Privacy Policy

Adopted 2016-04-04

Within Scandic Hotels AB (org. nr. 556299-1009) a Swedish limited company with its registered office at Sveavägen 167, 102 33 Stockholm, Sweden, and other Scandic companies, we process Personal Data for users, customers and members of Scandic Friends who use our services (the "Services"). We safeguard your privacy and comply with legislation applicable from time to time intended to protect you as a private person. Scandic Hotels AB, companies within the Scandic group and the HTL group, partner hotels and franchise hotels are hereinafter jointly referred to as "Scandic".  

Scandic Hotels AB is the controller of Personal Data with respect to the Services, but other Scandic companies may operate as processors or co-controllers of some Personal Data e.g. with regard to hotel reservations. "Personal Data" means any and all information which can be directly or indirectly linked to a living natural person.

We strive to maintain a high level of protection of personal privacy. Scandic uses Personal Data primarily to administer, provide, develop and maintain the Services, process your reservations, optimise your experience with respect to the Services and individualise the communication with you. Please read this Privacy Policy carefully to understand how and for what purposes we process your Personal Data. By providing your Personal Data to us and accepting the applicable terms and conditions, you consent to your Personal Data being processed in accordance with the provisions set forth in the separate terms and conditions for each Service and this Privacy Policy. If a more specific consent is required from you by law, we will of course ask you for such specific consent.

This Privacy Policy together with Scandic Friends Membership Terms and Conditions, Scandic Reservation Terms and Conditions, Webbsite Terms and Conditions, Scandic’s Cookie Policy and any other separate terms and conditions governing Scandic’s processing of Personal Data from time to time, are together referred to as the "Privacy Terms". The Privacy Terms state the basis for the manner in which we process Personal Data that you provide to us when you use the Services or that we collect regarding you. Thus, with respect to some of our Services, there are also separate terms and conditions for the processing of Personal Data that you accept when you use each Service.

Changes to this Privacy Policy are announced by the new terms and conditions being published on Scandic's webbsites and we therefore recommend that you regularly review these.

If you add Personal Data regarding other people, you are responsible for ensuring that Scandic may also process that Personal Data in accordance with the applicable Privacy Terms.

1. Collection and processing of Personal Data

Scandic collects and processes your Personal Data only where permitted by law. The collection and processing may take place when you use the Services, e.g. make a reservation or during and after your stay. We use various methods to collect Personal Data such as cookies, web beacons, customer surveys and membership services. At various times, Scandic compiles or imports Personal Data from databases (e.g from Facebook or Google) within and outside Scandic. From time to time we receive Personal Data regarding you from companies within Scandic, cooperation partners and other information that may be added to your profile (if a profile has been created). 

It is important for Scandic to keep your Personal Data up to date and accurate at all times, why we may import Personal Data about you from external sources such as public registers.

When the law requires that consent be obtained for the processing of certain types of Personal Data or for certain forms of processing, consent will be obtained from you before processing takes place.

2. Information from and about you that we collect and process

We only collect Personal Data relevant for the purpose described in the separate terms and conditions for each Service and this Privacy Policy. The information we may collect is, for example, information regarding name, address, telephone number, email address, IP address, information to facilitate the use of the Services (such as login), default language, user history, information about membership, information about your travelling companions, reservation preferences, payments, employment, emergency contacts, food requirements, disabled access and other information you provide when using the Services. Examples of Personal Data collected from companies outside Scandic may include, updated address information and demographic information.

3. Purposes for which we process your Personal Data

Scandic collects Personal Data for different purposes. The Personal Data collected, and the manner in which it is collected, depends on what Services you use. Information collected from a Scandic Friends member or customer is used to build an individual profile through which Scandic can fulfil its contractual obligations and also offer a more flexible and individualised experience. Information regarding an unidentified person is used to build a pseudo profile, among other things, based on cookies and may, if the individual later chooses to identify himself, for example by making a reservation or becoming a Scandic Friends member, be connected with the profile thus created. For more information please refer to our Privacy Terms.

Scandic uses Personal Data to:

  1. administer, provide, develop and maintain the Services,
  2. process your reservations and orders for Services,
  3. contact you by, for example, SMS, other mobile applications or email, or to notify you regarding the status of your reservation or information connected to your reservation prior, during and after your stay,
  4. diagnose errors, optimise technology and be able to contact you in case of problems related to a reservation or performance of the Services,
  5. analyse and improve the quality and experience of the Services, for example, verify that your user account is not being used by others,
  6. individualise communication with you regarding our Services, for example, by creating a profile for you and sending you offers that fit your profile as a user of our Services,
  7. analyse statistics and user behaviour of our Services,
  8. improve your benefits and experience of our Services in other ways we believe you would appreciate, or promote services and products, directly or not, including behavioural marketing.

