Privacy policy

Introduction
 
This Privacy Policy applies to current and past guests/customers/suppliers of Henne Kirkeby Kro.

As a data controller, data protection is a matter of great concern to us. We safeguard the personal data we process, and we ensure that we comply with data protection law.

We give the people we process data on (“data subjects”) information about our data processing and about the rights that they have as data subjects.

In this Privacy Policy, we describe our processing of data on guests, customers and suppliers.

1. Data controller

Henne Kirkeby Kro is the data controller.

Henne Kirkeby Kro’s contact details:

C/O Møllehegnet Holding - Skouboegruppen

Søgade 12, DK-6000 Kolding

Central Business Register No. 71 09 32 12

Tel. + 45 76 31 00 90

Contact person: Group Chief Executive Søren Bonde

E-mail: Sb@faenoe.dk

2. Our processing of personal data

Henne Kirkeby Kro processes all personal data in accordance with applicable privacy laws.

Henne Kirkeby Kro signs agreement with guests, customers and suppliers about the supply—purchases and sales—of various services and products.

When a guest/customer orders and purchases one or more of Henne Kirkeby Kro’s services and, as part of this, their personal data is disclosed to Henne Kirkeby Kro, they also give their consent that the personal data of the guest/customer/supplier can be processed by Henne Kirkeby Kro.

Therefore, the same applies to any personal data that any suppliers of Henne Kirkeby Kro give to Henne Kirkeby Kro in connection with the submission of quotes or when entering into agreements with Henne Kirkeby Kro.

3. Henne Kirkeby Kro’s collection of personal data

Henne Kirkeby Kro collects personal data in the following ways:

1.
When a guest/customer—or their representative—chooses to receive quotes on and/or purchase one of Henne Kirkeby Kro’s services/products, or when a supplier submits quotes or sells products or services to Henne Kirkeby Kro.
2.
From B2C and B2B markets.
3.
Through browser cookies and web beacons.
4.
In connection with regular correspondence with guests/customers/suppliers.
5.
In connection with the use of Henne Kirkeby Kro’s digital services.
6.
When participating in Henne Kirkeby Kro’s customer/loyalty programme and by subscribing to Henne Kirkeby Kro’s newsletter.
7.
From social media, public relations, advertising and analysis providers, as well as public registers.
8.
Via CCTV surveillance.
9.
When suppliers enter into agreements with Henne Kirkeby Kro or give Henne Kirkeby Kro a quote.

The collection and processing of personal data referred to in the above will always be in accordance with applicable privacy laws.

CCTV, which may be set up, takes place in the context of crime prevention and also functions as a reassurance measure for employees and guests.

4. Data that Henne Kirkeby Kro collects

Henne Kirkeby Kro collects the following personal data:

1.
Name, address, telephone number, e-mail address, date of birth, and other general, non-sensitive personal data.
2.
Payment card details—typically to guarantee a reservation and to pay for accommodation.
3.
Other bank and payment details—typically as a guarantee of credit or for payment of, for example, a deposit.
4.
Demographic data.
5.
Purchase history including the use of Henne Kirkeby Kro’s app and/or other digital services.
6.
Payment history.
7.
Browser information.
8.
The use of Henne Kirkeby Kro’s customer/loyalty programme.
9.
Image data from Henne Kirkeby Kro’s social media and other digital platforms belonging to Henne Kirkeby Kro.
10.
Data from Henne Kirkeby Kro’s social media and other digital platforms belonging to Henne Kirkeby Kro.
11.
Data from Henne Kirkeby Kro’s customer surveys.
12.
Data from any competitions.
13.
Data from credit reporting agencies.
14.
Data about the guest’s/customer’s company and relevant contact persons.
15.
Data included in our correspondence with you.
16.
Data about suppliers’ companies, as well as data on relevant contact persons and key persons including key accounts.

A guest/customer/supplier can voluntarily and by choice give Henne Kirkeby Kro additional personal data that they consider is important to Henne Kirkeby Kro’s operation and servicing of the guest/customer/supplier, or that they believe should be given for security purposes.

For example, this can be data on:

- Disability.
- Allergy.
- Special food preferences.
- Other health or medical information.

If a guest/customer/supplier voluntarily and by choice chooses to give such data, Henne Kirkeby Kro considers it as consent to record and store such sensitive data about them.

In addition to the data that Henne Kirkeby Kro receives directly from guests/customers/suppliers, Henne Kirkeby Kro will, in some cases, obtain or process additional data that Henne Kirkeby Kro has received from third parties, for example, a travel agent, booking portal, another intermediary or an employee of the company where the data subject is employed.

Where this is the case, the third party must inform the relevant guests/customers/suppliers of Henne Kirkeby Kro’s Terms and Conditions, as well as the Privacy Policy of Henne Kirkeby Kro. It is also the responsibility of the third party concerned to ensure that there is the necessary legal basis for collecting and processing such data, including obtaining the necessary consent to the processing of any sensitive data.
  
