Privacy statement

Privacy statement

Hilton Helsinki hotels are part of the global Hilton hotel family and are operated by Scandic Hotels AB in Finland.

About Hilton

Hilton is a leading global hospitality company with a portfolio of 17 world-class brands comprising more than 5,700 properties with more than 923,000 rooms, in 113 countries and territories. Hilton Honors is the award-winning guest loyalty program for Hilton’s 17 world-class brands comprising more than 5,700 properties with more than 923,000 rooms, in 113 countries and territories.

For 100 years, Hilton Hotels & Resorts has set the benchmark for hospitality around the world, providing new product innovations and services to meet guests’ evolving needs. With more than 585 hotels across six continents, Hilton Hotels & Resorts properties are located in the world’s most sought-after destinations for guests who know that where they stay matters.

Introduction

Hilton’s mission is to be the most hospitable company in the world. We’re passionate about delivering exceptional guest experiences, and we look forward to welcoming you to our hotels so we can share the light and warmth of hospitality with you.

We pledge to deliver the highest level of customer service, which includes respecting your privacy and protecting your personal information. In this privacy statement (“Statement”), we provide you with details about how we collect, use, and disclose your personal information.

This Statement applies to Hilton Worldwide Holdings Inc., its subsidiaries , and all of the hotels within the Hilton Portfolio of Brands (collectively, “Hilton,” “we,” or “us”). Our Portfolio of Brands includes Waldorf Astoria Hotels & Resorts, LXR Hotels & Resorts, Conrad Hotels & Resorts, Canopy by Hilton, Signia Hilton, Hilton Hotels & Resorts, Curio A Collection by Hilton, DoubleTree by Hilton, Tapestry Collection by Hilton, Embassy Suites by Hilton, Hilton Garden Inn, Motto by Hilton, Hampton by Hilton, tru by Hilton, Homewood Suites by Hilton, and Home2 Suites by Hilton.

Hilton Global Privacy Statement

PRIVACY POLICY

Adopted 21-05-2018, Version: 1.0

This Privacy Policy (”Privacy Policy”) describes how Scandic Hotels Group AB (company reg. No. 556703-1702) and the other Scandic group companies (together ”Scandic”, ”we”, ”us”), process your Personal Data. “Personal Data” is any information with which one can, directly or indirectly, identify a physical person. Please read this Privacy Policy carefully to understand how and for what purposes we process your Personal Data.

We process your Personal Data when you use our services (“Services”) as described below. We care about your privacy and comply with applicable law aiming to protect you as an individual. This Privacy Policy describes the foundation of how we process Personal Data you share with us or that we collect when you use the Services. For some of our Services, specific terms and conditions may apply that you need to accept prior to using the Service.

Different companies within the Scandic group may be either controller or processor, or joint controllers, with regards to the processing we carry out, such as processing necessary for hotel bookings or recruitment.

We aim to maintain a high level of protection of your integrity. Scandic processes Personal Data mainly to administer, provide, develop and maintain the Services, handle your bookings, optimise your experience of the Services and to communicate with you.

If we make changes to this Privacy Policy, we will notify you. The means of notification varies depending on what Services you use and when. The new terms will be published on our website.

If you provide us with Personal Data concerning other persons, you are responsible for ensuring that Scandic is allowed to process that Personal Data in accordance with this Privacy Policy.

COLLECTION AND PROCESSING OF PERSONAL DATA

Scandic only processes your Personal Data in accordance with applicable law.

Scandic may collect Personal Data directly from you when you use the Service (for instance when you book a hotel room). We may also receive and transfer your Personal Data from and to companies within the Scandic group or our partners (e.g. if you have used a travel agency to book a hotel room). We use different means to collect your Personal Data, some of which include cookies, web beacons, customer surveys and customer service. Depending on what Service you use the means of collecting and the purpose of processing may vary.

Scandic will process your Personal Data for the purposes outlined below, and the purposes described to you when you use a specific Service. When your consent is required by law in order for us to process your Personal Data, we will collect your consent prior to processing.

WHAT PERSONAL DATA DO WE PROCESS AND WHY?

