Smart Hotel OÜ (hereinafter “us”) highly values the privacy of each their customer (hereinafter “you”). In this privacy statement, we explain what information we collect about you, why we do it, and what we do with your information.
- Who we are.
- What information we collect about you and from whom we obtain it.
- Why we need your information. What happens if you do not provide your data.
- On what legal basis we process data.
- Who with we share your information.
- How long we keep your data.
- Your rights regarding your data.
Who we are.
U11 Hotel is an innovative hotel in Tallinn. We have abolished everything unnecessary at the hotel and made the stay as homely as possible. We do not have a classic reception and you can move around the entire house with a unique 6-digit code, for example: 65 74 33.
We implement the necessary technical, physical and organizational security measures to protect your personal information from loss, destruction and unauthorized access.
If you have any questions about the information that contains in this privacy statement, please contact us: email@example.com
What information we collect about you and from whom we obtain it.
We collect the following data about you:
- Personal details: such as first and last name, date of birth / personal identification number
- contact details: such as residential address, telephone number, e-mail address
- visitor card data: it is data required by the Tourism Act about the visitor of the accommodation establishment – e.g. citizenship, name of the spouse and minor accommodated with a visitor, date of birth and citizenship, time of provision of accommodation, etc.
- Credit card details: such as card number, holder’s name, expiration date
- Security camera recordings – if you visit our accommodation or other premises where video or other electronic or digital surveillance systems or equipment are located for security reasons
- Data about the door code usage – such as the location and time the code was used
- information about personal preferences – such as outsourced services
Generally, we receive the information directly from you if you make a booking or inquiry through our website, by telephone or by e-mail.
Your data are also be passed on to us by travel companies, booking companies and other persons arranging accommodation services from whom you have ordered accommodation and / or other services from us.
Why we need your information. What happens if you do not provide your data.
We use your data to provide the accommodation and / or other services you have ordered as well as to fulfil our obligations under the laws governing our activities and for general business purposes such as:
- Personal information – We need this information to identify you, which in turn is important to ensure that the service is provided to the person who actually ordered it.
- contact details – We need such information to contact you. In particular, we will contact you by phone or e-mail, but in some cases, it may be necessary to use your residential address (e.g. if you cannot be reached by other means of communication).
- visitor card data – We are obliged to request that data pursuant to the Tourism Act. The aim is to prevent the dangers that can lie, for example, in illegal immigration.
- credit card details – We need this information if, due to the terms of our accommodation service, we have the right to withdraw a certain amount from your credit card to pay for the services you have ordered or to reimburse the expenses incurred.
- information about personal preferences – If we ask for that information or if you choose to provide such information to us, we will use it to provide you with a better service based on your wishes and interests.
If you do not provide us with visitor card details, we will not be able to provide you with accommodation.
On what legal basis we process your data.
We process your data on different legal bases:
- the need to establish a contractual relationship with you or to perform a contract with you
- your consent – If we rely on your consent to process personal data, you should know that you have the right to withdraw your consent at any time
- the need to fulfil the obligations imposed on us by law (e.g. filling in and maintaining a visitor’s card for 2 years)
- the need to pursue our legitimate interests, including the management of the business and the conduct of general business; detection of irregularities and fraud
- the need to protect the vital interests of you or any other person (e.g. by disclosing your details to an ambulance worker in the event of an accident)
- on any other basis permitted by law.
Who we share your information with.
We will not share the information you entrust to us, except in the limited cases described below and where necessary to achieve the purposes described in this privacy statement:
- Service providers: like many other companies, we can outsource data processing services to trusted third-party service providers such as IT and consulting services;
- Public authorities and government agencies: we may share data with agencies if we are required by law to share data or the sharing of data is necessary to protect our rights;
- Professional Advisors and Others: We may share your information with professional advisors such as auditors, attorneys, accountants, and others;
- Third parties in connection with corporate transactions: From time to time, we may share your information with third parties in the context of a corporate transaction, such as the sale of a business or part of a business to another company. Besides, in the context of company restructuring, joint venture formation, merger or other transfer of company assets or shares.
If we share your data with the above persons, we will ensure the protection of your data in a data processing agreement concluded between us and such person.
We will not store or send your personal data outside the European Economic Area or to countries for which a decision on adequacy has not been taken pursuant to Article 25 (6) of Directive 95/46 / EC or of its successor under Article 45 (1) of Regulation (EU) 2016/679.
How long we keep your data.
We retain your data for as long as it is necessary to fulfil various data processing purposes.
The company follows the following criteria when storing personal data:
- For as long as it is necessary to retain personal data in order to provide our services
- if the person has a customer account or customer card with the company, we retain personal data for the entire period of account / card activity or as long as they are needed to provide services to the person
- if the company has a legal, contractual, or other similar obligation to retain personal data, as long as it is necessary to fulfil such obligation
- after the termination of the contractual relationship, we retain certain data for as long as the person (data subject) or the company itself has the right to file claims against the other party under the contract
For example, we store visitor card data for 2 years from the date of filling in the card in accordance with the requirements of the Tourism Act. We only store credit card information for as long as the accommodation service agreement between us is properly fulfilled.
If you have given us consent to the delivery of direct marketing materials, we will retain your contact information until you have withdrawn your consent.
Your rights regarding your data.
As a data subject, you have the following rights:
- Right of access – You have the right to know what data is stored about you and how it is processed.
- Right to rectify data – You have the right to request the rectification of your personal data if it is incorrect.
- Right to delete data (“right to be forgotten”) – In certain cases you have the right to request that we delete your personal data (e.g. if we no longer need it, you withdraw your consent to the processing of data, etc.).
- Right to restrict processing – In certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (e.g. if you have objected to the processing).
- Right to object – Depending on the specific situation, you have the right to object to the processing of your personal data if the processing of your data is in our legitimate interest or in the public interest. Objections to the processing of personal data for direct marketing purposes may be raised at any time.
- Right to transfer data – You have the right to request the transfer of data provided by you to us in a machine-readable form. You may also request the transfer of data directly to another controller, but only if this is technically feasible. The right to transfer only applies to data that we process with your consent or for the performance of a contract with you.
If you have any questions about the information provided in this statement or would like to submit a request to exercise the data subject’s rights, please contact us at: firstname.lastname@example.org
We will do our best to address your requests and wishes in a timely manner and free of charge, except where it would involve a disproportionate cost. If you are not satisfied with our answer, you can file a complaint with the Data Protection Inspectorate.