Personal data policy
One of Comwell a-s’ overall goals is to maintain the highest level of security for our guests, clients and staff. This also applies to the protection of personal data.
With this policy Comwell a-s aims to provide a clear overall picture of how Comwell a-s handles your personal data.
1. Data Controller
Comwell a-s runs conference and spa hotels in Scandinavia. In Denmark these are: the Comwell hotels in Aalborg, Rebild, Aarhus, Kolding, Sønderborg, Roskilde, Sorø, Køge, Holte, Borupgaard at Elsinore, Kellers Park at Vejle Fjord; the Comwell hotels in Middelfart: Kongebrogaarden and Comwell Middelfart; and in Korsør: Klarskovgaard and Comwell Korsør.
In Sweden the properties are Varbergs Kusthotell and Aspenäs Herrgård.
With BC Hospitality Group, Copenhagen, Comwell a-s co-manages Comwell Conference Centre Copenhagen.
In Aarhus, Comwell a-s runs ‘Centralværkstedet’, which comprises two unique and protected meeting and event spaces: Centralværkstedet and the Smedien.
Comwell a-s (hereinafter referred to as ‘Comwell’) is the Data Controller.
Comwells contact information is:
Attn.: CPO, Julie Høgsberg
Comwell handles all personal data in accordance with existing laws.
As a hotel company, Comwell provides a wide range of services. Each service has its own particular terms and conditions.
When, upon booking one or more of these services, you submit your personal information to Comwell, you also give Comwell consent to process your personal information.
2. How does Comwell gather personal information?
Comwell gathers personal information in the following ways:
- When you choose to purchase and/or request one of Comwells services.
- From persons acting on your behalf.
- On the B2B market. For example, in a sales situation, in which you request a quote for one of Comwells services and/or request a cooperative agreement.
- Via browser cookies and web beacons.
- In the context of using Comwells digital services.
- When joining Comwell Club and when subscribing to Comwells newsletter.
- From social media, advertising and analysis providers and public registers.
- Via TV surveillance.
At all times the gathering and processing of personal information will be implemented in accordance with the law.
TV surveillance is installed as a precautionary measure to create a sense of security for our employees and guests.
The surveillance is generally situated at the hotel’s entrance, in guest and staff areas in the reception and bar, and at the goods delivery area.
3. What information does Comwell gather?
The personal information that Comwell gathers includes the following:
- Name, address, telephone number, email address, date of birth and other common personal data.
- Credit card details – for example, as a guarantee for your reservation.
- Demographic information.
- Purchase history. This includes the use of Comwells apps and/or other digital services.
- Use of Comwell Club.
- Feedback via our customer surveys.
- Feedback via physical and online-based competitions.
- Feedback on social media and other digital platforms.
- Browser information.
- Information about your company and relevant contact people.
If you wish, you can choose to provide Comwell with personal information other than common personal data, which you consider may be significant for security reasons and/or to enable Comwell to customise a service especially for you.
This might be information about:
- Special food preferences
- Medical condition
If you make this choice, Comwell will also regard this as consent to their recording and storing these sensitive details in your profile.
In certain cases, in addition to receiving information from you, Comwell will supplement our information with data, which we have received from a third party: for example, a group manager or a business partner.
In these cases, the third party is required to inform the guests involved about Comwells terms and conditions and existing Personal Data Policy. The third party is also required to obtain the necessary consent for the recording and processing of any sensitive information.
4. Online purchase with credit card
Comwell uses Dansk Internet Betalings System (DIBS www.dibs.dk), whenever you purchase goods and pay with a credit card. Both DIBS and Comwell.dk are approved and certified by Pengeinstitutternes Betalings System (www.pbs.dk).
When orders and bookings are made, Comwell stores the information you have submitted for up to 5 months, following which the information is deleted.
In addition to its purpose in the completion of the actual order, the information supplied will only be used if, say, you contact us with questions or if an error occurs in relation to your order.
