Data Protection Policy and Cookie Policy – Arp-Hansen Hotel Group A/S
Processing of personal data
Updated 1. July 2024
As a natural part of Arp-Hansen Hotel Group A/S's ("Arp-Hansen Hotel Group") activities and marketing of Arp-Hansen, including Arp-Hansen Hotel Group's hotels and hostels ("hotels"), personal data on our guests and visitors on our websites will be processed. The policy of Arp-Hansen Hotel Group is that such processing of personal data must be transparent. Consequently, this policy describes how Arp-Hansen Hotel Group processes the personal data which is collected in connection with your stay at a hotel within Arp-Hansen Hotel Group and when using our hotel websites, including www.arp-hansen.com.
1. Data controller
Arp-Hansen Hotel Group A/S, Central Business Register no. (CVR no.) 54399219, Nybrovej 75, 2820 Gentofte, Denmark, is the data controller in relation to the collection and processing of personal data described in this policy.
2. Collection of personal data
Arp-Hansen Hotel Group collects and processes personal data on you in connection with your visit to Arp-Hansen Hotel Group's hotels and restaurants and when you use our websites and register to receive our newsletters. You will at all times receive notification of the collection of your personal data. Such personal data includes name, address, email address, telephone number, date of birth, credit information as well as information on your stay with Arp-Hansen Hotel Group, your preferences, consumption, etc.
In connection with the provision of data, it will always be indicated whether such provision is voluntary or is necessary for the completion of the required act, such as booking of hotel accommodation.
The personal data is generally collected directly from you, but we may also receive information from other sources, including independent providers of booking services.
3. Why does Arp-Hansen Hotel Group process your personal data?
Arp-Hansen Hotel Group processes your personal data for the following purposes:
Booking of hotel accommodation or restaurant visits
In order to complete the booking of hotel accommodation or restaurant visits, we process your personal data to 1) process your inquiry and verify availability, 2) complete the booking and 3) send you a receipt.
In this connection we may process information on, for instance, your name, email address, telephone number, information about accompanying guests as well as arrival and departure dates.
When booking accommodation or restaurant visits on our websites, your credit card information will be processed by our payment provider.
The basis of the processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR) since the processing of the personal data is required in order to perform the agreement with you. Personal data on any accompanying guests is processed on the basis of our legitimate interest in performing the agreement with you, see Article 6(1)(f) of the GDPR.
Stays with Arp-Hansen Hotel Group
Arp-Hansen Hotel Group processes and stores your personal data in connection with your stay at our hotels and offers you the services you may have ordered. The basis of our processing is the performance of the agreement on your stay, cf. the above.
As for all other services, we will collect and process your personal data on the basis of our legitimate interest in giving you the best experience during your stay with Arp-Hansen Hotel Group and the best possible services in connection with any future stays, see Article 6(1)(f) of the GDPR.
In certain cases, we are under an obligation to request that you show ID in the form of passport or the like for identification purposes. We process the personal data on the basis of Article 6(1)(c) of the GDPR since we are legally obliged to effect such processing.
Digital Guest
You may obtain relevant information on your hotel stay, including information on reception desk and restaurant opening hours, WiFi code, routing information, etc., in our web-based app, Digital Guest.
If you use Digital Guest, we may process personal data on your name, telephone number, email address, room number, date of arrival, information on your orders as well as input for our visitors' book.
The basis of the processing is Article 6(1)(b) of the GDPR since the processing takes place in order to perform the agreement with you on the delivery of the services made available in Digital Guest as well as our legitimate interest in giving you the best experience during your stay at Arp-Hansen Hotel Group hotels, see Article 6(1)(f) of the GDPR.
Customer satisfaction surveys
If you have provided us with your email address in connection with your booking of a stay with Arp-Hansen Hotel Group, we will in certain circumstances send you an email following your stay containing a link to a customer satisfaction survey. This processing is based on the balancing of interests rule laid down in Article 6(1)(f) of the GDPR, as we have a legitimate interest in improving our services.
Marketing and newsletters
If you have given your prior consent, Arp-Hansen Hotel Group will process your personal data for the dispatch of emails and newsletters from Arp-Hansen Hotel Group, including, among other things, current membership benefits and offers, information on events and Arp-Hansen Hotel Group discounts. If, at some point in time, you do not wish to receive such emails and newsletters, you may request to be removed from the mailing list by sending an email to info@arp-hansen.dk or by using the unsubscribe link at the bottom of the newsletter. The legal basis of the processing is your consent, see Article 6(1)(a) of the GDPR.
