Privacy Policy
Adopted 08-05-2024, Version: 1.0
Summary of data protection at Scandic Hotels Holding AB
This privacy policy ("Privacy Policy") describes how Scandic Hotels Holding AB, (org.nr 556723-5725) ("Scandic Group") together with the companies that are part of the group (Scandic Hotels AB, Scandic Hotels AS, Scandic Hotels A/S, Scandic Hotels Oy, Scandic Hotels GmbH) uses information that we collect, or that you as a guest, customer or supplier provide to us for following main reasons:
• To be able to manage and administer your booking at our hotels
• To be able to manage your membership in Scandic Friends and/or Scandic Sports
• In order to be able to respond to questions or comments received via e-mail to you, we need to process e-mail, name and any other personal data provided via e-mail.
• In order to be able to fulfil the legal obligations imposed on us by, for example, the Accounting Act , we need to store accounting data, which may contain personal data, for a prescribed period of time, and
• We have security in place to protect ourselves against external and internal threats and process technical logs where personal data may be found,
You can find information on how to contact us under the heading Who to contact if you have any questions below.
Content
1. BACKGROUND, SCOPE AND RESPONSIBILITY FOR PERSONAL DATA
2. COLLECTION AND PROCESSING OF PERSONAL DATA
2.1 Bookings
2.1.1 Hotel Reservation
2.1.2 Meeting and group booking
2.2 Other Services related to our hotels
2.3 Hotel check-in and check-out
2.3.1 Handling Registration Cards
2.4 Customer and loyalty clubs (Scandic Friends and Scandic Sports)
2.5 Marketing in own channels and in external digital channels
2.5.1 Customer surveys
2.5.2 Competitions
2.6 Gift card / voucher
2.7 Handling of personal data in e-mail
2.8 Legal obligations
2.9 Handling of customer service matters
2.10 Social media and online reviews
3. HOW LONG IS YOUR PERSONAL DATA STORED?
4. RECIPIENTS WE SHARE INFORMATION WITH
4.1 Other recipients
5. HOW IS YOUR PERSONAL DATA PROTECTED?
6. OTHER PEOPLE'S APPLICATIONS/WEBSITES
7. COOKIES
8. YOUR RIGHTS
9. WHO DO YOU CONTACT IF YOU HAVE ANY QUESTIONS?
PRIVACY Policy
1. BACKGROUND, SCOPE AND RESPONSIBILITY FOR PERSONAL DATA
This privacy policy ("Privacy Policy") describes how Scandic Hotels Holding AB, (org.nr 556723-5725) ("Scandic Group") together with the companies that are part of the Group;
• Scandic Hotels AB
• Scandic Hotels AS
• Scandic Hotels A/S
• Scandic Hotels Oy
• Scandic Hotels GmbH
(jointly "Scandic", "we", "us"), processes your Personal Data within the framework of the Group's operations. "Personal Data" means any information that can be directly or indirectly linked to a physical, living person.
In this Privacy Policy, we describe the situations in which Scandic processes your Personal Data, the legal basis on which we rely for this, how we protect your data and how you can exercise your data rights under applicable data protection legislation.
Scandic Group is an independent data controller for the customer and member information that is registered and stored in central systems for booking, invoicing and membership management. Scandic Group is also an independent data controller for the processing of personal data collected via websites, in the Scandic app, within the framework of the loyalty program and in connection with processing for marketing and communication to you.
Between Scandic Group and the companies listed above (which are responsible for all hotels within each country), there is a joint personal data controller for certain processing of your data. The joint responsibility relates to the administration of your personal data in connection with;
- booking of hotel rooms;
- invoicing of hotel rooms and ordered services;
- the use or earning of Scandic Friends points,
The companies listed above also have an independent controllership for limited personal data processing. For example, this may involve processing in connection with SPA treatments, restaurant reservations, parking permits and similar services that are only performed at certain Scandic hotels. If you have specific questions about this, you can contact us by e-mail: gdpr@scandichotels.com
We process your Personal Data when you use our services (the "Services") in the manner set out below in this Privacy Policy. We care about your privacy and comply with applicable legislation that aims to protect you as an individual. This Privacy Policy sets out the basis on which we process the Personal Data you provide to us or that we collect about you when you use the Services. For some of our Services, there are also specific terms and conditions that you must agree to before use.
