Personal data policy
Geschwendtner I/S operates the following under CBR no. 18 45 03 72:
- Munkebjerg Hotel
- Hotel Opus Horsens
- Vejle Center Hotel
- Treetop Restauranten
- Restaurant Børkop Vandmølle
In this personal data policy, the above are individually referred to as “Company”.
One of the Company’s overall objectives is to maintain the highest level of security for our guests, customers and employees. This is also true when it comes to the protection of personal data.
With this policy, the Company would like to map in a clear and transparent way how the Company processes your personal data.
1. Data controller
The Company is data controller.
The Company’s contact details are:
- firstname.lastname@example.org, attn. CFO
The company performs all processing of personal data in accordance with applicable legislation.
The Company delivers a wide range of services. Each service is subject to individual terms and conditions.
When you order one or more of these services, you give your personal data to the Company and you also give your consent that your personal data can be processed by the Company.
2. How does the Company collect personal data?
The company collects personal data as follows:
- When you choose to buy and/or request one of the Company’s services;
- From persons acting on your behalf;
- On the B2B market, for example, in a sales situation where a request is submitted for a quotation on one of the Company’s services and/or a cooperation agreement;
- Via browser cookies and web beacons;
- In connection with the use of the Company’s electronic services;
- When you subscribe to newsletters from the Company;
- From competitions and likes on social media, advertising and analysis suppliers as well as public registers;
- Via TV surveillance.
The collection of personal information and its processing will at all time comply with the law.
TV surveillance is set up as security precaution for employees and guests.
Surveillance will, in principle, take place at the Company’s entrance, parking lot, in guest and employee areas, at the front desk and bar as well as at goods delivery.
3. What data does the Company collect?
The Company collects the following personal data:
- Name, address, telephone number, email address and date of birth as well as other general person data;
- Credit card details – possibly as a guarantee for your reservation;
- Demographic data;
- Purchase history and other electronic services;
- Feedback via our customer surveys;
- Feedback on social media and other electronic platforms;
- Browser information.
You may choose to give the Company personal data in addition to the general personal data, which you consider important either for safety reasons and/or to allow the Company to customise the service specifically for you.
This can include, for example, details about:
- Special food preferences;
- Medical condition.
4. Online credit card purchases
The Company uses e-pay, Danish Internet Payment System (DIBS, www.dibs.dk), Nets and Teller in connection with your purchases of goods and credit card payments. All of the above are approved and certified by Teller.
Besides, to complete your order, the data you have provided will only be used if you e.g. contact us with questions or if there is an error in the order.
5. What is the purpose of data collection?
The Company collects only personal data that is necessary for the purposes described in the separate terms and conditions for the service in question as well as in this personal data policy.
It is each individual service that determines both what personal data the Company collects and the purpose of the collection.
The company’s objective with personal data collection may be one or more of the following:
- To process your reservations and purchases of Company services;
- To contact you before, during or after your stay;
- To fulfil your request for services;
- To improve and develop Company services;
- To customise Company communication and marketing to meet your needs;
- To analyse your user behaviour and for re-marketing purposes;
- To customise Company communication and marketing to meet your needs;
- To manage your relationship with the Company;
- To comply with regulatory requirements.
6. Legal grounds for the processing of personal data
The legal grounds on which the Company’s processing of your personal data is based are listed below.
The Company can, for example, process your personal data because it is necessary to fulfil a contract that you are party to. It can, for example, be in connection with a hotel stay, meeting arrangement and/or cooperation agreements.
Also, the Company can process your personal data in order to be able to complete certain actions and/or preparations at your request prior to entering into a contract.
Processing of personal data can also take place because the Company might be pursuing a legitimate interest, unless your interest has priority.
Legitimate interests pursued by the Company can include statistics, customer surveys, interest-based marketing and analysis of general user behaviour with i.e. the aim to improve your benefits, your experience and the quality of the Company’s services.
If you inform the Company about special preferences and considerations such as health information, disability, religious conviction or the like, the Company will use the data to customise the service based on your instructions as well as your stay at the Company in general.
In some cases the company will receive personal data from third parties, for example, in connection with a group reservation and/or an individual accommodation arranged by the third party – for example by an assistant or the like.
In these cases, the party responsible for the group and/or the reservation is required to inform the relevant guests about the Company’s terms and conditions as well as about this personal data policy.
The Company is also required by law to process your personal data. This is the case, for example, in connection with guest registration at check-in, where the law states what personal data the Company is required to register.
7. Your rights
Pursuant to the General Data Protection Regulation, you have a number of rights.
These are as follows:
- You have the right to be informed about what personal data the Company processes about you.
- You have the right to have the personal data the Company processes about you supplemented and updated.
- You have the right to have the Company delete the personal data it has registered about you. If you want to have your personal data deleted, the Company will delete all data, which the Company is not required to store by law.
- If the processing of personal data is subject to your consent, you have the right to withdraw your consent, which means that the processing will then stop unless the Company is required to process personal data by law.
Access may, however, be limited considering the protection of other people’s private life, trade secrets and intellectual property rights.
Upon written request to the Company, you can receive a print-out of your personal data, have your personal data updated, make objections or ask to have your personal data deleted.
