Privacy policy for Hotel Kirstine

One of Hotel Kirstine's overall goals is to maintain the highest level of security for our guests, customers, suppliers, job applicants and employees. This also applies when it comes to the protection of personal data. With this policy, Hotel Kirstine wants to map out in a clear and understandable way how Hotel Kirstine handles your personal data. 

Data controller

Hotel Kirstine is the data controller.

Contact details are:

Hotel Kirstine
Købmagergade 20
DK-4700 Næstved
Phone: + 45 5577 4700
Email: info@finishing this.hotelkirstine.dk 

Management/contact person:
Julie Larsen
Phone: + 45 5060 0158
Email: gdpr@danske-hoteller.dk

Hotel Kirstine handles all personal information in accordance with applicable personal data legislation.

Hotel Kirstine enters into agreements with guests, customers and suppliers regarding the delivery – purchase and sale – of various services and products.

When a guest/customer orders and purchases one or more of Hotel Kirstine's services and as part of this provides their personal information to Hotel Kirstine, they simultaneously give their consent that the guest/customer/supplier's personal information can be processed by Hotel Kirstine.

The same applies to any personal information that suppliers to Hotel Kirstine provide to Hotel Kirstine in connection with submitting offers or entering into agreements with Hotel Kirstine.

Hotel Kirstines collection of personal data

Personal data is collected by Hotel Kirstine in the following ways:

  • When a guest/customer – or a representative thereof – chooses to obtain a quote for and/or purchase one of Hotel Kirstine's services/products, or when a supplier makes a quote or sells products or services to Hotel Kirstine.
  • From the B2B market. For example, in a sales situation where a quote is requested for one of Hotel Kirstine's services and/or a cooperation agreement is requested.
  • Through browser cookies and web beacons.
  • In connection with the use of Hotel Kirstine's digital services.
  • By participating in Danske Hoteller A/S' bonus/benefits program and by subscribing to Danske Hoteller A/S' newsletter.
  • From social media, advertising and analysis providers as well as public records.
  • Via video and TV surveillance.

Collection and processing of personal data, cf. the above, will always take place in accordance with applicable personal data laws.

Video surveillance, which is set up in various places where there is a sign stating that there is surveillance, takes place as part of crime prevention and also functions as a safety-creating measure for employees and guests.

Information such as Hotel Kirstine collects

Hotel Kirstine collects the following personal data:

  • Name, address, telephone number, e-mail address, date of birth and other general non-personally sensitive personal data.
  • Payment card details - typically as a guarantee of a reservation and for payment of stay.
  • Demographic information.
  • Purchase history, including the use of Hotel Kirstine's app and/or other digital services.
  • The use of Danske Hoteller A/S' bonus/benefits program.
  • Information from Hotel Kirstine's customer surveys.
  • Information from any tendered competitions
  • Information from Hotel Kirstine's social media and other digital platforms belonging to Hotel Kirstine.
  • Browser Information.
  • Information about the guest's / customer's business and relevant contacts.
  • Information about the suppliers' business and information about relevant contacts and key persons including key accounts.

A guest/customer/supplier may voluntarily and at their own discretion provide Hotel Kirstine with additional personal information that they believe may be important for Hotel Kirstine's service of the guest/customer/supplier, or that they believe should be provided for security reasons.

This can e.g. be information about:

  • Handicap
  • Allergy
  • Special food preferences
  • Other health or medicine information
  • Political/religious beliefs

If a guest/customer/supplier voluntarily and of their own choice chooses to provide such information, Hotel Kirstine considers this as consent to be able to register and store this sensitive information about the person in question.

In addition to the information that Hotel Kirstine receives directly from guests/customers/suppliers, Hotel Kirstine will in some cases obtain or process additional information that Hotel Kirstine has received from third parties, such as a travel agency, another intermediary or an employee of the company where the data subject is employed.

Where this is the case, the third party in question is obliged to inform the guests/customers/suppliers in question of Hotel Kirstine's terms and conditions and Hotel Kirstine's personal data policy. It is also the responsibility of the third party in question to ensure that there is the necessary legal basis for the collection and processing of the information in question, including obtaining any necessary consent for the processing of any sensitive information.

Payment by payment card  

Hotel Kirstine uses Netaxept (Nets) to accept payments with debit and credit cards. Netaxept and Hotel Kirstine are approved and certified by the Danish Banks' Payment System (www.pbs.dk).

When making orders and bookings, Hotel Kirstine stores the information that the guest/customer/supplier has provided for as long as it is considered relevant, after which the information is deleted.

In addition to handling the order, the information provided is only used if a guest/customer/supplier e.g. contact with questions or if there is an error in the order.

What is the purpose of the collection and processing?

Hotel Kirstine only collects personal data that is necessary to fulfill the agreements entered into with guests/customers/suppliers regarding the provision of services, such as an overnight stay, or the purchase/sale of products or services.