If you book a hotel or meeting room at one of our Franchisees' hotels or book a table at one of our Franchisees' restaurants, the Franchisee, as the data controller, is obliged to inform you about the processing, as well as your rights and obligations thereto. The Franchisee will process your Personal Data in accordance with this Privacy Policy unless otherwise stated.
If we make material changes to the Privacy Policy, we will notify you. The method of notifying you varies depending on which of our Services you use and when. You will always find our updated terms and conditions published on Scandic's websites.
2. COLLECTION AND PROCESSING OF PERSONAL DATA
It is important to us that you feel safe with us. We always protect your privacy and take various measures to protect you as an individual. In this section, we describe how we collect and process your Personal Data.
Depending on which of our Services you use, the method of collection, the purposes and means of the processing may vary. Below is a description of the purposes for which Scandic processes your personal data.
2.1 Bookings
2.1.1 Hotel Reservation
When you book a hotel room, optional products and services with us, regardless of whether the booking is made via our website, via an online booking channel, via our app, via a travel agency, directly through our hotels or via our booking centers, we process your Personal Data for the purpose of (a) giving you the opportunity to book a room according to your wishes, (b) administering and charging for your booking, (c) confirm the booking to you (booking confirmation) and (d) provide non-commercial communications to you by phone, email, SMS and/or push notifications (if you use our App). These messages may include information about any discrepancies and payment reminders, (e) provide you with offers related to your stay.
If you are a member of our loyalty program "Scandic Friends" and you choose to enter your membership number when booking, your booking details will be saved in your member profile. If you are not a member of Scandic Friends, but wish to become one, Personal Data from your booking may, with your permission, be used to create a member profile. Read more about how your Personal Data is processed in Scandic Friends under section 2.4 below.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name and date of birth) - Contact information (e.g. email address, telephone number, address) - Special categories of personal data (e.g. health data when booking a room for disabled access) - If applicable, Scandic Friends membership number - Other information you provide in connection with your booking (e.g. floor requests) - Debit or credit card number |
The processing is necessary for the performance of the contract with you (to provide hotel accommodation). For special categories of personal data, we obtain your consent. |
How Personal Data is collected | Recipients of Personal Data |
Depending on how you have made your booking: - Directly from you when information has been provided in our web form - Via the booking channel you've used - From the travel agency you've used - Directly from you when booking at our hotel - Through your Scandic Friends membership |
- The Scandic hotel where you have booked a hotel room - System service provider that provides and supports booking systems - Service provider for customer communication e.g. SMS, e-mail and push notifications - System Service Provider for Membership Programs |
Retention period: 14 months after the end of your stay, unless you have a membership in Scandic Friends where your booking details are saved in your member profile for as long as the membership is ongoing. |
2.1.2 Meeting and group booking
If you book a meeting room with us, either through us directly or through our subcontractors for meeting bookings, we process your Personal Data for the purpose of managing, administering, following up and charging for your booking.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name,) - Contact information (e.g. email address, telephone number, address) - If applicable, Scandic Friends membership number - Other information you provide in connection with your booking (e.g. requests for availability, allergies, equipment, etc.) |
The processing is necessary for the performance of the contract with you (to provide the booking). |
How Personal Data is collected | Recipients of Personal Data |
Depending on how you have made your booking: - Directly from you when information has been provided in our web form - Via the booking channel you've used - From the travel agency you've used - Directly from you when booking at our hotel |
- The Scandic hotel where you have your booking - System service provider that provides and supports the booking |
Storage period: The personal data is stored for as long as it is necessary to fulfil the purpose of the processing |
2.2 Other Services related to our hotels
At many of Scandic's hotels, we offer services such as restaurants and bars, breakfast, room service, minibar, pool and SPA treatments, laundry, parking, taxi order, free Wi-Fi, etc. If you use any of these Services at our hotels, your personal data may be processed in order to (a) administer those bookings and use of such additional service, (b) communicate and inform you about these bookings through our communication channels (e.g., email, SMS or phone), and (c) manage the costs incurred for such additional Services and/or facilities.
