Personal Data Policy on the processing of guest, customer and supplier data for Hotel Oasia

Hotel Oasia, CVR no. 42 50 65 75.

1. Data controller

Hotel Oasia is the data controller.

Hotel Oasia’s contact data:

mail@hoteloasia.dk

Krieggersvej 27-31

8000  Aarhus

Denmark

Hotel Oasia handles all personal data in accordance with applicable personal data law. Hotel Oasia concludes agreements with guests, customers and suppliers on the delivery – purchase and sale – of various services and products.

When a guest/customer orders and purchases one or more of Hotel Oasia’s services, and, in connection with this purchase, provides their personal data to Hotel Oasia, the guest/customer/supplier also consents to the processing of their personal data by Hotel Oasia.

This same applies with regard to any personal data provided to Hotel Oasia by suppliers to Hotel Oasia in connection with the submission of offers or conclusion of agreements with Hotel Oasia.

2. Hotel Oasia’s collection of personal data

Personal data is collected by Hotel Oasia as follows:

  • When a guest/customer – or a representative of theirs – chooses to obtain an offer and/or purchase services/products offered by Hotel Oasia, or when suppliers provide offers or sell products or services to Hotel Oasia.
  • From the B2B market.
  • Through browser cookies and web beacons.
  • In connection with the use of Hotel Oasia’s digital services.
  • Through participation in Hotel Oasia’s customer/loyalty programmes and through subscription to Hotel Oasia’s newsletter.
  • From social media, advertising and analysis providers, and public records.
  • Via video and television surveillance.
  • When suppliers conclude agreements with Hotel Oasia or provide offers to Hotel Oasia.

Update your preferences

You can update your preferences at any time here: https://booking.hoteloasia.com/oasia/hotel/gdpr-consent/

The preferences relate to:

  • Sign up for newsletter
  • Customer database

The collection and processing of personal data, cf. the above, will always be performed in accordance with applicable personal data legislation. 

Video surveillance installed at our entrances/exits, at cash registers and around particularly valuable equipment is part of criminal prevention activities and also serves to improve employees’ and guests’ sense of security.

3. Data collected by Hotel Oasia

Hotel Oasia collects the following personal data: 

  • Name, address, telephone number, e-mail address, date of birth and other common non-sensitive personal data.
  • Payment card data – typically as a guarantee for a reservation and for payment for stays.
  • Demographic data.
  • Purchase history, including the use of Hotel Oasia apps and/or other digital services.
  • The use of Hotel Oasia’s customer/loyalty programmes.
  • Data from Hotel Oasia’s customer surveys.
  • Data from competitions conducted by Hotel Oasia.
  • Data from Hotel Oasia’s social media and other digital platforms belonging to Hotel Oasia.
  • Browser data.
  • Data about the guest’s/customer’s company and relevant contact persons.
  • Data about suppliers’ companies and data about relevant and key contact persons, including key accounts.

A guest/customer/supplier can voluntarily and at their option provide Hotel Oasia with additional personal data that they deem of importance for Hotel Oasia’s servicing of them, or which they believe should be provided for safety/security reasons. 

Examples of such data include:

  • Disabilities
  • Allergies
  • Special food preferences
  • Other health or medical data

If a guest/customer/supplier voluntarily and at their option chooses to provide such data, Hotel Oasia perceives this as consent to register and store this sensitive data regarding them.

In addition to the data that Hotel Oasia receives directly from guests/customers/suppliers, Hotel Oasia will in some cases collect or process additional data received by Hotel Oasia from third parties, e.g. a travel agency, another intermediary or an employee of the company at which the data subject is employed.

In such cases, the applicable third party is obliged to inform the applicable guests/customers/suppliers of Hotel Oasia’s terms and conditions, and Hotel Oasia’s personal data policy. It is also the applicable third party’s responsibility to ensure the required legal basis for the collection and processing of the applicable data, including collection of required consent for the processing of any sensitive data.

4. Payment with payment cards  

Hotel Oasia uses DIBS www.dibs.dk (Nets), for payments for redemption of payments with payment and credit cards.  DIBS, and Hotel Oasia are all approved and certified by Pengeinstitutternes Betalingssystem (www.pbs.dk). 

In connection with orders and bookings, Hotel Oasia stores the data provided by the guest/customer/supplier for a period of up to two years, after which the data is deleted.

 Besides processing of the order, the data provided will only be used if, for example, a guest/customer/supplier contacts Hotel Oasia with a question, or if there are errors in the order.

5. What is the purpose of the collection and processing?

Hotel Oasia solely collects personal data necessary to fulfil the agreements concluded with guests/customers/suppliers on the delivery of services, e.g. an overnight stay or purchase/sale of products or services. The content of the individual agreement or the nature of the service determines which personal data is collected and processed by Hotel Oasia, as well as the purpose of the collection.

