Different companies within the Scandic group may be either controller or processor, or joint controllers, with regards to the processing we carry out, such as processing necessary for hotel bookings or recruitment.
We aim to maintain a high level of protection of your integrity. Scandic processes Personal Data mainly to administer, provide, develop and maintain the Services, handle your bookings, optimise your experience of the Services and to communicate with you.
Collection and processing of personal data
Scandic only processes your Personal Data in accordance with applicable law.
Scandic may collect Personal Data directly from you when you use the Service (for instance when you book a hotel room). We may also receive and transfer your Personal Data from and to companies within the Scandic group or our partners (e.g. if you have used a travel agency to book a hotel room). We use different means to collect your Personal Data, some of which include cookies, web beacons, customer surveys and customer service. Depending on what Service you use the means of collecting and the purpose of processing may vary.
Scandic will process your Personal Data for the purposes outlined below, and the purposes described to you when you use a specific Service. When your consent is required by law in order for us to process your Personal Data, we will collect your consent prior to processing.
What personal data do we process and why?
If you book a meeting room or hotel room with us, we will process your Personal Data in order to provide, handle, administer, follow up and obtain payment for your booking. This includes processing in order to remind you or inform you of your booking when you are to stay with us.
If you are a member of our loyalty program ”Scandic Friends” when you book a meeting room or hotel room with us, your Personal data may, subject to your permission, be saved in your membership profile. If you are not a member of Scandic Friends but wishes to become a member, your Personal Data may be used to create a membership profile. When you create a membership profile, your previous reservations or data collected by cookies may be associated with your membership. Read more about how your Personal Data is processed in Scandic Friends under the section “Handle your Scandic Friends membership” below.
Your Personal Data and other information about your booking can be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers.
|Personal Data||Legal basis for processing|
|The processing is necessary in order for us to fulfil our agreement with you.|
|Retention period: 120 days after the end of your stay, unless you are a member of Scandic Friends in which case your booking details are saved in your membership profile. To ensure that your Personal Data is saved next time you make a booking, you can apply for a Scandic Friends membership.|
Handle your Scandic Friends membership
If you are or become a member of Scandic Friends, we process your Personal Data in order to provide, handle, administer, follow up and maintain your membership. This includes for instance our processing of your Personal Data in order to inform, communicate and respond to requests or inquiries from you regarding your membership. We may also contact you to request that you ensure that your details are correct and up to date.
Scandic Friends enables us to give you more flexible and personalised offers and experiences. By using your membership profile we can give you relevant offers and information about our Services that we send to you. Read more about the profiling activities Scandic undertake under section “Newsletter and other direct marketing” below.
Your Personal Data and other information about your membership (e.g. membership points) may be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers.
Legal basis for processing
The processing is necessary in order for us to fulfil our agreement with you regarding your Scandic Friends membership.
|Retention period: Until your membership ends and 12 months thereafter.|
Newsletters and other direct marketing
Processing based on Scandic’s legitimate interest
If you use our Services we may process your Personal Data in order to send you newsletters containing relevant information and offers about our own and franchisees’ hotels, or selected partners products and services, through different information channels, such as post, e-mail or our other digital channels, as long as you are our customer. We may also send you customer surveys that give you the opportunity to influence the range of products and services we provide. Our processing of sending you direct marketing and customer surveys are based on our legitimate interest.
If you wish to no longer receive newsletters or other direct marketing from us, you can object to further processing by contacting us (see contact details below) or deregister in the marketing message. If you object to our continued processing, your Personal Data will be deleted or anonymised (unless the Personal Data in question is also processed for other purposes) and you will no longer receive direct marketing from us.
Legal basis for processing
The processing is based on our legitimate interest of sending direct marketing.
|Retention period: As long as you are our customer or before that if you object to further processing.|
Processing based on your consent
If you have given us your consent and subscribes to our newsletter we will process your Personal Data in order to send you offers regarding our products and Services. If you wish to no longer receive newsletters or other direct marketing from us you can object to further processing for these purposes by contacting us (see contact details below) or deregister directly in the marketing message. If you object to further processing, your Personal Data will be deleted or anonymised (unless the Personal Data is processed for other purposes) and you will no longer receive direct marketing from us.