5. Payment by credit or debit card  

Henne Kirkeby Kro uses Nets to redeem payments made by debit and credit cards. Henne Kirkeby Kro is approved and certified by the Danish Financial Institution’s Payment System (www.pbs.dk). 

For reservations and bookings, Henne Kirkeby Kro stores the data provided by the guest/customer/supplier for up to five years, after which the data is deleted.

In addition to processing the order, the data provided will only be used if a guest/customer/supplier, for example, contacts with questions or if there are errors in the order.
 
6. What is the purpose of the collection and processing?

Henne Kirkeby Kro only collects personal data that is necessary to comply with the agreements entered into with guests/customers/suppliers for the provision of services, for example, an overnight stay, or the purchase/sale of products or services.

It is the nature of the individual agreement and the type of service which determines what personal data Henne Kirkeby Kro collects and processes and which determines the purpose of the collection.

The purpose of the collection and processing of personal data will primarily be:

1.
To process a guest’s/customer’s booking and purchase of Henne Kirkeby Kro’s services, products and gift cards.
2.
To process suppliers’ quotes and sales of products and services.
3.
To contact the guest/customer before, during or after their stay.
4.
To fulfil the guest’s/customer’s request for offers or the purchase of services.
5.
For the improvement and development of Henne Kirkeby Kro’s services.
6.
For the customisation of Henne Kirkeby Kro’s marketing, public relations and other communications.
7.
For the analysis and reporting of the behaviour of guests/customers/suppliers and marketing to them.
8.
To customise Henne Kirkeby Kro’s partners’ communication and marketing to guests/customers/suppliers.
9.
Administration and maintenance of the guest/customer/supplier relationship to Henne Kirkeby Kro, including possible participation in Henne Kirkeby Kro’s potential customer/loyalty programme, cultivation of new customers and continuous business relations.
10
Compliance with legal requirements, for example, the requirement to register overnight guests according to immigration law, rules for Internet logging and passport regulations.
 
7. Legal basis for processing

Henne Kirkeby Kro will most often process personal data because it is necessary to fulfil an agreement with Henne Kirkeby Kro which a guest/customer or a supplier are party to. This may, for example, be in connection with hotel accommodation, holding meetings and/or the processing and fulfilment of cooperation and supplier agreements.

Henne Kirkeby Kro will also process personal data in connection with booking prior to an overnight stay, holding meetings, companies, conferences, etc., and prior to entering into supplier agreements.

In some cases, Henne Kirkeby Kro’s processing of personal data will take place as part of the fact that Henne Kirkeby Kro has a legitimate/factual interest that precedes the guest’s/customer’s/supplier’s (the data subject’s) interests.

Such a legitimate interest could, for example, be the preparation of statistics, customer surveys, marketing and an analysis of general guest/customer behaviour, which aims to improve the overall experience at Henne Kirkeby Kro and the quality of Henne Kirkeby Kro’s services and products.

In connection with their stay/visit to Henne Kirkeby Kro, if a guest/customer discloses particular personal preferences or considerations, including, for example, medical information, disability, religious beliefs or the like, Henne Kirkeby Kro only uses the data to ensure that the guest’s/customer’s personal preferences, well-being and health etc., are taken into account.

In some situations, Henne Kirkeby Kro receives personal data from third parties such as a travel agent, an agent or similar, including in connection with group bookings or booking for individuals. When this happens, the third party must notify the relevant guests/customers/suppliers of Henne Kirkeby Kro’s Terms and Conditions and the content of this Privacy Policy.

Under the law, see the above under section 6, Henne Kirkeby Kro is also required to record various data about overnight guests. This data must be kept for at least one year and a maximum of two years. 

8. Rights of the data subject

According to the rules of the General Data Protection Regulation (GDPR), data subjects (customers/guests/suppliers) have different rights.

1.
A data subject has the right at any time to obtain access to the personal data that Henne Kirkeby Kro processes on the data subject.
2.
A data subject has the right at any time to rectify and update the personal data that Henne Kirkeby Kro has on the data subject.
3.
A data subject has the right at any time to delete the personal data that Henne Kirkeby Kro has on the data subject. If a data subject requests deletion, all data that Henne Kirkeby Kro is not required to keep by law must be deleted. A deletion of the data subject’s data may in some cases mean that Henne Kirkeby Kro cannot fulfil agreements made or provide certain services to the data subject.
4.
If some of the data that Henne Kirkeby Kro has on the data subject is given on the basis of the data subject’s consent, they are entitled at any time to withdraw their consent, which means that the data is deleted or is no longer used by Henne Kirkeby Kro. This shall not apply to the data referred to above that Henne Kirkeby Kro is legally obligated to store.

The option to request deletion, etc., may, however, be limited in order to protect the privacy, trade secrets and intellectual property rights of other persons and, for example, the option to enforce potential legal claims.