If, within the scope of the Services above, you provide us with sensitive Personal Data (e.g. information about allergies or other preferences), we will obtain your consent for us to process such data in order to take into account your wishes.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Contact information (e.g. email address, telephone number) - Scandic Friends membership number, if applicable - Possible appointment booked for the desired service - Sensitive personal data (e.g. information about allergies) - Other information you provide in connection with your booking (e.g. requests for seating arrangements) |
The processing is necessary for the performance of the contract with you (provision of service at our hotels). |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when the booking has been made - Via the booking channel you've used - Via your Scandic Friends membership - From the travel agency you've used |
- Companies that operate Scandic hotels or restaurants but are not part of the Scandic Group - The Scandic hotel where you have booked the desired service - Franchise Partners, if any, (e.g. if a reservation is made at a Franchisee's restaurant) - Service provider for the booking |
Retention period: 35 days after completion of the service in order to be able to handle any complaints. |
2.3 Hotel check-in and check-out
When you stay at a Scandic hotel, we process your Personal Data for the purpose of (a) managing your arrival and departure from our hotel, (b) assigning you a key card to the booked room, (c) handling information about credit cards and/or other means of payment to ensure payment for your stay, (d) administering Scandic Friends member-related matters such as paying hotel bills with points, (e) handle specific requests for your stay with Scandic according to your profile in Scandic Friends, (f) manage and possibly assess whether you qualify for a room upgrade and handle this if applicable, (g) handle payment for your stay, (h) prepare, print or send an invoice for your stay, (i) handle any customer service matters, and (j) pay commission to your travel agent (if applicable).
If you fail to show up without cancellation or make your cancellation too late in accordance with Scandic's booking rules, we will process your personal data for the purpose of (a) cancelling your stay and other bookings you may have made and (b) managing, processing and settling any outstanding amounts that may have fallen due.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Contact information (e.g. email address, telephone number, address) - Membership information (e.g. membership number and points balance) - Arrival and departure dates - Booking details (e.g. completed or future stay) - Special categories of personal data (e.g. allergy data) - Other information you provide in connection with your booking (e.g. floor requests) - Information about fellow travellers - Debit or credit card number |
The processing is necessary for the performance of the contract with you (provision of a booked hotel room). |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when booking and/or at check-in - Via the booking channel you've used - From the travel agency you've used |
- The Scandic hotel where you have booked the desired service - Service provider for the booking |
Retention period: 14 months after the end of your stay, unless you have a membership in Scandic Friends where your booking details are saved in your member profile for as long as the membership is ongoing. |
2.3.1 Handling Registration Cards
In order for Scandic to comply with the Swedish Police Authority's regulations (PMFS 2015:6 FAP 279-1), Chapter 6, Section 13 of the Aliens Ordinance (2006:97), non-Swedish citizens staying at Scandic's hotels must fill out a registration card. Persons who are permanently resident and registered in Sweden are exempt from filling in the registration card. In connection with the completion of the registration card, we check your identity, which means that an identity document is presented for verification. No copies of the identity document are taken or saved. However, we do document the number of the identity document.
Personal Data that is processed | Legal basis for the processing |
- Identity data (first and last name) - Date of birth - Domicile address - Arrival and departure date - Information on how the person has identified themselves (ID, driver's license, passport or other identification document) - Document number - Signature and date of the person |
The processing is based on a legal obligation in order to comply with the Police Authority's regulations |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you at check-in | - The Scandic hotel where you have booked a hotel room - The Police Authority in the event of a request |
Retention period: The registration card is deleted 3 months after the date the registration card was created |
2.4 Customer and loyalty clubs (Scandic Friends and Scandic Sports)
Scandic provides the loyalty clubs Scandic Friends and Scandic Sports.
