Introduction
At Hotel Mayfair we care about your personal information. It is of the utmost importance for us that all processing of personal data respects the privacy of the individual. This is why we aim to ensure that all processing of personal data happens in accordance with the General Data Protection Regulation (the “GDPR”) and other applicable legislation. This privacy policy (the “Policy”) applies to personal data about guests, customers and other individuals who may be registered in IT systems (such as booking systems), website, apps, loyalty programs or the equivalent or personal data that is transferred from travel agencies, other booking sites or similar
Who is the controller?
Hotel Mayfair (Hotel Mayfair ApS)
Physical Address: Helgolandsgade 3, 1653 København
How we collect personal data
From you
When you contact us regarding a reservation or making a hotel reservation, have special requirements regarding your visit or use a social media that we provide, we will collect and process the information that you provide us with. This could include sensitive personal data, such as information about allergies.
From other sources
If someone makes a reservation for you, we process such personal data about you.
Sometimes we receive personal data from third parties (including other companies within our group) with whom we do business with or that are suppliers to us.
If permitted by law, we – or a third party – can under certain circumstances use tracking tools (such as cookies) to collect information about you. More information about the use of cookies on our website can be found in the cookie policy below.
Under certain circumstances we process personal data about you that originates from publicly available sources like social media. This is for example the case when you make a review about our hotel on a website.
In those cases where we process personal data about you that we receive from other sources than yourself, we will provide you with information in accordance with the GDPR, if possible.
what data do we collect from you, and why?
General guest data
Type of personal data
contact information (for example your name, e-mail address, telephone number and address),
demographic information (such as age, gender, age and language), if you chose to provide this to us during booking or pre check-in,
guest stay information (which could include special categories of personal data, such as information about allergies),
your nationality,
payment information (such as credit card number),
business information,
information relating to your (previous) reservations (for example past visits, date of arrival, date of departure),
information (for example feedback about our hotels and services) that you submit to us (e.g. through customer satisfaction surveys).
To our knowledge, we are not in contact or collect personal data from children under 18 without relevant permission from a parent or guardian. If you believe we have inadvertently collected such information, please contact us so we can promptly obtain parental consent or remove the information.
Legal basis
The processing of your personal data is based:
your consent (when we have asked for it and you have given it);
the performance of a contract to which you are a party or in order to take steps at the request of you to entering into a contract (for example in relation to a reservation)
a legal obligation (for example the legal obligation for accommodation providers to register hotel guests);
or our legitimate interests (for example the improvement of our services, for which we contract guests to ask feedback on their stay in our hotel).
When processing is based on legitimate interest, we shall make a balance between our legitimate interests and your rights and interests.
Purpose
To provide you with the services and products that you have asked for (for example in relation to a reservation), in order to valuate and improve our services (for example to return lost items to you) and to fulfill our legal obligations (for example to register hotel guests).
Social media
Type of personal data
The personal data that you submit to us on any social media platform (e.g. name, e-mail address, and telephone number).
Legal basis
We may process your data based on consent (in the cases you have given it) and based on our legitimate interests to communicate with you on social media, such as when you respond to our posts or tag us in your own posts.
Purpose
To provide you with the services and products that you want, to manage and market our services and products and to communicate with you.
Type of personal data
Name, e-mail address, telephone number and any other personal data that you submit to us via e-mail.
Legal basis
the performance of a contract to which you are party or in order to take steps at the request of you to entering into a contract, or
our legitimate interests when processing is based on legitimate interest, we shall make a balance between our legitimate interests and your rights and interests.
Purpose
To provide you with the services and products that you want, to manage and market our services and products and to communicate with you.
Direct marketing
Type of personal data
Name and e-mail address
Legal basis for processing
The hotel has a legitimate interest in sending marketing information to its customers regarding similar products and services (e.g. event invitations, promotions and special offers). If you do not wish to receive our communications you can express your preference at the time we collect your information (e.g. at the form you fill out at check-in) or object to receiving marketing at any later time (e.g. by using the unsubscribe links in the relevant communication). If you are not a guest or a client, we may use your personal data to send you marketing information regarding similar products and services (e.g. event invitations, promotions and special offers) if you have given us your consent to do so.
If you have consented to receive marketing, you may withdraw your consent at any time.
Purpose
We use your personal data to keep you informed about our services, events and promotions.
Camera surveillance
Hotel Mayfair uses camera surveillance. Camera surveillance is deemed to be particularly sensitive from a privacy perspective and it is of great importance that all camera surveillance take place in accordance with the relevant legislation in effect.
The camera images are processed in accordance with the GDPR and applicable national laws such as the camera legislation. The hotel has indicated the camera surveillance by means of a pictogram. If necessary, it has notified the cameras to the competent authority and it has included information in a specific record.
If you would like more information, please contact us by using the contact details provided below.
Types of personal data
Camera images
Legal basis
The camera images are processed on the basis of our legitimate interest to secure and protect our hotel and our guests.
Purpose
The purpose for which the processing takes place is to prevent crime and ensure the security of our hotel and guests
Profiling
In order to provide you with premium service each time you visit our hotel, we may keep a profile about you, which can include information about your previous stays (such as how often you visit our hotel, when you visited our hotel the last time as well as financial information about your past stays).
The processing of your personal data is based on our legitimate interest to provide tailor-made customer service.
Different kind of systems
Depending on the circumstances, we may process personal data in, or in relation to, inter alia, the following types of systems:
Property management system, property operation system, staff registration system, productivity system, telephone system, accounting system, clock system, yield management system, revenue center system, communication system, salary system, credit card system, key card system, TV and IT infrastructure (Internet etc.) and video surveillance system.
