+372 699 7780
Menu

Privacy policy and principles of using cookies

 

This Privacy Policy describes how Schlössle Hotel Group AS (hereafter: Schlössle) processes its customer´ personal data acting as a data controller.

Schlössle processes personal data according to the General Data Protection Regulation (Regulation (EU) 2016/679), as well as the other domestic and European privacy laws and regulations.

Processing in the context of this Privacy Policy means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; any activity carried out with personal data.

Personal data in the context of this Privacy Policy means any information related to a data subject that can be used to directly or indirectly identify the person, like name, e-mail or contact address.

Data controller in the context of this Privacy Policy means Schlössle which has determined the purposes and means of the processing of personal data.

Schlössle is a company of three hotels: Hotel St.Petersbourg and Schlössle Hotel in Tallinn and Grand Palace Hotel in Riga. You can contact us respectively:

Hotel St.Petersbourg (Tallinn):
E-mail: stp@schlossle-hotels.com
Phone: + 372 628 6500

Schlössle Hotel (Tallinn):
E-mail: sch@schlossle-hotels.com
Phone: + 372 699 7700

Grand Palace Hotel (Riga):
E-mail: stp@schlossle-hotels.com
Phone: + 371 6704 4000

1. Aim of the Privacy Policy

The aim of the current Privacy Policy is to give information, provide transparency and to explain the types of personal data we collect about you, why we collect this data and what we do with the data. The Privacy Policy further describes our obligations and responsibilities with regard to data protection.

We place a high value on the privacy of our every customer. For this purpose we apply the necessary technical, physical and organisational security measures to protect your personal data against losses, destruction and unauthorised access.

2.         What data do we collect concerning you, and from whom do we obtain the data?

We collect and process the following types of data about you:

  • Basic personal data: for example, your first and family name, date of birth / identity code.
  • Contact data: for example, your residential address, phone number and e-mail address.
  • Guest registration card data: this is data required by the tourism legislation concerning visitors to places with accommodation; e.g. your citizenship, name of your accompanying spouse and underage children, date and place of birth, dates of your stay in our hotels, etc.
  • Credit card data: for example, your card number, owner’s name and card´s expiry date.
  • Surveillance camera recordings: when you visit our accommodation, the public premises may be equipped with video surveillance systems for security reasons.
  • Data concerning personal preferences: for example in relation to food or accommodation.

The personal data we process about you is provided by yourself when you make a booking or a query on our website, by phone or e-mail, or when you purchase services directly from us at the location.

Your data is also forwarded to us by travel companies, booking companies and other persons involved in the intermediation of accommodation services, through which you have ordered the accommodation or other services provided by us.

3. Why do we need your data? What happens if you do not present us with the data?

We use your data to provide the accommodation and/or other related services you have ordered from us, as well as for fulfilling the obligations placed on us through the legislation regulating our activities and general business aims, such as:

  • Basic personal data: this data is required for identifying your person, which is important to ensure that the services are provided to the person for whom they were actually ordered.
  • Contact data: this data is required to contact you for providing accommodation or restaurant services, but also to send you marketing material in case you have expressed your interest for this. We will most often contact you by phone or e-mail; however, under certain circumstances, it may be necessary to use your residential address (e.g. when other means of communication fail to function).
  • Guest registration card data: we have an obligation, according to tourism legislation, to collect this data. The aim of this data collection is to avoid problems; for example, the dangers inherent in illegal immigration.
  • Credit card data: this data is required to secure a a reservation for a certain amount on your credit card, as a payment for the services ordered or as compensation for expenses.
  • Surveillance camera recordings: this data is required for ensuring security in the premises, for preventing and where relevant, investigating security incidents.
  • Data concerning your personal preferences: we will use such data, when we request it or when you voluntarily offer it, to offer you better services based on your needs and desires.

We are not able to provide you with accommodation services if you do not present us with the guest registration card data.

Occasionally, we may process personal data for other additional reasons. We try to ensure that the people concerned are informed of the data processing aims at the time of the data collection. We will endeavour to inform people at the first opportunity, after receiving the personal data or before it is processed for other reasons, if it was not possible or sensible to inform the people concerned at the time of the data collection.

4. What is the legal basis for the processing of your data?

We rely on different legal bases for the processing of your data:

  • Consent: We rely on this legal basis to send you marketing materials, such as newsletters and offers.
  • Contract: We rely on this legal basis to create a contractual relationship with you, or to fulfil an agreement that has been signed.
  • Legal obligation: We rely on this legal basis to comply with legal obligations, for example completing and storing guest registration cards for a period of 2 years.
  • Vital interest: We rely on this legal basis to protect your vital interests or those of other persons, for example releasing your data to ambulance workers in the case of an accident.
  • Legitimate interest: We rely on this legal basis to carry out interests such as the management of the company and the general realisation of its business activities, as well as the discovery of unlawful activites and fraud.

