Personal Data Policy - General

Personal data policy on the processing of guest, customer and supplier data

BC Hospitality Group A/S, which comprises the following companies:
BC Hospitality Group A/S, CBR no. 37 93 98 38, and
Crowne Plaza Copenhagen Towers A/S, CBR no. 30 54 80 43, and the hotels Copenhagen Marriott and AC Bella Sky Copenhagen By Marriott.

1. Data controller
BC Hospitality Group A/S is the data controller.
BC Hospitality Group A/S’s contact data:
INFO@BCHG.dk, Center Boulevard 5, 2300 Copenhagen S, Denmark, Att. Group Director of Marketing Morten Jensen.

BC Hospitality Group A/S handles all personal data in accordance with applicable personal data law. BC Hospitality Group A/S concludes agreements with guests, customers and suppliers on the delivery – purchase and sale – of various services and products.

When a guest/customer orders and purchases one or more of BC Hospitality Group A/S’s services, and, in connection with this purchase, provides their personal data to BC Hospitality Group A/S, the guest/customer/supplier also consents to the processing of their personal data by BC Hospitality Group A/S.
This same applies with regard to any personal data provided to BC Hospitality Group A/S by suppliers to BC Hospitality Group A/S in connection with the submission of offers or conclusion of agreements with BC Hospitality Group A/S.

2. BC Hospitality Group A/S’s collection of personal data
Personal data is collected by BC Hospitality Group A/S as follows:

• When a guest/customer – or a representative of theirs – chooses to obtain an offer and/or purchase services/products offered by BC Hospitality Group A/S, or when suppliers provide offers or sell products or services to BC Hospitality Group A/S.
• From the B2B market.
• Through browser cookies and web beacons.
• In connection with the use of BC Hospitality Group A/S’s digital services.
• Through participation in BC Hospitality Group A/S’s customer/loyalty programmes and through subscription to BC Hospitality Group A/S’s newsletter.
• From social media, advertising and analysis providers, and public records.
• Via video and television surveillance.
• When suppliers conclude agreements with BC Hospitality Group A/S or provide offers to BC Hospitality Group A/S.
The collection and processing of personal data, cf. the above, will always be performed in accordance with applicable personal data legislation.

Video surveillance installed at our entrances/exits, at cash registers and around particularly valuable equipment is part of criminal prevention activities and also serves to improve employees’ and guests’ sense of security.

3. Data collected by BC Hospitality Group A/S
BC Hospitality Group A/S collects the following personal data:

• Name, address, telephone number, e-mail address, date of birth and other common non-sensitive personal data.
• Payment card data – typically as a guarantee for a reservation and for payment for stays.
• Demographic data.
• Purchase history, including the use of BC Hospitality Group A/S apps and/or other digital services.
• The use of BC Hospitality Group A/S’s customer/loyalty programmes.
• Data from BC Hospitality Group A/S’s customer surveys.
• Data from competitions conducted by BC Hospitality Group A/S.
• Data from BC Hospitality Group A/S’s social media and other digital platforms belonging to BC Hospitality Group A/S.
• Browser data.
• Data about the guest’s/customer’s company and relevant contact persons.
• Data about suppliers’ companies and data about relevant and key contact persons, including key accounts.
A guest/customer/supplier can voluntarily and at their option provide BC Hospitality Group A/S with additional personal data that they deem of importance for BC Hospitality Group A/S’s servicing of them, or which they believe should be provided for safety/security reasons.

Examples of such data include:

• Disabilities
• Allergies
• Special food preferences
• Other health or medical data
If a guest/customer/supplier voluntarily and at their option chooses to provide such data, BC Hospitality Group A/S perceives this as consent to register and store this sensitive data regarding them.

In addition to the data that BC Hospitality Group A/S receives directly from guests/customers/suppliers, BC Hospitality Group A/S will in some cases collect or process additional data received by BC Hospitality Group A/S from third parties, e.g. a travel agency, another intermediary or an employee of the company at which the data subject is employed.

In such cases, the applicable third party is obliged to inform the applicable guests/customers/suppliers of BC Hospitality Group A/S’s terms and conditions, and BC Hospitality Group A/S’s personal data policy. It is also the applicable third party’s responsibility to ensure the required legal basis for the collection and processing of the applicable data, including collection of required consent for the processing of any sensitive data.

4. Payment with payment cards
BC Hospitality Group A/S uses DIBS www.dibs.dk (Nets), and 3Payments for redemption of payments with payment and credit cards. DIBS, 3Payments and BC Hospitality Group A/S are all approved and certified by Pengeinstitutternes Betalingssystem (www.pbs.dk).