The data subject may at any time in writing ask Henne Kirkeby Kro to obtain an overview and a copy of the personal data of the data subject that Henne Kirkeby Kro possesses.

A written request to that effect must be signed by the data subject and include their name, address, telephone number and e-mail address.

The data subject may also contact Henne Kirkeby Kro if the data subject believes that their personal data is being processed in contravention of the law or in breach of other legal obligations, such as the agreement/contract that the data subject has with Henne Kirkeby Kro.

Written requests are to be sent to Henne Kirkeby Kro, see the contact details above under section 1.

Henne Kirkeby Kro will, as far as possible, within one month of receipt of the data subject’s written request, reply to the data subject’s postal address.

If the data subject asks for the correction and/or deletion of their personal data, then Henne Kirkeby Kro will assess whether the conditions for the request have been met and Henne Kirkeby Kro will make changes or deletions as soon as possible.

Henne Kirkeby Kro reserves the right to reject requests which have the character of vexatory repetition, or which require disproportionate technical measures (such as the development of a new IT system), or which affect the protection of other data subjects’ personal data, or in other situations where it would be disproportionately resource-intensive or very complicated to meet the request. 

9. Security

Henne Kirkeby Kro protects the personal data of the data subject and has established guidelines to protect the data subject’s personal data from unauthorised disclosure and access or coming to the knowledge of unauthorised persons.

Only those persons/employees of Henne Kirkeby Kro who, by virtue of their job function, need the personal data of the data subjects have access to it. Henne Kirkeby Kro continually checks that there is no unauthorised access to the personal data of data subjects.

Henne Kirkeby Kro regularly backs up data subjects’ personal data.

In the event of a breach of security where there is a high risk of misuse of the personal data of data subjects, including, for example, of identity theft, financial loss, loss of reputation or any other form of abuse, Henne Kirkeby Kro will inform the data subject of the breach as soon as possible.

Henne Kirkeby Kro’s security procedures are continually reviewed and updated in relation to technological developments.

10. Sharing personal data

We will not disclose data to any third party without your consent unless it is necessary to enable us to advise and serve you or because it is necessary to ensure compliance with applicable Danish law. We do not use your data for any purpose other than for the purposes described in this Privacy Policy.

Henne Kirkeby Kro uses a number of external suppliers of IT services, IT systems, payment solutions etc.

Henne Kirkeby Kro enters into ongoing data processing agreements with Henne Kirkeby Kro’s suppliers/our data processors, where, in accordance with the Danish Data Protection Agency, and where it is required in relation to external data processors, to ensure that a necessary and high level of security is maintained with regards to the personal data of data subjects.

In order to comply with agreements with the data subjects and to meet the needs of guests and customers, Henne Kirkeby Kro shares selected personal data with external suppliers such as restaurants, hotels, nature and culture guides, tourist attraction providers, etc. This is done only by agreement with the guest/customer in order to serve and assist the guest/customer in the best possible way in connection with the planning of, for instance, accommodation, visits to tourist attractions, preparation of transport, etc.

Henne Kirkeby Kro also shares and discloses the personal data of the data subjects within the Group, including with sister companies. The purpose of this sharing is to provide the guest/customer with the best service and services, regardless of the restaurant/hotel or division of the Skouboe Group the guest/customer is using. And also as part of the Group’s marketing efforts in accordance with the relevant rules.

In some cases, Henne Kirkeby Kro is legally obligated to disclose personal data or obligated to do so as a result of a decision of a public authority. We disclose or pass on personal data to the following categories of recipients:

Bank connections with regards to the management of payments.
Debt collection and credit reporting agencies in the event of a breach of payment, as well as posting with a credit reporting agency.
Tax authorities and other authorities in relation to statutory reporting. 

11. Deletion of personal data

Henne Kirkeby Kro deletes your personal data when Henne Kirkeby Kro’s legal obligation ceases or when the purpose of collecting and processing the data is no longer present. Henne Kirkeby Kro generally follows the storing period that applies in accordance with the Accounting Act. In order to ensure proper handling of recurring customer relationships, potential complaints and warranty obligations and to meet our obligations, we have assessed that it is necessary to store data for up to five years and from when the current business relationship has ceased.

12. Cookies

Henne Kirkeby Kro uses cookies. More information about Henne Kirkeby Kro’s cookie policy can be found here: Cookie Policy 

13. Complaints

Complaints about Henne Kirkeby Kro’s processing of personal data can be made to the Danish Data Protection Agency, BORGERGADE 28, 5, DK-1300 COPENHAGEN K, TELEPHONE +45 3319 3200 - E-MAIL dt@datatilsynet.dk

14. Changes to the Privacy Policy

If Henne Kirkeby Kro makes changes to our Privacy Policy, these changes will always be updated on our website under the “Privacy Policy” menu point. We recommend that you regularly check our Privacy Policy on the website for any changes.

15. Document information

This is the 2018 version of Henne Kirkeby Kro’s Privacy Policy updated on 25th May 2018.