Tietosuojaseloste

Crowne Plaza Helsinki, Holiday Inn Hotels and Hotel Indigo Helsinki - Boulevard are part of the global Intercontinental Hotels Group (IHG) hotel family and are operated by Scandic Hotels AB in Finland.

About IHG

We are a global hospitality company with IHG-branded hotels in nearly 100 countries. We predominantly franchise our brands to, and manage hotels on behalf of, independent third-party owners. We also operate a number of programmes that are related to our hotel business such as IHG Rewards Club, which is our core loyalty programme.

IHG Privacy Statement

About our IHG-branded hotels

We franchise our brands to, and manage hotels on behalf of, third-party owners. Most hotels operating under IHG’s brands are independently owned and operated by parties that have entered into a franchise agreement with IHG that allows them to use an IHG brand for the purposes of operating a hotel (referred to as “Franchisees” or “Franchised Hotels”). If you make a reservation through us to stay at an IHG-branded hotel, we will share your information with that hotel. However, as IHG-branded hotels are not owned or controlled by IHG, their use of your information will be governed by their own privacy practices and is only covered in this Privacy Statement where specifically noted.

 

PRIVACY POLICY

Adopted 21-05-2018, Version: 1.0

This Privacy Policy (”Privacy Policy”) describes how Scandic Hotels Group AB (company reg. No. 556703-1702) and the other Scandic group companies (together ”Scandic”, ”we”, ”us”), process your Personal Data. "Personal Data" is any information with which one can, directly or indirectly, identify a physical person. Please read this Privacy Policy carefully to understand how and for what purposes we process your Personal Data.

We process your Personal Data when you use our services (“Services”) as described below. We care about your privacy and comply with applicable law aiming to protect you as an individual. This Privacy Policy describes the foundation of how we process Personal Data you share with us or that we collect when you use the Services. For some of our Services, specific terms and conditions may apply that you need to accept prior to using the Service.

Different companies within the Scandic group may be either controller or processor, or joint controllers, with regards to the processing we carry out, such as processing necessary for hotel bookings or recruitment.

We aim to maintain a high level of protection of your integrity. Scandic processes Personal Data mainly to administer, provide, develop and maintain the Services, handle your bookings, optimise your experience of the Services and to communicate with you.

If we make changes to this Privacy Policy, we will notify you. The means of notification varies depending on what Services you use and when. The new terms will be published on our website.

If you provide us with Personal Data concerning other persons, you are responsible for ensuring that Scandic is allowed to process that Personal Data in accordance with this Privacy Policy.

COLLECTION AND PROCESSING OF PERSONAL DATA

Scandic only processes your Personal Data in accordance with applicable law.

Scandic may collect Personal Data directly from you when you use the Service (for instance when you book a hotel room). We may also receive and transfer your Personal Data from and to companies within the Scandic group or our partners (e.g. if you have used a travel agency to book a hotel room). We use different means to collect your Personal Data, some of which include cookies, web beacons, customer surveys and customer service. Depending on what Service you use the means of collecting and the purpose of processing may vary.

Scandic will process your Personal Data for the purposes outlined below, and the purposes described to you when you use a specific Service. When your consent is required by law in order for us to process your Personal Data, we will collect your consent prior to processing.

WHAT PERSONAL DATA DO WE PROCESS AND WHY?

Handle booking 

If you book a meeting room or hotel room with us, we will process your Personal Data in order to provide, handle, administer, follow up and obtain payment for your booking. This includes processing in order to remind you or inform you of your booking when you are to stay with us.

Your Personal Data and other information about your booking can be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers.

Personal Data  Legal basis for processing

Identity related data such as name

The processing is necessary in order for us to fulfil our agreement with you. 

Contact details such as e-mail address, telephone number, address

 

IP-address (if you book on our website)

 

Preferences and other requests or needs

 

Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests) 

 
Other data you provide when making your booking (e.g. regarding persons you travel with)  

Retention period: 120 days after the end of your stay.