If you are a member of Scandic Friends, your Personal Data may be used to refine your Scandic Friends profile. If you are not a Scandic Friends member we may, subject to your permission, use your Personal Data to create a membership profile for you.
Legal basis for processing
The processing is based on your consent to receiving newsletters from us.
|Retention period: Until you withdraw your consent to the processing.|
In order to communicate personalised and relevant information and offers to you about our Services, we analyse the information we collect about you, for instance by dividing customers into different customer categories based on purchase patterns, behavior and interactions with us. If you are a Scandic Friends member we may also analyse the information contained in your membership profile. We do this in order to improve your experience when you use our Services.
If you submit a job application (general or for a specific role) via our website or our other communication channels, we process your Personal Data in order to evaluate your application and recruit staff. This includes, if applicable, references and background checks if part of the recruitment process.
We kindly ask you not to send us any sensitive Personal Data (e.g. information revealing health conditions, race or ethnicity).
If you are offered and accept employment with us, some of the Personal Data we have collected during the recruitment process will form part of your employment contract.
Your Personal Data and other information in your job application may be transferred to other companies that operate Scandic hotels, but that are not part of the Scandic group, if you apply for a role at one of our franchisees.
Legal basis for processing
Processing is based on your consent.
|Retention period: Your application is saved throughout the entire recruitment process. If you are not offered a job with us we may save the information we have collected up to 24 months after the recruitment process has finished. General applications are saved up to 12 months from submission, unless a recruitment process has been initiated.|
We may also process your Personal Data if we are compelled to do so by law, court or public authority, e.g. to fulfil our obligations with regards to financial reporting, under tax law or due to a decision by the police department or other authority.
Legal basis for processing
Processing is based on legal obligations.
|Retention period: In accordance with national law in respective country.|
Handling of customer service inquiries
We may process your Personal Data in order to respond to, assist, follow up and handle your customer service inquiry. This includes communication necessary in order for us to respond to questions you have submitted to us via telephone, e-mail, social media or other communication channel. We may also process your Personal Data in order to handle complaints or support inquiries, including technical support.
Legal basis for processing
The processing is based on our legitimate interest of handling customer service inquiries.
|Retention period: Six months after the customer service inquiry has been closed in order to administer and to follow up on your inquiry.|
Development and assessment of our Services, products and systems
We may process your Personal Data to adapt, develop and maintain our Services in order to improve user friendliness, product and Service range, quality and efficiency from an environmental and sustainability perspective. We may also process your Personal Data in order to diagnose errors, optimise technology and improve our IT systems (e.g. to ensure that user Scandic Friends user accounts are not used by unauthorised persons).
We analyse the data we collect about you, e.g. by means of our analytics tools on our website. The analysis is anonymised and is carried out in an aggregated form. The information from the analysis can never be connected to a specific person. The analysis helps us develop our IT systems, website and product and Service range.
Legal basis for processing
The processing is based on our legitimate interest of being able to develop and improve our Services and products.
|Retention period: Maximum 38 months from collection.|
For how long is your personal data retained?
Your Personal Data is retained as long as it is necessary in order for us to fulfill the purposes of our processing. Thereafter we will in a secure way delete or anonymise your Personal Data to the extent that it is no longer possible to identify you or know that the data relates to you. You will find a pre-defined retention period below each of the processing activities in the tables above.
Scandic deletes Personal Data in accordance with applicable law and the criteria outlined above. This means that Scandic deletes or anonymises your Personal Data when the Personal Data is no longer required for the purpose of processing.
Transfer of personal data and recipients with whom we share information
We may share your Personal Data with third parties. As detailed above, your Personal data may be transferred to companies within and outside the EU/EEA that operate Scandic hotels but that are not part of the Scandic group, or to our suppliers. We never sell your personal data and Scandic will always enter into necessary data processing agreements with the companies that process your Personal Data on our behalf; all to ensure an adequate security level for the processing of your Personal Data.
We may, in order to fulfil the purposes with our processing of your Personal Data, use other companies to fulfil our obligations to you. To that end, we will share or transfer your Personal data with or to companies that provide services to Scandic, including, but not limited to, our suppliers providing customer service, delivery services, analysing services, communication and marketing services. Scandic may also share your Personal Data with our suppliers providing hosting, storage, technical support and maintenance of our IT solutions. Furthermore we may transfer your Personal Data to our payment service providers who provide us with payment solution services, in order to facilitate your payment to us.
