Privacy | Scandic Hotels

Summary of data protection at Scandic Hotels Holding AB

This privacy policy ("Privacy Policy") describes how Scandic Hotels Holding AB, (reg.no 556723-5725) ("Scandic Group") together with the companies that are part of the group (Scandic Hotels AB, Scandic Hotels AS, Scandic Hotel A/S, Scandic Hotels Oy and Scandic Hotels Deutschland GmbH) uses information that we collect, or that you as a guest, customer or supplier provide to us for following main reasons:

To be able to manage and administer your booking at our hotels.
To be able to manage your membership in Scandic Friends and/or Scandic Sports.
In order to be able to respond to questions or comments received via e-mail to you, we need to process e-mail, name and any other personal data provided via e-mail.
In order to be able to fulfil the legal obligations imposed on us by, for example, the Accounting Act, we need to store accounting data, which may contain personal data, for a prescribed period of time.
We have security in place to protect ourselves against external and internal threats and process technical logs where personal data may be found.

You can find information on how to contact us under the heading "Who do you contact if you have any questions" below.

Privacy Policy

1. Background, scope and responsibility for personal data

This privacy policy ("Privacy Policy") describes how Scandic Hotels Holding AB, (reg.no 556723-5725) ("Scandic Group") together with the companies that are part of the Group (Scandic Hotels AB, Scandic Hotels AS, Scandic Hotel A/S, Scandic Hotels Oy and Scandic Hotels Deutschland GmbH) (jointly "Scandic", "we", "us"), processes your Personal Data within the framework of the Group's operations. "Personal Data" means any information that can be directly or indirectly linked to a physical, living person.

In this Privacy Policy, we describe the situations in which Scandic processes your Personal Data, the legal basis on which we rely for this, how we protect your data and how you can exercise your data rights under applicable data protection legislation.

Scandic Group is an independent data controller for the customer and member information that is registered and stored in central systems for booking, invoicing and membership management. Scandic Group is also an independent data controller for the processing of personal data collected via websites, in the Scandic app, within the framework of the loyalty program and in connection with processing for marketing and communication to you.

Between Scandic Group and the companies listed above (which are responsible for all hotels within each country), there is a joint personal data controller for certain processing of your data. The joint responsibility relates to the administration of your personal data in connection with;

Booking of hotel rooms
Invoicing of hotel rooms and ordered services
The use or earning of Scandic Friends points

The companies listed above also have an independent controllership for limited personal data processing. For example, this may involve processing in connection with SPA treatments, restaurant reservations, parking permits and similar services that are only performed at certain Scandic hotels. If you have specific questions about this, you can contact us by e-mail: gdpr@scandichotels.com

We process your Personal Data when you use our services (the "Services") in the manner set out below in this Privacy Policy. We care about your privacy and comply with applicable legislation that aims to protect you as an individual. This Privacy Policy sets out the basis on which we process the Personal Data you provide to us or that we collect about you when you use the Services. For some of our Services, there are also specific terms and conditions that you must agree to before use.

If you book a hotel or meeting room at one of our Franchisees' hotels or book a table at one of our Franchisees' restaurants, the Franchisee, as the data controller, is obliged to inform you about the processing, as well as your rights and obligations thereto. The Franchisee will process your Personal Data in accordance with this Privacy Policy unless otherwise stated.

If we make material changes to the Privacy Policy, we will notify you. The method of notifying you varies depending on which of our Services you use and when. You will always find our updated terms and conditions published on Scandic's websites.

2. Collection and processing of personal data

It is important to us that you feel safe with us. We always protect your privacy and take various measures to protect you as an individual. In this section, we describe how we collect and process your Personal Data.

Depending on which of our Services you use, the method of collection, the purposes and means of the processing may vary. Below is a description of the purposes for which Scandic processes your personal data.

2.1 Bookings

2.1.1 Hotel Reservation

When you book a hotel room, optional products and services with us, regardless of whether the booking is made via our website, via an online booking channel, via our app, via a travel agency, directly through our hotels or via our booking centers, we process your Personal Data for the purpose of (a) giving you the opportunity to book a room according to your wishes, (b) administering and charging for your booking, (c) confirming the booking to you (booking confirmation) and (d) providing communications related to your stay, such as information on optional products and services, via SMS, email, push notifications, and other similar contact methods.