Newsletter and other direct marketing

Processing based on Scandic’s legitimate interest

If you use our Services we may process your Personal Data in order to send you newsletters containing relevant information and offers about our own and franchisees’ hotels, or selected partners’ products and services, through different information channels, such as post, e-mail or our other digital channels, as long as you are our customer. We may also send you customer surveys that give you the opportunity to influence the range of products and services we provide. Our processing of sending you direct marketing and customer surveys are based on our legitimate interest.

If you wish to no longer receive newsletters or other direct marketing from us, you can object to further processing by contacting us (see contact details below) or deregister in the marketing message. If you object to our continued processing, your Personal Data will be deleted or anonymised (unless the Personal Data in question is also processed for other purposes) and you will no longer receive direct marketing from us.

Personal Data  Legal basis for processing

Identity related data such as name

The processing is based on our legitimate interest of sending direct marketing. 

Contact details such as e-mail address, telephone number, address

 

Preferences and other requests or needs

 

Membership details, e.g. membership number or other information in your membership profile

 

Booking data in order to send relevant offers based on previous purchasing patterns

 
Receipt details, e.g. previous purchases  

Retention period: As long as you are our customer or before that if you object to further processing.

Processing based on your consent

If you have given us your consent and subscribes to our newsletter we will process your Personal Data in order to send you offers regarding our products and Services. If you wish to no longer receive newsletters or other direct marketing from us you can object to further processing for these purposes by contacting us (see contact details below) or deregister directly in the marketing message. If you object to further processing, your Personal Data will be deleted or anonymised (unless the Personal Data is processed for other purposes) and you will no longer receive direct marketing from us.

Personal Data  Legal basis for processing

Name

The processing is based on your consent
to receiving newsletters from us.

Address

 

Company

 

E-mail address

 
Telephone number  

Retention period: Until you withdraw your consent to the processing.

Profiling

In order to communicate personalised and relevant information and offers to you about our Services, we analyse the information we collect about you, for instance by dividing customers into different customer categories based on purchase patterns, behavior and interactions with us. We do this in order to improve your experience when you use our Services.

Recruitment

If you submit a job application (general or for a specific role) via our website or our other communication channels, we process your Personal Data in order to evaluate your application and recruit staff. This includes, if applicable, references and background checks if part of the recruitment process.

We kindly ask you not to send us any sensitive Personal Data (e.g. information revealing health conditions, race or ethnicity).

If you are offered and accept employment with us, some of the Personal Data we have collected during the recruitment process will form part of your employment contract.

Your Personal Data and other information in your job application may be transferred to other companies that operate Scandic hotels, but that are not part of the Scandic group, if you apply for a role at one of our franchisees.  

Personal Data 

Legal basis for processing

Identity related data such as name

Processing is based on your consent.

Contact details such as e-mail address, telephone number, address

 

Recruitment details, e.g. CV, personal letter

 

Information regarding what role, area, country and
type of employment you have applied for

 

Sex, citizenship and nationality

 
Grades, certificates, work experience, education or
other information you voluntarily provide us with as part of your application
 

Retention period: Your application is saved throughout the entire recruitment process. If you are not offered a job with us we may save the information we have collected up to 24 months after the recruitment process has finished. General applications are saved up to 12 months from submission, unless a recruitment process has been initiated.

Legal obligations

We may also process your Personal Data if we are compelled to do so by law, court or public authority, e.g. to fulfil our obligations with regards to financial reporting, under tax law or due to a decision by the police department or other authority.

Personal Data  Legal basis for processing
Identity related data such as name Processing is based on legal obligations.
Payment data  
Booking data   
Contact details such as e-mail address, telephone number, address  
Receipt details, e.g. previous purchases  

Retention period: In accordance with national law in respective country. 

Handling of customer service inquiries

We may process your Personal Data in order to respond to, assist, follow up and handle your customer service inquiry. This includes communication necessary in order for us to respond to questions you have submitted to us via telephone, e-mail, social media or other communication channel. We may also process your Personal Data in order to handle complaints or support inquiries, including technical support.

Personal Data  Legal basis for processing

Identity related data such as name

The processing is based on our legitimate interest of handling customer service inquiries.