Scandic Friends is for those who want to earn points when you stay at our hotels or visit our restaurants, and Scandic Sports is a membership that provides you and your sports teams with benefits (e.g. discounted prices at hotels).
If you are, or in connection with becoming a member, of Scandic Friends or Scandic Sports, we process your Personal Data for the purpose of providing, managing, administering, following up and maintaining your membership (e.g. giving you points for point-qualifying purchases). We also process your Personal Data for the purpose of informing, communicating, responding to inquiries from you about your membership and sending offers about our own, Franchisees' or partners' goods and Services.
Individual offers are based on previous choices you have made and which Services you have used. We use knowledge from your membership in Scandic Friends and Scandic Sports and the preferences you add to your member profile to create relevant offers about our Services that we can provide to you. We may send you offers via our communication channels and/or via social media and web advertising in places other than Scandic's websites. In these channels, we can provide you with information and offers about our own, Franchisees' or partners' goods and Services, for as long as a customer relationship between you and Scandic lasts (i.e. for up to 14 months after your last contact with us) or as long as you are a member of our loyalty clubs or subscribe to our newsletters/financial services
If you are not a Scandic Friends/Scandic Sports member, we may, with your permission, use your Personal Data that you provide to us, in connection with your use of our Services, to create a member profile for you (e.g. booking information).
We may share your Personal Data and other information about your membership (e.g., points balance) in accordance with Section 4. Recipients we share information with, for the purpose of, for example, giving you points for purchases that qualify for points.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name and date of birth) - Contact information (e.g. email address, telephone number, address) - Login details for your member profile - Booking details (e.g. completed or future stay) - Membership information (e.g. membership number and points balance) - Membership number and membership in other customer clubs (optional - to take advantage of partner offers) - Sports your sports team operates in - Shares you've shared in your member profile - Other information you have entered in your member profile (e.g. requests for floors, handicapped accessible rooms) - Buying behaviour |
The processing is necessary in order to fulfil the agreement entered into with you regarding your membership in Scandic Friends/Scandic Sports. For special categories of personal data, we obtain your consent. |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when you register for a Scandic Friends/Scandic Sports membership - From our partners who share information about whether there has been any kind of exchange of membership points between the programs - From your purchases and activities when you interact with Scandic, for example, stay, have meetings or have contact with our customer service |
- The Scandic hotel you have booked - Service provider for membership administration - Partners - System service provider of booking systems, customer case management, - Call Center/Customer Service Provider |
Retention period: Until the membership expires and a period of 14 months thereafter in order to e.g. be able to handle any bookings linked to the membership |
2.5 Marketing in own channels and in external digital channels
As a Scandic customer (if you have stayed with us or used any of our Services), we may send you offers via our communication channels (e-mail, text message, post or push notifications via our app). We may provide you with offers for our own, Franchisee's or partners' goods and Services, as long as a customer relationship between you and Scandic persists or as long as you are a member of our loyalty clubs or subscribe to our newsletters/financial services
When you visit our websites and have consented to us placing cookies on your computer, you will have a more relevant and inspiring customer experience. With the help of cookie data, a personalization system can follow your interactions on the site and thus present more relevant Services to you depending on which Services you view, add to your shopping cart and/or purchase.
If you have an account and log in, or use the same browser as a previous visit, our systems will be able to link your previous interactions with the site with your new visit. In this way, you will continue to be presented with more relevant products for you.
If you subscribe to our newsletters, we will process your Personal Data for the purpose of sending you offers or newsletters via our communication channels about our own, Franchisee's or partners' Services and products. We may also, if you have requested our financial reports and press releases, send these to you by email for the duration of your subscription.
If you no longer wish to receive newsletters or other direct marketing from us, you can either unsubscribe from our marketing messages by clicking on the unsubscribe link in the communications we send you, or contact us as provided in section 9. Contact us.