If you are a member of our loyalty program "Scandic Friends" and you choose to enter your membership number when booking, your booking details will be saved in your member profile. If you are not a member of Scandic Friends, but wish to become one, Personal Data from your booking may, with your permission, be used to create a member profile. Read more about how your Personal Data is processed in Scandic Friends under section 2.4 below.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name and date of birth). Contact information (e.g. email address, telephone number, address). Special categories of personal data (e.g. health data when booking a room for disabled access). If applicable, Scandic Friends membership number. Other information you provide in connection with your booking (e.g. floor requests). Debit or credit card number.	The processing is necessary for the performance of the contract with you (to provide hotel accommodation). For special categories of personal data, we obtain your consent.

How Personal Data is collected	Recipients of Personal Data
Depending on how you have made your booking: Directly from you when information has been provided in our web form. Via the booking channel you've used. From the travel agency you've used. Directly from you when booking at our hotel. Through your Scandic Friends membership.	The Scandic hotel where you have booked a hotel room. System service provider that provides and supports booking systems. Service provider for customer communication e.g. SMS, e-mail and push notifications. System Service Provider for Membership Programs.

How Personal Data is collected

Recipients of Personal Data

Depending on how you have made your booking:

Directly from you when information has been provided in our web form.
Via the booking channel you've used.
From the travel agency you've used.
Directly from you when booking at our hotel.
Through your Scandic Friends membership.

The Scandic hotel where you have booked a hotel room.
System service provider that provides and supports booking systems.
Service provider for customer communication e.g. SMS, e-mail and push notifications.
System Service Provider for Membership Programs.

Retention period: 14 months after the end of your stay, unless you have a membership in Scandic Friends where your booking details are saved in your member profile for as long as the membership is ongoing.

2.1.2 Meeting and group booking

If you book a meeting room with us, either through us directly or through our subcontractors for meeting bookings, we process your Personal Data for the purpose of managing, administering, following up and charging for your booking.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number, address). If applicable, Scandic Friends membership number. Other information you provide in connection with your booking (e.g. requests for availability, allergies, equipment, etc.).	The processing is necessary for the performance of the contract with you (to provide the booking).

How Personal Data is collected	Recipients of Personal Data
Depending on how you have made your booking: Directly from you when information has been provided in our web form. Via the booking channel you've used. From the travel agency you've used. Directly from you when booking at our hotel	The Scandic hotel where you have your booking. System service provider that provides and supports the booking.

How Personal Data is collected

Recipients of Personal Data

Depending on how you have made your booking:

Directly from you when information has been provided in our web form.
Via the booking channel you've used.
From the travel agency you've used.
Directly from you when booking at our hotel

The Scandic hotel where you have your booking.
System service provider that provides and supports the booking.

Storage period: The personal data is stored for as long as it is necessary to fulfil the purpose of the processing.

2.2 Other Services related to our hotels

At many of Scandic's hotels, we offer services such as restaurants and bars, breakfast, room service, minibar, pool and SPA treatments, laundry, parking, taxi order, free Wi-Fi, etc. If you use any of these Services at our hotels, your personal data may be processed in order to (a) administer those bookings and use of such additional service, (b) communicate and inform you about these bookings through our communication channels (e.g., email, SMS or phone), and (c) manage the costs incurred for such additional Services and/or facilities.

If, within the scope of the Services above, you provide us with sensitive Personal Data (e.g. information about allergies or other preferences), we will obtain your consent for us to process such data in order to take into account your wishes.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number). Scandic Friends membership number, if applicable. Possible appointment booked for the desired service. Sensitive personal data (e.g. information about allergies). Other information you provide in connection with your booking (e.g. requests for seating arrangements).	The processing is necessary for the performance of the contract with you (provision of service at our hotels).

How Personal Data is collected	Recipients of Personal Data
Directly from you when the booking has been made. Via the booking channel you've used. Via your Scandic Friends membership. From the travel agency you've used.	Companies that operate Scandic hotels or restaurants but are not part of the Scandic Group. The Scandic hotel where you have booked the desired service. Franchise Partners, if any, (e.g. if a reservation is made at a Franchisee's restaurant). Service provider for the booking.

