Privacy policy - Syttende

At Alsik A/S („Alsik“ or „we“), we place high priority on data security and confidentiality. This personal data policy sets out clear guidelines on how we process personal data about our guests and visitors to our websites.

The privacy policy applies to all brands and websites under Alsik Hotel & Spa, including hotel, spa, Sergenten, Freia Bar & Lounge, Syttende and Restaurant Alsik.

Data controller

Alsik A/S, Nørre Havnegade 21, 6400 Sønderborg, CVR no.: 37389609, is the data controller for the collection and processing of personal data.

When do we collect personal data?

We collect, store and process personal data as part of our activities and marketing.

The collection takes place, for example, when you contact us, make a reservation for a hotel stay or restaurant visit, use our website or contact us in some other way. We typically receive the information directly from you, but we may also receive information from other parties, such as booking portals.

How do we use your personal data? Alsik processes personal data about you for the following purposes:

Booking a hotel stay or restaurant visit

In order to complete the booking of hotel stays or restaurant visits, we process data about you to process your request and verify availability, complete the booking and send you a booking confirmation.

We may process data such as name, email address, phone number, information about accompanying guests, arrival and departure date.

We use Article 6(1)(b) of the General Data Protection Regulation as the basis for processing the data, as the data is necessary to process in order to fulfill the agreement with you.

Stay

We process and store data about you in connection with your stay at our hotel in order to offer you the services you may have ordered and to give you the best experience during your hotel stay.

In this connection, we may process data such as name, position, place of residence, date of birth, nationality, e-mail address, telephone number, passport number or other travel document number, information about accompanying guests, dietary requirements, special preferences, etc.

In connection with your stay, information about any disabilities and allergens may also be processed.

We use Article 6(1)(b) of the General Data Protection Regulation as a basis, as certain information is necessary to fulfill an agreement with you, and the balancing of interests rule in Article 6(1)(f) of the General Data Protection Regulation, as we have a legitimate interest in adapting the services provided to your needs and wishes. The basis for processing your credentials is Article 6(1)(c) of the General Data Protection Regulation.

The basis for processing disability and allergen data is Article 9(2)(a) of the GDPR.

Booking services at Alsik

We collect and process information about you, including name, address, date of birth, telephone number, e-mail address and gender when you book fitness classes/yoga and/or the spa and wellness facilities . We may also register the type of treatment, time and duration of treatment, which products are included in your treatment, our recommendations and the like.

Our processing of your personal data is based on Article 6(1)(b) of the General Data Protection Regulation, as the data is necessary to fulfill our agreement for the service in question.

In addition, the basis for the processing is our legitimate interest in being able to offer efficient organization of our tasks for you, including management of appointments and time bookings as well as registration of completed treatments in order to determine the course of treatment, cf. Article 6(1)(f) of the General Data Protection Regulation.

Customer satisfaction surveys

Please note that we may use your contact information to follow up on your satisfaction with your visit with us.

Our basis for this processing is the balancing of interests rule in Article 6(1)(f) GDPR, as we have a legitimate interest in improving our services.

Marketing and newsletters

If we have received your prior consent, we may process your personal data to send you e-mails and newsletters from Alsik containing, among other things, current offers, information about events and new facilities at Alsik. If you do not wish to receive these e-mails and newsletters at any time, you can unsubscribe by using the unsubscribe link at the bottom of the newsletter or by sending an e-mail to info@alsik.dk. The basis for processing is your consent, cf. Article 6(1)(a) of the General Data Protection Regulation.

We may also send service notifications based on our legitimate interest in keeping you updated on important information, cf. Article 6(1)(f) of the General Data Protection Regulation.

Use of social media

We use social media to stay in close contact with interested users. We use the following social media channels:

Facebook
Instagram
LinkedIn

You will be able to get in touch with us via these social media, and we will process your personal data in connection with answering your inquiries to the extent that they are included in your inquiry. Depending on your behavior on our fan pages on social media, we and the social media may collect, among other things, the following information about you when you visit the page:

If you „follow“ our site
Comments that you leave on our site
That you have visited our site

We process your personal data on the basis of Article 6(1)(f) of the General Data Protection Regulation and thus our legitimate interest in, among other things, responding to your inquiries and improving our products and services. We will have a joint data responsibility with each social media used for the processing of personal data on our fan pages, and we therefore encourage you to always read the social media’s own privacy policy before using its features and services.

We continuously take pictures and/or video recordings in order to share our guests‘ experiences at our facilities. This is done in accordance with applicable legislation, including obtaining your consent under Article 6(1)(a) of the General Data Protection Regulation, if required.

Using the website

We have access to information about visitors to the website and the visitors‘ use of the website and its functions. This includes, for example, IP address, browser type and visitor behavior.

The data collected is processed on the basis of our legitimate interest in gaining knowledge of the users‘ use of the website in order to improve it, cf. Article 6(1)(f) of the General Data Protection Regulation.

Video surveillance

We conduct video surveillance on our premises, including all common areas and publicly accessible areas both outdoors and indoors. The video surveillance is based on our legitimate interest in the prevention or detection of crime and violation of our internal guidelines and staff safety, cf. Article 6(1)(f) of the General Data Protection Regulation and Section 8(3) of the Danish Data Protection Act. We have posted signs in the areas under video surveillance.