If you have started an order but have not completed it, we may send you an email to remind you of the order.
We want to provide you with a personalized experience by providing you with personalized advertising based on your interactions with us and analysis of your customer behaviour on our websites, such as your purchase and browsing history.
In order to select content that suits your interests, we may use information that we have collected from you as a member, or newsletter subscriber, or if you have purchased a service from us.
We work with advertising partners such as Meta and Google, who enable us to identify and communicate with the right customer segments and create and distribute personalized ad content. We may share the information we collect about you, as well as your encrypted email address, with our advertising partners. The purpose of this is to show you relevant ads on third-party websites and apps. In order to do this, we will check your data with the database of the advertising partner in question. If a match is found, you'll receive relevant promotional content in your feed on some social media sites. If no match is found, your data will be securely destroyed. Your personal data is handled securely using a technique called hashing. This means that your data is encrypted in such a way that it cannot be read by anyone other than the recipient for the explicitly stated purpose. Each advertising partner is the data controller for its own part of the processing, including any transfer of personal data to countries outside the EEA.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Membership information if you are a member of Scandic Friends - Contact information (e.g. email address, telephone number, address) - Booking details (e.g. completed or future stay) - The company you work for - User-generated data (e.g., purchase, click, and browsing history) |
The processing is based on our legitimate interest in sending direct marketing, or your consent to the extent that we collect data via cookies or other tracking technologies |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when booking a booking, in connection with our analysis of how you interact with us, or when you have given your consent to and chosen to subscribe to our newsletter. | - Service provider for newsletter management |
Retention period: We save personal data for as long as the customer relationship with you lasts, but you always have the right to object to our direct marketing, i.e. marketing from us via post, e-mail and SMS. You can do this by contacting us (see contact details below) or by unsubscribing directly in the mailing. |
2.5.1 Customer surveys
From time to time, we will send you customer surveys and also ask you to evaluate the Services you have purchased, in order to give you the opportunity to influence our product and service offering.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Contact information (e.g. email address, telephone number, address) - Booking details (e.g. booking references) |
The processing is based on our legitimate interest. |
How Personal Data is collected | Recipients of Personal Data |
- In connection with your use of any of our Services; | - Service provider for the management of customer surveys |
Storage period: 14 months after the end of your stay, unless you have a membership in Scandic Friends where your booking details are saved in your member profile for as long as the membership is ongoing. |
2.5.2 Competitions
From time to time, Scandic arranges competitions for our members via e-mails and via our social media pages. If you choose to participate in a competition we organise, we will process the Personal Data you provide in connection therewith, for the purpose of selecting and contacting a winner to distribute prizes.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Membership information if you are a member of Scandic Friends. - Contact information (e.g. email address, telephone number, address) - Competition entries |
The processing is based on our legitimate interest |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when you sign up to participate in a competition | - Service provider for the administration of competitions |
Retention period: 14 months after the end of your stay, unless you have a membership in Scandic Friends where your booking details are saved in your member profile for as long as the membership is ongoing. For other competitions, the data will be deleted when the competition is over. |
2.6 Gift card / voucher
It is possible to purchase gift cards through Scandic partners that can be used to pay for hotel rooms, be used in our restaurants or in connection with other Services offered by our hotels.
In order for a gift card to be valid, we need to process your, and if applicable, the gift card recipient's personal data.
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Contact information (e.g. email address, telephone number) |
The processing is necessary for the performance of the contract with you (provision of gift vouchers/vouchers) |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you in connection with the purchase of a gift card/voucher | - The Scandic hotel where the gift card/voucher is used - Gift card administration service provider - Scandic Friends member database |
Storage period: 14 months |
2.7 Handling of personal data in e-mail
In our daily work, we communicate with guests, members, partners and employees. Some of this contact is handled by e-mail and in connection with this, we also normally process personal data.