2.3 Hotel check-in and check-out

When you stay at a Scandic hotel, we process your Personal Data for the purpose of (a) managing your arrival and departure from our hotel, (b) assigning you a key card to the booked room, (c) handling information about credit cards and/or other means of payment to ensure payment for your stay, (d) administering Scandic Friends member-related matters such as paying hotel bills with points, (e) handle specific requests for your stay with Scandic according to your profile in Scandic Friends, (f) manage and possibly assess whether you qualify for a room upgrade and handle this if applicable, (g) handle payment for your stay, (h) prepare, print or send an invoice for your stay, (i) handle any customer service matters, and (j) pay commission to your travel agent (if applicable).

If you fail to show up without cancellation or make your cancellation too late in accordance with Scandic's booking rules, we will process your personal data for the purpose of (a) cancelling your stay and other bookings you may have made and (b) managing, processing and settling any outstanding amounts that may have fallen due.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number, address). Membership information (e.g. membership number and points balance). Arrival and departure dates. Booking details (e.g. completed or future stay). Special categories of personal data (e.g. allergy data). Other information you provide in connection with your booking (e.g. floor requests). Information about fellow travelers. Debit or credit card number.	The processing is necessary for the performance of the contract with you (provision of a booked hotel room).

Personal Data that is processed

Legal basis for the processing

Identity data (e.g. name).
Contact information (e.g. email address, telephone number, address).
Membership information (e.g. membership number and points balance).
Arrival and departure dates.
Booking details (e.g. completed or future stay).
Special categories of personal data (e.g. allergy data).
Other information you provide in connection with your booking (e.g. floor requests).
Information about fellow travelers.
Debit or credit card number.

The processing is necessary for the performance of the contract with you (provision of a booked hotel room).

How Personal Data is collected	Recipients of Personal Data
Directly from you when booking and/or at check-in. Via the booking channel you've used. From the travel agency you've used.	The Scandic hotel where you have booked the desired service. Service provider for the booking.

2.3.1 Handling Registration Cards

In order for Scandic to comply with the Swedish Police Authority's regulations (PMFS 2015:6 FAP 279-1), Chapter 6, Section 13 of the Aliens Ordinance (2006:97), non-Swedish citizens staying at Scandic's hotels must fill out a registration card. Persons who are permanently resident and registered in Sweden are exempt from filling in the registration card. In connection with the completion of the registration card, we check your identity, which means that an identity document is presented for verification. No copies of the identity document are taken or saved. However, we do document the number of the identity document.

Personal Data that is processed	Legal basis for the processing
Identity data (first and last name). Date of birth. Domicile address. Arrival and departure date. Information on how the person has identified themselves (ID, driver's license, passport or other identification document). Document number. Signature and date of the person.	The processing is based on a legal obligation in order to comply with the Police Authority's regulations.

How Personal Data is collected	Recipients of Personal Data
Directly from you at check-in.	The Scandic hotel where you have booked a hotel room. The Police Authority in the event of a request.

Retention period: The registration card is deleted 3 months after the date the registration card was created.

2.4 Customer and loyalty clubs (Scandic Friends and Scandic Sports)

Scandic provides the loyalty clubs Scandic Friends and Scandic Sports. Scandic Friends is for those who want to earn points and other benefits when you stay at our hotels or visit our restaurants, and Scandic Sports is a membership that provides you and your sports teams with benefits (e.g. discounted prices at hotels).

If you are a member of Scandic Friends or Scandic Sports, we process your Personal Data for the purpose of providing, managing, administering, following up and maintaining your membership (e.g. giving you points for point-qualifying purchases). We also process your Personal Data for the purpose of informing, communicating, responding to inquiries from you about your membership and sending you direct marketing via SMS, email, push notifications, and other similar contact methods, including offers on Services from Scandic, our Franchisees and Scandic Friends partners (a list of current Scandic Friends partners can be found here). Such direct marketing could be based on your previous interactions with Scandic including purchase history, information you have entered in your member profile, answered customer surveys, interactions with customer service, and online behaviour when using Scandic’s website or app.