We use Facebook pixels to collect your website behaviour data. The purpose of collecting data is to target our Facebook marketing for the visitors on our website who also have a Facebook profile. This also applies to Instragram and LinkedIn. The processing of such data takes place on the basis of Arp-Hansen Hotel Group's legitimate interest in showing you relevant offers and news, see Article 6(1)(f) of the GDPR.
Video surveillance
Arp-Hansen Hotel Group monitors our premises by video surveillance. Signs have been put up in the areas which are subject to video surveillance.
The recordings will be reviewed only in the event of suspicion of criminal activities, violation of our guidelines or with a view to settling any disputes or security-related incidents. Only particularly trusted employees with Arp-Hansen Hotel Group have access to such video recordings.
Video surveillance takes place on the basis of Arp-Hansen Hotel Group's legitimate interest in preventing crime as well as guaranteeing the safety of our guests, see Article 6(1)(f) of the GDPR and s. 8(3) of the Danish Data Protection Act (databeskyttelsesloven).
The recordings may be disclosed to the police for the purpose of preventing or investigating crime, provided that the purpose is to safeguard public or private interests which clearly override the regard for the interests justifying confidentiality, see s. 8(4) of the Data Protection Act, including if such presentation of data is otherwise subject to statutory requirements. If presentation of the recordings is required for purposes other than the above, we will ask for your consent to such presentation if you are included in the recordings.
Whistleblowing scheme
Suspicion of misconduct and violations of applicable law or internal guidelines may be reported via our whistleblowing scheme.
When a reporting is made, we will process personal data on the data subjects being part of the reporting (meaning the reporting party, the reported person and other third parties involved) with a view to handling and investigating the report.
If you report a suspected violation, such a report will remain confidential and anonymous at your discretion. In all circumstances, you should, however, state an email address at which you may be contacted since we may need to collect additional information on the violation in order to handle the matter properly.
We may process the following personal data on the reported person: Name, position, contact details and reported information, including a description of the suspected violation.
The following personal data may be processed on other third parties mentioned in the report: Name, position, contact details and reported information.
We process the personal data based on our legitimate interest in investigating any reported incidents, see Article 6(1)(f) of the GDPR. Since it will become mandatory as at 17 December 2021 for Arp-Hansen Hotel Group to have a whistleblowing scheme, the personal data will then be processed to fulfil our legal obligation, see Article 6(1)(c) of the GDPR.
Customer inquiries and communication
When you contact one of Arp-Hansen Hotel Group's hotels or otherwise communicate with Arp-Hansen Hotel Group, we collect and process the data given by you with a view to processing your inquiries. We urge you not to provide us with sensitive personal data, unless such sensitive personal data is strictly required for the processing of your inquiry. In such event, the sensitive personal data should be forwarded in highly encrypted format only if forwarded by email.
Our basis for such processing depends on the nature of your inquiry. The basis will, however, often be that the processing is required prior to the conclusion of an agreement, see Article 6(1)(b) of the GDPR, or our legitimate interest in handling your inquiry, see Article 6(1)(f) of the GDPR.
Use of website
Arp-Hansen Hotel Group has access to information on website visitors and the visitors' use of the website and its functionalities.
When you have visited Arp-Hansen Hotel Group's website, we collect the following information on you:
- The sites visited by you, when and how long you visited such sites
- User behaviour
- Browser type
- IP address
The said information will be used to gain knowledge about the users' use of the website and to improve the website. In addition, we use data on the navigation of all our users to be able to understand how our users as a total group use the website and, against this background, we attempt to improve the website. We cannot see where you come from or go to on the Internet when you leave our site. In addition, we collect information about which products our users as a total group prefer. This information is also used to improve the website.
The personal data collected is processed on the basis of the legitimate interest of Arp-Hansen Hotel Group in pursuing the aforesaid purposes, see Article 6(1)(f) of the GDPR.
Use of the app in one of Arp-Hansen Hotel Group's hotels
When you use Arp-Hansen Hotel Group's app offered to you in some of our hotels, we collect and process the following personal data on you:
- User behaviour
- IP address
- Which website you have visited prior to accessing the app
- Browser type, browser settings, browser configuration and plug-ins
- Date and time of use of the app
- Information on the unit you use to access the app, including which type of unit used, operating system, unit settings, application ID, unique unit identifiers and crash data
- Location
- Information on bookings at one of Arp-Hansen Hotel Group's hotels when you use the app to find your booking, including your last name, booking reference, date and time of check-in via the app
- Information on when you use the app to lock yourself into your room at one of Arp-Hansen Hotel Group's hotels as well as information on who you share the digital key to the room with via the app
- Booking information, including your name, address, country, email and telephone number, which type of room you book, date of your booked stay and payment information when you use the app to book a stay at one of Arp-Hansen Hotel Group's hotels.