5. What is the purpose of gathering personal information?
Comwell only gathers personal information that is necessary for the purpose described in the individual terms and conditions for the services in question and in this Personal Data Policy.
It is the individual services that determine the personal information, which Comwell gathers, and the reason for gathering it.
Comwells reason for gathering personal information may be one or more of the following:
- Processing your reservations and purchase of Comwells services.
- Contact with you before, during or after your stay.
- Compliance with your request about services.
- Improvement and development of Comwells services.
- Customising Comwells communication and marketing to suit you.
- Analysis of user behaviour and re-marketing.
- Customising the communication and marketing of business partners to suit you.
- Administration of your relationship with Comwell.
- Compliance with legal requirements.
6. The legal basis for processing
Below we account for the legal basis for Comwells processing of your personal data.
For example, Comwell can process your personal information because it is necessary for the performance of a contract, to which you are party. This could, for instance, be in the context of a hotel stay, the organisation of a meeting and/or cooperative agreements.
Comwell can also process your personal information in order to take certain actions and/or make preparations at your request prior to entering into a contract.
Processing can also take place if it is necessary for the purpose of the legitimate interests pursued by Comwell, except where such interests are overridden by your interest.
Legitimate interests pursued by Comwell can include statistics, customer surveys, interest-based marketing and analysis of general customer behaviour: for example, for the purpose of improving your benefits, your experience and the quality of Comwells services.
If you inform Comwell about special preferences and interests such as health information, disability, religious belief or the like, Comwell will use the information to customise the service in question in accordance with your instructions and your stay with Comwell as a whole.
In certain cases Comwell will receive personal information from a third party: for example, in the context of a group reservation and/or the individual stay of a third party – an assistant, for instance.
In these cases, the person responsible for the group and/or reservation is obliged to inform the guests involved about Comwells terms and conditions and this Personal Data Policy.
Comwell is also legally obliged to process your personal information. This is the case, for example, in the context of guest registration at check-in, for which the law prescribes which personal data Comwell is obliged to register.
7. Your rights
In accordance with the EU General Data Protection Regulation, you have a number of rights.
These rights are as follows:
- The right of access
- You have the right to obtain a copy of the personal data, that Comwell process about you, as well as other supplementary information. Access may be limited to protect other people’s private lives, trade secrets and/or intellectual property rights.
- The right to rectification
- You have the right to have the personal data that Comwell has registered about you rectified and/or updated.
- The right to erasure
- You have the right to have your personal data erased. If you wish to have your personal data deleted, Comwell will delete all the personal data, which Comwell is not legally obliged to store.
- The right to restrict processing
- You have the right to restrict the processing of your personal data in certain circumstances.
- The right to data portability
- You have the right to receive your personal data in a structured, commonly used and machine readable format to move to another supplier. It only applies to the personal data that you have provided Comwell with and that Comwell process based on your consent or Comwells fulfilment of an agreement with you.
- The right to object
- You have the right to object to the processing of your personal data. The right to object only applies in certain circumstances. Whether it applies depends on Comwells purposes for processing as well as the lawful basis for processing.
- Withdrawal of consent
- If the processing of personal data is based on your consent, you have the right to withdraw that consent. This means that the processing will then be discontinued, unless Comwell is legally obliged to process that personal data.
If you would like to use your rights, please send your request by e-mail to firstname.lastname@example.org.
Comwell will respond to all such requests within 1 month of the receipt of the request, unless the request is complicated, in which event Comwell may take up to 3 months to respond.
Comwell will inform you, if we expect the response to take longer than 1 month. In addition Comwell will not respond to any request unless we are able to verify your identity. In that case, Comwell might ask you to send a copy of e.g. your driver’s license or your passport.
If you are a Comwell Club member, the information you provided us with at the time of registration may be accessed, reviewed and updated at any time by signing in to your Comwell Club profile.
You can also contact Comwell at email@example.com, if you think that the processing of your personal data breaches the law or other legal obligations.
