Cookie- and privacy policy

1.  Purpose of the policy

The purpose of this privacy policy is to make you aware of how Halberg Hotels A/S (“we”, “us”) process personal data. With this policy, we wish to inform you about what data is collected and processed and how long it is stored. The privacy policy concerns the processing of personal data by Halberg Hotels A/S, which includes Hotel Svendborg, Hotel Fredericia, Hotel Garni and Hotel Ærø (collectively referred to as “Halberg Hotels A/S” in the following), when you enter into agreements, interact or otherwise exchange personal data with us.

2.  Description of the processes

Halberg Hotels A/S process your data for one or more specific purposes and in accordance with the data protection rules. We process your data if you are a customer/guest, business partner, supplier, visit our website or our social media, contact us via our contact forms, receive our newsletter or apply for a job with us. The data will generally come directly from you, and we will only process your data for as long as it is necessary for the purpose for which it was collected.

Below you can read more about the types of processing we carry out.

2.1.1.  Customer relations

Halberg Hotels A/S process personal data in connection with visits or stays at our hotels about private customers and about the contact person for our business customers in order to enter into and fulfil an agreement GDPR art. 6(1)(b). This information includes contact information such as name, job title, company name, email, address, telephone number and information about your purchase or stay as well as payment and/or bank details.

In certain cases, we also process health data, including information about disability, allergies, special food preferences and other health or medical information. We process this data based on your explicit verbal consent, cf. GDPR art. 9(2)(a)

We delete the data on an ongoing basis, but no later than 5 years after the end of the customer relationship.

In some cases, we may supplement our information about you with the information you provide us with on an ongoing basis, e.g., information about requests in connection with previous events or conferences, so that we can make our marketing as relevant as possible for you. This is done based on our legitimate interest, cf. GDPR art. 6(1)(f), as we consider that our interest in offering you the best service outweighs your interest in not processing such general information you provide us with. Of course, you always have the right to access such data and have it deleted. Read more about your rights in section 4 below.

2.1.2.  Website and cookies

In connection with the general operation of our website, we collect personal data about you via cookies to improve the website’s appearance and user experience and to compile statistics. We only collect your personal data if you have given your consent. The information we collect via cookies includes your IP address, browser type, device (type, version, operating system, etc.) and user behavior, including page references.

• Cookie declaration for Hotel Svendborg here
• Cookie declaration for Hotel Fredericia here
• Cookie declaration for Hotel Garni here
• Cookie declaration for Hotel Ærø here

On the websites of Hotel Svendborg, Hotel Fredericia and Hotel Ærø, you can contact us via various contact forms.  When you contact us via our general contact form on our website, we process personal data such as name, email and phone number. There is also the option to write in a free text field, but we advise against writing personal data in this field unless it is relevant to the enquiry. When you use the contact form to enquire about a stay, we also process information about time of arrival and number of children. In connection with our contact form for receiving offers, you also consent to us contacting you with an offer via email, cf. GDPR art. 6(1)(a).

The data we process via our contact form is deleted on an ongoing basis and no later than 5 years after the last contact.

We also collect your data if you use our chat function. In this situation, we process information about your name, email and phone number. We process the data in accordance with GDPR article 6(1)(f), as we have a legitimate interest in responding to your enquiry.

The data we process in connection with our chat function is deleted on an ongoing basis, but no later than 5 years after the contact.

On our website, we also have integrated plugins from social media that can collect data about you if you have given your consent. In this regard, we have a joint data responsibility with each media. We use integrated plugins from Facebook, Instagram and LinkedIn.

2.1.3.  Social media

We use the following social media platforms Facebook, Instagram and LinkedIn to connect with our customers and potential customers and to further our marketing efforts. If you have “liked” our fan page on the social media or have been in contact with us through this, we avoid processing your personal data. For this purpose, we only process your name and email address, as well as any information about your purchase or stay, if it appears from the context.

If you contact us via social media, we process your personal data based on our interest in being able to contact you and respond to your enquiries, cf. GDPR article 6(1)(f). The data will originate from you and the social media through which you contact us.

We have a so-called joint data responsibility with the social media we use, as we both process your personal data for our own purposes. You can read more about the social media’s processing of your personal data in the following:

• You can read more about Facebook and Instagram’s processing of your personal data here and about joint data responsibility here.
• You can also read about LinkedIn’s processing of your personal data here and the joint data responsibility here.

Data processed in the context of social media that relates to direct communication via social media is deleted immediately. Posts on e.g. Facebook pages or in public groups are not deleted, as a post or comment on Facebook pages or in public groups is considered public areas. You can read more about public areas here.

