CORENDON HOTELS & RESORTS GROUP
Download the Privacy statement as PDF file
1. WHO WE ARE
In this document we explain to you what categories of personal data we process exactly, why we do this and with whom you can share your personal data. In our processing, we comply with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act. Among other things, this means that we:
- clearly state the purposes for which we process personal data;
- do not collect more personal data than required for these purposes;
- in cases where express consent is required, we ask you for this consent;
- take appropriate technical and organizational measures to protect your personal data;
- respect the rights you have in relation to your own personal data.
3. HOW DO WE COLLECT PERSONAL DATA
We collect the following personal data when you visit our website or use our app:
- Your travel preferences and/or accommodation preferences.
- Depending on your settings, we collect information about the browsing behaviour on our websites and mobile App.
- Information about the way you access our digital services, such as the operating system, IP address, online method of identification and information from your browser.
Based on the agreement you conclude with us or if you buy something from one of our hotels, we can process the following data:
- Name, address, telephone number and date of birth and passport details;
- Any insurance details;
- Relevant medical data and any special requirements you provided to us;
- Information about your purchases, such as what you purchased, where and when you purchased it, how you paid and other payment information;
- If you provide personal data from other people, you must be certain that they agree to this and that you are permitted to provide this information. Also ensure, if applicable, that they understand how we may use their personal data.
When you contact us or vice versa, or in the context of actions and services then we may retain the following data:
- Personal data that you leave when you email us, send us a letter, call or contact us via social media. These data may be your name, username, telephone number and (email) address.
- Our incoming calls may be recorded for training and quality purposes or to prevent fraud.
- Data from emails and other digital messages we send to you and which you open, such as the links you click on.
- Your feedback and participation in customer surveys and questionnaires.
Personal data we receive from other sources:
- We may also use personal data from other sources, such as from our partners or from public registers.
- Your insurance company, their intermediaries and medical staff may exchange relevant personal data and special categories of personal data with us if we / they are to act on your behalf, for instance in an emergency or in the interest of other customers.
- If you log in via social networks such as Facebook, WhatsApp or Twitter to gain access to our platforms and online services, you consent to sharing your user data with us. These could for instance be your name, email address, data of birth, location and other information that you voluntarily share with us.
4. LEGAL BASIS FOR PROCESSING PERSONAL DATA
We process your personal data on the following basis:
- Consent. For example, if you create an account on our website or if you subscribe to the newsletter. If you have consented to specific processing, you can also withdraw this consent at any time.
- The performance of an agreement with you or to take action at your request before we enter into an agreement with you. We need your personal data to book your hotel room or to provide you with the services you want to buy. We also need your data to be able to make payments.
- To comply with a legal obligation. Corendon may be legally required to transfer your personal data if the government authorities so require.
- Protection of vital interests. For example, exchange relevant data with intermediaries and/or medical personnel in case of emergency.
- To fulfil a task of general interest or exercise of public authority. For example, the use of personal data in the event of accidents, safety incidents or comparable incidents.
- The legitimate interest of us or of third parties. For example, when we try to forecast our commercial interest in what other products, services and information in which you may be interested. Our marketing information may thus be made more relevant for you.
Medical or other sensitive or special data in those situations in which this is explicitly permitted under the GDPR. For example, if we have your explicit consent, if it is necessary to protect your vital interests or someone else’s and you are physically or legally incapable of giving consent, if it is necessary to lay down, exercise or defend legal claims or when it relates to reasons of overriding public interest.
We are happy to explain the purposes for which we use your personal data.
To deliver the products and services you request from us
Your personal data are necessary to manage your booking and to deliver the products and services that you would like to purchase from us.
For the management and improvement of our services
We will try to improve our services and products based on the personal data you leave. This could include our website, the app and related products. To protect your personal data, to prevent fraud and abuse of our services, we monitor the use of our products.
We may use your personal data in case of security operations, accidents or similar incidents and for medical and insurance purposes. In addition, we may use your personal data for market research and research & development at Corendon. We continuously work to develop and improve our product range, our services, IT systems, security, knowledge and the way we communicate with you.
Personalization of user experience
It is possible that you will see ads and other marketing communications from Corendon that suit you. Because we check your browsing behaviour we can ensure that you see offers that match your interests. We try to predict which other products, services and information that you may be interested in and which may therefore be more relevant to you.
If you prefer not to receive any personalized information from us, you can always submit your preferences online, by telephone or in writing (for instance via email@example.com) or by unsubscribing from the newsletter. We then adjust our data as quickly as possible.
We use your personal data when you contact us, for example by email, post, telephone or social media.
If you have indicated in advance that you wish to receive marketing communication or have previously used our services then we will send you relevant travel offers or news about our services. You can amend these settings at any time via the newsletter, our website, by telephone or by email via firstname.lastname@example.org. You can still receive service messages from us in the context of your reservation.
Recruitment and selection
If you apply for one of our job vacancies, we will process the information you provide us to decide whether or not to invite you to an interview and to decide whether we will offer you a job.
