Logotype

Book hotel

Privacy policy

This Privacy Policy (”Privacy Policy”) describes how Scandic Hotels Group AB (company reg. No. 556703-1702) and the other Scandic group companies (together ”Scandic”, ”we”, ”us”), process your Personal Data. “Personal Data” is any information with which one can, directly or indirectly, identify a physical person. Please read this Privacy Policy carefully to understand how and for what purposes we process your Personal Data.

We process your Personal Data when you use our services (“Services”) as described below. We care about your privacy and comply with applicable law aiming to protect you as an individual. This Privacy Policy describes the foundation of how we process Personal Data you share with us or that we collect when you use the Services. For some of our Services, specific terms and conditions may apply that you need to accept prior to using the Service.

Different companies within the Scandic group may be either controller or processor, or joint controllers, with regards to the processing we carry out, such as processing necessary for hotel bookings or recruitment.

We aim to maintain a high level of protection of your integrity. Scandic processes Personal Data mainly to administer, provide, develop and maintain the Services, handle your bookings, optimise your experience of the Services and to communicate with you.

If we make changes to this Privacy Policy, we will notify you. The means of notification varies depending on what Services you use and when. The new terms will be published on Scandic’s website.

If you provide us with Personal Data concerning other persons, you are responsible for ensuring that Scandic is allowed to process that Personal Data in accordance with this Privacy Policy.

Collection and processing of personal data

Scandic only processes your Personal Data in accordance with applicable law.

Scandic may collect Personal Data directly from you when you use the Service (for instance when you book a hotel room). We may also receive and transfer your Personal Data from and to companies within the Scandic group or our partners (e.g. if you have used a travel agency to book a hotel room). We use different means to collect your Personal Data, some of which include cookies, web beacons, customer surveys and customer service. Depending on what Service you use the means of collecting and the purpose of processing may vary.

Scandic will process your Personal Data for the purposes outlined below, and the purposes described to you when you use a specific Service. When your consent is required by law in order for us to process your Personal Data, we will collect your consent prior to processing.

What personal data do we process and why?

Handle booking

If you book a meeting room or hotel room with us, we will process your Personal Data in order to provide, handle, administer, follow up and obtain payment for your booking. This includes processing in order to remind you or inform you of your booking when you are to stay with us.

If you are a member of our loyalty program ”Scandic Friends” when you book a meeting room or hotel room with us, your Personal data may, subject to your permission, be saved in your membership profile. If you are not a member of Scandic Friends but wishes to become a member, your Personal Data may be used to create a membership profile. When you create a membership profile, your previous reservations or data collected by cookies may be associated with your membership. Read more about how your Personal Data is processed in Scandic Friends under the section “Handle your Scandic Friends membership” below.

You are required to provide the details we request in order for you to handle your reservation. It is optional to provide us with details about your Scandic Friends membership (e.g. membership number). When you book on someone else’s behalf you are responsible in relation to us for having the person’s consent to Scandic’s processing of their Personal Data in accordance with this Privacy Policy.

Your Personal Data and other information about your booking can be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers.

Personal Data Legal basis for processing
  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • IP-address (if you book on our website)
  • Preferences and other requests or needs
  • Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests)
  • If applicable, Scandic Friends membership number
  • Other data you provide when making your booking (e.g. regarding persons you travel with)
The processing is necessary in order for us to fulfil our agreement with you.
Retention period: 120 days after the end of your stay, unless you are a member of Scandic Friends in which case your booking details are saved in your membership profile. To ensure that your Personal Data is saved next time you make a booking, you can apply for a Scandic Friends membership.

Handle your Scandic Friends membership

If you are or become a member of Scandic Friends, we process your Personal Data in order to provide, handle, administer, follow up and maintain your membership. This includes for instance our processing of your Personal Data in order to inform, communicate and respond to requests or inquiries from you regarding your membership. We may also contact you to request that you ensure that your details are correct and up to date.

Scandic Friends enables us to give you more flexible and personalised offers and experiences. By using your membership profile we can give you relevant offers and information about our Services that we send to you. Read more about the profiling activities Scandic undertake under section “Newsletter and other direct marketing” below.

Your Personal Data and other information about your membership (e.g. membership points) may be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers.