5. With whom do we share your data?

We do not share the information you have entrusted to us, except in limited cases which are described below, and cases that are necessary for fulfilling the aims described in this Privacy Policy:

  • Our subsidiary and related companies: we may share your personal data with our subsidiary or related companies, all of which are located within the European Union;
  • Service providers: like many other companies, we may order data processing services from reputable third party service providers – for example, IT services;
  • Public authorities and state institutions: we may share the data if we are legally obligated to share the data with public institutions, or if the data sharing is necessary to ensure the protection of our rights;
  • Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other persons responsible for providing consultation services;

We will ensure the protection of your data if we share your data with the abovementioned persons, through establishing a data processing agreement between us and such persons.

We do not store or forward your data outside the European Economic Area or to countries to which the General Data Protection Regulation (EU) 2016/679 does not apply.

6. How long do we store your data?

We will store your data for as long as it is necessary for the purpose of fulfilling our different data processing aims.

The company shall consider the following criteria when storing personal data:

  • The data will be stored for as long as it is necessary for the purpose of providing our services.
  • If the person has a customer account or a loyalty card, then the personal data will be stored for as long as the account / card is active, or for as long as is required in order to offer personalised services.
  • When the company has a legal, contractual or other similar obligation for storing the personal data, then the data will be stored for as long as is required to fulfil such an obligation.
  • After the end of the contractual relations, certain data will be stored for as long as the person (data subject) or the company itself has the right to present demands to the other party based on a contract.

Guest registration card data, for example, is stored for a period of 2 years from the moment when the card is filled in according to the requirements of the tourism legislation. However, credit card data is only stored until the accommodation services have been provided in an orderly fashion, according to the contract existing between us.

7. What are your rights concerning your data?

Your rights as a data subject are:

1. Right to access your data – you have the right to know what data concerning yourself is being stored, and how that data is processed.

2. Right to data rectification – you have the right to demand corrections to your personal data, in cases where it is inaccurate.

3. Right to data erasure (“right to be forgotten“) – you have the right, under certain conditions, to request that we erase your personal data (e.g. if we no longer need the data, if you revoke the agreement giving us the right to process the data, etc.).

4. Right to restrict data processing – you have the right, under certain circumstances, to forbid or restrict the processing of your personal data for a certain period (e.g. if you have submitted an objection concerning the data processing).

5. Right to present objections – you have the right to present objections concerning the processing of your personal data, considering the concrete situation, if the data processing is taking place according to our legitimate interests or the interests of the general public. Objections to the processing of data for direct marketing purposes can be made at any time.

6. Right to data portability – you have the right to demand that the data you have forwarded to us is transferred to you in a machine-readable format. You may also demand that the data be transferred directly to another controller, but only if such a transfer is technically possible. The right to a data transfer is only valid for the data which we are processing based on your permission, or for fulfilling a contract signed with you.

7. Profile analysis – you have the right to demand that your personal data is not used for automated processing such as profiling. Profiling is an activity where certain personal aspects of data subject are evaluated. Schlössle uses profiling, for instance, to analyse or predict aspects concerning customer´s personal preferences, interests, behavious, location or movements. This is done with a purpose to make offers.

8. The use of “cookies”

Cookies are files that collect various technical information about a user’s computer, browser, and site usage, such as the pages on which the user has visited and in which order. Cookies enable statistics regarding website use and the popularity of diferent sections and other actions on a website to be monitored. The information received by cookies is utilised to make the website more convenient to use and to improve the content of the webiste

We use cookies to provide a better service to you. Our websites may, among other things, include an element that saves cookies for third parties.

When visiting our websites you have the right not to allow cookies to be saved on your computer. In this case you have to take into account that not all of the website´s functions may be available.

We use the following types of cookies on our websites:

  • Permanent cookies: these are necessary to navigate the website and use its contents. In case these are blocked you are unable to use all of the websites´ functions.
  • Session cookies: these enable the website to remember previous choices made by you (username, language settings etc) and provide more efficient and personal functions.
  • Tracking cookies: these collect data about your behaviour on the website. Information received by tracking cookies helps making the website more convenient to use.

9. Implementing provision

Taking into account possible changes in legislation, case law and developments in the practices of technologies ensuring high level of personal data protection, Schlössle reserves the right to make changes to this Privacy Policy. Therefore, this Privacy Policy is subject to a periodical review and possible changes where necessary.