In connection with orders and bookings, BC Hospitality Group A/S stores the data provided by the guest/customer/supplier for a period of up to two years, after which the data is deleted.

Besides processing of the order, the data provided will only be used if, for example, a guest/customer/supplier contacts BC Hospitality Group A/S with a question, or if there are errors in the order.

5. What is the purpose of the collection and processing?
BC Hospitality Group A/S solely collects personal data necessary to fulfil the agreements concluded with guests/customers/suppliers on the delivery of services, e.g. an overnight stay or purchase/sale of products or services. The content of the individual agreement or the nature of the service determines which personal data is collected and processed by BC Hospitality Group A/S, as well as the purpose of the collection.

The purpose of collection and processing of personal data will primarily be:
• Processing of guest/customer booking and purchase of BC Hospitality Group A/S services.
• Processing of suppliers’ offers and the sale of products and services.
• Contact with the guest/customer before, during and after their stay.
• Fulfilment of the guest’s/customer’s request for an offer or purchase of services.
• Improvement and development of BC Hospitality Group A/S’s services.
• Adjustment of BC Hospitality Group A/S’s marketing and other communication.
• Analysis of guest/customer/supplier user behaviour and marketing to these groups.
• Adjustment of BC Hospitality Group A/S’s partners’ communication and marketing to guests/customers/suppliers.
• Administration of guest/customer/supplier relations with BC Hospitality Group A/S, including participation in BC Hospitality Group A/S’s customer/loyalty programme.
• Compliance with legal requirements, e.g. requirements to register overnight guests under the Danish Aliens Act and the Executive Order on Passports.

6. Legal basis for the processing
BC Hospitality Group A/S will typically process personal data because it is necessary to fulfil an agreement between BC Hospitality Group A/S and a guest/customer/supplier. For example, this may involve hotel stays, meetings and/or administration and fulfilment of cooperation and supplier agreements.

Furthermore, BC Hospitality Group A/S will process personal data in connection with booking prior to an overnight stay, meeting, event, conference, etc, and prior to the conclusion of supplier agreements.
In some cases, BC Hospitality Group A/S’s processing of personal data will occur in connection with BC Hospitality Group A/S pursuing a legitimate/objective interest that precedes the interests of the guest/customer/supplier (the data subject).

A legitimate interest may, for example, be the preparation of statistics, customer surveys, marketing and analysis of general guest/customer behaviour for the purpose of generally improving the guest/customer experience with BC Hospitality Group A/S and the quality of BC Hospitality Group A/S’s services and products.

If, in connection with a stay/visit at BC Hospitality Group A/S, a guest/customer provides data about special personal preferences or considerations, e.g. health data, disability, religious belief or the like, BC Hospitality Group A/S only uses this data to ensure consideration of the guest’s/customer’s personal preferences, health, etc.

In some cases, BC Hospitality Group A/S receives personal data from a third party, e.g. a travel agency, an agent or the like, including in connection with group bookings. In such cases, the applicable third party is required to inform the applicable guests/customers/suppliers of BC Hospitality Group A/S’s terms and conditions, and the contents of this personal data policy.

Furthermore, BC Hospitality Group A/S is required by law, cf. section 5 above, to register a range of data about overnight guests. This data must be stored for at least one year and not more than two years.

7. The data subject’s rights
Under the rules of the Personal Data Regulation, the data subjects (customers/guests/suppliers) have various rights.
• A data subject is entitled at all times to access the personal data processed by BC Hospitality Group A/S regarding the data subject.
• A data subject is entitled at all times to demand the correction and updating of personal data possessed by BC Hospitality Group A/S regarding the data subject.
• A data subject is entitled at all times to demand the deletion of personal data possessed by BC Hospitality Group A/S regarding the data subject. If a data subject requests deletion, all of the data that BC Hospitality Group A/S is not required by law to store will be deleted. In some cases, the deletion of the data subject’s data may mean that BC Hospitality Group A/S cannot fulfil concluded agreements or deliver certain services to the data subject.
If some of the data possessed by BC Hospitality Group A/S regarding the data subject is provided on the basis of the data subject’s consent, the data subject is at all times entitled to withdraw this consent, whereby the data will be deleted or no longer be used by BC Hospitality Group A/S. This does not apply to data which BC Hospitality Group A/S is required by law to store, cf. the section above.

However, the option of withdrawing consent, requesting deletion, etc may be limited as regards the protection of the privacy of others, trade secrets and intellectual property rights, and, for example, for the purpose of asserting potential legal claims.

