Introduction
We at De Historiske Hotel & Spisesteder process your personal data in various contexts, for example when you book services with us, stay at our hotels, eat in our restaurants, use services we provide, and in a few other instances. This privacy statement contains information on how we process personal data as well as contact information if you have any questions or require access to the data we hold.
We process your personal data in accordance with the Norwegian Personal Data Act in force at any time (GDPR).
Data controller
Our company – De Historiske Hotel og Spisesteder (hereafter DHHS), company register no. 977 389 674, Box 196 Sentrum, 5804 Bergen, Norway, tel. +47 55 31 67 60, email [email protected] – is the data controller for the processing of personal data in our central bookings and invoicing system, the web sites www.dehistoriske.no and www.dehistoriske.com, your account on our websites, our app and our loyalty programme Taste Norway. DHHS is also the data controller for our marketing and electronic mailings to our customers and contacts, as well as other digital marketing.
De Historiske is a membership organisation of independent hotels that use their own local systems for bookings and invoicing. Each hotel has its own privacy statement and will itself be the data controller for bookings and hotel stays.
Processing of personal data linked to bookings and stays
When you book a hotel stay with us, we process your reservation and the booking information. This includes details of room type, hotel, prices and dates for your booking. Moreover, we process information on additional services such as room upgrades and products you purchase, and any comments you enter in the comments field concerning medical requirements or dietary requests.
We do this to be able to fulfil our contractual obligations to you for bookings and purchase of services. This includes data you have provided to us directly or via a tour operator or agent.
We process these data for as long as it is necessary to fulfil the booking contract with you, and for as long as current statutory or regulatory instruments require us to do so.
Processing of personal data in user account
You have the option to create a user account on our web pages. Here you can choose to register your name, address, interests and other information to simplify future booking processes. These data are collected from you.
The information you provide will be stored with your booking data and purchase history. We will use these data to customise websites and the app to your needs, and also to personalise your hotel stay with us. The lawful basis for our use of the data is fulfilling our contractual obligations to you.
Processing of personal data linked to membership of the Taste Norway loyalty programme
If you have enrolled in our Taste Norway loyalty programme, which incidentally we recommend that you do, we will process data on your name, contact information, and purchase and redemption information, as well as other information you may have given us. We collect these data from you. We process these data, among other things, to offer you benefits. The lawful basis for our use of the data is fulfilling our contractual obligations to you.
As a condition for enrolling in Taste Norway, we will ask you to provide us with consent to receive marketing. This consent is obtained separately when you enrol and can be withdrawn at any time by sending an email to [email protected]. Based on your consent, we will process your email address for marketing purposes.
Our processing of your personal data will continue for as long as you are a member of Taste Norway.
Processing of personal data when using the app
We have created our own app for iOS and Android in collaboration with a company called Bustbyte. The app contains information on your membership, bookings and about us. You can use the app to make bookings and as a means to obtain information from us or communicate with us.
Our app will ask you for the following access permissions:
- Access to location data to give you an overview of our hotels nearby
- Receive data from the internet
- View network connections
- Full network access
- Prevent the device from switching to sleep mode
- Allow push notifications
Giving consent for the various access permissions our app requests is optional. Refusing access permissions will affect the app’s functionality.
You can adjust your access permissions for the app at any time via the settings for your iOS or Android device.
Processing of personal data for marketing purposes
If you register to receive our newsletters, we store and use your email address to send you news and offers from us.
We will also use your email address or telephone number to send you news and offers within the rules on existing customer relationships. We do this on the lawful basis of marketing legislation.
We will contact you via social media based on your consent or within the framework of an existing customer relationship. To use social media as a communications channel, we have to pass your email address or your telephone number to the social media in question. We do this on the lawful basis of consent or legitimate interests.
You can at any time withdraw consent you have given us or decline to receive marketing within the framework of an existing customer relationship. You can do this by sending an email to [email protected].
Processing of personal data for development, troubleshooting and security
We will process data including personal data to troubleshoot and rectify errors, improve our services and the technology we use, and to analyse usage and user behaviour. Moreover, we will process personal data to verify your identity, including in connection with your use of our digital services.
We anonymise data or compile statistics to the extent possible, but may also have to process personal data for development, troubleshooting, statistical and security purposes.
Other processing of personal data
In connection with competitions or other activities that you may participate in, we will process personal data such as name and contact information when this is necessary, for example to register entrants, and then to draw one or more winners. Wherever possible, we will state this explicitly when you take part in competitions or other activities.
If you contact our customer services or approach us with enquiries in some other way, we will process any personal data you provide where this is necessary to reply to and log your enquiry. The lawful basis for our use of the data is legitimate interests or fulfilling contractual obligations to you or replying to your enquiries.