The purpose of collection and processing of personal data will primarily be:

  • Processing of guest/customer booking and purchase of Hotel Oasia services.
  • Processing of suppliers’ offers and the sale of products and services.
  • Contact with the guest/customer before, during and after their stay.
  • Fulfilment of the guest’s/customer’s request for an offer or purchase of services.
  • Improvement and development of Hotel Oasia’s services.
  • Adjustment of Hotel Oasia’s marketing and other communication.
  • Analysis of guest/customer/supplier user behaviour and marketing to these groups.
  • Adjustment of Hotel Oasia’s partners’ communication and marketing to guests/customers/suppliers.
  • Administration of guest/customer/supplier relations with Hotel Oasia, including participation in Hotel Oasia’s customer/loyalty programme.
  • Compliance with legal requirements, e.g. requirements to register overnight guests under the Danish Aliens Act and the Executive Order on Passports.

6. Legal basis for the processing

Hotel Oasia will typically process personal data because it is necessary to fulfil an agreement between Hotel Oasia and a guest/customer/supplier. For example, this may involve hotel stays, meetings and/or administration and fulfilment of cooperation and supplier agreements.

Furthermore, Hotel Oasia will process personal data in connection with booking prior to an overnight stay, meeting, event, conference, etc, and prior to the conclusion of supplier agreements.

In some cases, Hotel Oasia’s processing of personal data will occur in connection with Hotel Oasia pursuing a legitimate/objective interest that precedes the interests of the guest/customer/supplier (the data subject).

A legitimate interest may, for example, be the preparation of statistics, customer surveys, marketing and analysis of general guest/customer behaviour for the purpose of generally improving the guest/customer experience with Hotel Oasia and the quality of Hotel Oasia’s services and products. 

If, in connection with a stay/visit at Hotel Oasia, a guest/customer provides data about special personal preferences or considerations, e.g. health data, disability, religious belief or the like, Hotel Oasia only uses this data to ensure consideration of the guest’s/customer’s personal preferences, health, etc.

In some cases, Hotel Oasia receives personal data from a third party, e.g. a travel agency, an agent or the like, including in connection with group bookings. In such cases, the applicable third party is required to inform the applicable guests/customers/suppliers of Hotel Oasia’s terms and conditions, and the contents of this personal data policy.

Furthermore, Hotel Oasia is required by law, cf. section 5 above, to register a range of data about overnight guests. This data must be stored for at least one year and not more than two years. 

7. The data subject’s rights

Under the rules of the Personal Data Regulation, the data subjects (customers/guests/suppliers) have various rights.

  • A data subject is entitled at all times to access the personal data processed by Hotel Oasia regarding the data subject.
  • A data subject is entitled at all times to demand the correction and updating of personal data possessed by Hotel Oasia regarding the data subject.
  • A data subject is entitled at all times to demand the deletion of personal data possessed by Hotel Oasia regarding the data subject. If a data subject requests deletion, all of the data that Hotel Oasia is not required by law to store will be deleted. In some cases, the deletion of the data subject’s data may mean that Hotel Oasia cannot fulfil concluded agreements or deliver certain services to the data subject.

If some of the data possessed by Hotel Oasia regarding the data subject is provided on the basis of the data subject’s consent, the data subject is at all times entitled to withdraw this consent, whereby the data will be deleted or no longer be used by Hotel Oasia. This does not apply to data which Hotel Oasia is required by law to store, cf. the section above.

However, the option of withdrawing consent, requesting deletion, etc may be limited as regards the protection of the privacy of others, trade secrets and intellectual property rights, and, for example, for the purpose of asserting potential legal claims.

The data subject may at all times request in writing that Hotel Oasia provide an overview and a copy of the personal data possessed by Hotel Oasia regarding the data subject.

A written request to this effect must be signed by the data subject and include the data subject’s name, address, telephone number and e-mail address.

The data subject may also contact Hotel Oasia if the data subject believes that their personal data is being processed in violation of the law or in violation of other legal obligations, e.g. this agreement/contract between the data subject and Hotel Oasia.

This written request must be sent to Hotel Oasia, see contact data in section 1 above.

After receipt of the data subject’s written request, Hotel Oasia will, as far as possible, send this data to the data subject’s mail address within one month.

If the data subject requests correction and/or deletion of their personal data, Hotel Oasia will assess whether the conditions for the request are met, and, if so, Hotel Oasia will perform changes or deletion as quickly as possible.

Hotel Oasia reserves the right to reject requests which are of a harassing repetitive nature, which require disproportionate technical measures (e.g. the development of a new IT system), which impact the protection of other data subjects’ personal data, or in other situations where it would be disproportionately resource-demanding or highly complicated to accommodate the request.

 

8. Security and sharing of personal data

Hotel Oasia protects the data subject’s personal data and has established guidelines protecting the data subject’s personal data from unauthorised disclosure and preventing unauthorised parties from gaining access to, or knowledge of, this data.

Only the persons/employees at Hotel Oasia who require the data subject’s personal data in connection with their job function have access to this data. Hotel Oasia performs continuous monitoring to prevent any unauthorised accessing of the data subjects’ personal data.