Personal Data

Legal basis for processing

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Login details for your membership profile
  • IP address
  • Booking details (e.g. regarding previous or future visit)
  • Preferences and other requests or needs
  • Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests)
  • Membership details, e.g. membership number and points
  • Other details you have added to your membership profile

The processing is necessary in order for us to fulfil our agreement with you regarding your Scandic Friends membership.

Retention period: Until your membership ends and 12 months thereafter.

Newsletters and other direct marketing

Processing based on Scandic’s legitimate interest

If you use our Services we may process your Personal Data in order to send you newsletters containing relevant information and offers about our own and franchisees’ hotels, or selected partners products and services, through different information channels, such as post, e-mail or our other digital channels, as long as you are our customer. We may also send you customer surveys that give you the opportunity to influence the range of products and services we provide. Our processing of sending you direct marketing and customer surveys are based on our legitimate interest.

If you wish to no longer receive newsletters or other direct marketing from us, you can object to further processing by contacting us (see contact details below) or deregister in the marketing message. If you object to our continued processing, your Personal Data will be deleted or anonymised (unless the Personal Data in question is also processed for other purposes) and you will no longer receive direct marketing from us.

Personal Data

Legal basis for processing

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Preferences and other requests or needs
  • Membership details, e.g. membership number or other information in your membership profile
  • Booking data in order to send relevant offers based on previous purchasing patterns
  • Receipt details, e.g. previous purchases

The processing is based on our legitimate interest of sending direct marketing.

Retention period: As long as you are our customer or before that if you object to further processing.

Processing based on your consent

If you have given us your consent and subscribes to our newsletter we will process your Personal Data in order to send you offers regarding our products and Services. If you wish to no longer receive newsletters or other direct marketing from us you can object to further processing for these purposes by contacting us (see contact details below) or deregister directly in the marketing message. If you object to further processing, your Personal Data will be deleted or anonymised (unless the Personal Data is processed for other purposes) and you will no longer receive direct marketing from us.

If you are a member of Scandic Friends, your Personal Data may be used to refine your Scandic Friends profile. If you are not a Scandic Friends member we may, subject to your permission, use your Personal Data to create a membership profile for you.

Personal Data

Legal basis for processing

  • Name
  • Address
  • Company
  • E-mail address
  • Telephone number

The processing is based on your consent to receiving newsletters from us.

Retention period: Until you withdraw your consent to the processing.

Profiling

In order to communicate personalised and relevant information and offers to you about our Services, we analyse the information we collect about you, for instance by dividing customers into different customer categories based on purchase patterns, behavior and interactions with us. If you are a Scandic Friends member we may also analyse the information contained in your membership profile. We do this in order to improve your experience when you use our Services.

Recruitment

If you submit a job application (general or for a specific role) via our website or our other communication channels, we process your Personal Data in order to evaluate your application and recruit staff. This includes, if applicable, references and background checks if part of the recruitment process.

We kindly ask you not to send us any sensitive Personal Data (e.g. information revealing health conditions, race or ethnicity).

If you are offered and accept employment with us, some of the Personal Data we have collected during the recruitment process will form part of your employment contract.

Your Personal Data and other information in your job application may be transferred to other companies that operate Scandic hotels, but that are not part of the Scandic group, if you apply for a role at one of our franchisees.

Personal Data

Legal basis for processing

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Recruitment details, e.g. CV, personal letter
  • Information regarding what role, area, country and type of employment you have applied for
  • Sex, citizenship and nationality
  • Grades, certificates, work experience, education or other information you voluntarily provide us with as part of your application

Processing is based on your consent.

Retention period: Your application is saved throughout the entire recruitment process. If you are not offered a job with us we may save the information we have collected up to 24 months after the recruitment process has finished. General applications are saved up to 12 months from submission, unless a recruitment process has been initiated.

Legal obligations

We may also process your Personal Data if we are compelled to do so by law, court or public authority, e.g. to fulfil our obligations with regards to financial reporting, under tax law or due to a decision by the police department or other authority.

Personal Data

Legal basis for processing

  • Identity related data such as name
  • Payment data
  • Booking data
  • Contact details such as e-mail address, telephone number, address
  • Receipt details, e.g. previous purchases

Processing is based on legal obligations.