In addition to the processing described in our privacy statement or based on your consent, we will in some cases have to or be able to process personal data when required or permitted to do so by current legislation, including the Norwegian Personal Data Act and GDPR, regulatory requirements or court orders.
Processing of personal data on our suppliers, corporate customers and industry contacts
We process information on contact persons for our suppliers, corporate customers, business partners, participants in our industry-facing events and other economic operators. We do this to be able to work effectively, enter into and manage contracts, run our business, and develop our business and professional network. Such data typically comprise name, contact information, position, company, expertise, business interests and participation in our industry-facing events, or previously demonstrated interest in us and our employees.
We store such data for as long as we consider the person to be a business contact for us.
We do this on the lawful basis of legitimate interests.
Passing on personal data and legally required processing
We do not pass on your personal data to third parties, unless you have given your consent to this or unless current legislation, including the Norwegian Personal Data Act and GDPR, regulatory requirements or court orders permit or require us to do so.
As a matter of form, we state that our use of data processors to process data on our behalf does not count as passing on data.
Passing on information to third parties
We may share your personal data with third parties for the following purposes:
To process your reservations and bookings, and fulfil your travel arrangements and purchases, we have to share your personal data with our hotels and other companies involved in helping with your travel arrangements.
We use third parties to deliver our services, for example IT providers, providers of social networks, marketing agencies, credit and debit card companies, and providers of anti-fraud checking services. All such third parties must have adequate measures in place to protect your personal data and only process them in accordance with our instructions.
Our loyalty app is offered in collaboration with Bustbyte. We share your data with Bustbyte when you use the app so they can calculate the bonuses you have earned.
Obtaining personal data from others
To ensure that we hold correct information on you, we may check your data against other sources such as telephone directories, the national population register, etc. In some cases, it may be relevant to credit-check our conference and meeting customers, which involves obtaining credit data from other sources. We obtain demographic information such as age, gender and language from other sources. We obtain information from our business partners when this is lawful and necessary to provide you with services and communication.
Transferring data abroad
We use several data processors to be able to deliver our services to you. Our biggest data processor is our booking system, Sabre Hospitality Solutions, which is a global provider of hotel booking solutions.
This means that personal data relating to accommodation bookings are processed in the US. Such transfer is based on the EU model contract for transfer of personal data from us as the data controller in Europe to the data processor in the US.
Cookies
We use cookies to improve the user experience on our web pages.
A cookie is a small text-based data file that is placed on your device (e.g. smart phone, computer or tablet). The cookie helps to recognise the type of content and the pages you visit on our website. Information stored using a cookie may include how you use the website, what type of web browser you use and which web pages you have visited.
A permanent cookie remains on your device for a specific period of time. A session cookie is stored temporarily in your device’s memory while you are browsing our web pages. The session cookie disappears when you close your browser. We use both permanent and session cookies. De Historiske may also use a third party’s cookies.
If you do not want our web pages to place cookies on your device, you can turn off cookies in your browser. If you turn off cookies, the functionality of our web pages will be reduced.
How is the information stored?
Information obtained via our web pages, email, loyalty programme and mobile app is stored in our Synxis booking system, the Hubspot CRM system and our marketing automation system, which is used for automated marketing communications.
Your personal data will be retained for as long as is necessary for the purposes described in these privacy guidelines or for as long as is necessary to comply with statutory obligations or resolve any disagreements.
Your rights
As an individual, you have several rights under the General Data Protection Regulation.
You have the right of access to and rectification or erasure of the personal data we process on you. You also have the right to restrict processing and to object to the processing, and the right to data portability.
If you wish to have access to our processing of your personal data, you can send an email to [email protected]. We will reply to your enquiry as soon as possible, and within 30 days at the latest.
We will ask you to confirm your identity or ask you to provide additional information before we allow you to exercise your rights with regard to our processing of your data. We have to do this to satisfy ourselves that we are only giving access to your personal data to you – and not to someone pretending to be you.
If you consider we have processed your personal data in a way that does not comply with what we have set out here or that we are otherwise in breach of data protection legislation, you may complain either to the Norwegian Data Protection Authority or the supervisory authority of the country where the hotel you stayed/are staying in is located.
You can find contact information on the English pages of the Norwegian Data Protection Authority’s website: www.datatilsynet.no/en/.
Changes in privacy statement or processing
We work continuously to develop and improve the services we provide to our customers. This could change the way in which we process personal data or the scope of this. The information contained in the present privacy statement will therefore be revised and updated from time to time. We will also amend the privacy statement if new rules or regulatory practice so require.
Contact information
De Historiske Hotel & Spisesteder
Telephone: +47 55 31 67 60
Email: [email protected]
Office address: Starvhusgaten 2b, Bergen, Norway
Postal address: Box 196 Sentrum, 5804 Bergen, Norway