Handle booking

If you book a meeting room or hotel room with us, we will process your Personal Data in order to provide, handle, administer, follow up and obtain payment for your booking. This includes processing in order to remind you or inform you of your booking when you are to stay with us.

Your Personal Data and other information about your booking can be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers.

Personal Data
Legal basis for processing – The processing is necessary in order for us to fulfil our agreement with you.

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • IP-address (if you book on our website)
  • Preferences and other requests or needs
  • Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests)
  • Other data you provide when making your booking (e.g. regarding persons you travel with)

Retention period: 120 days after the end of your stay.

NEWSLETTER AND OTHER DIRECT MARKETING

Processing based on Scandic’s legitimate interest

If you use our Services we may process your Personal Data in order to send you newsletters containing relevant information and offers about our own and franchisees’ hotels, or selected partners’ products and services, through different information channels, such as post, e-mail or our other digital channels, as long as you are our customer. We may also send you customer surveys that give you the opportunity to influence the range of products and services we provide. Our processing of sending you direct marketing and customer surveys are based on our legitimate interest.

If you wish to no longer receive newsletters or other direct marketing from us, you can object to further processing by contacting us (see contact details below) or deregister in the marketing message. If you object to our continued processing, your Personal Data will be deleted or anonymised (unless the Personal Data in question is also processed for other purposes) and you will no longer receive direct marketing from us.

Personal Data

Legal basis for processing – The processing is based on our legitimate interest of sending direct marketing.

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Preferences and other requests or needs
  • Membership details, e.g. membership number or other information in your membership profile
  • Booking data in order to send relevant offers based on previous purchasing patterns
  • Receipt details, e.g. previous purchases

Retention period: As long as you are our customer or before that if you object to further processing.

Processing based on your consent

If you have given us your consent and subscribes to our newsletter we will process your Personal Data in order to send you offers regarding our products and Services. If you wish to no longer receive newsletters or other direct marketing from us you can object to further processing for these purposes by contacting us (see contact details below) or deregister directly in the marketing message. If you object to further processing, your Personal Data will be deleted or anonymised (unless the Personal Data is processed for other purposes) and you will no longer receive direct marketing from us.

Personal Data

Legal basis for processing – The processing is based on your consent to receiving newsletters from us.

  • Name
  • Address
  • Company
  • E-mail address
  • Telephone number

Retention period: Until you withdraw your consent to the processing.

Profiling

In order to communicate personalised and relevant information and offers to you about our Services, we analyse the information we collect about you, for instance by dividing customers into different customer categories based on purchase patterns, behavior and interactions with us. We do this in order to improve your experience when you use our Services.

Recruitment

If you submit a job application (general or for a specific role) via our website or our other communication channels, we process your Personal Data in order to evaluate your application and recruit staff. This includes, if applicable, references and background checks if part of the recruitment process.

We kindly ask you not to send us any sensitive Personal Data (e.g. information revealing health conditions, race or ethnicity).

If you are offered and accept employment with us, some of the Personal Data we have collected during the recruitment process will form part of your employment contract.

Your Personal Data and other information in your job application may be transferred to other companies that operate Scandic hotels, but that are not part of the Scandic group, if you apply for a role at one of our franchisees.

Personal Data

Legal basis for processing – Processing is based on your consent.

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Recruitment details, e.g. CV, personal letter
  • Information regarding what role, area, country and type of employment you have applied for
  • Sex, citizenship and nationality
  • Grades, certificates, work experience, education or other information you voluntarily provide us with as part of your application

Retention period: Your application is saved throughout the entire recruitment process. If you are not offered a job with us we may save the information we have collected up to 24 months after the recruitment process has finished. General applications are saved up to 12 months from submission, unless a recruitment process has been initiated.

Legal obligations

We may also process your Personal Data if we are compelled to do so by law, court or public authority, e.g. to fulfil our obligations with regards to financial reporting, under tax law or due to a decision by the police department or other authority.

Personal Data

Legal basis for processing – Processing is based on legal obligations.

  • Identity related data such as name
  • Payment data
  • Booking data
  • Contact details such as e-mail address, telephone number, address
  • Receipt details, e.g. previous purchases

Retention period: In accordance with national law in respective country.