With how do we share your data?
In order to serve you, we may share your personal and anonymous data with:
Other companies, including companies within the Pandox group and vendors, contractors, co-operation companies and service providers. Their use of information is limited to these purposes and subject to agreements that require them to keep the information confidential. There are e.g., IT providers
– Lawyers and advisors of Pandox Group.
– Relevant authorities. Such as in teh context of our obligation to register guests.
– Potential acquirers of the company: in case (a part of) our business is sold to a third party, your data may be shared with the acquirer.
Analytics companies may access anonymous data to help us understand how our services are used. No data of any individual user is shared.
Will Transfers be made to any thrid country?
As a general rule, we do not transfer any personal data to a third country (i.e. a country outside the EU/EEA).
It is possible that service providers of Hotel Mayfair process your data outside the EEA. In this respect, the hotel is committed to ensuring an adequate and sufficient level of protection for your data (e.g. by concluding the standard contractual clauses of the European Commission) or by any other appropriate safeguards. If you have any questions about the transfer of your personal data outside the EEA or if you want to obtain a copy of the relevant documents, you can send a dated and signed request to the hotel (see “contact details”).
How long is the personal data saved?
We will not save personal data longer than necessary taking into consideration the purpose of the relevant processing. Data may be kept longer in case of complaints or threatened or pending litigation.
Please note that certain laws require that certain types of information must be saved for specified periods of time (e.g. in certain circumstances we are required to keep data about hotel guests for a period of minimum 7 years after their stay).
Camera images are deleted after 15 days.
What rights do you have as a data subject?
As a data subject, you can request that we correct any incorrect personal data about you. You can also supplement incomplete personal data, among other things by providing a supplemental statement of the missing personal data, as it relates to the processing we do.
At Hotel Mayfair we respect your rights.
You have the right of access to your data, to have your personal data corrected, in certain cases to object to the processing and to require the personal data to be erased, to be restricted (a marking that the processing of the personal data should be restricted to a particular purpose), and to be turned over to you on an IT medium (data portability).
In order to exercise your rights under the GDPR, you must send your request including a copy of a document that proves your identity to Hotel Mayfair (please see contact details below). We cannot process your request without proof of your identity.
In general, you will receive an answer to your request in one month. Please note, however, that some personal data is necessary in order to be able to fulfill certain duties, such as payment information, and may therefore not be restricted or erased for this purpose.
A. Right of access
You are entitled to obtain access to your personal data we process and information about what personal data is registered about you in our filing systems, generally free of charge.
B. Right to correction
As a data subject, you can request that we correct any incorrect personal data about you. You can also supplement incomplete personal data, among other things by providing a supplemental statement of the missing personal data, as it relates to the processing we do.
C. Right to erasure
Under certain circumstances, you have the right to have your personal data removed from our files. Please note that this right is not absolute and in some cases, we will not be able to execute your request, such as when we are legally obliged to keep certain data for a specific period.
D. Right to restrict processing
In certain cases, you have the right to require that we restrict the processing of your personal data. In certain cases the processing of the personal data is necessary to comply with legal obligations or to be able to execute contractual obligations. In that case, compliance with those obligations will prevail over your right to restriction.
E. The right to data portability
You have the right to receive the personal data regarding you, that you yourself have provided us, in a structured, commonly used and machine-readable format and to transfer this data to another controller. This right applies to automated processing where the processing of personal data is based on your consent or on an agreement with you.
F. Right to make objections
You are entitled to object to our processing of your personal data where it involves personal data which is being processed based on a legitimate interest. In such case, we will reassess our legitimate interest against your interests, rights and freedoms and stop the processing unless we can demonstrate a compelling legitimate reason for the processing.
Where the personal data is processed for direct marketing, you as a data subject are entitled at any time whatsoever to object to the processing of personal data involving you for such marketing, including profiling to the extent this is connected to such direct marketing.
Right to withdraw consent
In certain cases we ask for your consent in order to provide you with certain services and process your personal data. Following your consent, we will only process your personal data for that or compatible purposes.
In the following cases, inter alia, we may request your consent:
– Marketing activities;
– In relation to processing of children’s data (where we will obtain consent from a parent or legal guardian);
– If we transfer personal data to a third country;
– If we process special categories of personal data (such as allergies).
When the processing of your personal data is based on consent, you are entitled to withdraw your consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of your consent before it was withdrawn. If you would like to withdraw your consent, please refer to the same service, website or similar where you consented or contact us using the contact detail below.
The supervisory authority
You are always entitled to file a complaint with the relevant privacy protection authority or a corresponding supervisory authority
The supervision is exercised by the Danish Data Protection Agency. The Danish Data Protection Agency has the possibility of reviewing the personal data processing which is carried out by us. If we fail to comply with the GDPR or The Data Protection Act, the authority, for example, can issue a warning and/or impose an administrative fine. You can find more information and contact details to the Danish Data Protection Agency here: https://www.datatilsynet.dk.
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Tlf. 33 19 32 00 dt@datatilsynet.dk
Security measures
Miscellaneous
Contact details
To exercise your rights under the GDPR or if you have any questions or concerns about our privacy policies or our processing of your personal data, you can contact the privacy responsible at: privacy@hotelmayfair.dk
Hotel Mayfair (Hotel Mayfair ApS)
Physical Address: Helgolandsgade 3, 1653 København
Updates of the Policy
This privacy statement last changed on the 28 March 2022.
We may update this policy from time to time. We will always post an updated copy on our relevant websites. Therefore, please check our site for updates.