The data subject may at all times request in writing that BC Hospitality Group A/S provide an overview and a copy of the personal data possessed by BC Hospitality Group A/S regarding the data subject.
A written request to this effect must be signed by the data subject and include the data subject’s name, address, telephone number and e-mail address.

The data subject may also contact BC Hospitality Group A/S if the data subject believes that their personal data is being processed in violation of the law or in violation of other legal obligations, e.g. this agreement/contract between the data subject and BC Hospitality Group A/S.
This written request must be sent to BC Hospitality Group A/S, see contact data in section 1 above.
After receipt of the data subject’s written request, BC Hospitality Group A/S will, as far as possible, send this data to the data subject’s mail address within one month.

If the data subject requests correction and/or deletion of their personal data, BC Hospitality Group A/S will assess whether the conditions for the request are met, and, if so, BC Hospitality Group A/S will perform changes or deletion as quickly as possible.

BC Hospitality Group A/S reserves the right to reject requests which are of a harassing repetitive nature, which require disproportionate technical measures (e.g. the development of a new IT system), which impact the protection of other data subjects’ personal data, or in other situations where it would be disproportionately resource-demanding or highly complicated to accommodate the request.

Security and sharing of personal data
BC Hospitality Group A/S protects the data subject’s personal data and has established guidelines protecting the data subject’s personal data from unauthorised disclosure and preventing unauthorised parties from gaining access to, or knowledge of, this data.

Only the persons/employees at BC Hospitality Group A/S who require the data subject’s personal data in connection with their job function have access to this data. BC Hospitality Group A/S performs continuous monitoring to prevent any unauthorised accessing of the data subjects’ personal data.

BC Hospitality Group A/S performs continuous backup of the registered personal data. In the event of a security breach where there is a high risk of abuse of the data subjects’ personal data, including, for example, identity theft, financial loss, damage to reputation or other forms of misuse, BC Hospitality Group A/S will notify the data subjects of the security breach as quickly as possible.
BC Hospitality Group A/S’s security procedures are continuously reviewed and updated in relation to technological developments.

BC Hospitality Group A/S utilises a number of external suppliers of IT services, IT systems, payment solutions, etc. BC Hospitality Group A/S regularly concludes data processor agreements with all of BC Hospitality Group A/S’s suppliers, ensuring that external data processors maintain a required and high level of protection of the data subjects’ personal data.

To fulfil agreements with the data subjects and to accommodate the needs of guests and customers, BC Hospitality Group A/S shares selected personal data with external suppliers, such as restaurants, hotels, etc. This is done either in connection with overbooking at the hotels, or, for example, the guest’s request for booking at a restaurant.

BC Hospitality Group A/S also shares and transfers the data subjects’ personal data internally in the Group, including to affiliated companies. The purpose of this sharing is to give the guest/customer the best possible service, regardless of the hotel or division of BC Hospitality Group A/S with which the guest/customer is in contact.

In some cases, BC Hospitality Group A/S is required by law or by the order of a public authority to transfer personal data.

BC Hospitality Group A/S deletes your personal data when BC Hospitality Group A/S’s legal obligation ceases, or when the purpose of collecting and processing the data is no longer present. As a general rule, financial data is stored for five years, and other data for two years after the last visit.

10. Cookies
BC Hospitality Group A/S uses cookies. A cookie is a small text file which the browser stores on your computer. It is not a program and cannot contain a virus.

We use cookies for:
Personal settings and website functionality: For instance in a contact form. The next time you complete the form, the cookie will make it easier for you, e.g. by suggesting your name, address or e-mail address when you start typing. We cannot see this cookie.

Simple statistics: So we can improve the website. These cookies tell us which pages have been visited most, whether your computer has visited us before (based on the IP address), your browser and screen resolution, etc.
Targeted marketing: To display ads based on your behaviour on our and other websites. In some cases where you are logged in with your email address, your behaviour across BC Hospitality Group’s websites may be tracked.

When clicking on functions that navigate to other websites (e.g. social media), BC Hospitality Group is not responsible for, and cannot control, which cookies are used.
In your browser you can delete cookies, block cookies, or set the browser to request your permission to accept cookies. See how to do this in various browsers at http://minecookies.org/

11. Complaints
Complaints regarding BC Hospitality Group A/S’s processing of personal data can be directed to the Danish Data Protection Agency, BORGERGADE 28, 5, DK-1300 COPENHAGEN K, DENMARK, TELEPHONE (+45) 3319 3200 - E-MAIL dt@datatilsynet.dk

12. Updates
Changes and adjustments to this policy will be added on a continuous basis.