Comwell can reject requests, which: are unreasonably repetitive; require disproportionate technical action (for example, the development of a new system or substantial changes to an existing practice); affect the protection of other people’s personal information; entail situations, in which the desired action may be considered excessively complicated (for example, requests for information that exists only as security copies).
8. If you apply for a job with Comwell
When you apply for a job with Comwell, we process the information, which you have submitted to Comwell in the context of your application.
This usually entails: regular personal information such as name, address, telephone number and email address; information about your educational background; and information about current and previous employment.
In the context of the recruitment process Comwell can ask for a copy of criminal record and/or obtain references from previous employers. In both cases Comwell obtains consent from the applicants.
Furthermore for selected positions, Comwell can ask candidates to take a personality test. The result of this test is processed by Comwells HR Department and the relevant departmental manager.
Comwell uses this information to assess whether Comwell wishes to offer you a job, and to communicate with you in the course of the recruitment process.
Your information will be stored in Comwells HRM system and in the Master Danmark system (personality test).
Only relevant managers, the HR Department and IT administrators have personal passwords to access your information.
If you are employed in Comwell, your data will be filed in accordance with Comwells Personal Data Policy for staff, which you can find on Comwells intranet.
Applications from candidates, who are not employed, are usually filed for 6 months after the date of the rejection. Comwell obtains consent from an applicant for the filing of his/her application in the recruitment system.
In certain cases Comwell may also disclose your personal data, if the law, a court order or applicable legislation requires this.
Comwell protects your personal data in accordance with the provisions described in chapter 10 of this Personal Data Policy.
If you want access to the information, which Comwell processes about you, either in connection with updating your information or because you wish to delete your information, you can email Comwells HR Department at firstname.lastname@example.org or by phoning them on (+45) 7634 1100.
At any time you can object to the further processing of your personal information.
9. Information to guests at Varbergs Kusthotell
If you visit Comwell as a patient at Kurortskliniken at Varbergs Kusthotell, Comwell gathers personal information about you in your patient record.
In accordance with the Health Act as well as the Patient Data Act in Sweden, Kurortskliniken keeps patient records. The patient record contains documented information about your treatment.
Among other things, the law regulates who can access your patient record and why. The information in your patient record can only be accessed by health professionals and only the health professionals, who are responsible for your treatment.
You have the right to read your patient record yourself, block information in the record or to see who has accessed your patient information.
10. The secure storage and sharing of your personal data
Comwell protects your personal information and has adopted internal rules for information security, which contain instructions and precautionary measures to protect your personal information from unauthorised publication and from unauthorised persons gaining access to, or knowledge of it.
Comwell has procedures in place for the sharing of access rights with those of our staff who process sensitive personal data and data that reveals information about your personal interests and habits.
Comwell controls their actual access through logging and monitoring.
To prevent loss of data, Comwell continuously backs up its data set.
In the event of a security breach that results in a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant inconvenience for you, Comwell will notify you of the security breach as soon as possible.
Comwells security procedures are regularly revised on the basis of the latest technological development.
In order to provide the highest level of service, Comwell shares selected personal information, for example at your request, with external providers such as restaurants, hotels etc.
In addition Comwell shares and discloses your personal information internally in the group. The purpose of sharing is to be able to provide you with the very best service, regardless of which hotel or department in the Comwell group you contact.
In certain cases, Comwell may also be obliged to disclose personal information in accordance with legislation or on the basis of a ruling from a public authority.
Comwell deletes your personal information, when Comwell has no further legal obligation to store the information, or when there is no longer any reason to process it.
If you have any questions, comments or complaints about Comwells processing of personal information, please write a letter or send an e-mail to:
Attn.: CPO, Julie Høgsberg
Should this not clarify the matter, you can then register a complaint with the Danish Data Protection Agency.
You can find the current contact address on www.datatilsynet.dk.
Any changes to the Personal Data Policy will be announced with the publication of new terms and conditions on Comwells website.
You can see the date of the last revision of the Policy below.