6. SHARING PERSONAL DATA WITH THIRD PARTIES
We share your personal data with your travel providers, such as airlines, hotels and transport companies. We also share your personal data with external service providers, such as IT service providers. We conclude agreements with these third parties about the careful processing of personal data.
We sometimes share personal data to record, exercise or defend our legal rights; in connection with this we may provide personal data to others to prevent fraud. If we share personal data with other organizations, we make clear agreements that keep your data secure and do not use it for their own marketing purposes. In addition, we may share personal data with government agencies or authorities insofar as this is necessary to fulfil a legal obligation or an authorized order from an authority.
Finally: we only share the necessary personal data with our suppliers and partners. That means that they only have access to the data needed to provide you with their services.
7. SHARE PERSONAL DATA WITHIN CORENDON HOTELS & RESORTS
Our privacy statement applies to all services offered by the Corendon Hotels & Resorts Group. Services that have their own privacy statement are an exception, in which this privacy statement is not included.
Insofar as necessary, we may share your personal data with other companies within the Corendon Hotels & Resorts group or within the Corendon Holiday Group. We only do this to provide you with the desired services, to manage and improve our services and daily operations, to personalize your user experience or to contact you if applicable and for marketing purposes or market research.
8. PROTECTING YOUR PERSONAL DATA
We take appropriate security measures to protect your data against unintentional loss or unauthorized access, use, modification and disclosure. you are also responsible yourself in relation to the protection of your data, for instance by not sharing your password or booking details with third parties.
Occasionally we may transfer and/or store your personal data outside the European Economic Area (EEA). This data is processed by organizations outside the EEA who work for us or for one of our suppliers. Even in that case we have also taken appropriate measures to protect your personal data and to process this in accordance with this statement. These protective measures include contract provisions and appropriate security measures.
9. RETENTION PERIODS
We retain the data as long as required for the purposes described in this privacy statement and for compliance with the legislation and regulations. More specifically, we retain personal data we obtain in the context of bookings, purchases or for the execution of other agreements for as long as necessary to complete your booking(s), including administration, feedback, complaints, damages, insurance, etc. After processing, we retain the data for a maximum
of four years for marketing purposes. At the end of that period, the data is deleted, unless the date must be retained for a longer period of time in accordance with a legal obligation. The latter applies in any case to the payment data that must be retained for seven years under the fiscal retention obligation.
Personal data obtained by us because you contacted us by email, post, telephone or social media will be retained for as long as necessary to process and follow-up your request. We can then store your data for four years for marketing purposes.
Personal data we obtain in the framework of job applications shall – if you are not hired – be deleted at the latest 1 month after the conclusion of the application procedure, unless you give consent to the retention of your data for future job vacancies.
After the retention periods we delete your personal data. We may anonymize your data for analytical, historical or other business purposes.
10. COOKIES AND SIMILAR TECHNOLOGIES
11. LINKS TO OTHER WEBSITES
Our websites may contain links to websites that are managed by other organizations with their own privacy statements. Ensure that you read these conditions and privacy statement carefully before entering personal data on the website of another organization; we cannot accept any responsibility or liability for the websites of other organizations.
12. SOCIAL MEDIA FUNCTIONS
Our websites contain functionalities for social media such as Facebook and Twitter, that have their own privacy statements. Ensure that you read these terms and conditions and privacy statement carefully before entering personal data; we cannot accept any responsibility or liability for these functions.
13. YOUR RIGHTS AND COMPLAINTS
Every person whose data we process has the following rights:
Right to access your personal data
You have the right to access your personal data. This means that you can request which personal data is registered and for which purposes that data may be used.
Right to correct or delete your personal data
You have the right to have your personal data corrected if this information is incorrect. You can also request to have your data deleted. We can only comply with this if we are not obliged to retain your data or if the data is still required to be able to provide services to you.
Right of objection and right to the limitation of use
You have a number of options to oppose the further use of your data. If you gave consent at an earlier stage, you may also object the further use of your data or withdraw your consent. You can object to the use of your personal data free of charge if your personal data are used for purposes other than those necessary for the execution of an agreement or necessary for the fulfilment of a legal obligation.
Right of data portability
You can submit a request to obtain the data (electronically) we have from you yourself.
If you wish to exercise these rights, then you can submit a request via email address email@example.com.
We will do our best to handle your personal data in the best possible way. If you do have a complaint about the way we collect, retain or use your personal data, please notify us by sending a written request or complaint to the Legal Affairs Department and/or the Data Protection Officer.
1170 AH Badhoevedorp
If you are not satisfied with our response, you can submit a complaint to the Dutch Data Protection Authority via the website www.autoriteitpersoonsgegevens.nl.
Before we handle your request or complaint, we may ask you for additional information to confirm your identity. Even if you contact us on behalf of another person, we may ask you for additional information. We do this to ensure that you are entitled to submit such a request or complaint.
14. CHANGES TO THIS STATEMENT
This statement replaces any previous versions. We can amend this statement at any time, so check our website(s) regularly for updates. If the changes are significant, we will place a clear notice on our website(s), if applicable with electronic notification about the changes to the privacy statement.
Last updated: June 2018