Hotel Bonus System and its group affiliates respect your privacy and confidentiality. We will always strive to comply with applicable data protection legislation, including the General Data Protection Regulation ("GDPR").
In that context, Hotel Bonus System will act as a controller, the person responsible for the processing of your personal data, as it decides why and how your personal data is processed. See our address and contact details in section 9.
1 TYPES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS FOR PROCESSING
1.1 MAKING A HOTEL RESERVATION, ONLINE PURCHASES AND CUSTOMER MANAGEMENT
To complete and confirm a booking through our channels (website, telephone and app) we process the following personal data from you:
Customer First and Last name
Corporate ID – if applicable
Promo code – if applicable
Travel agent information – if applicable
Email address – to send the confirmation letter/ pre-arrival letter and a customer survey after departure
Telephone number – not required, but nice to have in case of emergency
Country of residence
Other categories of personal data processed in connection with reservations
Also, we may require a valid credit/debit card. This includes processing of type of card, the full name of the cardholder, the 16 digits on the front of the card/card number, the expiration date and the 3 digits on the backside of the card/the security code. The credit/debit card data is used to secure the booking and complete the payment of the Booking. In case of not complying with the cancelation procedure, the credit/debit card data will be used to make the payment.
We use your personal data, including your name, email address and/or telephone number to contact you, communicate and respond to your various inquiries, solicitations and requests related to e.g. reservations or request for information about a group hotel. Other purchase options/ processing activities that fall within this purpose category.
The legal basis for the above processing is GDPR art.
1.2 MARKETING, PROFILING AND LOYALTY PROGRAM
By entering the Website or in connection with making a reservation, you can consent to our processing of the following personal information on you for the purpose of analyzing which products and services you may be interested in so that we can send relevant and targeted offers, discounts, updates on Hotel Bonus System and newsletters (marketing materials) to you by email based on such an analysis.
In connection with the above, we process the following types of personal data: your name, email address and/or telephone number.
We will retain your purchase history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.
Also, we collect and process personal data on you, including your name, email address, if you enroll in one of our loyalty or marketing programs. We process this information in order to create loyalty and create benefits for you by choosing us.
The legal basis for the above processing is GDPR art.
You can withdraw your consent to the above processing, including to receive our newsletter emails, at any time following the procedure specified in section 7 ("Your Rights"). Your withdrawal of your consent will not affect the lawfulness of our processing prior to the withdrawal.
1.3 IMPROVEMENT OF PRODUCTS AND SERVICES AND SURVEYS
We will process your email to send you a customer survey after departure. The survey includes questions about your overall experience in our hotels, how did you book your stay with us and your satisfaction with our breakfast, cleaning and check-in experience. We process your feedback data from our surveys to examine our performance, improve our products and services. We also use your feedback data to register any inconveniences you might have experienced during your stay.
We will retain and evaluate information on your recent visits to our Website and how you move around different sections of our Website for analytics purposes to understand how people use our Website so that we can make it more intuitive.
Also, we process the following categories of personal data to improve our products and services: your name, email address and/or telephone number.
The legal basis for the above processing is our legitimate interests, cf. GDPR art.
Improvement of existing products and services, including the user experience on our website, and development of new products and services, special offers and other business-related initiatives as further specified above
We transfer the following personal data to statistics: your name, email address, hotel used, number of nights and check-in and check-out dates in connection with statistics. This processing is carried out in order for us to improve our products and services, assess our general performance and to develop new products and services, special offers and other business-related initiatives.
The legal basis for the above processing (the transfer of your personal data to statistical information) is our legitimate interests, cf. GDPR art. These legitimate interests include:
Improvement of our products and services, including the user experience on our website
Assess our general performance
Development of new products and services, special offers and other business-related initiatives
2 COOKIES AND OTHER SIMILAR TECHNOLOGY
3 CATEGORIES OF RECIPIENTS
3.1 We will not sell or disclose Guests, Customers or Visitors personal data to third party, persons or businesses.
3.2 We will share your personal data with the following categories of recipients:
Data processors and vendors that help us deliver our products and services to you.
Companies within the Hotel Bonus System
Public authorities, if relevant and applicable
Advisors to Hotel Bonus System
3.3 We will share your personal data if required by law and official authorities or to protect ourselves and other customers. For example, if your personal data is required in court or based on fraud investigation.
4 TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA
4.1 If your personal data is transferred outside the EU/EEA, we will enter into EU standard contractual clauses approved by the European Commission prior to such transfer to ensure the required level of protection for the transferred personal data. If you require additional information and/or wish to obtain a copy of the standard contractual clauses (including relevant safeguards put in place), you can request this by contacting us as set out in section 9.
4.2 [EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Vendors - Infor?]
5 RETENTION OF YOUR PERSONAL DATA
5.2 Financial/accounting data will be kept for [five years] after the end of the financial year the data relates to
5.3 Personal data relating to contracts and bookings, will be kept for three years after the contract is terminated in order to defend potential claims.
5.4 Personal data relating to inquiries, surveys and other feed-backs is stored for 3 months, then deleted from our databases.
6 SECURITY MEASURES
6.1 We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks, that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.
6.2 Access to Personal Data is restricted to authorized personnel who have a legitimate business purpose for accessing and processing your Personal Data.
7 YOUR RIGHTS
7.1 You can always exercise your rights pursuant to the GDPR chapter III by requesting so to us through the contact details set out in section 9.
7.2 Your rights include e.g.:
Your right to access your personal data
Your right to rectification, if you believe that any information we hold about you is incorrect or incomplete
Your right to request erasure (including the right to be forgotten) under certain circumstances as specified in GDPR
Your right to request the restriction of the processing of your personal data under certain circumstances as specified in GDPR
Your right to data portability under certain circumstances as specified in the GDPR (i.e. the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format and to request the transmission of such personal data to a third party with respect to the limitations and obligations set out in the GDPR)
Your right to object to the processing of your Personal Data under certain circumstances as specified in GDPR
7.3 The Parties will process that request in line with any local laws and its policies and procedures in place for dealing with such requests.
7.4 You can also withdraw your consent to receive our newsletter emails (and other processing based on consent) at any time (without affecting the lawfulness of the processing prior to the withdrawal). This is done by contacting us using the contact information provided below in section 9. It will take effect immediately.
7.5 You have the right to file a complaint with the if you have reason to believe that processing of your personal data does not comply with applicable data protection law.
7.6 According to the applicable data protection law we are, if appropriate, obligated to inform whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data. In this context, please note that the main part of the personal data referred to in this document is processed by us in order to enter into and manage an agreement/booking and is thus based on the performance of a contract – see GDPR art. 6(1)(b). If we are not able to process such personal data, we are most likely not able to confirm and management your stay with us, etc.
8 OTHER PROVISIONS
8.3 We do not collect personal data on children under 18 years of age without the permission of their parents or a guardian.
9 CONTACT DETAILS AND COMPLAINTS
9.1 You can contact us at:
Sales And Smile OÜ
Lasnamäe 4B-26, 11412,
Company registration no.: 14822875