If you give your consent to improved personalization, Scandic can create an even more personalized membership for you and send you personalized offers based on your interactions with Scandic Friends partners. Scandic may also share the Personal Data used for your personalized membership with Scandic Friends partners for analytical and marketing purposes, for example to follow up on partnerships, develop new relevant products and to tailor offers depending on your interests. Scandic Friends partners may adapt their existing communications to you based on Personal Data we have shared with them. None of our Scandic Friends partners will however send marketing communications to you based on the consent you give to Scandic. If you wish to stop receiving marketing communications from Scandic or withdraw your consent to improved personalization, you can do so at any time by using the links provided in the relevant digital communications or adjusting the settings in your membership account.

We may send you offers via social media and web advertising in places other than Scandic's websites, which is described in more detail in section 2.5.

We may share your Personal Data and other information about your membership (e.g., points balance) in accordance with section 4.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name and date of birth). Contact information (e.g. email address, telephone number, address). Membership information (e.g. membership number and points balance). Information you have entered in your member profile (e.g. requests for floors, accessible rooms). Membership information and information you have entered in your member profile with Scandic Friends partners. Purchase history with Scandic and Scandic Friends partners. Answered customer surveys and interactions with customer service at Scandic and Scandic Friends partners. Online behavior when using Scandic’s or Scandic Friends partners’ websites or apps. Predictive scorings and profiles/segments.

Personal Data that is processed

Legal basis for the processing

Identity data (e.g. name and date of birth).
Contact information (e.g. email address, telephone number, address).
Membership information (e.g. membership number and points balance).
Information you have entered in your member profile (e.g. requests for floors, accessible rooms).
Membership information and information you have entered in your member profile with Scandic Friends partners.
Purchase history with Scandic and Scandic Friends partners.
Answered customer surveys and interactions with customer service at Scandic and Scandic Friends partners.
Online behavior when using Scandic’s or Scandic Friends partners’ websites or apps.
Predictive scorings and profiles/segments.

How Personal Data is collected	Recipients of Personal Data
Directly from you when you register for a Scandic Friends/Scandic Sports membership. From Scandic Friends partners. From your purchases and activities when you interact with Scandic, for example, stay, meetings or contacts with our customer service.	The Scandic hotel you have booked. Scandic Friends partners. Advertising partners. Customer insight and IT services providers.

Retention period: Until the membership expires and a period of up to 14 months thereafter in order to e.g. be able to handle any bookings linked to the membership. Personal Data used solely for creating a personalized membership is deleted at three year intervals.

2.5 Marketing in own channels and in external digital channels

We may send you direct marketing via SMS, email, push notifications, and other similar contact methods, including offers on Services from Scandic, our Franchisees and our partners if you have booked or stayed with us or used any of our Services or as long as you are a member of our loyalty clubs. Such direct marketing could be based on your previous interactions with Scandic including purchase history, answered customer surveys and interactions with customer service. If you have started a booking but have not completed it, we may also send you direct marketing to remind you of the booking.

If you no longer wish to receive direct marketing from us, you can either unsubscribe from our marketing messages by clicking on the unsubscribe link in the communications we send you, or contact us as provided in section 9.

When you visit our websites and have consented to us placing cookies on your computer, you will have a more relevant and inspiring customer experience. With the help of cookie data, a personalization system can follow your interactions on the site and thus present more relevant Services to you depending on which Services you view, add to your shopping cart and/or purchase. If you have an account and log in, or use the same browser as a previous visit, our systems will be able to link your previous interactions with the site with your new visit. In this way, you will continue to be presented with more relevant products for you.

We work with advertising partners such as Meta and Google, who enable us to identify and communicate with the right customer segments and create and distribute personalized ad content. We may share the information we collect about you, as well as your encrypted email address, with our advertising partners. The purpose of this is to show you relevant ads on third-party websites and apps. In order to do this, we will check your data with the database of the advertising partner in question. If a match is found, you'll receive relevant promotional content in your feed on some social media sites. If no match is found, your data will be securely destroyed. Your personal data is handled securely using a technique called hashing. This means that your data is encrypted in such a way that it cannot be read by anyone other than the recipient for the explicitly stated purpose. Each advertising partner is the data controller for its own part of the processing, including any transfer of personal data to countries outside the EEA.

