Privacy Policy

Below you can find the information that Hotel Hesselet A/S (“Hotel Hesselet”, “The Hotel”, “we”, “us”) is obliged to provide to you in accordance with Regulation (EU) 2016/679 (“GDPR” or “General Data Protection Regulation”) when we process personal data about you as a guest, supplier, website visitor or external person in general.

The data controller for the processing is:

Hotel Hesselet A/S

CVR-nr.: 43351729

Christianslundsvej 119

5800 Nyborg

E-mail: hotel@hesselet.dk

3.1 Reservation and implementation of stay and provision of other services

PurposeIn connection with the reservation of stay or space in our restaurant, as well as in connection with our provision of stay and other services, we process personal data in order to be able to implement these.

Categories of personal dataIn connection with booking/ordering/reservation, we process the following information:Name and contact information, including address, email and telephone numberPayment card information (if booking/reservation is made online)Information about what you want to order, e.g. type of stay, period of stay, number of people, special needs or wishes, for example whether there are special foods or other things you want to avoid. We either receive the information directly from you or from the third-party service where you make the booking (e.g. Hotels.com or Booking.com). 

When you visit the Hotel, we also process the following information about you:Payment card informationInformation about any purchases made at the Hotel during your stay

Other information you may provide us that is relevant to us being able to offer you a service tailored to your wishes and needs. For foreign guests at the Hotel, we also process a copy of a passport or other travel document. This information is processed solely to comply with our obligations under the “Execution on the Entry of Foreigners into Denmark”.

Legal basis

The legal basis for our processing of personal data for the purposes mentioned is:Article 6(1)(b) of the General Data Protection Regulation, as the information is necessary for us to fulfil a contract with you.Article 6(1)(b) of the General Data Protection Regulation 1, letter c, as the processing is necessary for us to comply with the legal obligation incumbent on us under the "Execution on the entry of foreigners into the country". Article 6, paragraph 1, letter f of the General Data Protection Regulation, as the processing is necessary for us to pursue our legitimate interest in providing a good service that is tailored to your wishes and needs. 

Recipients of personal data

The information is shared with our IT suppliers (data processors), who store the information for us and process it according to our instructions. Storage Information about the individual purchase is stored for five years from the end of the year the purchase was made. Master data, including information about your preferences and other information that is relevant for us to provide a stay in accordance with your wishes, is stored for five years from the end of the year you last visited us. 

3.2 Booking of events (parties, conferences, etc.)

 If you book an event at the hotel, we will register information about you as a contact person in relation to the event. In addition, we may register information about individual participants, e.g. if there are participants who need us to take special care, e.g. in relation to food. 

The purpose of processing this information is partly to be able to contact you in relation to the event, and partly to be able to adapt our service in relation to the participants' special wishes or needs.

Categories of personal data

 Name and contact information, including address, e-mail and telephone number If you are booking on behalf of a company, we also process information about which company it is Information about the event, including the number of participants and any special wishes or needs in connection with the event If the event includes accommodation at the Hotel, we also process information about the name and room number of the individual participants, as well as - where relevant - information about the individual participants' purchases/consumption during the stay. Information is generally obtained from the person booking the event. 

Legal basis 

The legal basis for processing is Article 6(1) of the General Data Protection Regulation. 1, letter f, as the processing is necessary to pursue our legitimate interest in being able to carry out ordered events in an efficient and appropriate manner, including being able to take into account any special wishes and needs. Recipients of personal data 

The information is shared with our IT suppliers (data processors), who store the information for us and process it according to our instructions. Storage The information is stored for five years from the end of the year the event is carried out and paid for. Information about the individual participants will, however, be anonymized no later than 12 months after the event has been completed.

3.3 Newsletters

If you sign up for our newsletter and other information from Hotel Hesselet, we will process personal data about you in order to be able to send this material to you, as well as to be able to document compliance with our legal obligations in this regard.

Categories of personal data

Name and email addressPossibly information about specific types of information you wish to receiveInformation about your consent and - where relevant - withdrawal of consentInformation about which newsletters and other information we have sent to youThe information is obtained directly from you.