The said information will be used to gain knowledge about the users' use of the app and to improve the app. We process data on your IP address, location and bookings at one of Arp-Hansen Hotel Group's hotels with a view to making the app functionalities available to you. In addition, we process booking information with a view to concluding an agreement with you on booking of a room at one of Arp-Hansen Hotel Group's hotels.
The personal data collected will generally be processed on the basis of Arp-Hansen Hotel Group's legitimate interest in pursuing the aforesaid purposes, see Article 6(1)(f) of the GDPR. The basis of the processing of booking information is that the processing is required for the conclusion of an agreement with you, see Article 6(1)(b) of the GDPR. We process data on your location only if you give your consent to this via the app, see Article 6(1)(a) of the GDPR.
Recruitment
If you seek employment with Arp-Hansen Hotel Group via our websites, we will collect the personal data on you provided by you in connection with the submission of your application, your CV and any attachments, etc., with a view to evaluating your application.
The legal basis for our processing of your personal data is your application for the conclusion of an employment contract with Arp-Hansen Hotel Group, see Article 6(1)(b) of the GDPR, as well as our legitimate interest in processing the personal data provided to us by you, see Article 6(1)(f) of the GDPR.
We recommend that you do not disclose any sensitive personal data in your application, such as personal data revealing racial or ethnic origin, religion, trade union membership, sexual orientation, health data, etc.
You will receive further information on our processing of your personal data during the recruitment procedure.
Other purposes
In addition to the aforesaid purposes, Arp-Hansen Hotel Group may also process your personal data with a view to complying with statutory requirements, see Article 6(1)(c) of the GDPR, or to establish, exercise or defend legal claims, see Article 6(1)(f) and Article 9(2)(f) of the GDPR.
Our website may contain links to other websites or to integrated websites. We are not responsible for the contents of the websites of other companies, nor for their practices regarding the collection of personal data. When you visit third-party websites, you should read the owners' policies on the protection of personal data and other relevant policies.
4. With whom does Arp-Hansen Hotel Group share your personal data?
In certain circumstances, Arp-Hansen Hotel Group will pass on your personal data to Arp-Hansen Hotel Group's suppliers delivering services on behalf of Arp-Hansen Hotel Group, for example, in connection with the delivery of the booking system, the Digital Guest solution, dispatch of newsletters, STAY&SAVE Reward programme, customer satisfaction surveys and recruitment services. Such suppliers process personal data only on behalf of Arp-Hansen Hotel Group and in accordance with Arp-Hansen Hotel Group's instructions and may not consequently process the personal data for their own purposes.
In certain circumstances and subject to law, it may be necessary to disclose personal data to the authorities, see Article 6(1)(c) of the GDPR. Personal data may also be disclosed if this is necessary to perform an agreement to which you are a party, for example, in connection with travel bookings. We may also disclose your personal data in order to establish, exercise or defend our legal rights, see Article 6(1)(f) and Article 9(2)(f) of the GDPR. In addition, we may disclose your personal data to external auditors to fulfil our statutory audit obligation, see Article 6(1)(c) of the GDPR.
In connection with the development of Arp-Hansen Hotel Group, the corporate structure may change, such as in the event of a sale of Arp-Hansen Hotel Group in whole or in part. In the event of a partial transfer of assets including personal data, the basis of processing incidental to the disclosure of personal data in question is, as a general rule, Article 6(1)(f) of the GDPR, since Arp-Hansen Hotel Group has a legitimate interest in transferring part of its assets as well as making commercial changes.
If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA, which have not implemented an adequate level of protection, such transfer will as a general rule be based on standard contractual provisions of the European Commission.
5. Withdrawal of consent
You may at all times withdraw any consent you may have given to Arp-Hansen Hotel Group. You withdrawing your consent, however, may result in us no longer being able to offer the same products and services to you. If you wish to withdraw your consent, you may contact us by email or telephone as stated below in paragraph 6.
Your consent to receive our newsletters may also be withdrawn by using the unsubscribe link directly in the newsletter.
Withdrawal of your consent does not affect the legality of the processing which is based on your consent prior to such withdrawal.
