations we specify on our website. This establishes legitimate grounds as defined in Art. 6 Sect. 1 lit. f GDPR. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
MapBox
We use MapBox API, a service provided by MapBox Inc (740 Street NW, 5th Floor, Washington, District of Columbia 20005, USA) hereinafter referred to as “MapBox”. We use MapBox to visually display geographic information (project location). When using MapBox, MapBox also collects, processes and uses data about visitors’ use of the map functions.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”), MaBox guarantees that the data protection requirements of the EU are also complied with when processing data in the USA. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in optimizing the functionality of our website.
When you access the project overview, in which the MapBox service is integrated, a cookie is stored by MapBox on your end device via your Browser. This transfers information about your use of our website, including your IP address, to a MapBox server in the USA and stores it there. This data is processed for the purpose of displaying the website or ensuring the functionality of the MapBox service. MapBox may share this information with third parties if required by law or if the information is processed by third parties on behalf of MapBox.
The Terms of Service (“Terms of Service”) provided by MapBox at https://www.mapbox.com/tos/#maps contain more detailed information about the use of MapBox and about the data obtained by MapBox.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under the item “Cookies”.
In addition, MapBox provides further information on the collection and use of data as well as your rights and options for protecting your privacy at https://www.mapbox.com/privacy/.
7. Custom Services
Handling applicant data
We offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing, and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.
Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g., contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 BDSG according to German Law (Negotiation of an Employment Relationship), Art. 6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.
If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship in our data processing system.
Data Archiving Period
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data retention requirements preclude the deletion.