Privacy policy

Small Danish Hotels takes data protection very seriously and, with this Privacy Policy, we aim to provide information about which data we need to collect, how we use it, and what to do if you want to correct or change the data collected. We care about your privacy and the protection of your private data and we comply with the strictest legal provisions on data protection. We firmly believe that data protection begins with transparency and it is important to us that you always know what personal data we store, how we use it, and how to restrict or prevent the use of your data.

1. DATA CONTROLLER

The data controller for the processing is

Small Danish Hotels F.M.B.A.
CVR number 30035615
Vejlevej 16
8700 Horsens
Denmark
+45 70 80 65 01
info@smalldanishhotels.dk

2. PROCESSING ACTIVITIES

2.1 Hotel Reservation

When you book a stay at one of our hotels, we process personal information about you to facilitate the reservation. In this context, we process the following information about you:

  • Name
  • Contact address
  • Phone number
  • Email address
  • Information about the hotel where you are booking a stay
  • Arrival and departure dates
  • Information about the number of rooms and guests, including the number of children and adults
  • Information about special requests/needs
  • Information about potential membership in Benefits
  • Credit card information if applicable

The legal basis for processing is Article 6, paragraph 1, letter b of the General Data Protection Regulation (GDPR), as the processing is necessary for the conclusion or performance of a contract with you, and Article 6, paragraph 1, letter f, as the processing is necessary for our legitimate interest in ensuring the best possible conditions for your stay at our hotel.

Regarding the storage of information relevant to our accounting, the legal basis is Article 6, paragraph 1, letter c of the GDPR, as the processing is necessary to comply with our legal obligation under the Accounting Act ยง 12.

We share the information with the hotel related to your booking.

Information necessary to fulfill our obligations under the Accounting Act is retained for five years from the end of the year in which the stay is finally settled. Other information is retained for 14 months after the departure date of your stay, with credit card information being retained for only 15 days after the end of the stay.

2.2 Benefits Membership

When you are a member of our loyalty program "Benefits," we process personal information about you to administer your membership, including the allocation and use of points, and to send you newsletters and other information about Benefits, Small Danish Hotels, and our member hotels. For this purpose, we process the following information:

  • Name
  • Address
  • Email address
  • Phone number
  • Password for logging into your Benefits account
  • Information about hotel stays and other activities where you earned points, including the date/period of earning and the number of points earned
  • Information about the use of points, including the date of your order, where you used points, the number of points used, and what you used points for (e.g., a hotel stay or items from our point shop)

The legal basis for processing is Article 6, paragraph 1, letter b of the GDPR, as the processing is necessary for the conclusion or performance of a contract with you, and Article 6, paragraph 1, letter f, as the processing is necessary for us to efficiently manage your membership.

We disclose information about your points balance to our member hotels as they need this information to handle point payments related to your stay.

Information about points earning and usage is retained as long as you are a member. When your membership ends, we keep your email address and points balance for 90 days, while other information is deleted within 24 hours after the end of your membership.

However, we delete points that expire, which occurs when there has been no activity on your account for 2 years. Read more in our Benefits terms.

2.3 Purchase of Gift Cards

When you purchase a gift card for Small Danish Hotels, we process personal information about the buyer of the gift card to facilitate the transaction, and information about the recipient in cases where the buyer chooses to have us send the gift card directly to the recipient. We process the following categories of information:

About the buyer:

  • Name
  • Address
  • Email address
  • Phone number
  • Information about the gift card (identification number and amount)

About the recipient of the gift card:

  • Name and address (in cases where the buyer chooses to have us send the gift card directly to the recipient)

About the gift card itself:

  • Identification number
  • Issuance date
  • Value/remaining amount
  • Expiry date

The legal basis for processing is:

  • Article 6, paragraph 1, letter b of the GDPR, as the processing is necessary for the conclusion or performance of a contract with both the buyer and the recipient of the gift card
  • Article 6, paragraph 1, letter c of the GDPR, as the processing is necessary for us to comply with legal obligations, particularly under the Accounting Act and the Payment Act
  • Article 6, paragraph 1, letter f of the GDPR, as the processing is necessary for us to pursue our legitimate interest in managing the gift card system and providing relevant information about the gift card to the cardholder

We receive information about the recipient from the buyer in cases where the buyer requests us to send the gift card directly to the recipient. Additionally, we receive information about the use of the gift card from the hotel/restaurant where the gift card is used.

If the buyer has asked us to send the gift card directly to the recipient, we disclose information about the buyer's identity to the recipient. Furthermore, we disclose information about the (remaining) value and expiration date of the gift card to the hotels or restaurants where the gift card is fully or partially redeemed.

We retain the information for up to 6 years from the end of the year in which the gift card expires โ€“ however, only until five years from the end of the year in which the gift card is fully redeemed, if this happens before the expiration date.

2.4 Visitors to Our Website

If you visit our website, we may collect personal information about you through cookies and similar technologies. The purpose is to optimize our website based on information about how visitors navigate the website, which parts of the website they use, and whether there are technical issues related to the use of the website, including unexpected interruptions during visits.

You can learn more about individual cookies, including their purpose and storage duration, in our cookie policy.

The legal basis for processing is Article 6, paragraph 1, letter f of the GDPR, as the processing is necessary for us to pursue our legitimate interest in collecting information about the use of our website for the purpose of optimizing the website and targeting marketing.

