Nord Collection and its group affiliates respect your privacy and confidentiality. We will always strive to comply with applicable data protection legislation, including the General Data Protection Regulation (“GDPR”).
In that context, Nord Collection will act as a controller, i.e. the person responsible for the processing of your personal data, as it decides why and how your personal data is processed. See our address and contact details in section 9.
1 TYPES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS FOR PROCESSING
1.1 MAKING A HOTEL RESERVATION, ONLINE PURCHASES AND CUSTOMER MANAGEMENT
To complete and confirm a booking through our channels (website, telephone and app) we process the following personal data from you:
Also, we may require a valid credit/debit card. This includes processing of type of card, the full name of the cardholder, the 16 digits on the front of the card/card number, the expiration date and the 3 digits on the backside of the card/the security code. The credit/debit card data is used to secure the booking and complete the payment of the Booking. In case of not complying with the cancelation procedure, the credit/debit card data will be used to make the payment.
We use your personal data, including your name, email address and/or telephone number to contact you, communicate and respond to your various inquiries, solicitations and requests related to e.g. reservations or request for information about a group hotel. Other purchase options/ processing activities that fall within this purpose category.
The legal basis for the above processing is GDPR art. 6(1)(b), cf. the Danish Data Protection Act art. 6(1), since the processing is necessary in order to enter into a contract and for the performance the contract (i.e. making a reservation).
1.2 MARKETING, PROFILING AND LOYALTY PROGRAM
By entering the Website or in connection with making a reservation, you can consent to our processing of the following personal information on you for the purpose of analyzing which products and services you may be interested in so that we can send relevant and targeted offers, discounts, updates on Nord Collection and newsletters (marketing materials) to you by email based on such an analysis.
In connection with the above, we process the following types of personal data: your name, email address and/or telephone number.
We will retain your purchase history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.
The legal basis for the above processing is GDPR art. 6(1)(a), cf. the Danish Data Protection Act art. 6(1), since you consent to such processing of your personal data in connection with profiling and marketing.
You can withdraw your consent to the above processing, including to receive our newsletter emails, at any time following the procedure specified in section 7 (“Your Rights”). Your withdrawal of your consent will not affect the lawfulness of our processing prior to the withdrawal.
1.3 IMPROVEMENT OF PRODUCTS AND SERVICES AND SURVEYS
We will process your email to send you a customer survey after departure. The survey includes questions about your overall experience in our hotels, how did you book your stay with us and your satisfaction with our breakfast, cleaning and check-in experience. We process your feedback data from our surveys to examine our performance, improve our products and services. We also use your feedback data to register any inconveniences you might have experienced during your stay.
We will retain and evaluate information on your recent visits to our Website and how you move around different sections of our Website for analytics purposes to understand how people use our Website so that we can make it more intuitive.
Also, we process the following categories of personal data to improve our products and services: your name, email address and/or telephone number.
The legal basis for the above processing is our legitimate interests, cf. GDPR art. 6(1)(f), cf. the Danish Data Protection Act art. 6(1). These legitimate interests include:
Improvement of existing products and services, including the user experience on our website, and development of new products and services, special offers and other business-related initiatives as further specified above.
We transfer the following personal data to statistics: your name, email address, hotel used, number of nights and check-in and check-out dates in connection with statistics. This processing is carried out in order for us to improve our products and services, assess our general performance and to develop new products and services, special offers and other business-related initiatives.
The legal basis for the above processing (the transfer of your personal data to statistical information) is our legitimate interests, cf. GDPR art. 6(1)(f), cf. the Danish Data Protection Act art. 6(1). These legitimate interests include:
2 COOKIES AND OTHER SIMILAR TECHNOLOGY
3 CATEGORIES OF RECIPIENTS
3.1 We will not sell or disclose Guests, Customers or Visitors personal data to third party, persons or businesses.
3.2 We will share your personal data with the following categories of recipients:
3.3 We will share your personal data if required by law and official authorities or to protect ourselves and other customers. For example, if your personal data is required in court or based on fraud investigation.
4 TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA
4.1 If your personal data is transferred outside the EU/EEA, we will enter into EU standard contractual clauses approved by the European Commission prior to such transfer to ensure the required level of protection for the transferred personal data. If you require additional information and/or wish to obtain a copy of the standard contractual clauses (including relevant safeguards put in place), you can request this by contacting us as set out in section 9.
4.2 [EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Vendors – Infor?]
5 RETENTION OF YOUR PERSONAL DATA
5.2 Financial/accounting data will be kept for [five years] after the end of the financial year the data relates to (cf. the Danish Bookkeeping Act).
5.3 Personal data relating to contracts and bookings, will be kept for three years after the contract is terminated in order to defend potential claims (the general statute of limitation is three years according to the Danish Limitations Act).
5.4 Personal data relating to inquiries, surveys and other feed-backs is stored for 3 months, then deleted from our databases.
6 SECURITY MEASURES
6.1 We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks, that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.
6.2 Access to Personal Data is restricted to authorized personnel who have a legitimate business purpose for accessing and processing your Personal Data.
7 YOUR RIGHTS
7.1 You can always exercise your rights pursuant to the GDPR chapter III by requesting so to us through the contact details set out in section 9.
7.2 Your rights include e.g.:
You can read more about data protection law and your rights on the webpage of Datatilsynet: www.datatilsynet.dk.
7.3 The Parties will process that request in line with any local laws and its policies and procedures in place for dealing with such requests.
7.4 You can also withdraw your consent to receive our newsletter emails (and other processing based on consent) at any time (without affecting the lawfulness of the processing prior to the withdrawal). This is done by contacting us using the contact information provided below in section 9. It will take effect immediately.
7.5 You have the right to file a complaint with the Danish Data Protection Authority (Datatilsynet) if you have reason to believe that processing of your personal data does not comply with applicable data protection law. The contact information of Datatilsynet is specified in section 9.
7.6 According to the applicable data protection law we are, if appropriate, obligated to inform whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data. In this context, please note that the main part of the personal data referred to in this document is processed by us in order to enter into and manage an agreement/booking and is thus based on the performance of a contract – see GDPR art. 6(1)(b). If we are not able to process such personal data, we are most likely not able to confirm and management your stay with us, etc.
8 OTHER PROVISIONS
8.3 We do not collect personal data on children under 18 years of age without the permission of their parents or a guardian.
9 CONTACT DETAILS AND COMPLAINTS
9.1 You can contact us at:
Nord Collection ApS
Frederiksberggade 19, 3
1459 København K
Company registration no.: 38406760
Telephone: + 45 31 49 90 37
9.2 If you wish to complain about our processing of your personal data, you can file a complaint to the Danish Data Protection Agency (Datatilsynet) being the supervisory authority. The contact details are set forth below:
Borgergade 28, 5
DK-1300, Copenhagen K
Telephone: +45 (33 19 32 00)