Private policy

Personal data policy for handling personal information for guests, customers and suppliers at Saga Hotel.

 

  1. Controller of personal data

 

Saga Hotel is the responsible data controller.

The company’s contact information is

 

Saga Hotel

CVR number DK 13726876

Colbjørnsensgade 18-20

DK-1652 Copenhagen V

Telephone: +45 33244944   E-mail: Booking@sagahotel.dk

Contact person: Jakob Nissen.

 

Saga Hotel handles all personal data, directly or indirectly linked to any living person in accordance with the Danish legislation in respect of the general data protection regulations (GDPR).

 

Saga Hotel enters purchase and sales agreements with guests, customers and suppliers concerning delivery of various services and commodities.

 

When a guest or a customer buys any of Saga Hotel’s services or products and in this connection provides his or her personal data to Saga Hotel, the guest or customer simultaneously consents to the processing of their personal data by Saga Hotel.

The same applies with regard to any personal data provided to Saga Hotel by suppliers to Saga Hotel in connection with the submission of offers or conclusion of agreements with Saga Hotel.

 

 

  1. Saga Hotel’s collection of personal data

Personal data is collected by Saga Hotel as follows:

  • When a guest or customer – or a representative of these – chooses to obtain an offer and/or to purchase services or products offered by Saga Hotel, or, when suppliers provide offers or sell products or services to Saga Hotel
  • From the B2B market
  • From social media and public records
  • Via video and television surveillance inside Saga Hotel
  • When suppliers conclude agreements with Saga Hotel or provide offers to Saga Hotel.

 

The collection and processing of personal data will always be performed in accordance with the applicable Danish personal data legislation.

 

Video surveillance cameras at the hotel’s entrance, in the lobby and in the restaurant are installed to prevent crime and to improve employees’ and guests’ sense of security.

 

 

  1. Data collected by Saga Hotel

Saga Hotel collects the following personal data:

 

  • Hotel guests’ full name, date of birth, nationality, permanent address and date of arrival as well as departure.
  • Payment card data – typically as a means of payment for a reservation and for payment for stays.
  • Purchase history for guests or customers, affiliated companies and contact persons
  • Data about suppliers’ companies and data about relevant and key contact persons, including key accounts.

 

Guests, customers or suppliers may voluntarily and by their own free will provide Saga Hotel with additional personal data that they deem to be important for Saga Hotel to service them, or, which they believe should be provided for safety and security reasons.

Examples of such data include:

 

  • Disabilities
  • Allergies
  • Special food preferences
  • Other health or medical data.

 

If a guest, a customer or a supplier voluntarily chooses to provide additional personal information which could be relevant for Saga Hotel in order to service the guest, client or supplier, the voluntary extradition of such information will be perceived by Saga Hotel as a consent to register and store this sensitive personal data.

In addition to the data that Saga Hotel receives directly from guests, customers or suppliers, Saga Hotel will in some cases collect or process additional data received by Saga Hotel from third parties, e.g. a travel agency, another intermediary, or, an employee of the company at which the data subject is employed.

In such cases, the applicable third party is obliged to inform the guest, customer or supplier at hand of Saga Hotel’s terms and conditions, and of Saga Hotel’s personal data policy. It is also the applicable third party’s responsibility to ensure the required legal basis for the collection

 

and processing of the applicable data, including collection of required consent for the processing of any sensitive data.

 

In addition to the data that Saga Hotel receives directly from guests, customers and suppliers, Saga Hotel will in some cases collect or process additional data received by Saga Hotel from third parties, e.g. a travel agency, another intermediary, or, a contact person from the company where the data subject is employed.

In such cases, the applicable third party is obliged to inform the applicable guest, customer, or supplier of Saga Hotel’s terms and conditions and Saga Hotel’s personal data policy. It is also the applicable third party’s responsibility to ensure the required legal basis for the collection and processing of the applicable data, including collection of required consent for the processing of any sensitive data.

 

 

  1. Payment with payment cards  

Saga Hotel uses DIBS (www.dibs.dk) by Nets Denmark A/S to redeem payments by means of debit and credit cards.  DIBS and Saga Hotel are both approved and certified by Pengeinstitutternes Betalingssystem (www.pbs.dk).

In connection with orders and bookings, Saga Hotel stores the data provided by the guest, customer or supplier for a period of up to two years, after which the data is deleted.

Besides processing of the order, the data provided will only be used if, for example, a guest, customer or a supplier contacts Saga Hotel with a question, or, if there are errors in an order.

 

 

  1. What is the purpose of the collection and processing?

Saga Hotel collects only the personal data necessary to fulfil the agreements concluded with guests, customers, or suppliers on the delivery of products and services, e.g. an overnight stay or the purchase or sale of products or services. The content of the individual agreement or the nature of the service determines which personal data is collected and processed by Saga Hotel, as well as the purpose of the collection.

The purpose of collection and processing of personal data will primarily be:

 

  • Processing of guests’ or customers’ bookings and purchase of Saga Hotel services
  • Processing of suppliers’ offers and the sale of products and services
  • Contact with the guest or customer before, during and after their stay
  • Fulfilment of the guest’s or customer’s request for an offer or a purchase of services
  • Improvement and development of Saga Hotel’s services
  • Compliance with legal requirements, e.g. requirements to register overnight guests under the Danish foreigners’ act (Udlændingebekendtgørelsen).

