With this policy Severin aims to provide a clear overall picture of how Severin handles your personal data.
GDPR DATA CONTROLLER
Severin runs conference and hotel in Middelfart, Denmark.
Severin is the Data Controller.
Severins contact information is:
Att.: Tina Pedersen
Severin handles all personal data in accordance with existing laws.
As a hotel company, Severin provides a wide range of services. Each service has its own particular terms and conditions.
When, upon booking one or more of these services, you submit your personal information to Severin, you also give Severin consent to process your personal information.
How does Severin gather personal information?
Severin gathers personal information in the following ways:
- When you choose to purchase and/or request one of Severins services.
- From persons acting on your behalf.
- On the B2B market. For example, in a sales situation, in which you request a quote for one of Severins services and/or request a cooperative agreement.
- Via browser cookies.
- When subscribing to Severins newsletter.
- From social media, advertising and analysis providers and public registers.
- Via TV surveillance.
At all times the gathering and processing of personal information will be implemented in accordance with the law.
TV surveillance is installed as a precautionary measure to create a sense of security for our employees and guests.
The surveillance is situated at the hotel’s bar and restaurant.
What information does Severin gather?
The personal information that Severin gathers includes the following:
- Name, address, telephone number, email address, date of birth and other common personal data.
- Credit card details – for example, as a guarantee for your reservation.
- Demographic information.
- Purchase history.
- Feedback via our customer surveys.
- Feedback via physical and online-based competitions.
- Feedback on social media and other digital platforms.
- Browser information.
- Information about your company and relevant contact people.
If you wish, you can choose to provide Severin with personal information other than common personal data, which you consider may be significant for security reasons and/or to enable Severin to customise a service especially for you.
This might be information about:
- Special food preferences
- Medical condition
If you make this choice, Severin will also regard this as consent to their recording and storing these sensitive details in your profile.
In certain cases, in addition to receiving information from you, Severin will supplement our information with data, which we have received from a third party: for example, a group manager or a business partner.
In these cases, the third party is required to inform the guests involved about Severins terms and conditions and existing Personal Data Policy. The third party is also required to obtain the necessary consent for the recording and processing of any sensitive information.
What is the purpose of gathering personal information?
Severin only gathers personal information that is necessary for the purpose described in the individual terms and conditions for the services in question and in this Personal Data Policy.
It is the individual services that determine the personal information, which Severin gathers, and the reason for gathering it.
Severins reason for gathering personal information may be one or more of the following:
- Processing your reservations and purchase of Severins services.
- Contact with you before, during or after your stay.
- Compliance with your request about services.
- Improvement and development of Severins services.
- Administration of your relationship with Severin.
- Compliance with legal requirements.
The legal basis for processing:
Below we account for the legal basis for Severins processing of your personal data.
For example, Severin can process your personal information because it is necessary for the performance of a contract, to which you are party. This could, for instance, be in the context of a hotel stay, the organisation of a meeting and/or cooperative agreements.
Severin can also process your personal information in order to take certain actions and/or make preparations at your request prior to entering into a contract.
Processing can also take place if it is necessary for the purpose of the legitimate interests pursued by Severn, except where such interests are overridden by your interest.
Legitimate interests pursued by Severin can include statistics and customer surveys.
If you inform Severin about special preferences and interests such as health information, disability, religious belief or the like, Severin will use the information to customise the service in question in accordance with your instructions and your stay with Severin as a whole.
In certain cases Severin will receive personal information from a third party: for example, in the context of a group reservation and/or the individual stay of a third party – an assistant, for instance.
In these cases, the person responsible for the group and/or reservation is obliged to inform the guests involved about Severins terms and conditions and this Personal Data Policy.
Severin is also legally obliged to process your personal information. This is the case, for example, in the context of guest registration at check-in, for which the law prescribes which personal data Severin is obliged to register.
In accordance with the EU General Data Protection Regulation, you have a number of rights.
These rights are as follows:
- The right of access:
You have the right to obtain a copy of the personal data, that Severin process about you, as well as other supplementary information. Access may be limited to protect other people’s private lives, trade secrets and/or intellectual property rights.
