PRIVACY POLICY FOR Sales and Smile

This Privacy Policy applies to Hotel Bonus System  processing of your personal data collected in connection with your use of our website located at http://salesandsmile.com/ (the “Website”) and our mobile application called including making reservations through our Website and App booking systems with one of our groups.

Hotel Bonus System  and its group affiliates respect your privacy and confidentiality. We will always strive to comply with applicable data protection legislation, including the General Data Protection Regulation ("GDPR").

In that context, Hotel Bonus System will act as a controller, the person responsible for the processing of your personal data, as it decides why and how your personal data is processed. See our address and contact details in section 9.

1         TYPES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS FOR PROCESSING

 

1.1      MAKING A HOTEL RESERVATION, ONLINE PURCHASES AND CUSTOMER MANAGEMENT

To complete and confirm a booking through our channels (website, telephone and app) we process the following personal data from you:

 

Customer First and Last name

 

Corporate ID – if applicable

 

Promo code – if applicable

 

Travel agent information – if applicable

 

Email address – to send the confirmation letter/ pre-arrival letter and a customer survey after departure

 

Telephone number – not required, but nice to have in case of emergency

 

Country of residence

 

Other categories of personal data processed in connection with reservations

 

Also, we may require a valid credit/debit card. This includes processing of type of card, the full name of the cardholder, the 16 digits on the front of the card/card number, the expiration date and the 3 digits on the backside of the card/the security code. The credit/debit card data is used to secure the booking and complete the payment of the Booking. In case of not complying with the cancelation procedure, the credit/debit card data will be used to make the payment.

 

We use your personal data, including your name, email address and/or telephone number to contact you, communicate and respond to your various inquiries, solicitations and requests related to e.g. reservations or request for information about a group hotel. Other purchase options/ processing activities that fall within this purpose category.

 

The legal basis for the above processing is GDPR art.

1.2      MARKETING, PROFILING AND LOYALTY PROGRAM

By entering the Website or in connection with making a reservation, you can consent to our processing of the following personal information on you for the purpose of analyzing which products and services you may be interested in so that we can send relevant and targeted offers, discounts, updates on Hotel Bonus System and newsletters (marketing materials) to you by email based on such an analysis.

 

In connection with the above, we process the following types of personal data: your name, email address and/or telephone number.

 

We will retain your purchase history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.

 

Also, we collect and process personal data on you, including your name, email address, if you enroll in one of our loyalty or marketing programs.  We process this information in order to create loyalty and create benefits for you by choosing us.

 

The legal basis for the above processing is GDPR art.

You can withdraw your consent to the above processing, including to receive our newsletter emails, at any time following the procedure specified in section 7 ("Your Rights"). Your withdrawal of your consent will not affect the lawfulness of our processing prior to the withdrawal.

 

1.3      IMPROVEMENT OF PRODUCTS AND SERVICES AND SURVEYS

We will process your email to send you a customer survey after departure. The survey includes questions about your overall experience in our hotels, how did you book your stay with us and your satisfaction with our breakfast, cleaning and check-in experience. We process your feedback data from our surveys to examine our performance, improve our products and services. We also use your feedback data to register any inconveniences you might have experienced during your stay.

 

We will retain and evaluate information on your recent visits to our Website and how you move around different sections of our Website for analytics purposes to understand how people use our Website so that we can make it more intuitive.

 

Also, we process the following categories of personal data to improve our products and services: your name, email address and/or telephone number.

 

The legal basis for the above processing is our legitimate interests, cf. GDPR art.

Improvement of existing products and services, including the user experience on our website, and development of new products and services, special offers and other business-related initiatives as further specified above

 

1.4      STATISTICS

We transfer the following personal data to statistics: your name, email address, hotel used, number of nights and check-in and check-out dates in connection with statistics. This processing is carried out in order for us to improve our products and services, assess our general performance and to develop new products and services, special offers and other business-related initiatives.

 

The legal basis for the above processing (the transfer of your personal data to statistical information) is our legitimate interests, cf. GDPR art. These legitimate interests include:

 

Improvement of our products and services, including the user experience on our website

 

Assess our general performance

 

Development of new products and services, special offers and other business-related initiatives

 

 

2         COOKIES AND OTHER SIMILAR TECHNOLOGY

 

 

2.1      We are using various "cookies" and "web beacons" on our website. A cookie is a text file that is stored on your computer or other IT equipment. Cookies facilitate the anonymized registration of the users' actions as they navigate the Website, and they also often ensure an optimum functionality. Many functions cannot be shown without the use of cookies. Today, most websites use cookies. We use e.g. Google Analytics to analyze our visitors' behavior on our website. This enables us to improve the user-friendliness and functionality of our website. We can see the country you are accessing our website from, the IP address, the type of device, the browser you are using, how you got here, how long you are staying, what pages visit and what you click on.