Our suppliers only process your Personal Data in accordance with our documented instructions and may not use your Personal Data for their own purposes. They are also required by law to protect your Personal Data from unauthorised access and similar.
Some hotels that operate under the Scandic brand are independent legal entities that are not part of the Scandic group (”Franchisees”). Your personal data may be transferred to Franchisees if it is necessary in order to provide you with the Services, for instance when you make a reservation at a hotel operated by a Frachisee.
We may as the case may be transfer your Personal Data to other recipients than those outlined above if it is necessary in order for us to fulfil the purposes outlined in the table below.
Legal basis for transfer
We transfer Personal Data to public authorities if we are required to do so by law.
The processing is necessary for compliance with a legal obligation to which we are subject.
|Debt collectors||If you do not pay we may transfer your Personal Data to a debt collector agency in order to collect your debt owed to us.||The processing is necessary for our legitimate interest of receiving payment for Services rendered.|
|Courts, appellant/appellee, etc.|
If there is a trial or similar, we may transfer your Personal Data to the court, public authority or appellant/appellee as the case may be, in order to protect our interests.
The processing is necessary for our legitimate interest of being able to defend ourselves or protect our interests.
|Re-organisation, merger or acquision|
If Scandic re-organises its organisation or for other reasons sells parts or the entirety of its business to a third party, your Personal Data may be transferred together with the business.
The processing is necessary in order to fulfil our legitimate interest of selling business, merger or acquisition.
How are your personal data protected?
Scandic has implemented appropriate technical and organisational measures to protect your Personal Data against for instance loss, manipulation and unauthorised access. We continuously adapt our security to new technology in order to maintain high security levels.
Third party applications / websites
Privacy law gives you several rights in relation to our processing of your Personal Data. If you would like to use your rights, please visit your nearest Scandic hotel and speak with the receptionist, and they will assist your, or send an e-mail to firstname.lastname@example.org.
Access to your Personal Data
You have the right to obtain from us a confirmation as to whether we process your Personal Data, and where is the case, access to the Personal Data along with information about the processing and your associated rights, a so-called subject access request.
Request for rectification
If you think that certain Personal Data that we process concerning you is incorrect or incomplete, you have the right to request rectification. In order for us to change the Personal Data, you need to contact us (see contact details below). Scandic is not responsible for problems caused by your Personal Data being incorrect if you have omitted to inform us thereof.
Withdrawal of consent with effect from the withdrawal and onwards
To the extent that we process your Personal Data based on your consent, you may at any point in time withdraw your consent to the processing. The withdrawal of your consent does not affect the lawfulness of processing based on consent prior to the withdrawal.
Objection to processing for the purpose of direct marketing
As mentioned above, you have the right to object to processing for the purpose of direct marketing. You deregister from continued processing by either clicking the deregistration link in the marketing message or by contacting us (see contact details below).
Objection to certain processing activities
You have the right to object to processing that is based on our legitimate interest, if you have personal reasons therefore. We may however continue to process your Personal Data if, even if you object thereto, we have compelling legitimate grounds for the processing that override your integrity interest.
You have the right to request that your Personal Data is deleted. This is not the case when it comes to Personal Data that we process due to law or an agreement with you.
Restriction of processing
You have the right to request that the processing of your personal data is restricted. Please note that this may prevent us from providing you with all our Services.
You have the right to receive a digital copy of your Personal Data that we process in a commonly used, structured and machine readable format (dataportability) to move to and use with another supplier. The right to dataportability, in difference to subject access right, only applies to the Personal Data that you have provided us with and that we process based on your consent or our fulfilment of an agreement with you.
Lodge a complaint with a supervisory authority
If you are not happy with the way we process your Personal Data or if you for another reason believe that we have processed your Personal Data in an unlawful manner, you have the right to lodge a complaint with the supervisory authority responsible for data protection.
Who do you contact if you have questions?
Scandic Hotels AB, 556299-1009
Box 6197, SE-102 33 Stockholm, Sweden
Telephone number: +46 8 517 350 00