FOR LOYALTY PROGRAMS
This document describes how we collect and treat your personal information collected through our offline and online channels (in our receptions and/or other digital channels, such as Brøchner Hotels website). It also provides information on how you can contact Brøchner Hotels if you have questions about your personal data.
Brøchner Hotels A/S' and its group affiliates respect your privacy and confidentiality. We will always strive to comply with applicable data protection legislation, including the General Data Protection Regulation ("GDPR").
In that context, Brøchner Hotels will act as a controller, i.e. the person responsible for the processing of your personal data, as it decides why and how your personal data is processed. See our address and contact details in section 8.
1 - TYPES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS FOR PROCESSING
1.1 MARKETING, PROFILING AND LOYALTY PROGRAM
By signing up for our loyalty programs (Hey Neighbor and Brøchner Friends,), you consent to our processing of the following personal information on you: name, email and postal code for Hey Neighbor program, for the purpose of analyzing which products and services you may be interested in so that we can send relevant and targeted offers, discounts, updates on Brøchner Hotels and newsletters (marketing materials) to you by email based on such an analysis.
In connection with the above, we process the following types of personal data: [your name, email address and postal code].
We will retain your purchase history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.
Also, we collect and process personal data on you (including: name, email and postal code), if you enroll in one of our loyalty or marketing programs. We process the personal data on how and how often you use our loyalty program (called "Brøchner Friends") and other programs such as "Neighbors" and/or "STAMP program". We process this information in order to create loyalty and create benefits for you by choosing us.]
The legal basis for the above processing is GDPR art. 6(1)(a), cf. the Danish Data Protection Act art. 6(1), since you consent to such processing of your personal data in connection with profiling and marketing.
You can withdraw your consent to the above processing, including to receive our newsletter emails, at any time following the procedure specified in section 6 ("Your Rights"). Your withdrawal of your consent will not affect the lawfulness of our processing prior to the withdrawal.
We transfer the following personal data to statistics: name and email. This processing is carried out in order for us to improve our products and services, assess our general performance and to develop new products and services, special offers and other business-related initiatives.
The legal basis for the above processing (the transfer of your personal data to statistical information) is our legitimate interests, cf. GDPR art. 6(1)(f), cf. the Danish Data Protection Act art. 6(1). These legitimate interests include:
Improvement of our products and services, including the user experience on our website
Assess our general performance
Development of new products and services, special offers and other business-related initiatives
2 - CATEGORIES OF RECIPIENTS
2.1 We will not sell or disclose Guests, Customers or Visitors personal data to third party, persons or businesses.
2.2 We will share your personal data with the following categories of recipients:
Data processors and vendors that help us deliver our products and services to you.
Companies within the Brøchner Hotels Group
Public authorities, if relevant and applicable
Advisors to Brøchner Hotels
2.3 We will share your personal data if required by law and official authorities or to protect ourselves and other customers. For example, if your personal data is required in court or based on fraud investigation.
3 - TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA
3.1 We do not transfer your personal data outside of EU/EEA.
4 - RETENTION OF YOUR PERSONAL DATA
4.2 Financial/accounting data will be kept for [five years] after the end of the financial year the data relates to (cf. the Danish Bookkeeping Act).
5 - SECURITY MEASURES
5.1 Access to Personal Data is restricted to authorized personnel who have a legitimate business purpose for accessing and processing your Personal Data.
6 - YOUR RIGHTS
6.1 You can always exercise your rights pursuant to the GDPR chapter III by requesting so to us through the contact details set out in section 8.
6.2 Your rights include e.g.:
your right to access your personal data
Your right to rectification, if you believe that any information we hold about you is incorrect or incomplete
Your right to request erasure (including the right to be forgotten) under certain circumstances as specified in GDPR
Your right to request the restriction of the processing of your personal data under certain circumstances as specified in GDPR
Your right to data portability under certain circumstances as specified in the GDPR (i.e. the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format and to request the transmission of such personal data to a third party with respect to the limitations and obligations set out in the GDPR)
Your right to object to the processing of your Personal Data under certain circumstances as specified in GDPR
You can read more about data protection law and your rights on the webpage of Datatilsynet: www.datatilsynet.dk.
6.3 The Parties will process that request in line with any local laws and its policies and procedures in place for dealing with such requests.
6.4 You can also withdraw your consent to receive our newsletter emails (and other processing based on consent) at any time (without affecting the lawfulness of the processing prior to the withdrawal). [This is done by contacting us using the contact information provided below in section 8]. It will take effect immediately.
6.5 You have the right to file a complaint with the Danish Data Protection Authority (Datatilsynet) if you have reason to believe that processing of your personal data does not comply with applicable data protection law. The contact information of Datatilsynet is specified in section 9.
6.6 According to the applicable data protection law we are, if appropriate, obligated to inform whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data. In this context, please note that the main part of the personal data referred to in this document is processed by us in order to enter into and manage an agreement/booking and is thus based on the performance of a contract – see GDPR art. 6(1)(b). If we are not able to process such personal data, we are most likely not able to confirm and management your stay with us, etc.
7 - OTHER PROVISIONS
7.2 We do not collect personal data on children under 18 years of age without the permission of their parents or a guardian.
8 - CONTACT DETAILS AND COMPLAINTS
8.1 You can contact us at:
Brøchner Hotels A/S
Sankt Peders Stræde 30C
1453 København K
Company registration no.: [35 47 46 76]
Telephone: +45 (33 95 77 00)
8.2 If you wish to complain about our processing of your personal data, you can file a complaint to the Danish Data Protection Agency (Datatilsynet) being the supervisory authority. The contact details are set forth below:
Borgergade 28, 5
DK-1300, Copenhagen K
Telephone: +45 (33 19 32 00)