Personal Data that is processed | Legal basis for the processing |
- Contact information (e.g. name) - E-mail address - Unstructured data that the message may contain - Name and information of a third party provided by the person contacting Scandic in the e-mail |
-With regard to incoming e-mails, Scandic has a legitimate interest in receiving and receiving messages. For the continued processing of personal data received by e-mail to Scandic, the legal basis depends on the purpose to which the matter is linked. |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when an e-mail is sent to Scandic. - From anyone other than the person who sent the e-mail about the third party mentioned in the message. |
- Employees within the Scandic Group - Service Provider Managing Email Service Storage |
Storage period: As long as there is a purpose to save e-mails |
2.8 Legal obligations
Scandic will, as a result of law, court or government decision, process your Personal Data for the purpose of complying with a legal obligation imposed on us (e.g. obligations we have under the Tax Act, the Accounting Act, decisions from the police or other authorities) and the personal data that will be processed is that which is required by law, court or government decision. The personal data may include information about your name, payment information, booking details, contact details (e.g. email address, telephone number, address) or other details of your completed purchases (receipts, etc.).
Personal Data that is processed | Legal basis for the processing |
Personal data required by law, court or official decision. May include name, payment information, booking details, contact details (e.g. email address, telephone number, address) or other details of your completed purchases (receipts, etc.). | The processing is based on our obligation to comply with our legal obligations |
How Personal Data is collected | Recipients of Personal Data |
- In most cases, directly from you when you have been in contact with Scandic | - The authority requiring the communication of the data |
Retention period: In accordance with the relevant laws in force in the Member State |
2.9 Handling of customer service matters
We or our customer service subcontractor will process your Personal Data for the purpose of answering, assisting, following up or handling your customer service request. This includes the processing necessary to answer any questions you have asked us by phone, chat, email, social media or any of our other communication channels. We process your Personal Data, within the scope of this purpose, in order to investigate complaints, complaints or provide support, including technical support, to you.
Personal data and other information that you provide to us via social media in connection with a customer service case, will also be processed by the company behind the social media service (e.g. Meta). The provider of the social media channel will process your Personal Data as both a data processor to us (e.g. when the supplier processes data on our behalf for the purpose of reporting statistics about individuals who have communicated with us via our channels) or as a separate data controller (e.g. for the provision and administration of their service).
Personal Data that is processed | Legal basis for the processing |
- Identity data (e.g. name) - Contact information (e.g. email address, telephone number) - Information about past or future bookings |
The processing is based on our legitimate interest in handling customer service matters |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when you contact us in a customer service matter | - Customer Service Provider - The Social Media Provider - Chat Provider |
Retention period: Six months after the customer service case has been closed in order to be able to administer and offer any follow-up of your case |
2.10 Social media and online reviews
We may process your personal data when you communicate with us via our social media channels (e.g. Facebook, Instagram and LinkedIn) or if you give us reviews via e.g. TripAdvisor. The purpose of the processing is to (a) be able to respond to your questions or complaints that you have written on social media, (b) monitor what is written about us and what reviews you leave about us, and (c) to be able to identify opportunities and also improve our Services.
It is possible to write your own content on our social platforms. Keep in mind that everything that is written on our pages will be available to everyone who visits our pages and that you should therefore be careful about disclosing your personal data on these platforms.
Please also read the respective Privacy Policy and Cookie Policy applicable to the social media platforms you use.
Personal Data that is processed | Legal basis for the processing |
- All personal data that you write and publish on our social media platforms. | The processing is based on our legitimate interest in processing this personal data |
How Personal Data is collected | Recipients of Personal Data |
- Directly from you when you post information on our social media platforms or when you review us | - Online Reputation Monitoring Service Provider |
Retention period: The data remains until the user chooses to delete or change their data |
3. HOW LONG IS YOUR PERSONAL DATA STORED?
Your Personal Data is stored for as long as it is necessary to fulfil the purposes of our processing. Thereafter, we will securely delete or de-identify your Personal Data so that it is no longer possible to link it to you. Under each processing as stated above, there is a defined storage period. Please note, however, that we may retain information about you for a longer period of time if litigation is initiated or if required by applicable law.
