“Personal data” means any information that can be directly or indirectly linked to a currently living natural person.
ESS Group uses personal data primarily to administer, provide, develop and maintain our services, process your bookings, optimise your experience of our services and personalise our communication with you.
ESS Hotel Group AB is the controller of the personal data we collect and process within ESS Group when you or your employer use our services.
As controller, we always process your personal data as set out in this policy. You can rest assured that we always process your personal data in a safe and secure manner.
Should you have any questions about your personal data, you can contact us at any time by emailing firstname.lastname@example.org or calling 0775-553 553.
1 COLLECTION OF DATA
ESS Group collects different types of data about you, depending in part on whether you are a Contact Person or a Consumer. It is not necessarily the case that we will process all these types of personal data in your particular case.
• Contact details. When you, privately or on behalf of your employer, want to use our services, you need to provide your name, phone number, address and email address.
• Company data. When you, as a Contact Person acting on behalf of your employer, want to engage us, we need the company’s name, corporate identity number and address as well as details of your authorisation to represent your company.
• Information about our communication. When you, privately or on behalf of your employer, communicate with us, we receive any personal data you provide us by email, letter, phone or any other means. Please note that we accept all information you send us.
• Health data. You can provide information about your health, such as illnesses or disabilities. Providing this type of health data is voluntary. However, not providing this type of data may result in the risk of you not receiving the assistance you require during your stay with us.
2 HOW WE GATHER YOUR PERSONAL DATA
• Information which you provide us. Most of the information we collect is provided by you, such as when you contact us or make a booking on our website, by email, over the phone or in person at any of our premises. Providing us with information is always voluntary, although certain information must be provided for us to perform our contract with you or your employer. As a Consumer you need to provide your name, phone number and home address, while as a Contact Person you need to provide your name and details of how we can reach you.
• Information which we collect about you. If you are a Contact Person, we may also receive personal data from your employer or the company you represent.
• Information collected by other means. On occasion, we may even collect data about you from other parties. I.e. we may, if necessary, collect information from third parties who provide personal data relating to you or other members of your company, such as if you have booked our services through an agency, someone makes a booking for a company which includes you or someone else has contacted us on your behalf.
3 PROCESSING OF YOUR DATA
ESS Group collects personal data for various purposes. The personal data collected and the means of collection depend on which services you use.
Your personal data are mainly used to provide, perform and improve the services we perform on behalf of you or your employer. ESS Group processes your personal data for the following purposes based on the following legal grounds:
• To provide our services. Your personal data and contact details will be processed to administer and provide you with our services (i.e. to enable us to fulfil our obligations towards you in accordance with our contract). For example, your personal data will be used to book hotels, spas and restaurants. Technical data is used to ensure that our website maintains optimised and user friendly for your device.
• To minimise the risk of injury. We may need to use sensitive data relating to your health to minimise the risk of injury.
• To communicate with you. Your personal data and contact details (such as email address and mobile number) may be used to send you messages, such as reminders and booking confirmations. Such communication is used to perform the contract entered into between us and for other legitimate interests.
• For communication and providing information. We use your personal data to communicate and provide information by email, text message and/or phone to perform our contract with you. This includes, for instance, sending a booking confirmation, important information prior to and during your stay with us, special offers linked to your booking, any possible deviations and payment reminders.
• To conduct surveys. Your contact details and booking information are also used for a customer survey which is sent to you after your stay. The purpose of the survey is to enable us to improve and develop our services. The legal grounds for such processing is based on our legitimate interest. The survey is of course voluntary.
• To administer insurance claims. Your personal data may be needed to administer insurance claims, such as in the event where you are injured or your belongings are lost during your stay.
• To compile aggregated statistics. Your personal data may be used to help us to compile aggregated statistics in which the data is not identifiable. Such statistics may concern, for example, the average age of our guests. Our use of data for statistical purposes is based on legitimate interest.
• To fulfil legal obligations. We process your personal data in order to comply with the obligations set out in current laws and regulations, such as safety regulations, financial records, complaints etc.
• For entering into and performing contracts. Your personal data will primarily be processed in order for us to enter into and fulfil our obligations under contract with you or the company you represent. For example, we must process personal data in order to identify the who has made a booking with us. The legal grounds for this processing are the performance of our contractual obligations as well as our legitimate interests, such as our interest in entering into and performing contracts, responding to inquiries and accepting bookings.
• For marketing our services. Your name and email address may be used to communicate our services to you. For example, we may send you newsletters, information about our services and special offers. The legal grounds for this processing is based on our legitimate interest, such as our interest in marketing our services, maintaining our customer relationships and keeping you informed about our products and services. If you no longer wish to receive such communication, you can follow the instructions in the email you received from us or contact us at email@example.com.
• To protect our business interests and to exercise our legal rights. We may use information about you if required by law or if we believe it is necessary for us to exercise our legal rights and interests, such as in connection with claims made against us, to ensure legal compliance or to fulfil auditing obligations and to provide information in conjunction with an acquisition, merger or sale of our business.
