Summary of data protection at Scandic Hotels Holding AB
This privacy policy ("Privacy Policy") describes how Scandic Hotels Holding AB, (org.nr 556723-5725) ("Scandic Group") together with the companies that are part of the group (Scandic Hotels AB, Scandic Hotels AS, Scandic Hotels A/S, Scandic Hotels Oy, Scandic Hotels Deutschland GmbH) uses information that we collect, or that you as a guest, customer or supplier provide to us for following main reasons:
- To be able to manage and administer your booking at our hotels
- To be able to manage your membership in Scandic Friends and/or Scandic Sports
- In order to be able to respond to questions or comments received via e-mail to you, we need to process e-mail, name and any other personal data provided via e-mail.
- In order to be able to fulfil the legal obligations imposed on us by, for example, the Accounting Act , we need to store accounting data, which may contain personal data, for a prescribed period of time, and
We have security in place to protect ourselves against external and internal threats and process technical logs where personal data may be found. You can find information on how to contact us under the heading Who to contact if you have any questions below.
Privacy Policy
1. Background, Scope and Responsibily for personal data
| Personal Data that is processed | Legal basis for the processing |
|---|---|
- Identity data (e.g. name and date of birth). - Contact information (e.g. email address, telephone number, address). - Special categories of personal data (e.g. health data when booking a room for disabled access). - If applicable, Scandic Friends membership number. - Other information you provide in connection with your booking (e.g. floor requests). - Debit or credit card number. | - The processing is necessary for the performance of the contract with you (to provide hotel accommodation). |
2.2 Other Services related to our hotels
At many of Scandic's hotels, we offer services such as restaurants and bars, breakfast, room service, minibar, pool and SPA treatments, laundry, parking, taxi order, free Wi-Fi, etc. If you use any of these Services at our hotels, your personal data may be processed in order to (a) administer those bookings and use of such additional service, (b) communicate and inform you about these bookings through our communication channels (e.g., email, SMS or phone), and (c) manage the costs incurred for such additional Services and/or facilities.
If, within the scope of the Services above, you provide us with sensitive Personal Data (e.g. information about allergies or other preferences), we will obtain your consent for us to process such data in order to take into account your wishes.
| Personal Data that is processed | Legal basis for the processing |
|---|---|
- Identity data (e.g. name). |
2.3 Hotel check-in and check-out
When you stay at a Scandic hotel, we process your Personal Data for the purpose of (a) managing your arrival and departure from our hotel, (b) assigning you a key card to the booked room, (c) handling information about credit cards and/or other means of payment to ensure payment for your stay, (d) administering Scandic Friends member-related matters such as paying hotel bills with points, (e) handle specific requests for your stay with Scandic according to your profile in Scandic Friends, (f) manage and possibly assess whether you qualify for a room upgrade and handle this if applicable, (g) handle payment for your stay, (h) prepare, print or send an invoice for your stay, (i) handle any customer service matters, and (j) pay commission to your travel agent (if applicable).
If you fail to show up without cancellation or make your cancellation too late in accordance with Scandic's booking rules, we will process your personal data for the purpose of (a) cancelling your stay and other bookings you may have made and (b) managing, processing and settling any outstanding amounts that may have fallen due.
| Personal Data that is processed | Legal basis for the processing |
|---|---|
2.4 Customer and loyalty clubs (Scandic Friends and Scandic Sports)
Scandic provides the loyalty clubs Scandic Friends and Scandic Sports. Scandic Friends is for those who want to earn points when you stay at our hotels or visit our restaurants, and Scandic Sports is a membership that provides you and your sports teams with benefits (e.g. discounted prices at hotels).
If you are, or in connection with becoming a member, of Scandic Friends or Scandic Sports, we process your Personal Data for the purpose of providing, managing, administering, following up and maintaining your membership (e.g. giving you points for point-qualifying purchases). We also process your Personal Data for the purpose of informing, communicating, responding to inquiries from you about your membership and sending offers about our own, Franchisees' or partners' goods and Services.
Individual offers are based on previous choices you have made and which Services you have used. We use knowledge from your membership in Scandic Friends and Scandic Sports and the preferences you add to your member profile to create relevant offers about our Services that we can provide to you. We may send you offers via our communication channels and/or via social media and web advertising in places other than Scandic's websites. In these channels, we can provide you with information and offers about our own, Franchisees' or partners' goods and Services, for as long as a customer relationship between you and Scandic lasts (i.e. for up to 14 months after your last contact with us) or as long as you are a member of our loyalty clubs or subscribe to our newsletters/financial services
If you are not a Scandic Friends/Scandic Sports member, we may, with your permission, use your Personal Data that you provide to us, in connection with your use of our Services, to create a member profile for you (e.g. booking information).
We may share your Personal Data and other information about your membership (e.g., points balance) in accordance with Section 4. Recipients we share information with, for the purpose of, for example, giving you points for purchases that qualify for points.
2.5 Marketing in own channels and in external digital channels
As a Scandic customer (if you have stayed with us or used any of our Services), we may send you offers via our communication channels (e-mail, text message, post or push notifications via our app). We may provide you with offers for our own, Franchisee's or partners' goods and Services, as long as a customer relationship between you and Scandic persists or as long as you are a member of our loyalty clubs or subscribe to our newsletters/financial services.
When you visit our websites and have consented to us placing cookies on your computer, you will have a more relevant and inspiring customer experience. With the help of cookie data, a personalization system can follow your interactions on the site and thus present more relevant Services to you depending on which Services you view, add to your shopping cart and/or purchase.