You are entitled, at any time and without charge, to request that Scandic refrain from processing your Personal Data for marketing purposes or revoke your consent thereto. You may exercise this right by contacting Scandic at the address in Section 10.

4. Where we store as well as transfer your Personal Data 

Scandic stores Personal Data in compliance with this Privacy Policy and applicable legislation. Personal Data may be transferred between Scandic entities for the sake of their processing for the purposes contemplated under the Privacy Terms. Scandic uses subcontractors, for example, for computer operations, and Personal Data may be transferred to these subcontractors. Our subcontractors process your Personal Data only on behalf of Scandic, as per our instructions and only after they have executed a data processor agreement pursuant to applicable law, in order to enable us to ensure a high level of protection for your Personal Data.

Scandic may disclose Personal Data to third parties such as the police or other public authority, if the matter concerns the investigation of a crime, or Scandic is otherwise required to disclose such information by law or decision of a public authority.

Generally, Scandic does not transfer Personal Data to countries outside the EU/EEA; however, if we, for example, have a subcontractor located in a country outside the EU/EEA or it is necessary for us in order to fulfil our contractual obligations towards you, a transfer of Personal Data outside the EU/EEA may take place even if that country does not have an adequate level of protection for Personal Data according to the EU Commission. To ensure a high level of protection for your Personal Data in those situations and compliance with EU/EEA regulations, Scandic enters into data processor agreements with such subcontractors. Such processor agreement will regulate the subcontractors' processing of the Personal Data and, when applicable, the transfer of Personal Data, pursuant to applicable EU/EEA data protection regulation. The agreements contain terms and conditions which the European Commission requires and which fulfil the requirements of applicable data protection laws.

5. Protection and deletion of Personal Data

Scandic has taken appropriate technical and organisational measures to protect your data against, for example, loss, manipulation or unauthorised access. We adapt our security measures to meet the continuous development of technology.

Scandic deletes Personal Data in accordance with applicable law. This means, for example, that Scandic deletes or depersonalises Personal Data when there is no longer a purpose for processing the Personal Data. The purposes for which we process your Personal Data are described in Section 3 above and the Privacy Terms.

6. Other applications/websites

The Services may contain links to other applications and/or websites not controlled by Scandic. This Privacy Policy is only applicable to your use of the Services. Scandic is not responsible for the content of linked applications/websites and the processing of Personal Data that might be undertaken by the owner or operator of linked websites.

7. Change, delete and review your Personal Data

Scandic Hotels AB ensures that other Scandic companies receive clear guidelines concerning the processing of Personal Data and defines the purposes for which Scandic will use Personal Data. If your Personal Data change, please inform Scandic of this by sending a message to the address in Section 10. Scandic is not responsible for problems which arise due to data being out of date or inaccurate if you have failed to inform us of such changes.

Scandic will, upon your request or whenever discovered by Scandic, correct or delete inaccurate or incomplete information. You are also entitled without charge to receive a transcript of the Personal Data being processed about you. Requests for transcripts must be made in writing to Scandic Hotels AB to the address stated in Section 10 and shall be signed by you and contain your name, post address, phone number, email address (used in communication with Scandic) and Scandic Friends membership number (if any). The transcript will be sent to your registered address within one month of the date the request is received by Scandic. The frequency of which you are entitled to receive such transcripts may vary depending on where you are domiciled.

You may at any time revoke your consent to further processing (not retroactively) of your Personal Data by contacting Scandic at the address set out in Section 10, whereupon Scandic will block such information from further processing. However, a withdrawal of consent may lead to deteriorated Services or impossibility for Scandic to provide Services.

8. Cookies

Scandic uses cookies in relation to its digital services. Further information regarding how Scandic uses cookies, what they are used for and how you can avoid them are stated in Scandic's Cookie Policy applicable from time to time.

9. Assignment

If we sell, re-organize or otherwise transfer all or part of our business, your Personal Data may be transferred simultaneously.

10. Contact

If you have any questions, comments or complaints related to Scandic’s processing of Personal Data and compliance with the Privacy Terms or applicable legislation on the protection of Personal Data, please send a letter to Scandic Hotels AB, Att: Legal & Finance department, Box 6197, 102 33 Stockholm. If necessary Scandic Hotels AB will ensure that your letter is transferred to and handled by the relevant Scandic company.