When you use one of our digital services, we collect information about your usage. Some of this information may be personal data. This privacy notice sets out how we collect, store and process this personal data when you use MyHotel.
For more information about our processing of your personal data please visit your tour operator’s privacy policy on their website.
Personal data is any information that can be directly or indirectly used to identify a living person. It can be data such as name, address, national ID number, email address and phone number. It is also information like booking number, encrypted data and electronic identities, like an IP number, if they can be traced back to an identifiable living person.
Log in
If you log onto MyHotel using your MyPage account and log in information, MyHotel will automatically download your name, email address, age, nationality, phone number and password from your MyPage account and store them in a local database. The data is stored for 20 days and then anonymized in such a way that it cannot be used to identify anyone individually.
Activities
When you make a booking through MyHotel we collect the information we need to be able to organize the activity. This is the name, room number and email address of the participant.
If relevant, we also collect the name of any child who is to participate in the activity. We also collect information about the child’s age, spoken language, any allergies, and the name, phone number, email address, room number and location of the child’s guardian/responsible adult during the activity.
If needed for offering the best possible experience, we will ask you to provide information about any food intolerance and/or allergies. Please note that providing this information is optional.
Using websites, apps or other digital services
Whenever you use one of our websites, apps or another of our digital services we collect information about your usage of the service. We collect information about how you navigate the service, your searches and which of our products you show an interest in.
Activities
The information we collect when you make a booking through MyHotel is used for administration of the activities. This means the information is used to make lists of participants, collect payment, and contact you on matters relating to your booked activity should the need arise. Information about food intolerance and/or allergies is collected to offer the best possible experience.
When providing us with information about food intolerance and/or allergies you consent to the processing of such information. Access to this information will be restricted and the information will only be used during the performance of the activity.
Log in and using websites, apps or other digital services
To analyze usage patterns, we use cookies. You can read our cookie policy here.
We use the information we collect about our customers' use of our digital services to develop and improve our products and services. For our digital services we use usage pattern information to determine how and what information, offers and promotions we show on our websites and what functions we develop and provide. We also use customer information to develop our holiday products to suit customer preferences and behavior, and to e.g. address problems or improve customer safety.
We mainly use anonymous or anonymized data on an aggregated level to analyze user behaviours. We may use personal data for these purposes if it is relevant.
We store your personal data only as long as it is needed to fulfil the purposes of the data collection and processing.
Information collected when you make a booking through MyHotel is stored for three (3) weeks. At that point the data is anonymized. We store anonymous user data to analyze and develop our product offering. Information about food intolerance and/or allergies is deleted.
Activities booked through MyHotel take place at the destination. This means that your personal data may be processed outside the EU/EEA. The data may also be processed by resort staff at the destination not employed directly by us. The data is only processed in our systems and in our express direction.
We use a number of IT services and IT systems in our business. Some of these systems process personal data. We take your integrity and the security of your personal data seriously during all such processing. Some systems are locally installed and only accessible by our staff. In these cases, no personal data is transferred to any third party. Some systems are cloud solutions or installed at a provider’s premises and require transferring personal data to a third party. In all such cases the provider is our data processor, acting on our behalf and in accordance with our instructions.
Internally we process personal data in our customer management system, our booking- and sales systems, our customer service system and in a system for data processing and optimization. These systems are required to provide you with the services you have requested from us and to provide customer care and support in conjunction with those services. Any personal data we collect may be processed in any or all of these systems.
We use external providers for profiling and user behavior analysis on our websites and for handling user feedback. These providers process personal data under a data processing agreement on our behalf. The data being processed is for the most part information collected by cookies which is processed on an anonymous and aggregated basis.
Your personal data is processed when it is necessary to fulfil a contract or legal obligation or when it is within our legitimate interest. Our legitimate interest is analyzing customer behaviors to improve our service and products and sharing information within our business group. The processing of information on food intolerance, allergies or other special categories of personal data is based on your consent. You can withdraw your consent at any time should you so wish by following the instructions given when you consented to the processing.
You have the right to demand that personal data about you is erased, amended or corrected. You also have the right to object to processing your personal data for specific purposes, such as direct marketing or profiling.
It is possible that the same information is being processed for multiple purposes, some of which require consent and some of which do not. This means that even if you do withdraw your consent and the consent-based processing is stopped, the information may still be retained and processed by us for other purposes that do not require your consent.
If you want to know what personal data we hold about you, you can apply for a record of your personal data using the contact information listed below. Such a record is provided on request free of charge once per year.
You can contact the Nordic Leisure Travel Group's data protection officer through this form, tel. +46 (0)8 5513060, e-mail DPO@nltg.com or regular mail sent to NLTG AB, Rålambsvägen 17, 105 20 Stockholm.
The tour operator (Ving, Spies or Tjäreborg) is the data controller for personal data collected and processed on this website. The tour operators are part of the Nordic Travel Leisure Group AB (NTLG). The tour operator and NTLG are joint data controllers for this personal data collection and processing. However, the tour operator is your point of contact for any issues or requests.
Personal data collected by the tour operator will be processed by NTLG for the same purposes.
If you have questions regarding your personal data during your holiday with us we kindly ask you to contact the reception at your resort.
Please read this privacy policy carefully. In it you will find important information about the processing of your personal data and the rights recognized by current regulations on the matter. We reserve the right to update our privacy policy at any time due to business decisions, as well as to comply with possible legislative or jurisprudential changes. If you have questions or need any clarification regarding our Privacy Policy or your rights, you can contact us through the channels indicated below.
For information on who is responsible for the processing of your data and contact details, please see the Annex to this policy.
Why will we process your data and on what legal basis?
Security purposes: we process the data obtained from installed video surveillance cameras for video surveillance and facility security purposes.
This processing is based on our legitimate interest in ensuring the security of the facilities. To weigh this interest against their rights and freedoms, it has been determined that the treatment has a limited impact on the privacy of the interested parties, corresponds to their reasonable expectations and does not pose significant threats.
How long will we keep your data? The data will be deleted within a maximum period of one month from when it was collected, without prejudice to its conservation during the periods provided for in the applicable legal provisions, for example, to prove the commission of acts that violate the integrity of people, goods or facilities.
Who can we communicate your data to? Your data will not be communicated to third parties, except to the competent authorities in the event of the commission of acts that threaten the integrity of people, property, or facilities.
What are your rights? You have the right to obtain confirmation of whether we are processing your personal data and, if so, access it. You can also request that your data be rectified when it is inaccurate or that it be completed when it is incomplete, as well as request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, you may request the limitation of the processing of your data. In such case, we will only process the affected data for the formulation, exercise, or defense of claims or with a view to protecting the rights of other people.
Under certain conditions and for reasons related to your situation, you may also object to the processing of your data. In this case, we will stop processing the data except for compelling legitimate reasons that prevail over your interests or rights and freedoms, or for the formulation, exercise, or defense of claims.
Likewise, and under certain conditions, you may request the portability of your data so that it may be transmitted to another data controller.
You also have the right to oppose the adoption of automated individual decisions that produce legal effects on you or significantly affect you in a similar way, when this right exists in accordance with the provisions of article 22 of Regulation (EU) 2016/679.
You also have the right to lodge a complaint with a data protection authority. You can consult the list and contact details of the European data protection agencies on the European Commission website at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.