If you have subscribed to our financial reports and press releases we will process your Personal Data to the extent required to send you such communication.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number, address). Purchase history with Scandic. Answered customer surveys and interactions with customer service at Scandic. Online behavior when using Scandic’s website or app. Predictive scorings and profiles/segments.	The processing is based on our legitimate interest in sending direct marketing, or your consent if we have asked for your consent to send direct marketing or if we collect data via cookies or other tracking technologies.

How Personal Data is collected	Recipients of Personal Data
Directly from you when you make a booking, use our website or app or otherwise interact with Scandic.	Advertising partners. Customer insight and IT services providers.

Retention period: We save personal data for as long as the customer relationship with you lasts, but you always have the right to object to our direct marketing, via SMS, email, push notifications, and other similar contact methods. You can do this by contacting us (see contact details below) or by unsubscribing directly in the marketing message.

2.5.1 Customer surveys

From time to time, we will send you customer surveys and also ask you to evaluate the Services you have purchased, in order to give you the opportunity to influence our product and service offering. Scandic may contact you to respond to your feedback.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number, address). Booking details (e.g. booking references).	The processing is based on our legitimate interest.

How Personal Data is collected	Recipients of Personal Data
In connection with your use of any of our Services.	Service provider for the management of customer surveys.

Storage period: 14 months after the end of your stay, unless you have a membership in Scandic Friends where your booking details are saved in your member profile for as long as the membership is ongoing.

2.5.2 Competitions

From time to time, Scandic arranges competitions for our members via e-mails and via our social media pages. If you choose to participate in a competition we organise, we will process the Personal Data you provide in connection therewith, for the purpose of selecting and contacting a winner to distribute prizes.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Membership information if you are a member of Scandic Friends. Contact information (e.g. email address, telephone number, address). Competition entries.	The processing is based on our legitimate interest.

How Personal Data is collected	Recipients of Personal Data
Directly from you when you sign up to participate in a competition.	Service provider for the administration of competitions.

2.6 Gift card / voucher

It is possible to purchase gift cards through Scandic partners that can be used to pay for hotel rooms, be used in our restaurants or in connection with other Services offered by our hotels. In order for a gift card to be valid, we need to process your, and if applicable, the gift card recipient's personal data.

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number).	The processing is necessary for the performance of the contract with you (provision of gift vouchers/vouchers).

How Personal Data is collected	Recipients of Personal Data
Directly from you in connection with the purchase of a gift card/voucher.	The Scandic hotel where the gift card/voucher is used. Gift card administration service provider. Scandic Friends member database.

Storage period: 14 months.

2.7 Handling of personal data in e-mail

In our daily work, we communicate with guests, members, partners and employees. Some of this contact is handled by e-mail and in connection with this, we also normally process personal data.

Personal Data that is processed	Legal basis for the processing
Contact information (e.g. name). E-mail address. Unstructured data that the message may contain. Name and information of a third party provided by the person contacting Scandic in the e-mail.	With regard to incoming e-mails, Scandic has a legitimate interest in receiving and receiving messages. For the continued processing of personal data received by e-mail to Scandic, the legal basis depends on the purpose to which the matter is linked.

How Personal Data is collected	Recipients of Personal Data
Directly from you when an e-mail is sent to Scandic. From anyone other than the person who sent the e-mail about the third party mentioned in the message.	Employees within the Scandic Group. Service Provider Managing Email Service Storage.

Storage period: As long as there is a purpose to save e-mails.

2.8 Legal obligations

Scandic will, as a result of law, court or government decision, process your Personal Data for the purpose of complying with a legal obligation imposed on us (e.g. obligations we have under the Tax Act, the Accounting Act, decisions from the police or other authorities) and the personal data that will be processed is that which is required by law, court or government decision. The personal data may include information about your name, payment information, booking details, contact details (e.g. email address, telephone number, address) or other details of your completed purchases (receipts, etc.).

Personal Data that is processed	Legal basis for the processing
Personal data required by law, court or official decision. May include name, payment information, booking details, contact details (e.g. email address, telephone number, address) or other details of your completed purchases (receipts, etc.).	The processing is based on our obligation to comply with our legal obligations.

How Personal Data is collected	Recipients of Personal Data
In most cases, directly from you when you have been in contact with Scandic.	The authority requiring the communication of the data.

