Hotell Antonius OÜ (hereafter “we”) places a high value on the privacy of every client (hereafter “you“). This Privacy Notice explains the types of data we collect about you, why we collect this data and what we do with the data.
1. Who are we?
2. What data do we collect concerning you, and from whom do we obtain the data?
3. Why do we need your data? What happens if you do not present us with the data?
4. What is the legal basis for the processing of your data?
5. With whom do we share your data?
6. How long do we store your data?
7. What are your rights concerning your data?
Who are we?
Hotel Antonius is a boutique hotel located in the heart of Tartu, which was opened in 2009.
Hotell Antonius OÜ
Ülikooli 15, 51003 Tartu
VAT code: EE101674102
We apply the necessary technical, physical and organisational security measures to protect your personal data against losses, destruction and unauthorised access.
Should you have questions about the information in the Privacy Notice then contact us at e- mail address firstname.lastname@example.org.
What data do we collect concerning you, and from whom do we obtain the data?
We collect the following types of data about you:
- Personal data: your first and family name, date of birth, passport or ID card data
- Contact data: your residential address, phone number and e-mail address
- Guest registration card data: this is data required by the tourism legislation concerning visitors to places with accommodation – date of birth, your citizenship, address; name of your accompanying spouse and underage children, date of birth, accommodation provision dates
- Credit card data: your card number and expiry date
- Car data: car registration number if necessary
- Surveillance camera recordings – when you visit our accommodation, the premises or other rooms may be equipped with video or other electronical or digital surveillance systems or equipment for security reasons.
- Data concerning personal preferences
Usually, you will provide the data yourself when you make a booking or a query on our website, by phone or e-mail, or when you purchase services directly from us at the location.
Your data is also forwarded to us by travel companies, booking companies and other persons involved in the intermediation of accommodation services, through which you have ordered the accommodation or other services provided by us. We will forward the Privacy Notice at the first possible opportunity after receiving the data, if we did not receive the data directly from you.
Why do we need your data? What happens if you do not present us with the data?
We use your data to provide the accommodation and/or other services you have ordered from us, as well as for fulfilling the obligations placed on us through the legislation regulating our activities and general business aims, such as:
- Personal data – this data is required for identifying your person, which is important to ensure that the services are provided to the person for whom they were actually ordered.
- Contact data – this data is required to contact you. We will most often contact you by phone or e-mail; however, under certain circumstances, it may be necessary to use your residential address (e.g. when other means of communication fail to function).
- Guest registration card data – we have an obligation, according to tourism legislation, to collect this data. The aim of this data collection is to avoid problems; for example, the dangers inherent in illegal immigration.
- Credit card data – this data is required if, based on our general conditions and/or accommodation agreement we have the right to block a certain amount on your credit card, as a payment for the services ordered or as compensation for expenses.
- Car data – this data is required in case you have arrived to our hotel by car and would like to have parking fee added to your room bill.
- Surveillance camera recordings – this data is required for security reasons.
- Data concerning your personal preferences – we will use such data, when we request it or when you voluntarily offer it, to offer you better services based on your desires and interests.
We are not able to provide you with accommodation services if you do not present us with the guest registration card data.
What is the legal basis for the processing of your data?
We rely on different legal bases for the processing of your data:
- The need to create a contractual relationship with you, or to fulfil an agreement that has been signed.
- You always have the right to revoke your agreement, if we rely on your permission when processing your personal data.
- The need to fulfil our legal obligations (e.g. completing and storing guest registration cards for a period of 2 years).
- The need to carry out our legitimate interests, including the management of the company and the general realisation of its business activities, as well as the discovery of legislation violations and fraud.
- The need to protect your vital interests or those of other persons (e.g. releasing your data to ambulance workers in the case of an accident).
- Other legally permitted bases.
With whom do we share your data?
We do not share the information you have entrusted to us, except in limited cases which are described below, and cases that are necessary for fulfilling the aims described in this Privacy Notice:
- Service providers: like many other companies, we may order data processing services from reputable third party service providers – for example, IT and consultation services;
- Public authorities and state institutions: we may share the data if we are legally obligated to share the data with public institutions, or if the data sharing is necessary to ensure the protection of our rights;
- Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other persons responsible for providing consultation services;
- Third parties related to the company transactions: occasionally, we may share your data with third parties related to a corporate transaction, such as the selling of a company or a part thereof to another company. Similarly, a company reorganisation, joint company creation, and the relocation of company assets or shares through other means may require the sharing of data.
We will ensure the protection of your data if we share your data with the abovementioned persons, through establishing a data processing agreement between us and such persons.
We do not store or forward your data outside the European Economic Area or to countries to which the Directive 95/46/EC Article 25(6) does not apply, or if a decision concerning sufficient protection has not been made based on the directive’s subsequent document, which is the General Data Protection Regulation (EU) 2016/679 Article 45(1).
How long do we store your data?
We will store your data for as long as it is necessary for the purpose of fulfilling our different data processing aims.
The company shall consider the following criteria when storing personal data:
- The data will be stored for as long as it is necessary for the purpose of providing our services.
- If the person has a client account or a loyalty card, then the personal data will be stored for as long as the account / card is active, or for as long as is required in order to offer personalised services.
- When the company has a legal, contractual or other similar obligation for storing the personal data, then the data will be stored for as long as is required to fulfil such an obligation.
- After the end of the contractual relations, certain data will be stored for as long as the person (data subject) or the company itself has the right to present demands to the other party based on a contract.
Guest registration card data, for example, is stored for a period of 2 years from the moment when the card is filled in according to the requirements of the tourism legislation. Guest’s name, contact data, accommodation provision dates and personal preferences is collected in need to create a contractual relationship and fulfil an agreement between hotel and guest, therefore this data is stored for a period of 10 years until the expiration of the contractual obligations.
We will store your contact data until you revoke your agreement, if you have given us permission to forward direct marketing materials.
What are your rights concerning your data?
Your rights as a data subject are:
1. Right to data access –– you have the right to know what data concerning yourself is being stored, and how that data is processed.
2. Right to data rectification – you have the right to demand corrections to your personal data, in cases where it is inaccurate.
3. Right to data erasure (“right to be forgotten“) – you have the right, under certain conditions, to request that we erase your personal data (e.g. if we no longer need the data, if you revoke the agreement giving us the right to process the data, etc.).
4. Right to restrict data processing – you have the right, under certain circumstances, to forbid or restrict the processing of your personal data for a certain period (e.g. if you have submitted an objection concerning the data processing).
5. Right to present objections – you have the right to present objections concerning the processing of your personal data, considering the concrete situation, if the data processing is taking place according to our legitimate interests or the interests of the general public. Objections to the processing of data for direct marketing purposes can be made at any time.
6. Right to data portability – you have the right to demand that the data you have forwarded to us is transferred to you in a machine-readable format. You may also demand that the data be transferred directly to another controller, but only if such a transfer is technically possible. The right to a data transfer is only valid for the data which we are processing based on your permission, or for fulfilling a contract signed with you.
7. Automatic decision-making (incl. profile analysis) you may demand that a decision is not made based solely on automatic processing, if we have informed you that we use decision- making (incl. a profile analysis) based on automatic processing which has resulted in legal consequences concerning yourself.
Please contact us via the e-mail address email@example.com if you have questions concerning the information in this notice, or if you wish to present an application for the fulfilling of your rights as a data subject.
We will do our best to address your application and desires in a timely manner, and on a complimentary basis, except in cases where the costs are disproportionately high. You may turn to the Data Protection Inspectorate if you are not satisfied with the response we have offered.