Hansafond Grupp OÜ (hereinafter referred to as “we”) highly values the privacy of every client (hereinafter “you”). In this privacy notice, we explain what kind of data we collect about you, why we do so and what we do with the data.
- Who we are?
- What kind of data do we collect about you and where do we obtain it?
- Why do we need your data? What happens if you do not provide any data?
- What is the legal basis for the processing of your data?
- With whom do we share your data?
- How long do we store your data?
Who we are?
Hansafond Grupp OÜ, registry code 10722527, located at Dunkri 4/6, Tallinn 10123
We employ the necessary technical, physical and organisational measures to protect your personal data from being lost, destroyed or accessed without authorisation.
If you have any questions about the information provided in this privacy notice, contact us at firstname.lastname@example.org
What kind of data do we collect about you and where do we obtain it?
We collect the following data:
- personal information (e.g., first and last name, date of birth and personal identification code)
- contact information (e.g., place of residence, phone number and e-mail address)
- visitor’s card information (the information required by the Tourism Act about the visitor of the accommodation establishment, such as the citizenship of the visitor, the name, date of birth and citizenship of the spouse or a minor accommodated together with him or her, the period of provision of the accommodation services etc.)
- credit card information (e.g., card number, name of the card holder and expiry date)
- security camera footage (if you visit our accommodation establishment or other rooms that are placed under video surveillance or have other electronic or digital surveillance systems or devices for security reasons)
In general, we obtain this data directly from you when you make a booking or an enquiry through our website or by phone/e-mail or purchase services directly on location.
The data may also be forwarded to us by travel undertakings, booking undertakings and other persons that mediate accommodation services from whom you may have purchased our accommodation and/or other services. In the event that we have not obtained the data directly from you, we will send you a privacy notice at the earliest opportunity after receiving the data.
Why do we need your data? What happens if you do not provide any data?
We use your data to provide the accommodation and/or other services that you may have purchased. We also use the data to perform the obligations provided by law that regulate our activities and for general commercial purposes. For example:
- Personal information is used to establish your identity, which, in turn, is relevant to provide the service to the person who actually ordered it.
- Contact information is used to get in touch with you. We primarily contact our clients by phone or e-mail, but in certain instances it may be necessary to contact you at your place of residence (e.g., when we cannot get in touch with you through other means).
- Visitor’s card information is required by the Tourism Act. The purpose of this is to prevent any danger related to, e.g., illegal immigration.
- Credit card information is necessary when we need to deduct a certain amount from your credit card to pay for the services you may have ordered or to compensate any other expenses incurred by you, as is our right according to the accommodation contract.
- Information about your personal preferences that we ask or you provide of your own accord is used to provide a better service tailored to your wishes and requests.
If you do not provide your visitor’s card information, we are unable to provide you accommodation services.
What is the legal basis for the processing of your data?
We process your data based on various legal grounds, such as the following:
- The need to establish a contractual relationship with you or to perform the contract between us
- Your consent (if data is processed based on your consent, you have the right to withdraw it at any time)
- The need to meet the obligations arising from laws (e.g., requesting the filling out of the visitor’s card and storing it for 2 years)
- The need to pursue our justified interests (e.g., managing our company and carrying out our general commercial activities; detecting violations of the law and frauds)
- The need to protect your life or the life of any other person (e.g., by disclosing your information to emergency medical care providers in the case of an accident)
- Other legal grounds
With whom do we share your data?
We do not share the data you have entrusted to us, except in certain cases described below and when it is necessary to achieve the goals described in this privacy notice. We may share your data with:
- Service providers (like other companies, we may order data processing services, such as IT and consultation services, from trustworthy third party service providers)
- Public authorities and government institutions (we may share data with these institutions if we are legally obligated to share it or if sharing the data is necessary for the protection of our rights)
- Professional consultants and others (we may share your data with professional consultants such as auditors, lawyers, accountants and other persons providing consulting services)
- Third parties involved in corporate transactions (Occasionally, we may share your data with third parties in relation to corporate deals, such as selling the company or its shares to another company. We may also share the data in connection with restructuring the company, establishing a joint company, merger or other transferral of the company’s property or shares.)
If we share your data with the aforementioned parties, we will ensure the protection of your data through a data processing agreement entered into by us and the party in question.
We will not store or send your data outside the European Economic Area or to countries that do not provide an adequate level of protection according to Article 25(6) of Directive 95/46/EC or Article 45(1) of follow-up Regulation (EU) 2016/679.
How long do we store your data?
We store your data as long as it is necessary for achieving the various data processing objectives.
Concerning the storage of personal data, the company adheres to the following criteria:
- We store your personal data as long as we need it to provide our service.
- If a person has a client account or the loyalty card of our company, we store personal data throughout the validity period of the account/card or as long as the data is needed to provide the service to the person.
- If the company has a legal, contractual or any other similar obligation to store personal data, the data will be stored as long as it takes to perform such obligation.
- After the contractual relationship has ended, we store certain data as long as the person (data subject) or the company has the right to make demands to the other party on the basis of the contract.
For instance, we are required by the Tourism Act to preserve visitor’s card information for 2 years as of the date they were filled out. We store credit card information only until the proper performance of the accommodation contract.
If you have consented to receiving direct marketing offers, we preserve your contact information until you withdraw your consent.
What are your rights concerning your data?
As a data subject, you have the following rights:
- Right of access. You have the right to know what kind of data is stored about you and how it is processed.
- Right of correction. You have the right to require the correction of personal data if it is incorrect.
- Right of deletion (right to be forgotten). You have the right, in certain cases, to demand that we delete your personal data (e.g., if we no longer need it, if you withdraw your consent to data processing etc.).
- Right to restrict processing. You have the right, in certain cases, to prohibit or restrict the processing of your personal data for a period of time (e.g., if you have filed an objection against data processing).
- Right to object. Depending on the situation, you have the right to object to data processing, if the processing of your personal data is based on our justified interest or public interest. Objections against the processing of personal data for direct marketing purposes may be filed at any time.
- Right to data portability. You have the right to demand that the data you have provided to us is transferred to you in a machine-readable format. You may also demand that your data be directly transferred to another data controller, but only if it is technically possible. The right to data portability only applies to data that we process based on your consent or in order to perform the contract between us.