 

2.2      By using Google Analytics, we cannot see your name, address and others. We cannot use this data from Google Analytics to identify you. You can find more information about Goggle Analytics privacy policy here: https://support.google.com/analytics/answer/6004245?hl=en]

 

 

 

3         CATEGORIES OF RECIPIENTS

 

 

3.1      We will not sell or disclose Guests, Customers or Visitors personal data to third party, persons or businesses.

 

 

 

3.2      We will share your personal data with the following categories of recipients:

 

Data processors and vendors that help us deliver our products and services to you.

 

Companies within the Hotel Bonus System

 

Public authorities, if relevant and applicable

 

Advisors to Hotel Bonus System

 

Others

 

 

 

3.3      We will share your personal data if required by law and official authorities or to protect ourselves and other customers. For example, if your personal data is required in court or based on fraud investigation.

 

 

 

4         TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA

 

 

4.1      If your personal data is transferred outside the EU/EEA, we will enter into EU standard contractual clauses approved by the European Commission prior to such transfer to ensure the required level of protection for the transferred personal data. If you require additional information and/or wish to obtain a copy of the standard contractual clauses (including relevant safeguards put in place), you can request this by contacting us as set out in section 9.

 

 

 

4.2      [EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Vendors - Infor?]

 

https://www.privacyshield.gov/welcome

 

 

5         RETENTION OF YOUR PERSONAL DATA

 

 

5.1      Your personal information will be retained for as long as is necessary to carry out the purposes set out in this privacy policy (unless a longer retention period is required by applicable law).

 

 

 

5.2      Financial/accounting data will be kept for [five years] after the end of the financial year the data relates to

 

 

 

5.3      Personal data relating to contracts and bookings, will be kept for three years after the contract is terminated in order to defend potential claims.

 

 

5.4      Personal data relating to inquiries, surveys and other feed-backs is stored for 3 months, then deleted from our databases.

 

 

6         SECURITY MEASURES

6.1      We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks, that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.

 

6.2      Access to Personal Data is restricted to authorized personnel who have a legitimate business purpose for accessing and processing your Personal Data.

 

7         YOUR RIGHTS

7.1      You can always exercise your rights pursuant to the GDPR chapter III by requesting so to us through the contact details set out in section 9.

 

7.2      Your rights include e.g.:

 

Your right to access your personal data

 

Your right to rectification, if you believe that any information we hold about you is incorrect or incomplete

 

Your right to request erasure (including the right to be forgotten) under certain circumstances as specified in GDPR

 

Your right to request the restriction of the processing of your personal data under certain circumstances as specified in GDPR

 

Your right to data portability under certain circumstances as specified in the GDPR (i.e. the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format and to request the transmission of such personal data to a third party with respect to the limitations and obligations set out in the GDPR)

 

Your right to object to the processing of your Personal Data under certain circumstances as specified in GDPR

 

7.3      The Parties will process that request in line with any local laws and its policies and procedures in place for dealing with such requests.

 

7.4      You can also withdraw your consent to receive our newsletter emails (and other processing based on consent) at any time (without affecting the lawfulness of the processing prior to the withdrawal). This is done by contacting us using the contact information provided below in section 9. It will take effect immediately.

 

7.5      You have the right to file a complaint with the if you have reason to believe that processing of your personal data does not comply with applicable data protection law.

 

7.6      According to the applicable data protection law we are, if appropriate, obligated to inform whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data. In this context, please note that the main part of the personal data referred to in this document is processed by us in order to enter into and manage an agreement/booking and is thus based on the performance of a contract – see GDPR art. 6(1)(b). If we are not able to process such personal data, we are most likely not able to confirm and management your stay with us, etc.

 

 

 

8         OTHER PROVISIONS

 

8.1      We are not responsible for the collection and processing of personal data in connection with bookings made through third party travel agents/websites. Please read and understand the privacy policy and terms and conditions from the respective websites.

 

8.2      The Privacy Policy is subjected to versioning and it will be updated regularly. Any updates will be will notified to you in advance through our website (via pop-up or otherwise) and through our communication channels (e.g. by email, if available/applicable). Also, Guests, Customers and Visitors are obliged to read and understand our Privacy Policy while visiting our website and if making a reservation. By submitting your personal data through our channels, you are agreeing that you have read and understood our Privacy Policy.

 

8.3      We do not collect personal data on children under 18 years of age without the permission of their parents or a guardian.

 

9         CONTACT DETAILS AND COMPLAINTS

9.1      You can contact us at:

 

Sales And Smile OÜ

Lasnamäe 4B-26, 11412,

Tallinn, Estonia

Company registration no.: 14822875

Email: privacy@salesandsmile.com