Scandic deletes Personal Data in accordance with the law applicable from time to time and in accordance with the criteria set out above. This means, for example, that Scandic deletes or de-identifies your Personal Data when the purpose of the processing has been fulfilled.
4. RECIPIENTS WE SHARE INFORMATION WITH
Your Personal Data may be transferred to recipients within and outside the EU/EEA and Scandic will always enter into the necessary data processing agreements with the companies that process Personal Data on our behalf, where the purpose of this is to ensure an adequate level of protection for the Personal Data processing.
Our subcontractors will only process your Personal Data in accordance with our explicit instructions and may not, unless expressly stated, process your Personal Data for their own purposes. They are also required by law and contract to protect your Personal Data from unauthorized access and intrusion.
Receiver | Purpose | Legal basis for the transfer |
Franchisees | Scandic always remains the data controller for your Personal Data within your membership in Scandic Friends. However, we will transfer information about the same to the Franchisee in order for you to be awarded points for, for example, your stay at the Franchisee's hotel. In such cases, the Franchisee will act as a data processor to us and only process the Personal Data in accordance with our explicit instructions. | The processing is necessary in order to fulfil the agreement with you. |
Subcontractors for booking, customer service, IT and payment services | In order to fulfil the purposes of our processing, we enlist the help of other companies to fulfil our obligations to you. For this reason, we share your Personal Data with companies that provide Services to Scandic, for booking, customer service, analysis services, communication and delivery of marketing material. We also share your Personal Data with companies that handle the operation, storage, technical support and maintenance of our IT solutions. Furthermore, we disclose your Personal Data to payment service providers who provide payment services to us, in order to be able to receive payment from you. | The processing is necessary in order to fulfil the agreement with you. |
Subcontractors for analytics, marketing, IT operations and security | In order to fulfill the purpose of being able to perform analysis services, marketing to our customers and managing IT operations, storage, technical support and maintenance of our IT services, we share your Personal Data with companies that deliver these Services for us. | The processing is based on our legitimate interest in being able to carry out direct marketing to our customers, and to ensure adequate protection for the data we are responsible for. |
4.1 Other recipients
We will, where applicable, transfer your Personal Data to recipients other than those stated above if it is necessary to fulfil the purposes below.
Receiver | Purpose | Legal basis for the transfer |
Authorities | We disclose Personal Data about you to authorities if we are required by law to do so. | The processing is necessary in order to comply with legal obligations. |
Debt collection agencies | If you do not pay, we will transfer your Personal Data to a debt collection agency for the purpose of collecting your debt to us. | The processing is based on our legitimate interest in getting paid. |
Court, Defendants, etc. | In connection with a legal dispute, we will, if necessary, transfer your Personal Data to a court, authority or counterparty in order to protect our rights. | The processing is based on our legitimate interest in being able to safeguard our rights. |
Transfer of a business or other transfer of a business | If Scandic reorganizes its business, or if another company acquires Scandic or parts of our business, we will share your data with the third party who conducts the due diligence process and with the party that acquires all or part of the business and who will assume the rights and obligations with respect to the information described in this Privacy Policy. | The processing is necessary in order to satisfy our legitimate interest in carrying out divestments, reorganisations or mergers. |
5. HOW IS YOUR PERSONAL DATA PROTECTED?
Protecting your personal data is of the utmost importance to Scandic, which is why we have implemented the necessary organizational and technical security measures to ensure that your Personal Data is protected against e.g. loss, manipulation and unauthorized access. These measures include, among other things, training for our employees, processes for how we handle information and how we build our IT infrastructure.
The purpose of our information security activities is to implement an appropriate level of information asset protection and preventive risk measures.
Our employees receive training in data protection and are responsible for fulfilling their obligations. Our partners are also obliged to ensure that their employees comply with the same regulations as we do, and that their employees meet the requirements for processing personal data.
We continuously adapt our security measures to continuous technological developments in order to maintain a high level of security.