Handling of customer service inquiries

We may process your Personal Data in order to respond to, assist, follow up and handle your customer service inquiry. This includes communication necessary in order for us to respond to questions you have submitted to us via telephone, e-mail, social media or other communication channel. We may also process your Personal Data in order to handle complaints or support inquiries, including technical support.

Personal Data

Legal basis for processing – The processing is based on our legitimate interest of handling customer service inquiries.

  • Identity related data such as name
  • Booking data
  • Contact details such as e-mail address, telephone number, address
  • Technical data, e.g. about your IT equipment
  • Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests)
  • Receipt details, e.g. previous purchases
  • Other Personal Data you provide as part of your inquiry

Retention period: Six months after the customer service inquiry has been closed in order to administer and to follow up on your inquiry.

Development and assessment of our Services, products and systems

We may process your Personal Data to adapt, develop and maintain our Services in order to improve user friendliness, product and Service range, quality and efficiency from an environmental and sustainability perspective. We may also process your Personal Data in order to diagnose errors, optimise technology and improve our IT systems.

We analyse the data we collect about you, e.g. by means of our analytics tools on our website. The analysis is anonymised and is carried out in an aggregated form. The information from the analysis can never be connected to a specific person. The analysis helps us develop our IT systems, website and product and Service range.

Personal Data

Legal basis for processing – The processing is based on our legitimate interest of being able to develop and improve our Services and products.

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Booking data
  • Digital identifiers, e.g IP address
  • Technical data, e.g. about your IT equipment
  • Membership data

Retention period: Maximum 38 months from collection.

FOR HOW LONG IS YOUR PERSONAL DATA RETAINED?

Your Personal Data is retained as long as it is necessary in order for us to fulfill the purposes of our processing. Thereafter we will in a secure way delete or anonymise your Personal Data to the extent that it is no longer possible to identify you or know that the data relates to you. You will find a pre-defined retention period below each of the processing activities in the tables above.

Scandic deletes Personal Data in accordance with applicable law and the criteria outlined above. This means that Scandic deletes or anonymises your Personal Data when the Personal Data is no longer required for the purpose of processing.

TRANSFER OF PERSONAL DATA AND RECIPIENTS WITH WHOM WE SHARE INFORMATION

We may share your Personal Data with third parties. As detailed above, your Personal data may be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers. We never sell your personal data and Scandic will always enter into necessary data processing agreements with the companies that process your Personal Data on our behalf; all to ensure an adequate security level for the processing of your Personal Data.

Suppliers

We may, in order to fulfil the purposes with our processing of your Personal Data, use other companies to fulfil our obligations to you. To that end, we will share or transfer your Personal data with or to companies that provide services to Scandic, including, but not limited to, our suppliers providing customer service, delivery services, analysing services, communication and marketing services. Scandic may also share your Personal Data with our suppliers providing hosting, storage, technical support and maintenance of our IT solutions. Furthermore we may transfer your Personal Data to our payment service providers who provide us with payment solution services, in order to facilitate your payment to us. Our suppliers only process your Personal Data in accordance with our documented instructions and may not use your Personal Data for their own purposes. They are also required by law to protect your Personal Data from unauthorised access and similar.

Franchisees

Some hotels that operate under the Scandic brand are independent legal entities that are not part of the Scandic group (”Franchisees”). Your personal data may be transferred to Franchisees if it is necessary in order to provide you with the Services, for instance when you make a reservation at a hotel operated by a Frachisee.

Other recipients

We may as the case may be transfer your Personal Data to other recipients than those outlined above if it is necessary in order for us to fulfil the purposes outlined in the table below.

Repient             Purpose            Legal basis for transfer
Public authorities We transfer Personal Data to public authorities if we are required to do so by law. The processing is necessary for compliance with a legal obligation to which we are subject.
Debt collectors If you do not pay we may transfer your Personal Data to a debt collector agency in order to collect your debt owed to us. The processing is necessary for our legitimate interest of receiving payment for Services rendered.
Courts, appellant/appellee, etc. If there is a trial or similar, we may transfer your Personal Data to the court, public authority or appellant/appellee as the case may be, in order to protect our interests. The processing is necessary for our legitimate interest of  being able to defend ourselves or protect our interests.
Re-organisation, merger or acquision  If Scandic re-organises its organisation or for other reasons sells parts or the entirety of its business to a third party, your Personal Data may be transferred together with the business. The processing is necessary in order to fulfil our legitimate interest of selling business, merger or acquisition.