Booking data 

 

Contact details such as e-mail address, telephone number, address

 

Technical data, e.g. about your IT equipment

 

Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests) 

 

Receipt details, e.g. previous purchases 

 
Other Personal Data you provide as part of your inquiry  

Retention period: Six months after the customer service inquiry has been closed in order to administer and to follow up on your inquiry.

Development and assessment of our Services, products and systems

We may process your Personal Data to adapt, develop and maintain our Services in order to improve user friendliness, product and Service range, quality and efficiency from an environmental and sustainability perspective. We may also process your Personal Data in order to diagnose errors, optimise technology and improve our IT systems.

We analyse the data we collect about you, e.g. by means of our analytics tools on our website. The analysis is anonymised and is carried out in an aggregated form. The information from the analysis can never be connected to a specific person. The analysis helps us develop our IT systems, website and product and Service range.

Personal Data  Legal basis for processing

Identity related data such as name

The processing is based on our legitimate interest of being able to develop and improve our Services and products.

Contact details such as e-mail address, telephone number, address

 

Booking data 

 

Digital identifiers, e.g IP address

 

Technical data, e.g. about your IT equipment

 
Membership data  

Retention period: Maximum 38 months from collection.

FOR HOW LONG IS YOUR PERSONAL DATA RETAINED?

Your Personal Data is retained as long as it is necessary in order for us to fulfill the purposes of our processing. Thereafter we will in a secure way delete or anonymise your Personal Data to the extent that it is no longer possible to identify you or know that the data relates to you. You will find a pre-defined retention period below each of the processing activities in the tables above.

Scandic deletes Personal Data in accordance with applicable law and the criteria outlined above. This means that Scandic deletes or anonymises your Personal Data when the Personal Data is no longer required for the purpose of processing.

TRANSFER OF PERSONAL DATA AND RECIPIENTS WITH WHOM WE SHARE INFORMATION

We may share your Personal Data with third parties. As detailed above, your Personal data may be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers. We never sell your personal data and Scandic will always enter into necessary data processing agreements with the companies that process your Personal Data on our behalf; all to ensure an adequate security level for the processing of your Personal Data.

  • Suppliers
    We may, in order to fulfil the purposes with our processing of your Personal Data, use other companies to fulfil our obligations to you. To that end, we will share or transfer your Personal data with or to companies that provide services to Scandic, including, but not limited to, our suppliers providing customer service, delivery services, analysing services, communication and marketing services. Scandic may also share your Personal Data with our suppliers providing hosting, storage, technical support and maintenance of our IT solutions. Furthermore we may transfer your Personal Data to our payment service providers who provide us with payment solution services, in order to facilitate your payment to us. Our suppliers only process your Personal Data in accordance with our documented instructions and may not use your Personal Data for their own purposes. They are also required by law to protect your Personal Data from unauthorised access and similar.
     
  • Franchisees
    Some hotels that operate under the Scandic brand are independent legal entities that are not part of the Scandic group (”Franchisees”). Your personal data may be transferred to Franchisees if it is necessary in order to provide you with the Services, for instance when you make a reservation at a hotel operated by a Frachisee.
     
  • Other recipients
    We may as the case may be transfer your Personal Data to other recipients than those outlined above if it is necessary in order for us to fulfil the purposes outlined in the table below.
Repient Purpose Legal basis for transfer
Public authorities We transfer Personal Data to public authorities if we are required to do so by law. The processing is necessary for compliance with a legal obligation to which we are subject.
Debt collectors If you do not pay we may transfer your Personal Data to a debt collector agency in order to collect your debt owed to us.  The processing is necessary for our legitimate interest of 
receiving payment for Services rendered.
Courts, appellant/appellee, etc. If there is a trial or similar, we may transfer your Personal Data to the court, public authority or appellant/appellee as the case may be, in order to protect our interests. The processing is necessary for our legitimate interest of 
being able to defend ourselves or protect our interests.
Re-organisation, merger or acquision If Scandic re-organises its organisation or for other reasons sells parts or the entirety of its business to a third party, your Personal Data may be transferred together with the business. The processing is necessary in order to fulfil our legitimate interest of selling business, merger or acquisition.