It is the content of the individual agreement/nature of the service that determines which personal data Hotel Kirstine collects and processes, and which determines the purpose of the collection.

The purpose of collecting and processing personal data will primarily be:

  • Processing of guests'/customers' bookings and purchases of Hotel Kirstine's services.
  • Processing suppliers' offers for - and sales - of products and services.
  • Contact to the guest / customer before, during or after their stay.
  • Fulfillment of the guest's / customer's request for offers or purchases of services.
  • Improvement and development of Hotel Kirstine's services.
  • Adaptation of Hotel Kirstine's marketing and other communications.
  • Analysis of guests/customers/suppliers' user behavior and marketing towards them.
  • Adaptation of Hotel Kirstine's partners' communication and marketing to guests/customers/suppliers.
  • Administration of guests'/customers'/suppliers' relationship with Hotel Kirstine, including possible participation in Danske Hoteller A/S' bonus/benefits program.
  • Compliance with legal requirements, eg. requirement to register overnight guests according to the Aliens Act and the Passport Order.

Authorization – the legal basis – for the processing

Hotel Kirstine will most often process personal data because it is necessary to fulfill an agreement with Hotel Kirstine to which a guest/customer or a supplier is a party. This may, for example, be in connection with hotel stays, meeting arrangements and/or handling and fulfillment of cooperation and supplier agreements.

Furthermore, Hotel Kirstine will process personal data in connection with booking prior to an overnight stay, holding meetings, parties, conferences, etc., and prior to entering into supplier agreements.

In some cases, Hotel Kirstine's processing of personal data will take place as part of Hotel Kirstine's pursuit of a legitimate/objective interest that overrides the interests of the guest/customer/supplier (the data subject).

Such a legitimate interest may, for example, be the preparation of statistics, customer surveys, marketing and analysis of general guest/customer behavior, which is intended to generally improve the experience at Hotel Kirstine and the quality of Hotel Kirstine's services and products.

If a guest/customer, in connection with their stay/visit to Hotel Kirstine, provides special personal preferences or considerations, including, for example, health information, disability, religious beliefs or similar, Hotel Kirstine will only use the information to ensure that the guest/customer's personal preferences, health, etc. are taken into account.

In some situations, Hotel Kirstine receives personal data from third parties, such as a travel agency, agent or similar, including in connection with group bookings. When this happens, the third party in question is required to inform the guests/customers/suppliers in question about Hotel Kirstine's terms and conditions and the content of this personal data policy.

Hotel Kirstine is also required by law, cf. above under point 5, to register various information about overnight guests. This information must be stored for at least one year and a maximum of two years. 

The data subject's rights

According to the rules in the Personal Data Regulation, the registered (customers/guests/suppliers) have different rights.

  • A data subject has the right at any time to gain insight into what personal data Hotel Kirstine processes about the data subject.
  • A data subject has the right at any time to have the personal information that Hotel Kirstine has about the data subject corrected and updated.
  • A data subject has the right to have the personal data that Hotel Kirstine has about the data subject deleted at any time. If a data subject requests deletion, all information that Hotel Kirstine is not legally required to store will be deleted. Deletion of the data subject's information may in some cases mean that Hotel Kirstine cannot fulfill any agreements entered into or provide certain services to the data subject.

If any of the information that Hotel Kirstine has about the data subject has been provided on the basis of the data subject's consent, the data subject has the right to withdraw the consent at any time, which means that the information is deleted or no longer used by Hotel Kirstine. This does not apply to information, cf. above, which Hotel Kirstine is legally obliged to store.

The possibility to request deletion etc. may, however, be limited for reasons of the protection of other people's privacy, trade secrets and intellectual property rights, as well as e.g. for the sake of the possibility of enforcing potential legal claims.

The data subject may at any time request in writing from Hotel Kirstine an overview of and a copy of the personal data about the data subject that Hotel Kirstine holds.

A written request for this must be signed by the data subject and contain his name, address, telephone number, e-mail address.

The data subject may also contact Hotel Kirstine if the data subject believes that his or her personal data is being processed in violation of the law or in violation of other legal obligations, such as the agreement/contract that the data subject has with Hotel Kirstine.

Written requests should be sent to Hotel Kirstine, see contact information above under point 1.

Hotel Kirstine will, as far as possible, within 1 month of receiving the data subject's written request, send it to the data subject's postal address.

If the data subject requests correction and/or deletion of their personal data, Hotel Kirstine will assess whether the conditions for the request are met, and in that case, Hotel Kirstine will implement changes or deletion as soon as possible.

Hotel Kirstine reserves the right to reject requests that are of a harassing repetitive nature or that require disproportionate technical measures (e.g. development of a new IT system) or that affect the protection of the personal data of other data subjects or in other situations where it would be disproportionately resource-intensive or very complicated to comply with the request.