HOW ARE YOUR PERSONAL DATA PROTECTED?

Scandic has implemented appropriate technical and organisational measures to protect your Personal Data against for instance loss, manipulation and unauthorised access. We continuously adapt our security to new technology in order to maintain high security levels.

THIRD PARTY APPLICATIONS/WEBSITES

Scandic’s Services may contain links to other applications and/or websites over which Scandic has no control. This Privacy Policy is only applicable to your use of Scandic’s own Services. Scandic is not responsible for the content of any linked applications/websites and the processing of Personal Data that may be undertaken by the owner or operator of linked applications/websites.

COOKIES

Scandic Group uses cookies as part of its digital Services. The cookies may in some cases, automatically collect Personal Data (such as IP address and online behavior). We use cookies to improve your user experience and the security of our digital Services. The Personal Data that is collected via cookies may be anonymised and used in aggregated form for the purpose of using for development, statistics and analysis. You can find information about our use of cookies, what Personal Data we collect by means of cookies, for what they are used and what you do if you want to avoid them, in Our Cookie Policy (as updated from time to time).

 YOUR RIGHTS

Privacy law gives you several rights in relation to our processing of your Personal Data. If you would like to use your rights, please visit your nearest Scandic hotel and speak with the receptionist, and they will assist your, or send an e-mail to gdpr@scandichotels.com or if you are IHG® Rewards Club member to privacyoffice@ihg.com.

Access to your Personal Data

You have the right to obtain from us a confirmation as to whether we process your Personal Data, and where is the case, access to the Personal Data along with information about the processing and your associated rights, a so-called subject access request.

Request for rectification

If you think that certain Personal Data that we process concerning you is incorrect or incomplete, you have the right to request rectification. In order for us to change the Personal Data, you need to contact us (see contact details below). Scandic is not responsible for problems caused by your Personal Data being incorrect if you have omitted to inform us thereof.

Withdrawal of consent with effect from the withdrawal and onwards

To the extent that we process your Personal Data based on your consent, you may at any point in time withdraw your consent to the processing. The withdrawal of your consent does not affect the lawfulness of processing based on consent prior to the withdrawal.

Objection to processing for the purpose of direct marketing

As mentioned above, you have the right to object to processing for the purpose of direct marketing. You deregister from continued processing by either clicking the deregistration link in the marketing message or by contacting us (see contact details below).

Objection to certain processing activities

You have the right to object to processing that is based on our legitimate interest, if you have personal reasons therefore. We may however continue to process your Personal Data if, even if you object thereto, we have compelling legitimate grounds for the processing that override your integrity interest.

Deletion

You have the right to request that your Personal Data is deleted. This is not the case when it comes to Personal Data that we process due to law or an agreement with you.

Restriction of processing

You have the right to request that the processing of your personal data is restricted. Please note that this may prevent us from providing you with all our Services.

Dataportability

You have the right to receive a digital copy of your Personal Data that we process in a commonly used, structured and machine readable format (dataportability) to move to and use with another supplier. The right to dataportability, in difference to subject access right, only applies to the Personal Data that you have provided us with and that we process based on your consent or our fulfilment of an agreement with you.

Lodge a complaint with a supervisory authority

If you are not happy with the way we process your Personal Data or if you for another reason believe that we have processed your Personal Data in an unlawful manner, you have the right to lodge a complaint with the supervisory authority responsible for data protection.

WHO DO YOU CONTACT IF YOU HAVE QUESTIONS?

If you have any questions, comments or complains regarding our processing of your Personal Data our our compliance with the Privacy Policy and applicable privacy law, please feel free to contact us (see contact details below).

Contact details

HILTON Personal Data Requests

SCANDIC

Scandic Hotels AB, 556299-1009
Box 6197, SE-102 33 Stockholm
Sweden
gdpr@scandichotels.com