6. Your rights
You have a right to know which personal data Arp-Hansen Hotel Group processes on you and for which purposes such personal data is processed. You also have a right to object to the processing of your personal data, including a right of profiling and a right to demand rectification, erasure or blocking of personal data which is incorrect, misleading or otherwise processed in violation of statutory provisions or demand restriction of the processing.
In certain circumstances, you are also entitled to have the personal data which Arp-Hansen Hotel Group has recorded about you handed out in a structured, generally used and machine-readable format and have the said data transmitted to another data controller.
If you wish to exercise one of the said rights, you may contact:
Arp-Hansen Hotel Group A/S
Attn.: Henrik Ryssel Hansen
Nybrovej 75
2820 Gentofte
Denmark
Email: info@arp-hansen.dk
Tel.: +45 4597 0500
7. Security
Arp-Hansen Hotel Group sets great store by the confidentiality of all personal data, allowing such data to be processed only by employees who have received proper processing instructions in order to prevent that such data is destroyed or disclosed to any unauthorised third parties.
8. Storage of personal data
Arp-Hansen Hotel Group undertakes to ensure the required updating of the stored personal data to the effect that such data is at all times correct.
Your personal data will be deleted when it is no longer necessary for Arp-Hansen Hotel Group to process or store such data for the aforesaid purposes or for other legitimate purposes.
The personal data which we have registered on you in connection with visits to any Arp-Hansen Hotel Group restaurants will be stored by us for 380 days as from your most recent visit. Data on guests collected in connection with bookings and stays at Arp-Hansen Hotel Group's hotels will be stored for 380 days as from the most recent stay. Any personal data in the Digital Guest solution will, however, be deleted 7 (seven) days after the stay has ended. The storage periods have been determined on the basis of our legitimate interest in being able to offer customer services and handle any legal claims.
Any documentation of your consent under marketing law will be stored for 2 (two) years as from the date when you withdrew your consent to receive direct marketing material. The storage period has been determined on the basis of Arp-Hansen Hotel Group's legitimate interest in being able to document that direct marketing took place in accordance with applicable law.
Recordings from video surveillance for the purpose of preventing crime will be deleted or anonymised no later than 30 days after the recording took place, unless is it necessary for Arp-Hansen Hotel Group to store the recordings for the purpose of dealing with a specific dispute, for example in relation to solving crime or other illegal actions. Recordings from video surveillance for other purposes will be deleted when it no longer serves an objective purpose to store the data.
Any reports received via our whistleblowing scheme falling outside the scope of such scheme or otherwise proving to be unfounded will be deleted immediately after the manifestation thereof. Any reports being considered but not leading to any filing of a police report will be deleted 2 (two) months after the investigation has ended. If a report is filed with the police or other relevant authorities, the data will be deleted immediately after the matter has ended, unless the data is transferred to the personal folder of the reported employee. If so, such personal data will be deleted no later than 5 (five) years + 6 (six) months after termination of the employment.
Any personal data included in bookkeeping records will be stored for 5 (five) years + 6 (six) months as from expiry of the financial year at which time the data will be deleted. The storage period has been determined on the basis of the storage requirements laid down in s. 10 of the Danish Consolidated Bookkeeping Act (bogføringsloven) and, consequently, with a view to complying with applicable law.
Any personal data collected in connection with recruitment procedures will be stored for the duration of the recruitment procedure. If we cannot offer you employment, we will keep your application, CV and any attachments on file for a period of 6 (six) months after our rejection, unless you have given your consent to storage of your application for a longer period of time.
The personal data may, however, be stored for a period longer than stated above if such storage is required by law or if it is necessary in order to establish, exercise or defend a legal claim. The data may also be stored for a longer period of time when in anonymised form, meaning in a form in which it will no longer be possible to relate the information to you.
9. Links to other websites, etc.
Our website may contain links to other websites or to integrated websites. We are not responsible for the contents of the websites of other companies, nor for their practices regarding the collection of personal data. When you visit third-party websites, you should read the owners' policies on the protection of personal data and other relevant policies.
10. Contact
If you have any questions or if you wish to file a complaint against the processing of personal data, please contact Arp-Hansen Hotel Group by email or telephone as stated above. If your complaint is not dealt with by us and you wish to proceed with the matter, you may file a complaint with the Danish Data Protection Agency:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Denmark
Telephone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Cookie policy
We use cookies on our website www.tivolihotel.com in accordance with this cookie policy.
Owner information
Arp-Hansen Hotel Group A/S
Nybrovej 75
2820 Gentofte
Denmark
Central Business Register no. (CVR no.): 54 39 92 19
Telefon: +45 4597 0500
Email: sales@arp-hansen.dk