Retention period: In accordance with national law in respective country.

Handling of customer service inquiries

We may process your Personal Data in order to respond to, assist, follow up and handle your customer service inquiry. This includes communication necessary in order for us to respond to questions you have submitted to us via telephone, e-mail, social media or other communication channel. We may also process your Personal Data in order to handle complaints or support inquiries, including technical support.

Personal Data

Legal basis for processing

  • Identity related data such as name
  • Booking data
  • Contact details such as e-mail address, telephone number, address
  • Technical data, e.g. about your IT equipment
  • Sensitive personal data regarding for instance health (e.g. if you book room adapted to disabled guests)
  • Receipt details, e.g. previous purchases
  • Other Personal Data you provide as part of your inquiry

The processing is based on our legitimate interest of handling customer service inquiries.

Retention period: Six months after the customer service inquiry has been closed in order to administer and to follow up on your inquiry.

Development and assessment of our Services, products and systems

We may process your Personal Data to adapt, develop and maintain our Services in order to improve user friendliness, product and Service range, quality and efficiency from an environmental and sustainability perspective. We may also process your Personal Data in order to diagnose errors, optimise technology and improve our IT systems (e.g. to ensure that user Scandic Friends user accounts are not used by unauthorised persons).

We analyse the data we collect about you, e.g. by means of our analytics tools on our website. The analysis is anonymised and is carried out in an aggregated form. The information from the analysis can never be connected to a specific person. The analysis helps us develop our IT systems, website and product and Service range.

Personal Data

Legal basis for processing

  • Identity related data such as name
  • Contact details such as e-mail address, telephone number, address
  • Booking data
  • Digital identifiers, e.g IP address
  • Technical data, e.g. about your IT equipment
  • Membership data

The processing is based on our legitimate interest of being able to develop and improve our Services and products.

Retention period: Maximum 38 months from collection.

For how long is your personal data retained?

Your Personal Data is retained as long as it is necessary in order for us to fulfill the purposes of our processing. Thereafter we will in a secure way delete or anonymise your Personal Data to the extent that it is no longer possible to identify you or know that the data relates to you. You will find a pre-defined retention period below each of the processing activities in the tables above.

Scandic deletes Personal Data in accordance with applicable law and the criteria outlined above. This means that Scandic deletes or anonymises your Personal Data when the Personal Data is no longer required for the purpose of processing.

Transfer of personal data and recipients with whom we share information

We may share your Personal Data with third parties. As detailed above, your Personal data may be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers. We never sell your personal data and Scandic will always enter into necessary data processing agreements with the companies that process your Personal Data on our behalf; all to ensure an adequate security level for the processing of your Personal Data.

Suppliers
We may, in order to fulfil the purposes with our processing of your Personal Data, use other companies to fulfil our obligations to you. To that end, we will share or transfer your Personal data with or to companies that provide services to Scandic, including, but not limited to, our suppliers providing customer service, delivery services, analysing services, communication and marketing services. Scandic may also share your Personal Data with our suppliers providing hosting, storage, technical support and maintenance of our IT solutions. Furthermore we may transfer your Personal Data to our payment service providers who provide us with payment solution services, in order to facilitate your payment to us.

Our suppliers only process your Personal Data in accordance with our documented instructions and may not use your Personal Data for their own purposes. They are also required by law to protect your Personal Data from unauthorised access and similar.

Franchisees
Some hotels that operate under the Scandic brand are independent legal entities that are not part of the Scandic group (”Franchisees”). Your personal data may be transferred to Franchisees if it is necessary in order to provide you with the Services, for instance when you make a reservation at a hotel operated by a Frachisee.

Other recipients
We may as the case may be transfer your Personal Data to other recipients than those outlined above if it is necessary in order for us to fulfil the purposes outlined in the table below.

Repient

Purpose

Legal basis for transfer

Public authorities

We transfer Personal Data to public authorities if we are required to do so by law.

The processing is necessary for compliance with a legal obligation to which we are subject.

 Debt collectorsIf you do not pay we may transfer your Personal Data to a debt collector agency in order to collect your debt owed to us.The processing is necessary for our legitimate interest of receiving payment for Services rendered.
Courts, appellant/appellee, etc.