Retention period: In accordance with the relevant laws in force in the Member State.

2.9 Handling of customer service matters

We or our customer service subcontractor will process your Personal Data for the purpose of answering, assisting, following up or handling your customer service request. This includes the processing necessary to answer any questions you have asked us by phone, chat, email, social media or any of our other communication channels. We process your Personal Data, within the scope of this purpose, in order to investigate complaints, complaints or provide support, including technical support, to you.

Personal data and other information that you provide to us via social media in connection with a customer service case, will also be processed by the company behind the social media service (e.g. Meta). The provider of the social media channel will process your Personal Data as both a data processor to us (e.g. when the supplier processes data on our behalf for the purpose of reporting statistics about individuals who have communicated with us via our channels) or as a separate data controller (e.g. for the provision and administration of their service).

Personal Data that is processed	Legal basis for the processing
Identity data (e.g. name). Contact information (e.g. email address, telephone number). Information about past or future bookings.	The processing is based on our legitimate interest in handling customer service matters.

How Personal Data is collected	Recipients of Personal Data
Directly from you when you contact us in a customer service matter.	Customer Service Provider. The Social Media Provider. Chat Provider.

Retention period: Six months after the customer service case has been closed in order to be able to administer and offer any follow-up of your case.

2.10 Social media and online reviews

We may process your personal data when you communicate with us via our social media channels (e.g. Facebook, Instagram and LinkedIn) or if you give us reviews via e.g. TripAdvisor. The purpose of the processing is to (a) be able to respond to your questions or complaints that you have written on social media, (b) monitor what is written about us and what reviews you leave about us, and (c) to be able to identify opportunities and also improve our Services.

It is possible to write your own content on our social platforms. Keep in mind that everything that is written on our pages will be available to everyone who visits our pages and that you should therefore be careful about disclosing your personal data on these platforms.

Please also read the respective Privacy Policy and Cookie Policy applicable to the social media platforms you use.

Personal Data that is processed	Legal basis for the processing
All personal data that you write and publish on our social media platforms.	The processing is based on our legitimate interest in processing this personal data.

How Personal Data is collected	Recipients of Personal Data
Directly from you when you post information on our social media platforms or when you review us.	Online Reputation Monitoring Service Provider

Retention period: The data remains until the user chooses to delete or change their data.

2.11 Camera surveillance at our hotels

We may use camera surveillance at our hotels for the purpose of preventing and investigating crime, accidents and/or damage to our hotels. Before any camera surveillance is carried out, we perform a balancing test in which the interests behind the surveillance at the individual hotel are weighed against the individual’s interest in not being monitored. Camera surveillance is only carried out if and to the extent we deem such surveillance necessary and the individual’s interest in not being monitored are overridden by the interests behind the surveillance.

Personal Data that is processed	Legal basis for the processing
Footage of you in the camera’s line of sight.	The processing is based on our legitimate interest in preventing and investigating crime, accidents and/or damage to our hotels.

How Personal Data is collected	Recipients of Personal Data
By camera when you appear in the camera’s line of sight.	The police and other authorities.

Retention period: The camera footage is retained for as long as it is needed for our legitimate interest. The retention period may vary based on the circumstances at the individual hotel.

3. How long is your personal data stored?

Your Personal Data is stored for as long as it is necessary to fulfil the purposes of our processing. Thereafter, we will securely delete or de-identify your Personal Data so that it is no longer possible to link it to you. Under each processing as stated above, there is a defined storage period. Please note, however, that we may retain information about you for a longer period of time if litigation is initiated or if required by applicable law.

Scandic deletes Personal Data in accordance with the law applicable from time to time and in accordance with the criteria set out above. This means, for example, that Scandic deletes or de-identifies your Personal Data when the purpose of the processing has been fulfilled.

4. Recipients we share information with

Your Personal Data may be transferred to recipients within and outside the EU/EEA and Scandic will always enter into the necessary data processing agreements with the companies that process Personal Data on our behalf, where the purpose of this is to ensure an adequate level of protection for the Personal Data processing.

Our subcontractors will only process your Personal Data in accordance with our explicit instructions and may not, unless expressly stated, process your Personal Data for their own purposes. They are also required by law and contract to protect your Personal Data from unauthorized access and intrusion.

