This Privacy Policy describes how Schlössle Hotel Group AS (hereafter: Schlössle) processes its customer´ personal data acting as a data controller.
Schlössle processes personal data according to the General Data Protection Regulation (Regulation (EU) 2016/679), as well as the other domestic and European privacy laws and regulations.
Processing in the context of this Privacy Policy means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; any activity carried out with personal data.
Personal data in the context of this Privacy Policy means any information related to a data subject that can be used to directly or indirectly identify the person, like name, e-mail or contact address.
Data controller in the context of this Privacy Policy means Schlössle which has determined the purposes and means of the processing of personal data.
Schlössle is a company of three hotels: Hotel St.Petersbourg and Schlössle Hotel in Tallinn and Grand Palace Hotel in Riga. You can contact us respectively:
Hotel St.Petersbourg (Tallinn):
E-mail: stp@schlossle-hotels.com
Phone: + 372 628 6500
Schlössle Hotel (Tallinn):
E-mail: sch@schlossle-hotels.com
Phone: + 372 699 7700
Grand Palace Hotel (Riga):
E-mail: stp@schlossle-hotels.com
Phone: + 371 6704 4000
The aim of the current Privacy Policy is to give information, provide transparency and to explain the types of personal data we collect about you, why we collect this data and what we do with the data. The Privacy Policy further describes our obligations and responsibilities with regard to data protection.
We place a high value on the privacy of our every customer. For this purpose we apply the necessary technical, physical and organisational security measures to protect your personal data against losses, destruction and unauthorised access.
We collect and process the following types of data about you:
The personal data we process about you is provided by yourself when you make a booking or a query on our website, by phone or e-mail, or when you purchase services directly from us at the location.
Your data is also forwarded to us by travel companies, booking companies and other persons involved in the intermediation of accommodation services, through which you have ordered the accommodation or other services provided by us.
We use your data to provide the accommodation and/or other related services you have ordered from us, as well as for fulfilling the obligations placed on us through the legislation regulating our activities and general business aims, such as:
We are not able to provide you with accommodation services if you do not present us with the guest registration card data.
Occasionally, we may process personal data for other additional reasons. We try to ensure that the people concerned are informed of the data processing aims at the time of the data collection. We will endeavour to inform people at the first opportunity, after receiving the personal data or before it is processed for other reasons, if it was not possible or sensible to inform the people concerned at the time of the data collection.
We rely on different legal bases for the processing of your data:
We do not share the information you have entrusted to us, except in limited cases which are described below, and cases that are necessary for fulfilling the aims described in this Privacy Policy:
We will ensure the protection of your data if we share your data with the abovementioned persons, through establishing a data processing agreement between us and such persons.
We do not store or forward your data outside the European Economic Area or to countries to which the General Data Protection Regulation (EU) 2016/679 does not apply.
We will store your data for as long as it is necessary for the purpose of fulfilling our different data processing aims.
The company shall consider the following criteria when storing personal data:
Guest registration card data, for example, is stored for a period of 2 years from the moment when the card is filled in according to the requirements of the tourism legislation. However, credit card data is only stored until the accommodation services have been provided in an orderly fashion, according to the contract existing between us.
Your rights as a data subject are:
1. Right to access your data – you have the right to know what data concerning yourself is being stored, and how that data is processed.
2. Right to data rectification – you have the right to demand corrections to your personal data, in cases where it is inaccurate.
3. Right to data erasure (“right to be forgotten“) – you have the right, under certain conditions, to request that we erase your personal data (e.g. if we no longer need the data, if you revoke the agreement giving us the right to process the data, etc.).
4. Right to restrict data processing – you have the right, under certain circumstances, to forbid or restrict the processing of your personal data for a certain period (e.g. if you have submitted an objection concerning the data processing).
5. Right to present objections – you have the right to present objections concerning the processing of your personal data, considering the concrete situation, if the data processing is taking place according to our legitimate interests or the interests of the general public. Objections to the processing of data for direct marketing purposes can be made at any time.
6. Right to data portability – you have the right to demand that the data you have forwarded to us is transferred to you in a machine-readable format. You may also demand that the data be transferred directly to another controller, but only if such a transfer is technically possible. The right to a data transfer is only valid for the data which we are processing based on your permission, or for fulfilling a contract signed with you.
7. Profile analysis – you have the right to demand that your personal data is not used for automated processing such as profiling. Profiling is an activity where certain personal aspects of data subject are evaluated. Schlössle uses profiling, for instance, to analyse or predict aspects concerning customer´s personal preferences, interests, behavious, location or movements. This is done with a purpose to make offers.
Cookies are files that collect various technical information about a user’s computer, browser, and site usage, such as the pages on which the user has visited and in which order. Cookies enable statistics regarding website use and the popularity of diferent sections and other actions on a website to be monitored. The information received by cookies is utilised to make the website more convenient to use and to improve the content of the webiste
We use cookies to provide a better service to you. Our websites may, among other things, include an element that saves cookies for third parties.
When visiting our websites you have the right not to allow cookies to be saved on your computer. In this case you have to take into account that not all of the website´s functions may be available.
We use the following types of cookies on our websites:
Taking into account possible changes in legislation, case law and developments in the practices of technologies ensuring high level of personal data protection, Schlössle reserves the right to make changes to this Privacy Policy. Therefore, this Privacy Policy is subject to a periodical review and possible changes where necessary.