If there is a trial or similar, we may transfer your Personal Data to the court, public authority or appellant/appellee as the case may be, in order to protect our interests.

The processing is necessary for our legitimate interest of being able to defend ourselves or protect our interests.

Re-organisation, merger or acquision

If Scandic re-organises its organisation or for other reasons sells parts or the entirety of its business to a third party, your Personal Data may be transferred together with the business.

The processing is necessary in order to fulfil our legitimate interest of selling business, merger or acquisition.

How are your personal data protected?

Scandic has implemented appropriate technical and organisational measures to protect your Personal Data against for instance loss, manipulation and unauthorised access. We continuously adapt our security to new technology in order to maintain high security levels.

Third party applications / websites

Scandic’s Services may contain links to other applications and/or websites over which Scandic has no control. This Privacy Policy is only applicable to your use of Scandic’s own Services. Scandic is not responsible for the content of any linked applications/websites and the processing of Personal Data that may be undertaken by the owner or operator of linked applications/websites.

Cookies

Scandic uses cookies as part of its digital Services. The cookies may in some cases, automatically collect Personal Data (such as IP address and online behavior). We use cookies to improve your user experience and the security of our digital Services. The Personal Data that is collected via cookies may be anonymised and used in aggregated form for the purpose of using for development, statistics and analysis. You can find information about Scandic’s use of cookies, what Personal Data we collect by means of cookies, for what they are used and what you do if you want to avoid them, in Scandic’s Cookie Policy (as updated from time to time).

Your rights

Privacy law gives you several rights in relation to our processing of your Personal Data. If you would like to use your rights, please visit your nearest Scandic hotel and speak with the receptionist, and they will assist your, or send an e-mail to gdpr@scandichotels.com.

Access to your Personal Data
You have the right to obtain from us a confirmation as to whether we process your Personal Data, and where is the case, access to the Personal Data along with information about the processing and your associated rights, a so-called subject access request.

Request for rectification
If you think that certain Personal Data that we process concerning you is incorrect or incomplete, you have the right to request rectification. In order for us to change the Personal Data, you need to contact us (see contact details below). Scandic is not responsible for problems caused by your Personal Data being incorrect if you have omitted to inform us thereof.

Withdrawal of consent with effect from the withdrawal and onwards
To the extent that we process your Personal Data based on your consent, you may at any point in time withdraw your consent to the processing. The withdrawal of your consent does not affect the lawfulness of processing based on consent prior to the withdrawal.

Objection to processing for the purpose of direct marketing
As mentioned above, you have the right to object to processing for the purpose of direct marketing. You deregister from continued processing by either clicking the deregistration link in the marketing message or by contacting us (see contact details below).

Objection to certain processing activities
You have the right to object to processing that is based on our legitimate interest, if you have personal reasons therefore. We may however continue to process your Personal Data if, even if you object thereto, we have compelling legitimate grounds for the processing that override your integrity interest.

Deletion
You have the right to request that your Personal Data is deleted. This is not the case when it comes to Personal Data that we process due to law or an agreement with you.

Restriction of processing
You have the right to request that the processing of your personal data is restricted. Please note that this may prevent us from providing you with all our Services.

Dataportability
You have the right to receive a digital copy of your Personal Data that we process in a commonly used, structured and machine readable format (dataportability) to move to and use with another supplier. The right to dataportability, in difference to subject access right, only applies to the Personal Data that you have provided us with and that we process based on your consent or our fulfilment of an agreement with you.

Lodge a complaint with a supervisory authority
If you are not happy with the way we process your Personal Data or if you for another reason believe that we have processed your Personal Data in an unlawful manner, you have the right to lodge a complaint with the supervisory authority responsible for data protection.

Who do you contact if you have questions?

If you have any questions, comments or complains regarding our processing of your Personal Data our our compliance with the Privacy Policy and applicable privacy law, please feel free to contact us (see contact details below).

Contact details

Scandic Hotels AB, 556299-1009
Box 6197, SE-102 33 Stockholm, Sweden
E-mail: gdpr@scandichotels.com
Telephone number: +46 8 517 350 00

Information text last updated: May 21, 2018