HOW ARE YOUR PERSONAL DATA PROTECTED?

Scandic has implemented appropriate technical and organisational measures to protect your Personal Data against for instance loss, manipulation and unauthorised access. We continuously adapt our security to new technology in order to maintain high security levels.

THIRD PARTY APPLICATIONS/WEBSITES

Scandic’s Services may contain links to other applications and/or websites over which Scandic has no control. This Privacy Policy is only applicable to your use of Scandic’s own Services. Scandic is not responsible for the content of any linked applications/websites and the processing of Personal Data that may be undertaken by the owner or operator of linked applications/websites.

COOKIES

Scandic Group uses cookies as part of its digital Services. The cookies may in some cases, automatically collect Personal Data (such as IP address and online behavior). We use cookies to improve your user experience and the security of our digital Services. The Personal Data that is collected via cookies may be anonymised and used in aggregated form for the purpose of using for development, statistics and analysis. You can find information about our use of cookies, what Personal Data we collect by means of cookies, for what they are used and what you do if you want to avoid them, in Our Cookie Policy (as updated from time to time).
 

YOUR RIGHTS

Privacy law gives you several rights in relation to our processing of your Personal Data. If you would like to use your rights, please visit your nearest Scandic hotel and speak with the receptionist, and they will assist your, or send an e-mail to gdpr@scandichotels.com or if you are IHG® Rewards Club member to privacyoffice@ihg.com.

  • Access to your Personal Data
    You have the right to obtain from us a confirmation as to whether we process your Personal Data, and where is the case, access to the Personal Data along with information about the processing and your associated rights, a so-called subject access request. 
     
  • Request for rectification
    If you think that certain Personal Data that we process concerning you is incorrect or incomplete, you have the right to request rectification. In order for us to change the Personal Data, you need to contact us (see contact details below). Scandic is not responsible for problems caused by your Personal Data being incorrect if you have omitted to inform us thereof. 
     
  • Withdrawal of consent with effect from the withdrawal and onwards
    To the extent that we process your Personal Data based on your consent, you may at any point in time withdraw your consent to the processing. The withdrawal of your consent does not affect the lawfulness of processing based on consent prior to the withdrawal.
     
  • Objection to processing for the purpose of direct marketing
    As mentioned above, you have the right to object to processing for the purpose of direct marketing. You deregister from continued processing by either clicking the deregistration link in the marketing message or by contacting us (see contact details below).
     
  • Objection to certain processing activities
    You have the right to object to processing that is based on our legitimate interest, if you have personal reasons therefore. We may however continue to process your Personal Data if, even if you object thereto, we have compelling legitimate grounds for the processing that override your integrity interest.
     
  • Deletion
    You have the right to request that your Personal Data is deleted. This is not the case when it comes to Personal Data that we process due to law or an agreement with you. 
     
  • Restriction of processing
    You have the right to request that the processing of your personal data is restricted. Please note that this may prevent us from providing you with all our Services.
     
  • Dataportability
    You have the right to receive a digital copy of your Personal Data that we process in a commonly used, structured and machine readable format (dataportability) to move to and use with another supplier. The right to dataportability, in difference to subject access right, only applies to the Personal Data that you have provided us with and that we process based on your consent or our fulfilment of an agreement with you.
     
  • Lodge a complaint with a supervisory authority
    If you are not happy with the way we process your Personal Data or if you for another reason believe that we have processed your Personal Data in an unlawful manner, you have the right to lodge a complaint with the supervisory authority responsible for data protection.
     

WHO DO YOU CONTACT IF YOU HAVE QUESTIONS?

 If you have any questions, comments or complains regarding our processing of your Personal Data our our compliance with the Privacy Policy and applicable privacy law, please feel free to contact us (see contact details below).

Contact details 

Scandic Hotels AB, 556299-1009
Box 6197, SE-102 33 Stockholm
Sweden
gdpr@scandichotels.com

InterContinental Hotels Group
Attn: Privacy Office
Three Ravinia Drive
Atlanta, Georgia 30346
By phone: 1-770-604-8347
By fax: 1-770-604-5275
privacyoffice@ihg.com