 

 

  1. Legal basis for the processing

Saga Hotel will typically process only the personal data necessary to fulfil an agreement between Saga Hotel and a guest, customer or supplier. For example in conjunction with hotel stays and meetings and for the practical handling of cooperation and supplier agreements.

 

Furthermore, Saga Hotel will process personal data in connection with bookings prior to overnight stays, meetings, events, conferences etc. and prior to the conclusion of supplier agreements.

 

If a guest or a customer provides data about special personal preferences or considerations, e.g. about allergies and disabilities in relation to a hotel stay, Saga Hotel uses this data only to ensure consideration of the guest or customer’s personal preferences, health, etc.

 

In some cases, Saga Hotel receives personal data from a third party, e.g. from a travel agent or a tour operator in connection with group bookings. In such cases, the applicable third party is obliged to inform the guest, customer or supplier at hand of Saga Hotel’s terms and conditions, and the contents of Saga Hotel’s personal data policy.

 

Additionately, Saga Hotel is required by law (please see section 5 above) to register a range of data about overnight guests. This data must be stored for at least one year and not more than two years.

 

 

  1. The data subject’s rights

Under the rules of the Danish Personal Data Regulation, the data subjects (customers, guests and suppliers) have various rights.

 

  • A data subject is entitled at all times to access the personal data processed by Saga Hotel regarding the data subject.
  • A data subject is entitled at all times to demand that the personal data possessed by Saga Hotel regarding the data subject is corrected or updated.
  • A data subject is entitled at all times to demand the deletion of personal data possessed by Saga Hotel regarding the data subject. If a data subject requests deletion, all of the data that Saga Hotel is not required by law to store will be deleted. In some cases, such a deletion of the data subject’s data may mean that Saga Hotel cannot fulfil concluded agreements or deliver certain services to the data subject. If some of the data possessed by Saga Hotel regarding the data subject is provided on the basis of the data subject’s consent, the data subject is entitled to withdraw this consent at all times. As a consequence, the data will be deleted and no longer used by Saga Hotel. This does not apply to data that Saga Hotel is required by law to store (please see section 5 above).

The option of withdrawing consent, requesting deletion, etc. may be limited as regards the protection of the privacy of others, trade secrets and intellectual property rights, and, for example, for the purpose of asserting potential legal claims.

At any time, the data subject may request in writing that Saga Hotel provide an overview and a copy of the personal data possessed by Saga Hotel regarding the data subject.

A written request to this effect must be signed by the data subject and include the data subject’s name, address, telephone number and e-mail address.

The data subjects may also contact Saga Hotel if the data subjects believe that their personal data is being processed in violation of Danish legislation or in violation of other legal obligations, e.g. the agreement or contract between the data subject and Saga Hotel.

This written request must be sent to Saga Hotel (please see contact details in section 1 above). After receipt of the data subject’s written request, Saga Hotel will, as far as possible, send this data to the data subject’s e-mail address within one month.

If the data subject requests correction and/or deletion of their personal data, Saga Hotel will assess whether the conditions for the request are met, and, if so, Saga Hotel will perform the requested changes or deletion as quickly as possible.

Saga Hotel reserves the right to reject unreasonable requests, or requests that require disproportionate technical measures (for instance the development of a new IT system), which impact the protection of other data subjects’ personal data, or, in other situations where it would be disproportionately resource demanding or highly complicated to accommodate the request.

 

 

  1. Security and sharing of personal data

Saga Hotel protects the data subject’s personal data and has established guidelines that protect the data subject’s personal data from unauthorised disclosure and prevent unauthorised parties from gaining access to, or, knowledge of this data.

 

 

Only the persons/employees at Saga Hotel who require the data subject’s personal data in connection with their job function have access to this data. Saga Hotel performs continuous monitoring to prevent any unauthorised access to the data subjects’ personal data.

Saga Hotel performs continuous backup of the registered personal data. In the event of a security breach where there is a high risk of abuse of the data subjects’ personal data, including, for example, identity theft, financial loss, damage to reputation or other forms of misuse, Saga Hotel will notify the data subjects of the security breach as quickly as possible.

Saga Hotel’s security procedures are continuously reviewed and updated in relation to technological developments.

 

 

Saga Hotel utilises a number of external suppliers of IT services, IT systems, payment solutions e.a.

Saga Hotel regularly concludes data processing agreements with all of Saga Hotel’s suppliers, ensuring that external data processors maintain the required, high level of protection of the data subjects’ personal data.

In some cases, Saga Hotel is required by Danish law or by the order of a Danish public authority to transfer personal data.

 

Saga Hotel deletes your personal data when Saga Hotel’s legal obligation ceases, or, when the purpose of collecting and processing the data no longer is present. As a general rule, financial data is stored for five years, and other data for no more than two years after the latest visit.

 

 

  1. Complaints

 

Complaints regarding Saga Hotel’s processing of personal data can be directed to the Danish Data Protection Agency: Datatilsynet, Borgergade 28, DK-1300 Copenhagen K, Denmark. The telephone is (+45) 3319 3200, and the e-mail address is dt@datatilsynet.dk.

 

Version: 30 APR 2018

Scroll Up