Personal data protection declaration and GDPR
Your data protection is important to Hotell Arendal and we are committed to protecting the integrity, availability and confidentiality of your personal information. All processing of personal data by Hotell Arendal shall comply with the data protection regulations at any given time, including the GDPR and the Personal Data Act. This personal data protection declaration provides in-depth information about what personal data is collected, how data is collected, and what rights you have if personal data about you is registered with us.
Hotell Arendal AS determines the purpose of the processing of personal data and the suppliers to be used. In our assessment we therefore consider Arendal Hotell AS controller for the personal data that is processed by the hotel.
Our processing of personal data
In connection with bookings made by you or by others on your behalf, we process the personal data we need to fulfill the agreement for booking and purchase of services. This is information which you have given us directly or via travel or other agents. For example, we process information about your identity, your contact details and your payment details. In certain cases, we store your passport number. We also process other information you may have given us which is relevant to your stay with us. This could be information about special requests for your stay. We record all purchases and orders you make with us in order to provide such services and to enable you to pay for them.
We process this information for as long as necessary for fulfilling the booking agreement with you, and also as far as this is imposed on us by current legislation or official requirements.
Personal data will first and foremost be used to deliver necessary services. Personal data may also be used to send you news and offers from the hotel, if you have consented. Such communication will be sent by email.
To be able to enter into and comply with hotel agreements, it is necessary to process personal data such as names and contact information of contact persons at customers in both public and private sectors. In order to maintain the hotel agreement, we need to keep personal data of contact persons at customers for agreements that last from 1 to 5 years.
If you contact our customer service or otherwise approach us with an inquiry, we will process the personal data you provide to the extent that this is necessary for answering and logging your inquiry. The starting point for this will be legitimate interests or for fulfilling contracts with you or answering your inquiries.
Apart from the processing described in our Data Protection Declaration or based on your consent, in certain cases we must or may process personal data when this is imposed on us or permitted by applicable legislation, including the Norwegian Personal Data Act and GDPR, or by applicable orders from the authorities or courts.
We offer free WiFi at the hotel. For you to be able to use this service, it is necessary for us to process IP address, MAC address and phone number, among other things.
Camera surveillance (use of ITV)
To prevent, detect and investigate criminal offenses, our properties are equipped with ITV equipment. Photos and video are stored for 7 days and then deleted. Information obtained from photos and / or video can be shared with the police in connection with criminal cases. Places where ITV equipment is used are marked and information on use can be found on site.
How long do we store your personal data?
Personal data will not be stored any longer than is necessary in order to fulfil the purpose of the processing or statutory obligations.
We will also delete personal data about you if you ask us to, unless we have a legal basis or statutory obligation to keep your personal data further.
Can other people access your personal data?
We do not pass on your personal data to third parties unless you have consented to this or unless the applicable legislation, including the Norwegian Personal Data Act and GDPR, or a valid order from the authorities or the courts permit or force us to do so.
For clarity, we would point out that our use of data controllers to process information on our behalf does not constitute surrender of information.
Our data processors cannot process your personal data in any way other than those agreed upon by us and described in this data protection declaration.
Beyond this, we will not share your personal data with other organisations unless you consent to this.
We take data security seriously and we have established suitable security measures to protect the integrity and accessibility of your personal data. Access to your personal data is limited to employees who have a need of such access in their work. We will provide training to employees and third parties where relevant, to further awareness of our guidelines and routines for personal data protection.
Where is your personal data stored?
Personal data that is processed by Hotell Arendal is essentially stored in clouds located in Germany and Norway. We do not store personal data in countries outside the EU/EEA.
As a person, you have various rights under the Personal Data Regulations.
You have the right to view your information, and to correct or delete personal data about yourself which we are processing. You are further entitled to request limited processing, to raise objections to processing and to request entitlement to data portability.
If you want to use your right to access our treatment of your personal data, or if you have any other questions, feel free to contact us by email, email@example.com. We will answer your inquiry as soon as possible, and no later than within 30 days.
If you believe that we are processing personal data in contravention of the law, you have the right to complain to the Norwegian Data Protection Authority firstname.lastname@example.org.
Data Protection Officer
We have our own Data Protection Officer at Arendal Hotell AS. The Data Protection Officer is responsible for all personal data we process.
The Data Protection Officer is our contact point with the Norwegian Data Protection Authority.
Our Data Protection Officer gives Arendal Hotell AS, our data processors and our employees advice and guidance on the processing of personal data and the rules which govern this. The Data Protection Officer’s work is to monitor our compliance with the personal data rules and our internal guidelines.
The Data Protection Officer may also help you to assert your rights in respect of us, or help you get answers to questions about your personal data held by us.
You can contact our Data Protection Officer at email@example.com