6. OTHER PEOPLE'S APPLICATIONS/WEBSITES
Scandic's Services may contain links to other applications or websites that are not controlled by Scandic. This Privacy Policy is only applicable to your use of Scandic's own Services. Scandic is not responsible for the content of linked applications/websites and the processing of Personal Data that may be carried out by owners or operators of these.
7. COOKIES
Scandic uses cookies through its digital Services that automatically collect Personal Data about you (e.g. IP address and behaviour patterns). We use cookies in order to improve your experience and the security of our digital Services (e.g. to remember your preferred language, offer the ability to remember passwords and usernames for Scandic Friends, and make it easier for you to navigate our website).
When you use our website, we also collect anonymized information about you via an analysis tool. The data from the analyses we carry out forms the basis for the development of our IT systems, website and product and service offering. However, information from the analysis can never be linked to you, but is only used for statistical purposes.
Information about how Scandic uses cookies, what Personal Data we collect via cookies, what they are used for and how you can manage them can be found in Scandic's Cookie Policy (https://www.scandichotels.se/kundservice/priser-och-bokningsregler/cookie-policy).
8. YOUR RIGHTS
Data protection legislation gives you a number of rights in relation to our processing of your Personal Data. If you would like to exercise your rights, please send an email to gdpr@scandichotels.com or visit one of our hotels and speak to the reception and they will help you.
• Access to your Personal Data
You have the right, free of charge, to request confirmation from us that we process your Personal Data, as well as request access to the Personal Data that we process about you, together with information about the processing and your rights in connection therewith, a so-called register extract.
• Request rectification
If you believe that any Personal Data that we process about you is incorrect or incomplete, you have the right to request correction of the Personal Data. Please note in particular that Scandic is not responsible for problems that arise as a result of your Personal Data being incorrect if you have failed to inform us thereof.
• Withdraw consent with effect for the future
To the extent that we process your Personal Data on the basis of your consent, you have the right to withdraw your consent to the processing at any time. The revocation does not apply retroactively.
• Object to processing for direct marketing purposes
As mentioned above, you have the right to object to processing for direct marketing purposes. You can unsubscribe from further processing by either clicking on the unsubscribe link in the mailing or contacting us (see contact details below).
• Object to certain processing
You have the right to object to processing that is based on our legitimate interest if you have personal reasons related to the situation. However, we may continue to process your Personal Data, despite the fact that you have objected to the processing, if we have legitimate grounds for doing so that outweigh your privacy interest.
• Deletion
You have the right to request the deletion of your Personal Data if the Personal Data is no longer needed for the purposes for which it was collected. You can also have the Personal Data deleted if you have withdrawn your consent.
• Restriction of processing
You have the right to request that the processing of your Personal Data be restricted. Please note, however, that in some cases we may not be able to provide you with all of our Services.
• Data portability
You have the right to receive the Personal Data that we process about you in a commonly used, structured and machine-readable format and have the right to transmit this data to another data controller. The right to data portability, as opposed to the right to register extracts, only applies to the Personal Data you have provided to us that we process automatically with the support of consent or the performance of an agreement.
• Lodge a complaint with a supervisory authority
If you are not satisfied with our processing or for other reasons believe that we have processed your Personal Data incorrectly, you have the right to lodge a complaint with the supervisory authority for data protection, which in Sweden is the Swedish Authority for Privacy Protection (IMY).
9. WHO DO YOU CONTACT IF YOU HAVE ANY QUESTIONS?
If you have any questions, comments or complaints about our processing of your Personal Data, our compliance with this Privacy Policy or if you wish to have any of your rights met, you are welcome to contact us (see contact details below).
Contact:
Scandic Hotels Holding AB, 556723-5725 Box 6197, 102 33 Stockholm, Sweden
Email: gdpr@scandichotels.com
Telephone number: 08 – 517 350 00
Privacy Policy last updated: 2024-05-08
Contact us
Scandic
P.O. Box 6197
SE-102 33 Stockholm
Sweden
Visiting address: Sveavägen 167