The request must be signed by you and must contain your name, address, telephone number and email address.
You can also contact the Company if you believe that your personal data is processed in violation of the law or other legal obligations.
Please send your request to:
- email@example.com, attn. CFO
Within 1 month after receiving your printout request, the Company will send the print-out to you.
In case of requests for correction and/or deletion of your personal data, the Company will examine whether the conditions are met and if so, it will make the changes or deletions as soon as possible.
The Company may reject applications that are unreasonably repetitive, require disproportionate technical effort (e.g. to develop a new system or considerably modify an existing practice), affect the protection of other people’s personal data or in situations where the desired action must be considered highly complicated (e.g. requests for information available exclusively as backup).
8. If you apply for a job at the Company
When you apply for a job at the Company, the data you have given the Company in connection with your application will be processed.
Typically, it will cover general person information such as name, address, telephone number and email address, information on educational background as well as information about current and previous employment.
The Company uses the information to assess whether the Company wants to offer you the job, as well as to communicate with you in connection with the recruitment process.
If you are employed at the Company, your data will be stored in accordance with Company’s personal data policy for employees, which you will find in the Company’s personnel handbook.
Applications from candidates that are not offered employment are generally stored for 6 months after rejection notice.
In some cases, the Company may also disclose your personal data if so required by law, a court decision or applicable law.
If you want access to the data the Company processes about you, either in connection with an update of your information or because you want the Company to delete your data, you can contact the HR function at the Company.
You can object to the additional processing of your data at any time.
9. Storage security and sharing of your personal data
The Company protects your personal data and has adopted the internal rules on data security, which contain instructions and measures to protect your personal data against unauthorised disclosure and against the risk of unauthorised access.
The Company has established procedures for the allocation of access rights to those of our employees who process sensitive personal data and data that uncovers information about personal interests and habits. The Company controls their actual access through logging and supervision.
To avoid loss of data, the Company backs up its data set.
In the event of security breach that results in a high risk for you of discrimination, identity theft, financial loss, loss of reputation or another major inconvenience, the Company will notify you of the security breach as soon as possible.
The Company’s security procedures will be regularly reviewed in line with the latest technological developments.
In addition to the Company’s internal systems the Company uses external providers of IT services, IT systems, payment solutions etc.
The Company has entered into data processing agreements with all its providers in accordance with EU’s General Data Protection Regulation (GDPR). This ensures a high level of protection of your personal data.
In order to provide the highest level of service, the Company shares at your request selected personal information, with external suppliers such as restaurants, hotels etc.
Where necessary, the Company also shares and forwards your personal information internally within the Company. The purpose of the sharing is to give you the most optimal service, no matter which hotel or Company department you contact.
In certain cases, the Company may also be required to disclose personal data by law or by a decision of a public authority.
The Company deletes your personal data when the Company is no longer required to store the data or when the processing no longer serves any purpose.
The Company collects information about all visits to the Company’s websites. At the same time, we encourage users in many places actively to provide information. Collection of information at munkebjerg.dk, hotelopushorsens.dk, vejlecenterhotel.dk, borkopmolle.dk and tree-top.dk is hereinafter referred to as the “the Company’s website” and is subject to applicable legislation.
Below you can read more about why we collect information and for what we use it.
What information do we collect?
The Company’s website collects information about users and their visits in two ways:
– Using the so-called cookies.
– Using the information provided by the user.
Every visit to the Company’s website is registered with the help of cookies. Each time, you – or more precisely – your computer visits the company’s website, the cookie tells us about your visit.
The cookie tells us, for example, how long you visit the website for, which sections and how many articles you read, whether your computer has visited us before, what browser and operating system you use etc.
The information is anonymous and is collected together with all other users’ data so that we get a statistical overview of the use of the Company’s website.
At the same time, cookies ensure that you do not see the same ads repeatedly, just as all clicks on ads are being recorded.
In addition, we use the statistics in editorial work for further developing the Company’s website.
What is a cookie?
When you visit the Company’s website, your computer automatically receives one or more cookies, which are transferred from the Company’s website to your Internet browser. The Company’s website then records your visit and your use of the website.
A cookie is a small text file. It contains no personal data and the information we receive is therefore anonymous.
Most internet browsers allow you to delete cookies, block them or warn you and ask for your acceptance before saving a cookie.
Depending on the browser you use, you can find out in its settings and help features on how to configure your browser to process cookies.
In addition to cookies, several of the Company’s services require you to provide personal data.
In general, we only ask for personal data when you, for example, sign up for our newsletters or book a hotel stay via the company’s website.
Online credit card purchases
The Company’s booking and gift card systems use e-pay, Danish Internet Payment System (DIBS, www.dibs.dk), Nets and Teller in connection with your purchases of goods and credit card payments. Both DIBS and the Company’s systems are approved and certified by Teller.dk.
If you have questions, comments or complaints about the Company’s processing of personal data, please contact:
firstname.lastname@example.org, Attn.: CFO
If this does not resolve the problem, you can file a complaint with the Danish Data Protection Authority, Borgergade 28, Floor 5, 1300 Copenhagen K, telephone 3319 3200, email email@example.com.
Any changes to the personal data policy will be announced by publishing new terms and conditions on the Company’s website.