Personal data policy on the processing of guest, customer and supplier data for Hotel Ritz, which comprises the following companies:
Hotel Ritz, CVR no. 35 41 15 42.
1. Data controller
Hotel Ritz is the data controller.
Hotel Ritz’s contact data:
firstname.lastname@example.org, Banegårdspladsen 12, 8000 Aarhus, Denmark
Hotel Ritz handles all personal data in accordance with applicable personal data law. Hotel Ritz concludes agreements with guests, customers and suppliers on the delivery – purchase and sale – of various services and products.
When a guest/customer orders and purchases one or more of Hotel Ritz’s services, and, in connection with this purchase, provides their personal data to Hotel Ritz, the guest/customer/supplier also consents to the processing of their personal data by Hotel Ritz.
This same applies with regard to any personal data provided to Hotel Ritz by suppliers to Hotel Ritz in connection with the submission of offers or conclusion of agreements with Hotel Ritz.
2. Hotel Ritz’s collection of personal data
Personal data is collected by Hotel Ritz as follows:
- When a guest/customer – or a representative of theirs – chooses to obtain an offer and/or purchase services/products offered by Hotel Ritz, or when suppliers provide offers or sell products or services to Hotel Ritz.
- From the B2B market.
- Through browser cookies and web beacons.
- In connection with the use of Hotel Ritz’s digital services.
- Through participation in Hotel Ritz’s customer/loyalty programmes and through subscription to Hotel Ritz’s newsletter.
- From social media, advertising and analysis providers, and public records.
- Via video and television surveillance.
- When suppliers conclude agreements with Hotel Ritz or provide offers to Hotel Ritz.
The collection and processing of personal data, cf. the above, will always be performed in accordance with applicable personal data legislation.
Video surveillance installed at our entrances/exits, at cash registers and around particularly valuable equipment is part of criminal prevention activities and also serves to improve employees’ and guests’ sense of security.
3. Data collected by Hotel Ritz
Hotel Ritz collects the following personal data:
- Name, address, telephone number, e-mail address, date of birth and other common non-sensitive personal data.
- Payment card data – typically as a guarantee for a reservation and for payment for stays.
- Demographic data.
- Purchase history, including the use of Hotel Ritz apps and/or other digital services.
- The use of Hotel Ritz’s customer/loyalty programmes.
- Data from Hotel Ritz’s customer surveys.
- Data from competitions conducted by Hotel Ritz.
- Data from Hotel Ritz’s social media and other digital platforms belonging to Hotel Ritz.
- Browser data.
- Data about the guest’s/customer’s company and relevant contact persons.
- Data about suppliers’ companies and data about relevant and key contact persons, including key accounts.
A guest/customer/supplier can voluntarily and at their option provide Hotel Ritz with additional personal data that they deem of importance for Hotel Ritz’s servicing of them, or which they believe should be provided for safety/security reasons.
Examples of such data include:
- Special food preferences
- Other health or medical data
If a guest/customer/supplier voluntarily and at their option chooses to provide such data, Hotel Ritz perceives this as consent to register and store this sensitive data regarding them.
In addition to the data that Hotel Ritz receives directly from guests/customers/suppliers, Hotel Ritz will in some cases collect or process additional data received by Hotel Ritz from third parties, e.g. a travel agency, another intermediary or an employee of the company at which the data subject is employed.
In such cases, the applicable third party is obliged to inform the applicable guests/customers/suppliers of Hotel Ritz’s terms and conditions, and Hotel Ritz’s personal data policy. It is also the applicable third party’s responsibility to ensure the required legal basis for the collection and processing of the applicable data, including collection of required consent for the processing of any sensitive data.
4. Payment with payment cards
Hotel Ritz uses DIBS www.dibs.dk (Nets), for payments for redemption of payments with payment and credit cards. DIBS, and Hotel Ritz are all approved and certified by Pengeinstitutternes Betalingssystem (www.pbs.dk).
In connection with orders and bookings, Hotel Ritz stores the data provided by the guest/customer/supplier for a period of up to two years, after which the data is deleted.
Besides processing of the order, the data provided will only be used if, for example, a guest/customer/supplier contacts Hotel Ritz with a question, or if there are errors in the order.
5. What is the purpose of the collection and processing?
Hotel Ritz solely collects personal data necessary to fulfil the agreements concluded with guests/customers/suppliers on the delivery of services, e.g. an overnight stay or purchase/sale of products or services. The content of the individual agreement or the nature of the service determines which personal data is collected and processed by Hotel Ritz, as well as the purpose of the collection.
The purpose of collection and processing of personal data will primarily be:
- Processing of guest/customer booking and purchase of Hotel Ritz services.
- Processing of suppliers’ offers and the sale of products and services.
- Contact with the guest/customer before, during and after their stay.
- Fulfilment of the guest’s/customer’s request for an offer or purchase of services.
- Improvement and development of Hotel Ritz’s services.
- Adjustment of Hotel Ritz’s marketing and other communication.
- Analysis of guest/customer/supplier user behaviour and marketing to these groups.
- Adjustment of Hotel Ritz’s partners’ communication and marketing to guests/customers/suppliers.
- Administration of guest/customer/supplier relations with Hotel Ritz, including participation in Hotel Ritz’s customer/loyalty programme.
- Compliance with legal requirements, e.g. requirements to register overnight guests under the Danish Aliens Act and the Executive Order on Passports.
6. Legal basis for the processing
Hotel Ritz will typically process personal data because it is necessary to fulfil an agreement between Hotel Ritz and a guest/customer/supplier. For example, this may involve hotel stays, meetings and/or administration and fulfilment of cooperation and supplier agreements.