2.5 If You Are an Applicant/Candidate for a Job at Small Danish Hotels

If you are an applicant or candidate for a job at Small Danish Hotels, we process personal information about you to process your application and conduct a potential recruitment process. The information we process for this purpose includes:

  • Your name and contact details, including address, phone number, and email address
  • Information about the job you are applying for or being considered for
  • Information about your educational background, including possibly a copy of your degree certificates
  • Information about current and past employment
  • Information about other relevant skills, such as foreign languages you are proficient in or relevant experiences in the hotel industry
  • Any references
  • Other information you provide in your application or CV or during the recruitment process

We ask you not to provide your social security number or sensitive personal information in the material you send to us.

As a general rule, we collect information directly from you. If you give us consent to contact any references, we will also collect information from them. Additionally, to the extent we use external advisors in connection with the recruitment, we may receive information from them.

The legal basis for processing is Article 6, paragraph 1, letter b of the GDPR, as the processing is necessary to take steps at your request prior to entering into a contract with you, and Article 6, paragraph 1, letter f, as the processing is necessary for us to pursue our legitimate interests in finding the most suitable candidates for positions with us. If you have given us consent to contact references, the legal basis for the disclosure of information in that regard is Article 6, paragraph 1, letter a of the GDPR.

If sensitive information arises during interviews that we find relevant to process, we will obtain your consent to process this information, in accordance with Article 9, paragraph 2, letter a of the GDPR.

If you are hired at Small Danish Hotels, we transfer the information to your personnel file and store it in accordance with our employee data protection policy, which you will be familiarized with upon hiring.

If you are not hired at Small Danish Hotels, we will generally delete your information no later than 6 months after the final rejection of employment. However, in special cases, we may ask for your consent to retain the material for a longer period โ€“ typically if we find your profile particularly interesting but do not have the right job for you right now, after which we will store the information in accordance with the consent we have received from you.

2.6 If You Are a (Contact Person at) a Supplier or Business Partner

If you are a contact person at one of our suppliers or business partners, we process information about you to administer our relationship with you and the company you represent.

The information we process for this purpose includes:

  • Name
  • Work address, email, and phone number
  • Trade history and correspondence

We receive the information directly from you or the company you represent.

The legal basis for processing is Article 6, paragraph 1, letter b of the GDPR, as the processing is necessary for the conclusion or performance of a contract with you and/or the company you represent, and Article 6, paragraph 1, letter f, as the processing is necessary for us to pursue our legitimate interest in efficient administration of our supplier and business relationships.

Information about transactions is retained for five years from the end of the year to which the transaction relates. Other information is retained for five years from the end of the year of the most recent transaction with you or the company you represent.

If you cease to be a contact person for us, we will immediately delete your contact details. Other information is stored as indicated above.

2.7 If You Are in Contact With Us for Other Reasons

If you are in contact with us for reasons other than those outlined in sections 2.1 - 2.6 above, we process personal information about you to process your inquiry or any other reason we are in contact with you.

In this context, we process the following categories of personal information:

  • Your name
  • Your contact information (address, email address, and phone number)
  • Information about the reason for our contact with you, and any information we receive in connection with the contact we have with you.

The legal basis will usually be Article 6, paragraph 1, letter f of the GDPR, as the processing is necessary for us to pursue our legitimate interest in handling inquiries from individuals we come into contact with in the operation of our business in an appropriate and suitable manner. Depending on the circumstances, other legal bases may be relevant.

If our contact with you involves financial transactions, we retain information about each transaction for five years from the end of the year to which the transaction relates, while other information is retained for two years from the end of the year of our last contact with you.

If our contact with you does not involve financial transactions, we generally retain information for two years from the end of the year of our last contact with you.

3. INFORMATION YOU ARE REQUIRED TO PROVIDE US

You are not obligated to provide us with personal information; however, if you fail to provide the information we request, it may mean that we cannot process your inquiry or provide the desired services to you.

4. DISCLOSURE AND TRANSFER OF INFORMATION

In addition to the information about disclosure outlined in the descriptions of each processing activity in sections 2.1 - 2.7 above, we may transfer personal information to companies that, as data processors, support the operation of our business, such as providers of IT systems.

5. TRANSFER OF INFORMATION TO THIRD COUNTRIES

We use data processors located in countries outside the EU/EEA, or that themselves have (sub)processors located in countries outside the EU/EEA, especially the USA. Transfer of personal information to these (sub)processors is generally based on the European Commission's standard contractual clauses, as per Article 46 of the GDPR. You can obtain a copy of the standard contractual clauses by sending a request โ€“ contact information is provided in section 1.

6. STORAGE OF INFORMATION

The storage period for your personal information is outlined in the descriptions of each processing activity in sections 2.1 - 2.8 above.

However, we may retain the information for a longer period if necessary to comply with a legal obligation or to establish, exercise, or defend a legal claim.

7. YOUR RIGHTS

As a data subject, you have the following rights:

  • You have the right to request access to, correction, or deletion of the personal information we process about you.
  • Additionally, you have the right to object to our processing of personal information about you and to request restrictions on the processing of personal information about you.
  • In particular, you have an unconditional right to object to the use of personal information about you for direct marketing purposes.
  • To the extent that processing of your personal information is based on consent, you have the right to withdraw your consent at any time. Such withdrawal of consent will only affect the period after the withdrawal and will not affect the legality of our processing of personal information about you during the period until the withdrawal of consent.
  • You have the right to receive a copy of the personal information about yourself that you have provided to us in a structured, commonly used, and machine-readable format (data portability).
  • You always have the right to complain about our processing of personal information about you to a data protection authority, such as the Danish Data Protection Agency.

Certain conditions and limitations apply to these rights. Therefore, we may not be obligated to comply with your request.

You can exercise your rights by using the contact information provided in section 1 to contact us.

8. RESERVATION OF CHANGES

We reserve the right to change this privacy policy from time to time, of course, in compliance with applicable regulations.

Horsens, February 2024