Receiver	Purpose	Legal basis for the transfer
Franchisees	Scandic always remains the data controller for your Personal Data within your membership in Scandic Friends. However, we will transfer information about the same to the Franchisee in order for you to be awarded points for, for example, your stay at the Franchisee's hotel. In such cases, the Franchisee will act as a data processor to us and only process the Personal Data in accordance with our explicit instructions.	The processing is necessary in order to fulfil the agreement with you.
Subcontractors for booking, customer service, IT and payment services.	In order to fulfil the purposes of our processing, we enlist the help of other companies to fulfil our obligations to you. For this reason, we share your Personal Data with companies that provide Services to Scandic, for booking, customer service, analysis services, communication and delivery of marketing material. We also share your Personal Data with companies that handle the operation, storage, technical support and maintenance of our IT solutions. Furthermore, we disclose your Personal Data to payment service providers who provide payment services to us, in order to be able to receive payment from you.	The processing is necessary in order to fulfil the agreement with you.
Subcontractors for analytics, marketing, IT operations and security.	In order to fulfil the purpose of being able to perform analysis services, marketing to our customers and managing IT operations, storage, technical support and maintenance of our IT services, we share your Personal Data with companies that deliver these Services for us.	The processing is based on our legitimate interest in being able to carry out direct marketing to our customers, and to ensure adequate protection for the data we are responsible for.
Scandic Friends Partners	We may share information from your personalized Scandic Friends membership (such as purchase history and preferences) with our partners for analytical and marketing purposes, for example to follow up on partnerships, develop new relevant products and to tailor offers depending on your interests.	The processing is based on your consent.

Receiver	Purpose	Legal basis for the transfer
Authorities	We disclose Personal Data about you to authorities if we are required by law to do so.	The processing is necessary in order to comply with legal obligations.
Debt collection agencies	If you do not pay, we will transfer your Personal Data to a debt collection agency for the purpose of collecting your debt to us.	The processing is based on our legitimate interest in getting paid.
Court, Defendants, etc.	In connection with a legal dispute, we will, if necessary, transfer your Personal Data to a court, authority or counterparty in order to protect our rights.	The processing is based on our legitimate interest in being able to safeguard our rights.
Transfer of a business or other transfer of a business	If Scandic reorganizes its business, or if another company acquires Scandic or parts of our business, we will share your data with the third party who conducts the due diligence process and with the party that acquires all or part of the business and who will assume the rights and obligations with respect to the information described in this Privacy Policy.	The processing is necessary in order to satisfy our legitimate interest in carrying out divestments, reorganisations or mergers.

5. How is your personal data protected?

Protecting your personal data is of the utmost importance to Scandic, which is why we have implemented the necessary organizational and technical security measures to ensure that your Personal Data is protected against e.g. loss, manipulation and unauthorized access. These measures include, among other things, training for our employees, processes for how we handle information and how we build our IT infrastructure.

The purpose of our information security activities is to implement an appropriate level of information asset protection and preventive risk measures.

Our employees receive training in data protection and are responsible for fulfilling their obligations. Our partners are also obliged to ensure that their employees comply with the same regulations as we do, and that their employees meet the requirements for processing personal data.

We continuously adapt our security measures to continuous technological developments in order to maintain a high level of security.

6. Other people's applications/websites

Scandic's Services may contain links to other applications or websites that are not controlled by Scandic. This Privacy Policy is only applicable to your use of Scandic's own Services. Scandic is not responsible for the content of linked applications/websites and the processing of Personal Data that may be carried out by owners or operators of these.

7. Cookies

Scandic uses cookies through its digital Services that automatically collect Personal Data about you (e.g. IP address and behaviour patterns). We use cookies in order to improve your experience and the security of our digital Services (e.g. to remember your preferred language, offer the ability to remember passwords and usernames for Scandic Friends, and make it easier for you to navigate our website).

When you use our website, we also collect anonymized information about you via an analysis tool. The data from the analyses we carry out forms the basis for the development of our IT systems, website and product and service offering. However, information from the analysis can never be linked to you, but is only used for statistical purposes.

Information about how Scandic uses cookies, what Personal Data we collect via cookies, what they are used for and how you can manage them can be found in Scandic's Cookie Policy.