If you apply for a position at Hotel Kirstine

Hotel Kirstine is the data controller for the processing of information contained in applications or that arises as part of a recruitment process.

As part of Hotel Kirstine's recruitment, Hotel Kirstine processes the information that applicants provide in their applications, including information such as name, address, education, work experience, etc., i.e. basically only general information. It is recommended not to provide sensitive personal information, such as health information, race, religion, union membership, criminal record, etc. in the application. If Hotel Kirstine needs to obtain and process sensitive personal information, e.g. criminal record, about an applicant, this will only be done after prior consent from the applicant in question.

The personal data originates partly from the applicant, but may also come from publicly available sources (such as Facebook and LinkedIn). Hotel Kirstine does not use personal profiling to make automated decisions that may significantly affect the applicant's rights and freedoms.

The authority to process the applicant's information is found in Article 6 of the Personal Data Regulation, letter a (consent), letter b (measures prior to entering into a contract) and letter f (protection of interests).

Hotel Kirstine may in certain cases disclose applicants' personal data if required by applicable law or a court decision. Information may also be disclosed to external recipients, including any recruitment agency/headhunter, auditor and data processors. Some of Hotel Kirstine's data processors may be located outside the EU/EEA, but all with a lawful basis for transfer.

If an applicant is rejected for the job applied for, Hotel Kirstine will store the applicant's application and information for up to six months after the rejection, and if other positions become available that match the applicant's profile, Hotel Kirstine may contact the applicant with a view to filling this position. Applications will therefore be deleted after 6 months, unless the applicant in question gives permission for Hotel Kirstine to store the application for a longer period.

Applicants always have the right to be informed about what information Hotel Kirstine has about them. Applicants also have the right to have their information corrected if it is incorrect, and applicants have the right to object to or request deletion or restriction of the processing of the applicant's information.

If the applicant is offered employment at Hotel Kirstine, the information collected in connection with the employment procedure will be stored. Information about employees will be processed in accordance with Hotel Kirstine's personal data policy for employees, which can be found in Danske Hoteller A/S' Personnel Guide.

Hotel Kirstine has taken a number of technological and organizational security measures to protect applicants' personal data against manipulation, loss, etc., and against others gaining unauthorized access to applicants' information. Only those employees at Hotel Kirstine who, as part of their work, need to know applicants' personal data have access to this. Hotel Kirstine's security procedures are continuously reviewed based on the latest technological developments.

Security and sharing of personal data

Hotel Kirstine protects the personal data of the data subject and has established guidelines that protect the data subject's personal data against unauthorized publication and against unauthorized persons gaining access to or knowledge of them.

Only those persons/employees at Hotel Kirstine who, by virtue of their job function, need the personal data of the data subjects have access to it.

Hotel Kirstine continuously checks that there is no unauthorized access to the personal data of the registered persons.

Hotel Kirstine regularly backs up the registered personal data.

All customer cards with personal data are anonymized in Hotel Kirstine's booking system after 1 year of inactivity.

In the event of a security breach where there is a high risk of misuse of the data subjects' personal data, including, for example, identity theft, financial loss, loss of reputation or other form of misuse, Hotel Kirstine will notify the data subjects of the security breach as soon as possible.

Hotel Kirstine's security procedures are continuously reassessed and updated in relation to technological developments.

Hotel Kirstine uses a number of external suppliers of IT services, IT systems, payment solutions, etc.

Hotel Kirstine continuously enters into data processing agreements with all of Hotel Kirstine's suppliers, thereby ensuring that external data processors maintain a necessary and high level of protection with regard to the personal data of the data subjects. Some of Hotel Kirstine's data processors may be located outside the EU/EEA, but all have a lawful basis for transfer.

In order to fulfill agreements with the data subjects and to meet the needs of guests, customers and suppliers, Hotel Kirstine shares selected personal information with external suppliers such as banks, accountants, restaurants, hotels, etc.

Hotel Kirstine is part of a group. Therefore, the personal data of the registered persons may also be shared and disclosed internally within the group. The purpose of this sharing is to be able to provide the guest/customer/supplier with the best service, regardless of which hotel or which department in the group the guest/customer/supplier uses.

Hotel Kirstine is in some cases legally obliged to disclose personal data or obliged to do so as a result of a decision from a public authority.

Hotel Kirstine deletes your personal data when Hotel Kirstine's legal obligation ceases or when the purpose of collecting and processing the information no longer exists.

Cookie policy

Hotel Kirstine uses cookies. Further information about Hotel Kirstine's cookie policy can be found on the company's website.

Lawsuit

Complaints about Hotel Kirstine's processing of personal data can be made to the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, telephone + 45 3319 3200 – e-mail dt@datatilsynet.dk.

Updated September 19, 2025