- The right to rectification:
You have the right to have the personal data that Severin has registered about you rectified and/or updated.
- The right to erasure:
You have the right to have your personal data erased. If you wish to have your personal data deleted, Severin will delete all the personal data, which Severin is not legally obliged to store.
- The right to restrict processing:
You have the right to restrict the processing of your personal data in certain circumstances.
- The right to data portability:
You have the right to receive your personal data in a structured, commonly used and machine readable format to move to another supplier. It only applies to the personal data that you have provided Severin with and that Severin process based on your consent or Severins fulfilment of an agreement with you.
- The right to object:
You have the right to object to the processing of your personal data. The right to object only applies in certain circumstances. Whether it applies depends on Severins purposes for processing as well as the lawful basis for processing.
- Withdrawal of consent:
If the processing of personal data is based on your consent, you have the right to withdraw that consent. This means that the processing will then be discontinued, unless Severin is legally obliged to process that personal data.
If you would like to use your rights, please send your request by e-mail to firstname.lastname@example.org
Severin will respond to all such requests within 1 month of the receipt of the request, unless the request is complicated, in which event Severin may take up to 3 months to respond.
Severin will inform you, if we expect the response to take longer than 1 month. In addition Severin will not respond to any request unless we are able to verify your identity. In that case, Severin might ask you to send a copy of e.g. your driver’s license or your passport.
You can also contact Severin at email@example.com, if you think that the processing of your personal data breaches the law or other legal obligations.
Severin can reject requests, which: are unreasonably repetitive; require disproportionate technical action (for example, the development of a new system or substantial changes to an existing practice); affect the protection of other people’s personal information; entail situations, in which the desired action may be considered excessively complicated (for example, requests for information that exists only as security copies).
If you apply for a job at Severin
When you apply for a job with Severin, we process the information, which you have submitted to Severin in the context of your application.
This usually entails: regular personal information such as name, address, telephone number and email address; information about your educational background; and information about current and previous employment.
In the context of the recruitment process Severin can ask for a copy of criminal record and/or obtain references from previous employers. In both cases Severin obtains consent from the applicants.
Only relevant manager and the CEO have personal passwords to access your information.
If you are employed in Severin, your data will be filed in accordance with Severins Personal Data Policy for staff, which you can find in our planningsystem.
Applications from candidates, who are not employed, are usually filed for 6 months after the date of the rejection.
In certain cases Severin may also disclose your personal data, if the law, a court order or applicable legislation requires this.
Severin protects your personal data in accordance with the provisions described in chapter 10 of this Personal Data Policy.
If you want access to the information, which Severin processes about you, either in connection with updating your information or because you wish to delete your information, you can email firstname.lastname@example.org or by phoning them on (+45) 21440430.
At any time you can object to the further processing of your personal information.
The secure storage and sharing of your personal data:
Severin protects your personal information and has adopted internal rules for information security, which contain instructions and precautionary measures to protect your personal information from unauthorised publication and from unauthorised persons gaining access to, or knowledge of it.
Severin has procedures in place for the sharing of access rights with those of our staff who process sensitive personal data and data that reveals information about your personal interests and habits.
Severin controls their actual access through logging and monitoring.
In the event of a security breach that results in a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant inconvenience for you, Severin will notify you of the security breach as soon as possible.
Severins security procedures are regularly revised on the basis of the latest technological development.
In order to provide the highest level of service, Severin shares selected personal information, for example at your request, with external providers such as restaurants, hotels etc.
In addition Severin shares and discloses your personal information internally in the group. The purpose of sharing is to be able to provide you with the very best service.
In certain cases, Severin may also be obliged to disclose personal information in accordance with legislation or on the basis of a ruling from a public authority.
Severin deletes your personal information, when we have no further legal obligation to store the information, or when there is no longer any reason to process it.
If you have any questions, comments or complaints about Severins processing of personal information, please write a letter or send an e-mail to:
Att.: Tina Pedersen
Should this not clarify the matter, you can then register a complaint with the Danish Data Protection Agency.
You can find the current contact address on www.datatilsynet.dk.
Any changes to the Personal Data Policy will be announced with the publication of new terms and conditions on Severins website.
You can see the date of the last revision of the Policy below.