• Friends of ESS membership. If you sign up for ESS VIP Club Friends of ESS, we will collect your national registration number and email address in order to create your membership. We will store your contact details, encompassing your national registration number, name, age, gender, mobile number, address and contact details. This is done in order to confirm your identity, to keep relevant and correct data on you (via population registers) and to provide you with personal and relevant information. The legal grounds for this processing comprise the contract you entered into with us by signing up. As a member of Friends of ESS, you will receive newsletters and/or text messages featuring ESS Group special offers and news. You can choose to unsubscribe from our newsletters at any time by following the link in the newsletter or stop further text messages by sending a STOP reply to 71550. You can also choose to cancel your ESS Group membership at any time by emailing us at firstname.lastname@example.org or by calling us on 0775-553 553. Your data is kept for as long as you choose to remain a member of Friends of ESS or as long as we have a legal obligation or legitimate interest to process your data.
• Booking through an online travel agency (OTA) When you book a hotel through an online travel agency, such as Bookings.com or Hotels.com (digital partner), you provide them with your personal data. Your personal data is then stored and managed by the concerned company in accordance with their personal data policy. When a booking is made through an OTA, they will send certain personal data to the concerned hotel in order to confirm that a reservation has been made. When booking through a travel agency, you provide your personal data to the travel agency, which then processes your personal data within its business operations. Accordingly, the travel agency can identify you by, for example, your booking number.
We are not responsible for how such companies process the personal data you have provided in your contact with them.
4 DATA RETENTION
Your personal data will only be kept for as long as it is needed to fulfil the purpose of the processing. Unfortunately, it is not possible to say in advance exactly how long this is for each type of data. In general, your personal data are kept for as long as we have an ongoing contractual relationship, that is, during the time we perform services on behalf of you or your employer, and for as long as you are entitled to make a guarantee claim against us or file a complaint.
Occasionally, we may need to be keep some of your personal data for a longer period, such as when necessary for legal compliance. Such obligations can stem from, for example, financial reporting and tax legislation. If your data must be kept on the grounds of legal obligation, the data will only be used to fulfil these obligations and not for any other purposes.
We will also keep your contact details for longer than the contract period in order to be able to contact you at a later date. Personal data saved for this purpose will be purged at regular intervals and kept no longer than seven (7) years after the last service was performed.
5 HOW WE SHARE YOUR DATA
Your personal data may occasionally need to be transferred to or shared with others. Your personal data may, for instance, be shared with:
• People who work for us. Your personal data will be shared with people who work at ESS Group, but only personell who need such access to conduct their work.
• Suppliers and subcontractors. Your personal data may need to be transferred to or shared with selected companies which provide us with different types of services or act as subcontractors in the services we perform on behalf of you or your employer. These companies are only permitted to process your personal data as instructed by us.
• Government authorities. ESS Group may disclose necessary information to Swedish and foreign government authorities, such as the Swedish Tax Agency, the police, border control or other similar authorities, if we are required to do so by law or if you have provided the necessary consent.
6 YOUR DATA MAY BE PROCESSED OUTSIDE THE EU/EEA
ESS Group always strives to process your personal data within the EU/EEA. However, on occasion we may need to transfer your personal data to companies outside the EU/EEA.
You should be aware that other rules may apply to your personal data outside the EU/EEA, which may sometimes result in lesser protection. ESS Group will however ensure that all reasonable legal, technical and organisational measures are in place to ensure that your personal data is processed securely and with an adequate level of protection (i.e. EU Commissions standard contractual clauses and Privacy Shield). You can always contact us if you have any questions concerning the employed security measures.
7 YOUR RIGHTS
Your personal belongs to you. As such, you have the right to be informed about and influence how we process your personal data. The following is a brief summary of your rights.
• Right to object. You have the right to object to the processing of your personal data for legitimate interests. If so, we must either prove that there are legitimate reasons for the processing , which outweigh your interests, or cease the processing. You can always contact us for more information about the underlying balance of interests used.
• Right of access and right to data portability. You may at any time request a copy of your personal data and information about how they have been collected, used, shared and so on. You also have the right to transfer your personal data to another controller.
• Right to erasure. You have the right to request that your personal data be erased if they are no longer necessary for the purpose for which the data were collected, or if there are no legal grounds for processing the data.
• Right to rectification. You have the right to request the rectification of inaccurate personal data. You also have the right to have incomplete personal data completed.
• Right to restriction of processing. You have the right to request that the processing of your personal data be restricted until inaccurate information has been rectified or your objection has been reviewed.
You should be aware that there may be additional requirements or provisions which restrict, or expand, your rights. For example, legal obligations may prevent us from disclosing or transferring some of your data, or from immediately erasing your data.
You have the right, by submitting a written request to ESS Group, to obtain information about which of your personal data we have registered. You can request to have any inaccurate personal data rectified. You can also apply to have your personal data erased. Such requests should be sent to email@example.com.
8 CHANGES TO THIS POLICY
9 TECHNICAL/ORGANISATIONAL MEASURES
ESS Group works continually to comply with the principles of “built-in data protection” and “data protection by default”. ESS Group continuously evaluates the risks of any personal data processing that takes place and implements the necessary security measures to mitigate these risks.
We continuously educate our staff in data protection. If you have any direct questions about how ESS Group works with the General Data Protection Regulation (GDPR), please do not hesitate to contact us.
10 CONTACT DETAILS
If you have any questions about the GDPR, please email ESS Group Data Protection coordinator Micael Berger at firstname.lastname@example.org or call 0775-553 553. You can also write to us at the following address: ESS Hotel Group AB, Vasagatan 54, 411 37 Gothenburg
You have the right to contact and complain to the Swedish Data Protection Authority if you believe that we have handled your personal data in an improper manner. Read more at www.datainspektionen.se.