Privacy Statement
For New Nordic Lucury
Introduction
We at New Nordic Luxury process your personal data in various contexts, for example when you book services with us, stay at our hotels, eat in our restaurants, use services we provide, and in a few other instances. This privacy statement contains information on how we process personal data as well as contact information if you have any questions or require access to the data we hold.
We process your personal data in accordance with the Norwegian Personal Data Act in force at any time (GDPR).
Data Controller
Our company – De Historiske Hotel og Spisesteder (hereafter DHHS), company register no. 977 389 674, Box 196 Sentrum, 5804 Bergen, Norway, tel. +47 55 31 67 60, email [email protected] – is the data controller for the processing of personal data in our central bookings and invoicing system, the web sites www.newnordicluxury.com, www.dehistoriske.no and www.dehistoriske.com, your account on our websites, our app and our loyalty programme Taste Norway. DHHS is also the data controller for our marketing and electronic mailings to our customers and contacts, as well as other digital marketing.
New Nordic Luxury and DHHS is a membership organisation of independent hotels that use their own local systems for bookings and invoicing. Each hotel has its own privacy statement and will itself be the data controller for bookings and hotel stays.
Processing of personal data linked to bookings and stays
When you book a hotel stay with us, we process your reservation and the booking information. This includes details of room type, hotel, prices and dates for your booking. Moreover, we process information on additional services such as room upgrades and products you purchase, and any comments you enter in the comments field concerning medical requirements or dietary requests.
We do this to be able to fulfil our contractual obligations to you for bookings and purchase of services. This includes data you have provided to us directly or via a tour operator or agent.
We process these data for as long as it is necessary to fulfil the booking contract with you, and for as long as current statutory or regulatory instruments require us to do so.
Processing of personal data in user account
You have the option to create a user account on our web pages. Here you can choose to register your name, address, interests and other information to simplify future booking processes. These data are collected from you.
The information you provide will be stored with your booking data and purchase history. We will use these data to customise websites and the app to your needs, and also to personalise your hotel stay with us. The lawful basis for our use of the data is fulfilling our contractual obligations to you.
Processing of personal data for development, troubleshooting and security
We will process data including personal data to troubleshoot and rectify errors, improve our services and the technology we use, and to analyse usage and user behaviour. Moreover, we will process personal data to verify your identity, including in connection with your use of our digital services.
We anonymise data or compile statistics to the extent possible, but may also have to process personal data for development, troubleshooting, statistical and security purposes.
Other processing of personal data
In connection with competitions or other activities that you may participate in, we will process personal data such as name and contact information when this is necessary, for example to register entrants, and then to draw one or more winners. Wherever possible, we will state this explicitly when you take part in competitions or other activities.
If you contact our customer services or approach us with enquiries in some other way, we will process any personal data you provide where this is necessary to reply to and log your enquiry. The lawful basis for our use of the data is legitimate interests or fulfilling contractual obligations to you or replying to your enquiries.
In addition to the processing described in our privacy statement or based on your consent, we will in some cases have to or be able to process personal data when required or permitted to do so by current legislation, including the Norwegian Personal Data Act and GDPR, regulatory requirements or court orders.
Processing of personal data on our suppliers, corporate customers and industry contacts
We process information on contact persons for our suppliers, corporate customers, business partners, participants in our industry-facing events and other economic operators. We do this to be able to work effectively, enter into and manage contracts, run our business, and develop our business and professional network. Such data typically comprise name, contact information, position, company, expertise, business interests and participation in our industry-facing events, or previously demonstrated interest in us and our employees.
We store such data for as long as we consider the person to be a business contact for us.
We do this on the lawful basis of legitimate interests.
Passing on personal data and legally required processing
We do not pass on your personal data to third parties, unless you have given your consent to this or unless current legislation, including the Norwegian Personal Data Act and GDPR, regulatory requirements or court orders permit or require us to do so.
As a matter of form, we state that our use of data processors to process data on our behalf does not count as passing on data.
Passing on information to third parties
We may share your personal data with third parties for the following purposes:
To process your reservations and bookings, and fulfil your travel arrangements and purchases, we have to share your personal data with our hotels and other companies involved in helping with your travel arrangements.
We use third parties to deliver our services, for example IT providers, providers of social networks, marketing agencies, credit and debit card companies, and providers of anti-fraud checking services. All such third parties must have adequate measures in place to protect your personal data and only process them in accordance with our instructions.
Obtaining personal data from others
To ensure that we hold correct information on you, we may check your data against other sources such as telephone directories, the national population register, etc. In some cases, it may be relevant to credit-check our conference and meeting customers, which involves obtaining credit data from other sources. We obtain demographic information such as age, gender and language from other sources. We obtain information from our business partners when this is lawful and necessary to provide you with services and communication.
Transferring data abroad
We use several data processors to be able to deliver our services to you. Our biggest data processor is our booking system, Sabre Hospitality Solutions, which is a global provider of hotel booking solutions.
This means that personal data relating to accommodation bookings are processed in the US. Such transfer is based on the EU model contract for transfer of personal data from us as the data controller in Europe to the data processor in the US.
Cookies
We use cookies to improve the user experience on our web pages.
A cookie is a small text-based data file that is placed on your device (e.g. smart phone, computer or tablet). The cookie helps to recognise the type of content and the pages you visit on our website. Information stored using a cookie may include how you use the website, what type of web browser you use and which web pages you have visited. A permanent cookie remains on your device for a specific period of time. A session cookie is stored temporarily in your device’s memory while you are browsing our web pages. The session cookie disappears when you close your browser. We use both permanent and session cookies. De Historiske may also use a third party’s cookies.
If you do not want our web pages to place cookies on your device, you can turn off cookies in your browser. If you turn off cookies, the functionality of our web pages will be reduced.
How is the information stored?
Information obtained via our web pages and email is stored in our Synxis booking system, the Hubspot CRM system and our marketing automation system, which is used for automated marketing communications.
Your personal data will be retained for as long as is necessary for the purposes described in these privacy guidelines or for as long as is necessary to comply with statutory obligations or resolve any disagreements.
Your rights
As an individual, you have several rights under the General Data Protection Regulation.
You have the right of access to and rectification or erasure of the personal data we process on you. You also have the right to restrict processing and to object to the processing, and the right to data portability.
If you wish to have access to our processing of your personal data, you can send an email to [email protected]. We will reply to your enquiry as soon as possible, and within 30 days at the latest.
We will ask you to confirm your identity or ask you to provide additional information before we allow you to exercise your rights with regard to our processing of your data. We have to do this to satisfy ourselves that we are only giving access to your personal data to you – and not to someone pretending to be you.
If you consider we have processed your personal data in a way that does not comply with what we have set out here or that we are otherwise in breach of data protection legislation, you may complain either to the Norwegian Data Protection Authority or the supervisory authority of the country where the hotel you stayed/are staying in is located.
You can find contact information on the English pages of the Norwegian Data Protection Authority’s website: www.datatilsynet.no/en/.
Contact information
De Historiske Hotel & Spisesteder
Telephone: +47 55 31 67 60
Email: [email protected]
Office address: Starvhusgaten 2b, Bergen, Norway
Postal address: Box 196 Sentrum, 5804 Bergen, Norway