If you have an account and log in, or use the same browser as a previous visit, our systems will be able to link your previous interactions with the site with your new visit. In this way, you will continue to be presented with more relevant products for you.
If you subscribe to our newsletters, we will process your Personal Data for the purpose of sending you offers or newsletters via our communication channels about our own, Franchisee's or partners' Services and products. We may also, if you have requested our financial reports and press releases, send these to you by email for the duration of your subscription.
If you no longer wish to receive newsletters or other direct marketing from us, you can either unsubscribe from our marketing messages by clicking on the unsubscribe link in the communications we send you, or contact us as provided in section 9. Contact us.
If you have started an order but have not completed it, we may send you an email to remind you of the order.
2.6 Gift card / voucher
It is possible to purchase gift cards through Scandic partners that can be used to pay for hotel rooms, be used in our restaurants or in connection with other Services offered by our hotels. In order for a gift card to be valid, we need to process your, and if applicable, the gift card recipient's personal data.
| Personal Data that is processed | Legal basis for the processing |
|---|---|
- Identity data (e.g. name). - Contact information (e.g. email address, telephone number). | - The processing is necessary for the performance of the contract with you (provision of gift vouchers/vouchers). |
3. How long is your personal data stored?
Your Personal Data is stored for as long as it is necessary to fulfil the purposes of our processing. Thereafter, we will securely delete or de-identify your Personal Data so that it is no longer possible to link it to you. Under each processing as stated above, there is a defined storage period. Please note, however, that we may retain information about you for a longer period of time if litigation is initiated or if required by applicable law.
Scandic deletes Personal Data in accordance with the law applicable from time to time and in accordance with the criteria set out above. This means, for example, that Scandic deletes or de-identifies your Personal Data when the purpose of the processing has been fulfilled.
4. Recipients we share information with
Your Personal Data may be transferred to recipients within and outside the EU/EEA and Scandic will always enter into the necessary data processing agreements with the companies that process Personal Data on our behalf, where the purpose of this is to ensure an adequate level of protection for the Personal Data processing.
Our subcontractors will only process your Personal Data in accordance with our explicit instructions and may not, unless expressly stated, process your Personal Data for their own purposes. They are also required by law and contract to protect your Personal Data from unauthorized access and intrusion.
| Receiver | Purpose | Legal basis for the transfer |
|---|---|---|
Franchisees | Scandic always remains the data controller for your Personal Data within your membership in Scandic Friends. However, we will transfer information about the same to the Franchisee in order for you to be awarded points for, for example, your stay at the Franchisee's hotel. In such cases, the Franchisee will act as a data processor to us and only process the Personal Data in accordance with our explicit instructions. | The processing is necessary in order to fulfil the agreement with you. |
Subcontractors for booking, customer service, IT and payment services. | In order to fulfil the purposes of our processing, we enlist the help of other companies to fulfil our obligations to you. For this reason, we share your Personal Data with companies that provide Services to Scandic, for booking, customer service, analysis services, communication and delivery of marketing material. We also share your Personal Data with companies that handle the operation, storage, technical support and maintenance of our IT solutions. Furthermore, we disclose your Personal Data to payment service providers who provide payment services to us, in order to be able to receive payment from you. | The processing is necessary in order to fulfil the agreement with you. |
Subcontractors for analytics, marketing, IT operations and security. | In order to fulfill the purpose of being able to perform analysis services, marketing to our customers and managing IT operations, storage, technical support and maintenance of our IT services, we share your Personal Data with companies that deliver these Services for us. | The processing is based on our legitimate interest in being able to carry out direct marketing to our customers, and to ensure adequate protection for the data we are responsible for. |
4.1 Other recipients
We will, where applicable, transfer your Personal Data to recipients other than those stated above if it is necessary to fulfil the purposes below.
| Receiver | Purpose | Legal basis for the transfer |
|---|---|---|
Authorities | We disclose Personal Data about you to authorities if we are required by law to do so. | The processing is necessary in order to comply with legal obligations. |
Debt collection agencies | If you do not pay, we will transfer your Personal Data to a debt collection agency for the purpose of collecting your debt to us. | The processing is based on our legitimate interest in getting paid. |
Court, Defendants, etc. | In connection with a legal dispute, we will, if necessary, transfer your Personal Data to a court, authority or counterparty in order to protect our rights. | The processing is based on our legitimate interest in being able to safeguard our rights. |
Transfer of a business or other transfer of a business | If Scandic reorganizes its business, or if another company acquires Scandic or parts of our business, we will share your data with the third party who conducts the due diligence process and with the party that acquires all or part of the business and who will assume the rights and obligations with respect to the information described in this Privacy Policy.
| The processing is necessary in order to satisfy our legitimate interest in carrying out divestments, reorganisations or mergers. |
5. How is your personal data protected?
Protecting your personal data is of the utmost importance to Scandic, which is why we have implemented the necessary organizational and technical security measures to ensure that your Personal Data is protected against e.g. loss, manipulation and unauthorized access. These measures include, among other things, training for our employees, processes for how we handle information and how we build our IT infrastructure.
The purpose of our information security activities is to implement an appropriate level of information asset protection and preventive risk measures.
Our employees receive training in data protection and are responsible for fulfilling their obligations. Our partners are also obliged to ensure that their employees comply with the same regulations as we do, and that their employees meet the requirements for processing personal data.
We continuously adapt our security measures to continuous technological developments in order to maintain a high level of security.
6. Other people's applications/websites
Scandic's Services may contain links to other applications or websites that are not controlled by Scandic. This Privacy Policy is only applicable to your use of Scandic's own Services. Scandic is not responsible for the content of linked applications/websites and the processing of Personal Data that may be carried out by owners or operators of these.