2.1.4.  Marketing

We only process your personal data for marketing purposes if you have given your consent in accordance with GDPR Art. 6(1)(a), e.g. to receive newsletters about events, activities and offers. The scope of our processing is stated in the specific consent.

If you have given your consent to receive marketing from Hotel Svendborg or Hotel Fredericia, we will generally process information about your name, email, company.

We store your data for as long as you are subscribed to the newsletter and for 3 years after unsubscribing.

You have the right to withdraw your consent at any time by clicking on the link in the newsletters you receive.

2.1.5.  Video surveillance

According to the Danish TV Surveillance Act, we are authorised to install TV surveillance as we are a hotel and restaurant business. TV surveillance has therefore been installed in areas such as the car park, corridors, reception, restaurant, and back entrance. The purpose of the CCTV surveillance is to ensure the safety of guests and employees and to prevent crime, cf. art. 6 (1) (f).

Personal data is deleted 7 days after the recordings have been made, cf. section 4c(4) of the Danish TV Surveillance Act.

Image and sound recordings containing personal data will only be disclosed if you have given your explicit consent, if it is required by law, or if the disclosure is for crime-solving purposes.

2.1.6.  Job applicants

If you apply for a job at Hotel Svendborg, Hotel Fredericia or Hotel Ærø, we process your personal data in order to assess whether you are qualified for an existing or future position with us. We process the information you provide us with, including name, contact details, work and educational background, level of education, photo, CV, application, references and date of availability and, if applicable, video presentation.

We process your data in order to enter into an employment contract with you (GDPR art. 6(1)(b)) and in cases where we consider that our interests in processing your personal data outweigh your interests in not processing it, e.g. data collected from social media published by you or data obtained through the completion of a personality and aptitude test (GDPR art. 6(1)(f)).

We share your personal data with the employees involved in the recruitment process and disclose your personal data to the companies conducting the personality and aptitude test and any recruitment company.

If we wish to store your data beyond the recruitment period, we will obtain your consent.

2.1.7.  Suppliers and partners

When we enter into agreements with suppliers and business partners, we process information about their contact persons. This includes information such as name, job title, telephone number, email and, if necessary, payment or bank details.

The data is processed either because it is necessary for the fulfilment of the agreement with the supplier or business partner in question GDPR Art. 6(1)(b) or because we have a legitimate interest in processing the contact details of the person in question as part of the agreement GDPR Art. 6(1)(f).

We keep relevant contact information throughout our co-operation. Written correspondence is deleted on an ongoing basis, and information that is necessary to fulfil our obligations under the Danish Bookkeeping Act is stored for 5 years plus the current financial year, cf. section 10(1) of the Danish Bookkeeping Act.

3.   Recipients of personal data

We treat your personal data confidentially, and we do not generally disclose the data to third parties. However, we may disclose your personal data if you have given your consent or if we have a legitimate interest in the disclosure.

We may entrust personal data to our system suppliers who process personal data on our behalf and on our specific instructions in accordance with the data processing agreement entered into.

In some cases, we use data processors outside the EU/EEA, whereby personal data may be transferred to third countries, e.g. in connection with our use of cloud solutions. For this purpose, we use a valid transfer basis (possibly including Standard Contractual Clauses) before we transfer the personal data. The transfer only takes place in compliance with the necessary security safeguards as required by applicable data protection legislation and an individual assessment is always made regarding the need for supplementary measures. You can contact booking@hotel-svendborg.dk for information about the specific basis for processing in this context.

4.  Your rights

When we collect information about you, you have a number of basic rights under the data protection rules that you can exercise. Your rights include the right to request access to and rectification or erasure of your personal data, restriction of and objection to our processing, and the right to receive your data in a structured, commonly used and machine-readable format (data portability).

The above-mentioned rights may be subject to conditions and restrictions. Whether you as a data subject can request, for example, to have your personal data erased, will in all cases depend on a concrete assessment.

If you have given your consent to our processing of your data, you have the right to withdraw this consent at any time.

If you are dissatisfied with our processing of your personal data, you can file a complaint with the Danish Data Protection Agency via their website www.datatilsynet.dk or by calling +45 33 19 32 00.

5.  Our contact details

The company responsible for the processing of your personal data is:

Halberg Hotels A/S/Hotel Svendborg
CVR.nr: 82 55 07 12
Centrumpladsen 1, 5700 Svendborg

E-mail: booking@hotel-svendborg.dk
Tlf.: +45 62 21 17 00

If you have any questions regarding our processing of your personal data, please contact us at booking@hotel-svendborg.dk or by phone +45 62 21 17 00

6.  Modifications

We reserve the right to update and change this Privacy Policy at any time. In the event of significant changes, we will contact you by email or visible notice on our website.

This privacy policy was last modified on 11.03.2024