Legal basis

The legal basis for the processing is Article 6(1)(c) of the General Data Protection Regulation, as the processing is necessary for us to comply with our legal obligation to be able to document that we have obtained valid consent to send newsletters in accordance with the requirements of the Marketing Practices Act, as well as Article 6(1)(c) of the General Data Protection Regulation. 1, letter f, as the processing is necessary to pursue our legitimate interest in sending news and other information to persons who have requested it.

Recipients of personal data 

The data is shared with our IT suppliers (data processors), who store the data for us and process it according to our instructions. In this connection, personal data may be transferred to The Rocket Science Group LLC (Mailchimp) in the USA and to their subcontractors. The transfer is based on standard contracts approved by the EU Commission pursuant to Article 46, paragraph 2, letter c and only includes email addresses for newsletter recipients. 

You can obtain a copy of the standard contractual clauses used by contacting us - our contact details are provided in section 2 above. Storage If you unsubscribe from newsletters from us or withdraw your consent to receive newsletters and other information, we will immediately stop sending you material. 

We will also stop sending you material if we have not sent you anything for a period of 12 consecutive months. Thereafter, information will be retained for two years from the end of the year in which we stopped sending you material. The information will be retained solely to enable us to comply with the legal obligation to document that at the time we sent you material, we had valid consent to do so. 

This obligation follows from the Danish Marketing Act, Section 10.3.4 Suppliers and business partners. If you are (a contact person at) one of our suppliers or business partners, we may process personal data about you in order to be able to manage our relationship with our suppliers and business partners in an efficient manner. 

Categories of personal data Name (Work) email address (Work) telephone number (Work) address The name of the company you represent Correspondence, agreements and information about trading history 

We obtain the information either directly from you or from the company you represent. Legal basis If you cooperate with us as a private individual or as the owner of a personally owned business, the legal basis is Article 6(1)(b) of the Data Protection Regulation, as the processing is necessary for the performance of a contract. In other cases, the legal basis is Article 6(1)(b) of the Data Protection Regulation. 1, letter f, as the processing is necessary for us to pursue our legitimate interest in being able to manage the relationship with suppliers and partners in an efficient manner. Recipients of personal data The information is entrusted to our IT suppliers (data processors), who store the information for us and process it according to our instructions. Personal data may be transferred to the USA in connection with the transmission of messages and documents directly from our accounting system, as transmission is via Twilio, which is certified under the EU/US Data Privacy Framework. 

Storage 

We store the information for up to 5 years from the end of the year in which we last had a financial transaction with you / the company you represent. 3.5 Website and social media When you visit our website, we process information about you in the form of cookies and similar technologies in order to ensure a well-functioning website (e.g. to be able to adapt the display to the type of device and browser you use to access the website) ensure that the website is relevant and user-friendly (e.g. by remembering the preferences you specify when you visit the website and by understanding which topics are of particular interest to visitors, so that these are easily accessible) make the website secure - both for you as a visitor and for ourselves. The specific purpose of the individual cookies is stated in our cookie policy. 

When you visit our pages on LinkedIn, Facebook and Instagram, the provider collects of the individual platform information about you. This information is subsequently made available to us in anonymized form in statistics for our pages. In these cases, we are joint data controllers with the provider of the respective platforms. You can read more at LinkedIn Pages Joint Controller Addendum and Facebook.

 Categories of personal data

 Electronic identification data (IP address, cookies, etc.) Information about the equipment you use to access the website, including the type of device (PC, tablet, phone, etc.), model, operating system and browser Visit history, including information about your movements on the website (e.g. which links you click on). Legal basis The legal basis for the processing is Article 6(1) of the General Data Protection Regulation. 1, letter f, as the processing is necessary for us to pursue our legitimate interest in ensuring an effective, relevant, well-functioning and secure website, as well as for us to map the interest in our pages and posts on social media. 