Furthermore, Hotel Ritz will process personal data in connection with booking prior to an overnight stay, meeting, event, conference, etc, and prior to the conclusion of supplier agreements.
In some cases, Hotel Ritz’s processing of personal data will occur in connection with Hotel Ritz pursuing a legitimate/objective interest that precedes the interests of the guest/customer/supplier (the data subject).
A legitimate interest may, for example, be the preparation of statistics, customer surveys, marketing and analysis of general guest/customer behaviour for the purpose of generally improving the guest/customer experience with Hotel Ritz and the quality of Hotel Ritz’s services and products.
If, in connection with a stay/visit at Hotel Ritz, a guest/customer provides data about special personal preferences or considerations, e.g. health data, disability, religious belief or the like, Hotel Ritz only uses this data to ensure consideration of the guest’s/customer’s personal preferences, health, etc.
In some cases, Hotel Ritz receives personal data from a third party, e.g. a travel agency, an agent or the like, including in connection with group bookings. In such cases, the applicable third party is required to inform the applicable guests/customers/suppliers of Hotel Ritz’s terms and conditions, and the contents of this personal data policy.
Furthermore, Hotel Ritz is required by law, cf. section 5 above, to register a range of data about overnight guests. This data must be stored for at least one year and not more than two years.
7. The data subject’s rights
Under the rules of the Personal Data Regulation, the data subjects (customers/guests/suppliers) have various rights.
- A data subject is entitled at all times to access the personal data processed by Hotel Ritz regarding the data subject.
- A data subject is entitled at all times to demand the correction and updating of personal data possessed by Hotel Ritz regarding the data subject.
- A data subject is entitled at all times to demand the deletion of personal data possessed by Hotel Ritz regarding the data subject. If a data subject requests deletion, all of the data that Hotel Ritz is not required by law to store will be deleted. In some cases, the deletion of the data subject’s data may mean that Hotel Ritz cannot fulfil concluded agreements or deliver certain services to the data subject.
If some of the data possessed by Hotel Ritz regarding the data subject is provided on the basis of the data subject’s consent, the data subject is at all times entitled to withdraw this consent, whereby the data will be deleted or no longer be used by Hotel Ritz. This does not apply to data which Hotel Ritz is required by law to store, cf. the section above.
However, the option of withdrawing consent, requesting deletion, etc may be limited as regards the protection of the privacy of others, trade secrets and intellectual property rights, and, for example, for the purpose of asserting potential legal claims.
The data subject may at all times request in writing that Hotel Ritz provide an overview and a copy of the personal data possessed by Hotel Ritz regarding the data subject.
A written request to this effect must be signed by the data subject and include the data subject’s name, address, telephone number and e-mail address.
The data subject may also contact Hotel Ritz if the data subject believes that their personal data is being processed in violation of the law or in violation of other legal obligations, e.g. this agreement/contract between the data subject and Hotel Ritz.
This written request must be sent to Hotel Ritz, see contact data in section 1 above.
After receipt of the data subject’s written request, Hotel Ritz will, as far as possible, send this data to the data subject’s mail address within one month.
If the data subject requests correction and/or deletion of their personal data, Hotel Ritz will assess whether the conditions for the request are met, and, if so, Hotel Ritz will perform changes or deletion as quickly as possible.
Hotel Ritz reserves the right to reject requests which are of a harassing repetitive nature, which require disproportionate technical measures (e.g. the development of a new IT system), which impact the protection of other data subjects’ personal data, or in other situations where it would be disproportionately resource-demanding or highly complicated to accommodate the request.
Security and sharing of personal data
Hotel Ritz protects the data subject’s personal data and has established guidelines protecting the data subject’s personal data from unauthorised disclosure and preventing unauthorised parties from gaining access to, or knowledge of, this data.
Only the persons/employees at Hotel Ritz who require the data subject’s personal data in connection with their job function have access to this data. Hotel Ritz performs continuous monitoring to prevent any unauthorised accessing of the data subjects’ personal data.
Hotel Ritz performs continuous backup of the registered personal data. In the event of a security breach where there is a high risk of abuse of the data subjects’ personal data, including, for example, identity theft, financial loss, damage to reputation or other forms of misuse, Hotel Ritz will notify the data subjects of the security breach as quickly as possible.
Hotel Ritz’s security procedures are continuously reviewed and updated in relation to technological developments.
Hotel Ritz utilises a number of external suppliers of IT services, IT systems, payment solutions, etc. Hotel Ritz regularly concludes data processor agreements with all of Hotel Ritz’s suppliers, ensuring that external data processors maintain a required and high level of protection of the data subjects’ personal data.
To fulfil agreements with the data subjects and to accommodate the needs of guests and customers, Hotel Ritz shares selected personal data with external suppliers, such as restaurants, hotels, etc. This is done either in connection with overbooking at the hotels, or, for example, the guest’s request for booking at a restaurant.
Hotel Ritz also shares and transfers the data subjects’ personal data internally in the Group, including to affiliated companies. The purpose of this sharing is to give the guest/customer the best possible service, regardless of the hotel or division of Hotel Ritz with which the guest/customer is in contact.
In some cases, Hotel Ritz is required by law or by the order of a public authority to transfer personal data.
Hotel Ritz deletes your personal data when Hotel Ritz’s legal obligation ceases, or when the purpose of collecting and processing the data is no longer present. As a general rule, financial data is stored for five years, and other data for two years after the last visit.
Complaints regarding Hotel Ritz’s processing of personal data can be directed to the Danish Data Protection Agency, BORGERGADE 28, 5, DK-1300 COPENHAGEN K, DENMARK, TELEPHONE (+45) 3319 3200 - E-MAIL email@example.com
Changes and adjustments to this policy will be added on a continuous basis.
This page is waiting for updates