Data processing principles
Hotell Tartu OÜ (hereinafter We) values highly the privacy of all its customers (hereinafter You). In this privacy notice We explain what sort of data we collect from You, why We collect it and what We do with Your data.
- Who are We?
- What sort of data do We collect about You and who do We receive it from?
- Why do We need Your data? What will happen if You do not present data?
- On what sort of legal basis do We process data?
- Who do We share Your data with?
- How long do store Your data?
- What are Your rights in regard to your data?
Who are We?
Hotell Tartu is hotel with 112 rooms located in the city centre of Tartu. We offer You a comfortable place to stay the night right in the heart of Tartu – directly opposite of the hotel is the bus station and a short walk away are the Science Centre Ahhaa, Aura Water Centre, old town, theatre and concert hall Vanemuine, and several shopping centres.
We apply the necessary technical, physical, and organisational security measures to protect Your personal data from disappearing, being destroyed, and from unauthorised access.
If You have questions relating to the information in the privacy notice, please contact us: firstname.lastname@example.org
What sort of data do We collect about You and who do We receive it from?
We collect the following data from You:
- personal data: e.g., first and last name, date of birth/personal identification code
- contact information: e.g. Your home address, phone number, e-mail address
- visitor’s card data: this is data regarding visitors which is required from accommodation establishments by the Tourism Act – e.g., citizenship; the name, date of birth, and citizenship of the spouse and minor who are accommodated with the visitor; accommodation service period, etc.
- credit card information: e.g., the number of the card, name of the card holder, period of validity
- security camera recordings – in the event that You visit our accommodation establishment or other rooms which have, as a safety precaution, video or other electronic or digital surveillance systems or devices
- data regarding personal preferences: e.g., preferences regarding the floor, room, check-in and check-out times, and other preferences which make Your stay at the hotel more enjoyable.
In general, we receive the data from You directly when You book or send an inquiry through Our website, via calling or e-mail, or when purchasing Our services directly by visiting us in person.
Your data will also be forwarded to us by travel agencies, booking companies, and other accommodation service intermediaries who you have used to book our accommodation and/or other services.
Why do We need Your data? What will happen if You do not present data?
We use Your data to provide the accommodation and/or other services which You have ordered, as well as to fulfil the obligations set by laws which regulate our activity, and for general business goals, such as:
- personal data – We require this data to verify Your identity, which is important in order to provide the service to the person who actually ordered it;
- contact information – We require this data in order to contact You. We will primarily contact You via phone or e-mail, but in certain situations We may also be required to use the address of residence (e.g., cases where We cannot get contact via other means of communication).
- Visitor’s card data – We are required to ask this information by the Tourism Act. The goal is to prevent danger which may be concealed in illegal immigration, for example.
- Credit card information – We require this data in case We have the right, given by the accommodation service agreement, to retain a certain sum of money as payment for services that You have ordered or to compensate for expenses.
- Data regarding personal preferences – if We request this data or if You present this data by Your own choice, then We will use this data to provide a better service which is guided by Your requests and interests.
We cannot provide You the accommodation service if You do not provide the visitor’s card data.
Data collection is necessary to ensure that the service is provided smoothly and so that Your stay would be a success and that You receive a positive visiting experience. After providing the service, Hotell Tartu OÜ may send notices via e-mail relating to feedback, lost items or to solve problems which occurred during Your stay.
On what sort of legal basis do We process Your data?
We process Your data based on various legal bases:
- requirement to form a contractual relationship with You or to fulfil an agreement with You;
- Your consent – know that when We process Your data based on Your consent You retain the right to revoke Your consent at any time;
- requirement to fulfil obligations set by the law (e.g., filling out the visitor’s card and storing it for two years);
- the requirement to fulfil Our legitimate interests, which include directing the company and to carry out general business activities; discovering violations of the law and fraud;
- the requirement to protect Your or whichever other person’s vital interests (e.g., by presenting Your data to ambulance workers in the case of an accident);
- other bases allowed by the law.
Who do We share Your data with?
We do not share the data which You have entrusted to us, except for limited instances which are described below and in cases where it is necessary to achieve the goals detailed in this privacy notice:
- Our subsidiaries and related companies: We may share Your personal data with our subsidiaries and related companies which are all located in the European Union.
- Service providers: like several other companies, We may order data processing services from trustworthy third-party service providers, such as IT and consultation services.
- Public authorities and governmental authorities: We may share data with authorities when We are required to do so by law or when sharing data is required to protect Our rights.
- Professional advisers and others: We may share Your data with professional advisers, such as auditors, lawyers, accountants, and other persons who provide advisory services.
- Third parties who are associated with the company’s transactions: at times we may share Your data with third parties that are associated with corporate transactions, such as selling the company or part of the company to another company. Also, in the case of a company reorganisation, creating a joint enterprise, joining or other ways of reorganising the assets or stocks of the company.
In the case that We share Your data with the aforementioned persons, We ensure that Your data is protected with a data processing agreement between Us and such persons.
We do not retain or send Your personal data outside of the European Economic Area or to countries which protection sufficiency has not been decided on with Article 25(6) of Directive 95/46/EC, or its follow-up document, Article 45(1) of Regulation (EU) 2016/679.
How long do store Your data?
We store Your data as long as it is necessary to fulfil different data processing goals.
The company bases the storing of data on the following criteria:
- as long as it is necessary to store personal data to offer its services;
- if the person has a customer account or customer card at the company then We store the personal data for as long as the account/card is active or as long it is necessary in order to provide services to the person;
- if the company is required by law, contract, or something similar to store personal data, then the data shall be stored for as long as it is necessary to fulfil such obligations;
- after the end of contractual relationships, We store data for as long as the person (data subject) or the company has the right, based on the agreement, to present claims against the other party.
For example, pursuant to the Tourism Act We store the data of the visitor’s card for two years after the filling of the card. Credit card information shall be stored no longer than until suitable fulfilment of the accommodation agreement between us.
If You have given Us consent to send direct marketing materials, We shall store Your data until You revoke Your consent.
What are Your rights in regard to Your data?
You, as a data subject, have the following rights:
- Right to access data – You have the right to know what sort of data about You is being stored and how it is processed.
- Right to correct data – You have the right to demand corrections to Your personal data in the case that the data is incorrect.
- 3. Right to delete data (“Right to be forgotten”) – in certain instances You have the right to demand that Your personal data be deleted (e.g. when We no longer require the data, if You have revoked Your consent for the processing of the data, etc.).
- Right to limit processing – in certain instances You have the right to prohibit or limit the processing of Your data for a certain period (e.g., when You have presented an objection regarding the processing of data).
- Right to present objections – in a certain circumstance You have the right to present objections regarding the processing of Your personal data if the processing is based on Our legitimate interest or public interest. Objections regarding data processing for direct marketing purposes may be presented at any time.
- Right to transfer data – You have the right to demand that the data You have provided to us be transferred to You in a machine-readable form. You may also demand that the data be transferred directly to another data controller, but only when it is technically accomplishable. The right to transfer applies only to such data which We process based on Your consent or for data that is required to fulfil the agreement entered with You.
We shall do our best to address Your applications and requests in a timely manner and without cost, except for such cases in which they would entail disproportionate costs. If You are not satisfied with our response, then You may turn to the Republic of Estonia Data Protection Inspectorate with your complaint.