8. Your rights

Data protection legislation gives you a number of rights in relation to our processing of your Personal Data. If you would like to exercise your rights, please send an email to gdpr@scandichotels.com or visit one of our hotels and speak to the reception and they will help you.

Access to your Personal Data

You have the right, free of charge, to request confirmation from us that we process your Personal Data, as well as request access to the Personal Data that we process about you, together with information about the processing and your rights in connection therewith, a so-called register extract.

Request rectification

If you believe that any Personal Data that we process about you is incorrect or incomplete, you have the right to request correction of the Personal Data. Please note in particular that Scandic is not responsible for problems that arise as a result of your Personal Data being incorrect if you have failed to inform us thereof.

Withdraw consent with effect for the future

To the extent that we process your Personal Data on the basis of your consent, you have the right to withdraw your consent to the processing at any time. The revocation does not apply retroactively.

Object to processing for direct marketing purposes

As mentioned above, you have the right to object to processing for direct marketing purposes. You can unsubscribe from further processing by either clicking on the unsubscribe link in the mailing or contacting us (see contact details below).

Object to certain processing

You have the right to object to processing that is based on our legitimate interest if you have personal reasons related to the situation. However, we may continue to process your Personal Data, despite the fact that you have objected to the processing, if we have legitimate grounds for doing so that outweigh your privacy interest.

Deletion

You have the right to request the deletion of your Personal Data if the Personal Data is no longer needed for the purposes for which it was collected. You can also have the Personal Data deleted if you have withdrawn your consent.

Restriction of processing

You have the right to request that the processing of your Personal Data be restricted. Please note, however, that in some cases we may not be able to provide you with all of our Services.

Data portability

You have the right to receive the Personal Data that we process about you in a commonly used, structured and machine-readable format and have the right to transmit this data to another data controller. The right to data portability, as opposed to the right to register extracts, only applies to the Personal Data you have provided to us that we process automatically with the support of consent or the performance of an agreement.

Lodge a complaint with a supervisory authority

If you are not satisfied with our processing or for other reasons believe that we have processed your Personal Data incorrectly, you have the right to lodge a complaint with the supervisory authority for data protection, which in Sweden is the Swedish Authority for Privacy Protection (IMY).

9. Who do you contact if you have any questions?

Scandic has appointed a Data Protection Officer to help Scandic ensure that your Personal Data is processed in the correct manner. If you have any questions, comments or complaints about our processing of your Personal Data, our compliance with this Privacy Policy or if you wish to have any of your rights met, you are welcome to contact our Data Protection Office (see contact details below). 

Contact:

Scandic Hotels Holding AB, Att. Data Protection Office, Box 6197, 102 33 Stockholm, Sweden

Email: gdpr@scandichotels.com

Telephone number: 08 – 517 350 00

Mon	Tue	Wed	Thu	Fri	Sat	Sun

Mon	Tue	Wed	Thu	Fri	Sat	Sun

Mon	Tue	Wed	Thu	Fri	Sat	Sun

Mon	Tue	Wed	Thu	Fri	Sat	Sun

January 2026

February 2026

January 2026

February 2026

Privacy Policy

Privacy Policy

Contact us

Summary of data protection at Scandic Hotels Holding AB

Privacy Policy

1. Background, scope and responsibility for personal data

2. Collection and processing of personal data

2.1 Bookings

2.1.1 Hotel Reservation

2.1.2 Meeting and group booking

2.2 Other Services related to our hotels

2.3 Hotel check-in and check-out

2.3.1 Handling Registration Cards

2.4 Customer and loyalty clubs (Scandic Friends and Scandic Sports)

2.5 Marketing in own channels and in external digital channels

2.5.1 Customer surveys

2.5.2 Competitions

2.6 Gift card / voucher

2.7 Handling of personal data in e-mail

2.8 Legal obligations

2.9 Handling of customer service matters

2.10 Social media and online reviews

2.11 Camera surveillance at our hotels

3. How long is your personal data stored?

4. Recipients we share information with

4.1 Other recipients

5. How is your personal data protected?

6. Other people's applications/websites

7. Cookies

8. Your rights

9. Who do you contact if you have any questions?