Recipients of personal data

 As described above, we are joint data controllers with the providers of LinkedIn and Meta (Facebook and Instagram). The information is also disclosed to companies that place third-party cookies on our website, and entrusted to our IT suppliers (data processors), who store the information for us and process it according to our instructions. In connection with the processing, personal data may be transferred to countries outside the EU/EEA (third countries). These countries include the USA and countries where LinkedIn and Meta have branches or sub-processors. We ensure that your rights are protected and that the level of protection is maintained in connection with such data transfers. The transfers to LinkedIn and Meta are based on the EU/US Data Privacy Framework, cf. Article 45 of the General Data Protection Regulation. Other transfers are generally based on standard contracts approved by the EU Commission in accordance with Article 46(2)(c). You can obtain a copy of these standard contracts by contacting us (see section 2 above). 

Storage 

You can find information about how long individual cookies are stored in our cookie policy. 3.6 Processing of inquiries and other administration If we receive personal data about you in a context other than the purposes stated in points 3.1 – 3.5 above, including if you interact with us on social media, we process this information in order to be able to handle your inquiry (or the situation that may lead to us receiving personal data about you). 

Categories of personal data 

Name 

Email

Telephone

number

Address

Other information you may provide to us or which is otherwise relevant to be able to process the inquiry correctly and efficiently. 

Legal basis

 The legal basis for the processing is Article 6(1) of the General Data Protection Regulation. 1, letter f, as the processing is necessary for us to pursue our legitimate interest in processing inquiries to Hotel Hesselet in a correct, efficient and appropriate manner. Recipients of personal data The information is entrusted to our IT suppliers (data processors), who store the information for us and process it according to our instructions. Personal data may be transferred to the USA in connection with the transmission of messages and documents directly from our accounting system, as transmission is via Twilio, which is certified under the EU/US Data Privacy Framework. 

Storage 

If your inquiry leads to financial transactions, we store the information for five years from the end of the year to which the transaction relates. For other inquiries (which do not involve financial transactions), the information is stored for two years from the end of the year in which there was most recently activity in the matter to which the inquiry relates.

Personal data is generally stored as stated under the individual processing activities in section 3.

When we process personal data about you, you have the following rights:

Right to withdraw consent. If we process the information on the basis of your consent, you have the right to withdraw your consent at any time. You do this by contacting us using the contact information that appears in section 2 above. 

Withdrawal of consent only applies to processing of personal data after the time you have withdrawn consent and thus does not affect the legality of previous processing.

Right to access. You have the right to state which information we process about you, as well as the terms of this processing. In this connection, you have the right to receive a copy of the information we process about you.

Right to rectification. You have the right to have information we process about you corrected if it is not correct, just as you have the right to have the information we process about you supplemented if it is not sufficient.

Right to erasure. In certain cases, you have the right to have personal data we process about you deleted (the right to be forgotten)

Right to restriction of processing. In certain cases, you have the right to have the processing of the personal data we process about you restricted.

Right to data portability. If we process information about you on the basis of your consent or for the purpose of fulfilling a contract, you have the right to receive the personal data we process about you in a structured, commonly used and machine-readable format

Right to object to processing. If we process personal data about you on the basis of the data protection regulation, Article 6, subsection 1, letter f, you have the right to object to the processing for reasons relating to your particular situation. You have a special, unconditional right to object to the processing of your personal data for the purpose of direct marketing.

You can exercise your rights by contacting us – our contact details appear in section 2 above. Please note that certain conditions and limitations apply to your rights. We are therefore not necessarily obliged to comply with your requests.

However, you always have the right to complain to a supervisory authority – in Denmark it is the Data Protection Authority. You can read more about what options you have to complain to the Data Protection Authority on the Data Protection Authority's website.

If you wish to complain about our processing of personal data, we would like to hear from you. 

Our contact details can be found under section 2 above. 

You also have the right to file a complaint with the Danish Data Protection Authority, Carl Jacobsens Vej 35, 2500 Valby. 

This can be done via e-mail dt@datatilsynet.dk or on the Danish Data Protection Authority's website datatilsynet.dk.

Hotel Hesselet may change this privacy policy from time to time if necessary to provide a true and fair description of our processing of personal data.

In the event that there are significant changes to our processing of personal data about you that we already hold, you will be notified directly of the update (e.g. via email). This privacy policy was last updated in June 2024.