The recordings will only be accessed and reviewed in case of suspected criminal acts, violation of our internal policies or in connection with internal/external control. The recordings may also be reviewed in case of clarification of security-related incidents.

The recordings are stored on a secure server that only a limited number of employees have access to.

The recordings may be disclosed to the police for crime-solving purposes, cf. section 8(4) of the Danish Data Protection Act, or if the disclosure is otherwise required by law. If it is necessary to disclose the recordings for purposes other than the aforementioned, we will request your consent to such disclosure if you are included in the recordings.

Communication

When you contact us, we process the information you provide in order to respond to your inquiries. We encourage you not to provide us with sensitive personal data (e.g. health data) unless it is strictly necessary for the processing of your inquiry.

Our basis for this processing depends on the nature of your inquiry. However, the basis will often be that the processing is necessary for the performance of a contract, cf. Article 6(1)(b) of the General Data Protection Regulation.

Other purposes

In addition to the above purposes, we may also process your personal data in order to comply with legal requirements or if it is necessary for the establishment, exercise or defense of legal claims.

This purpose may include the possible expulsion of guests who, for whatever reason, do not comply with our terms and conditions or rules of conduct. Expulsion can only be based on a specific assessment and for a limited period of time (up to 2 years). In this connection, the necessary information about the guest’s stay is processed, including the guest’s behavior, any correspondence about the process, financial claims that are made, or other relevant information that is relevant to the expulsion.

Our basis for this processing depends on the nature of the claim. In most cases, the basis will be that the processing is necessary to comply with a legal requirement, cf. Article 6(1)(c) of the General Data Protection Regulation, or on the basis of our legitimate interest in establishing, exercising or defending a legal claim and being able to document a specific course of events that justify, for example, a refund claim, extraordinary discount, complaint handling or expulsion of a guest, cf. Article 6(1)(f) of the General Data Protection Regulation.

Who do we share your personal data with?

In order to fulfill the above purposes, we may give third parties access to your personal data who provide relevant services on the basis of a contractual relationship with Alsik, such as IT suppliers, email providers and marketing service providers. Such service providers will only process personal data in accordance with our instructions pursuant to concluded data processing agreements.

Alsik may also disclose your personal data to subcontractors when this is necessary to fulfill the agreements we have entered into with you. For example, your credit card details for online booking are processed by our payment provider. Under certain circumstances and in accordance with legislation, it may be necessary to disclose personal data to auditors, lawyers, public authorities or the police. For example, information may be disclosed to the police in case of suspected credit card fraud.

If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA that do not have an adequate level of protection, such a transfer will generally be based on the EU Commission’s standard contractual clauses.

How is your data stored?

Whether your personal data is stored and processed physically or digitally, Alsik has taken the necessary precautions to ensure that your data is stored securely and protected against unauthorized use.

Alsik continuously ensures secure storage and processing of your personal data. We also ensure that only relevant employees have access to your data.

How long do we keep your information?

Your personal data will be deleted or anonymized when it is no longer necessary for us to retain it for the purposes described in this policy.

The personal data we have registered about you in connection with visits to our restaurants will be stored for 1 year from the last restaurant visit/order.

Guest data collected in connection with booking and staying at our hotel will be stored for 2 years from the last stay for Danish guests and 1 year from the last stay for foreign guests. In connection with specific incidents that may result in the expulsion of a guest, data is stored for the entire expulsion period, which is up to 2 years. Longer storage can be done if it is specifically assessed that certain information may still be relevant to document the course of events.

If you have subscribed to our newsletter, we will store related personal data for 2 years after you unsubscribe from the newsletter, as we are required to document your consent during this period.

Video material from surveillance is deleted after 30 days, unless the recordings are to be used in connection with solving crimes or handling specific disputes. In these cases, the recordings will be deleted when continued storage/processing is no longer necessary.

Data relating to accounting material is stored for 5 years from the end of the financial year to which the data relates.

Job applications and attachments are stored for 6 months after the application deadline, unless we receive consent for further storage.

We may process your personal data for a longer period than stated above in anonymized form or if we are required to do so by applicable law.

Cookies

Our websites use cookies to optimize the use of our website. We refer to our cookie policy, which can be found at Alsik.dk.

Your rights

You have the following rights in relation to our storage and processing of your personal data:

You have the right to access the personal data we process about you
You have the right to object to our collection and further processing of your personal data
You have the right to rectification and erasure of your personal data, subject to certain statutory exceptions
You have the right to request us to restrict your personal data
Under certain circumstances, you may also request to receive a copy of your personal data, as well as the transmission of the personal data you have provided to us to another controller (data portability)
You can revoke any consent you may have given at any time. You can unsubscribe from our newsletter by clicking the link at the bottom of the newsletter.

Contact us

If you have any questions regarding this privacy policy or if you wish to complain about the way we process your personal data, you are welcome to contact us at info@alsik.dk

If you wish to complain about our processing of your personal data, please contact the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, tel. +45 33 19 32 00, e-mail: dt@datatilsynet.dk.

Other websites

Our platforms and communications may contain links to other platforms. We accept no responsibility for content on these platforms. We encourage you to read the privacy policies on these sites.

Changes to the privacy policy

This page is continuously updated and will always reflect the current privacy policy.