Data responsibilities of Hotel Arctic
Hotel Arctic registers and processes its guests’ personal data when further processing of this data is relevant for Hotel Arctic. It is important that this data is always correct and up to date for both administrative and security reasons.
The general rule for data processing is that personal data is only processed for specific purposes and based on legitimate interests. Personal data is only processed where this is relevant and necessary for the fulfilment of the stated purposes, and the data is erased once it is no longer needed.
Contact details of the data controller
The managing director is Hotel Arctic’s data controller and must ensure that personal data is processed in accordance with the legislation that is applicable at any one time.
Contact person: Morten Nielsen
Address: Lufthavnsvejen B-1128, 3952 Ilulissat
CBR number: 1023201433
Telephone no.: +299 944153
E-mail address: email@example.com
Processing of personal data
We process the following personal data on our guests/customers:
- Personal data
- General personal data
- Registration and contact information such as name, address, telephone number, e-mail address or similar information that can identify a natural person, either directly or indirectly
- Personal data under a higher degree of protection
- We do not process personal data under a higher degree of protection
Where we collect data from
Hotel Arctic’s purposes for processing your personal data
We process your personal data for specific purposes when we have a legal basis to do so.
Specific legal bases for this processing include:
- Processing based on Hotel Arctic’s legitimate interests (the balancing of interests principle)
- Processing to enable us to fulfil a contract with you
- Processing required by law
- Processing based on consent
The purposes for processing include:
- Supplying goods and services you have ordered from us
- Managing your relationship with us
- Invoicing goods and services that you have received from us
We only process personal data based on legitimate interests
If we process your data based on a balancing of interests, this processing will be solely motivated by legitimate interests, such as:
- To enable us to complete a booking and/or supply the services you have ordered from us, i.e. fulfil a contract with you
Usually, our processing of your personal data will be based on a different legal authority than consent. Therefore, we only obtain your consent in the rare cases where this is necessary to process your personal data for the purposes described above.
If we seek to obtain your consent, you are free to both give and withdraw it at any time by providing us notice of this.
Disclosure of your personal data
Hotel Arctic uses a hosted version of the hotel system Picasso for managing bookings and other services provided to the hotel’s guests or customers in general. An appropriate data processing agreement has been entered into with AK Techhotel A/S in relation to the processing of the necessary personal data. However, the data processer can only legally access and process your personal data on behalf of Hotel Arctic to fulfil the specific purposes determined by Hotel Arctic, and are therefore prohibited from using the data for their own purposes.
Personal data may be disclosed to the relevant authorities in connection with regulatory processing.
We do not disclose personal data to third parties/companies for marketing purposes without your consent.
If your personal data is transferred to a third country, Hotel Arctic will ensure that this transfer is adequately protected by applying the standard clauses of the EU Commission to its contract with the intended recipient of the personal data, or use recipients that are subject to certain certification mechanisms, such as the EU-US Privacy Shield. If you have any questions relating to the legal basis for any transfer to third countries, you may contact us by using the contact details provided above.
Storage and erasure of your personal data
We will store your personal data for as long as it is required for the purposes described above. Personal data entered into our accounting records and system is stored for a period of five (5) years from the end of the current financial year.
According to the General Data Protection Regulation (GDPR), you have several rights relating to our processing of your personal data:
- The right to be informed of your personal data being processed
- The right to access your personal data
- The right to rectify your personal data
- The right to have your personal data erased
- The right to limit processing of your personal data
- The right to data portability (receive your data in a generally used format)
- The right to object to the processing of your personal data
You may exercise any of these rights, including objecting to our processing of your personal data, by contacting us via the contact details provided above.
If you contact us, for example, to request that your personal data be rectified or erased, we will investigate whether the conditions for this are met. If they are, we will rectify or erase your data as soon as possible.
In addition, you can always file a complaint with the Danish Data Protection Agency.