Hotel Oasia performs continuous backup of the registered personal data. In the event of a security breach where there is a high risk of abuse of the data subjects’ personal data, including, for example, identity theft, financial loss, damage to reputation or other forms of misuse, Hotel Oasia will notify the data subjects of the security breach as quickly as possible.

Hotel Oasia’s security procedures are continuously reviewed and updated in relation to technological developments.

Hotel Oasia utilises a number of external suppliers of IT services, IT systems, payment solutions, etc. Hotel Oasia regularly concludes data processor agreements with all of Hotel Oasia’s suppliers, ensuring that external data processors maintain a required and high level of protection of the data subjects’ personal data.

To fulfil agreements with the data subjects and to accommodate the needs of guests and customers, Hotel Oasia shares selected personal data with external suppliers, such as restaurants, hotels, etc. This is done either in connection with overbooking at the hotels, or, for example, the guest’s request for booking at a restaurant.

Hotel Oasia also shares and transfers the data subjects’ personal data internally in the Group, including to affiliated companies. The purpose of this sharing is to give the guest/customer the best possible service, regardless of the hotel or division of Hotel Oasia with which the guest/customer is in contact.

In some cases, Hotel Oasia is required by law or by the order of a public authority to transfer personal data.

Hotel Oasia deletes your personal data when Hotel Oasia’s legal obligation ceases, or when the purpose of collecting and processing the data is no longer present. As a general rule, financial data is stored for five years, and other data for two years after the last visit.

 

9. Cookies

Cookies are necessary for the website to function, but they also provides information about how you use our website, so that we can optimize the page and adapt our marketing with relevant content. Hotel Oasia primarily uses the collected knowledge to ensure statistics, functionality and settings as well as for optimizing the page and its content, so that you as a visitor find the information you need from us as quickly and easily as possible. If you log in or shop with us, we also use cookies to ensure the technical implementation of booking and processing. Cookies are used secondarily to target marketing to you and measure the effectiveness of our marketing. Your information will only be shared with third parties where a Data Processing Agreement has been signed.

Necessary cookies to enable basic functions:
Active: Yes
First-party cookies: Microsoft, ASP.NET, Cookie Information

Function cookies to provide the user experience on hoteloasia.dk:
Active: Yes
First-party cookies: WordPress

User statistics:
Active: Yes
Cookies: Google Analytics, Sleeknote

Targeted marketing:
Active: Yes
Cookies: Google Ads, Microsoft Bing Ads, Facebook, LinkedIn, YouTube, Sleeknote, Pinterest, Snapchat, Drip

Delivery of personalized content, newsletters and service:
Active: Yes
Cookies: Drip, Sleeknote

Hotel Oasia uses the technology from cookieinformation.com to provide a comprehensive overview of the cookies used on www.hoteloasia.dk, as well as to ensure the user’s consent when interacting with the site. Google, Facebook and LinkedIn

On this website, we use cookies to collect information about the users’ movements, which is processed in Google Analytics. User and event data for the use of Google Analytics are stored for 50 months and reset upon new activity. 

When you visit hoteloasia.com, your visit is shared with Google so that we can create statistics and improve our website, measure the effectiveness of our marketing and to target ads to you via Google Ads. We also share information about your use of our website with Facebook and LinkedIn. If you are signed up to Hotel Oasia’s newsletter, we can use the provided e-mail for Facebook and LinkedIn advertising. Google, Facebook and LinkedIn can combine the collected data with other information you have given them or that they have collected from your use of their services.

Newsletter

When you sign up for our newsletter, we collect your name and email to send you offers and news about our products. We use the Drip system to send out newsletters and to create statistics for opening and click rates. Drip is used in combination with the Sleeknote system to collect email addresses and to create personalized statistics for interactions with pages on hoteloasia.dk. The statistics can be used to segment, target, automate and personalize campaigns. Tracking lasts up to 1 year and is renewed with each visit to the website. For marketing purposes, Hotel Oasia may use your personal information when acceptance and consent have been given. This includes, for example, invitations, offers and news communicated by SMS, email or otherwise. You are responsible for ensuring that your personal information is up-to-date, and you can always contact the hotel to have the information deleted or changed. Your information is stored in Drip’s marketing database, and is processed according to the rules of the Personal Data Regulation. Membership is free and non-binding. Cookies are used to collect digital information about your visit in order to personalize and target messages on the website, the Internet and in newsletters. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the newsletters you receive from us, or by sending an e-mail to mail@hoteloasia.dk.

Images

Video is recorded or pictures are taken (mood pictures) in connection with events organized by Hotel Oasia. Video and pictures can be shown on hoteloasia.dk, in newsletters and on the company’s Facebook and LinkedIn pages. Video and images are used for marketing similar events. If people appear in pictures and videos, consent is always obtained from the participants.

10. Complaints

Complaints regarding Hotel Oasia’s processing of personal data can be directed to the Danish Data Protection Agency, BORGERGADE 28, 5, DK-1300 COPENHAGEN K, DENMARK, TELEPHONE (+45) 3319 3200 – E-MAIL dt@datatilsynet.dk

11. Updates

Changes and adjustments to this policy will be added on a continuous basis.