This Privacy Statement describes how Belvar AS and our companies (“Belvar” or “Entity”) collect, process, store, transfer and delete Personal Information.
Belvar is a hotel management and development company currently operating hotels under franchise agreement. Belvar also operates GARD Taste Scandinavian restaurants and X Meeting Point Norway, and conference and event venue.
This Privacy Statement applies to BELVAR’s processing of Personal Information in the context of its establishments in the European Economic Area (the “EEA”), as well as Belvar’s offering services to individuals located in the EEA. We collect and use your personal information in connection with:
- Your booking and during your stay in of one of our Hotels, Restaurants or Meeting venues as a Guest (Guest);
- Invitations to and participation in our events (Potential Customer);
- Your use of our of our website(s) (On-Line Customer);
- Our recruitment processes (Applicant);
- Procurement and potential procurement matter (Vendor).
This Privacy Statement does not apply to information processed by any third-party websites or services that are not owned or operated by Belvar or that do not link to this Privacy Statement. This Privacy Statement does also not apply to the Personal Information that we may collect in the context of your employment or other working relationship with Belvar.
2. Belvar as Data Controller
This Privacy Statement is provided on behalf of Belvar and each of its companies, and there are no joint-controllers with regards to Personal Information collected under this Privacy Statement. Depending on the type of service or the location of our services you use, different Entities may be the data controller in relation to your Personal Information. The data controller (“we”, “us”, “our”) is the Entity named when we collect your Personal Information (e.g. the Entity identified on your invoice).
If you have any doubts about the controller of controllers of your Personal Information, please contact us using the information in the section “How To Contact us” at the end of this Privacy Statement.
3. Information we collect
We may collect your Personal Information. “Personal Information” means any information relating to an identified or identifiable natural person. Personal information may include:
- Contact information (such as name, address, phone number or email address);
- Financial Information (such as credit card number or billing address);
- Demographic information ( such as zip/postal code);
- Recruitment information (such as resume, work history and qualifications);
- Online Identifiers (such as IP address);
- Information to identify you, such as a passport or identity card if we are by local law obliged to do so; and
- Any other information that you provide us that can be used to identify you.
We collect personal information from:
- Direct interaction with us, when you book a room, a venue or other Service at one of our Hotels, Restaurants, Conference centre or with our Support team;
- Cookies and automated technologies, such as when you visit our websites;
- Through Social Media. We will be able to use Facebook, Instagram and other social media for marketing our services/products. Generally speaking we will not use your personal data for such purposes, but if we do so, we will only be able to share names, e-mail addresses and in some cases mobile phone numbers with such parties (audience targeting).
- Security systems, such as when you visit our Hotel or Conference Center we may obtain closed circuit television (“CCTV”) footage and other information through electronic means such as room-entrance key cards;
- From other sources, such as our business partners through whom you booked a room, venue or other service with us.
4. How we collect and use personal information
Below shows a descriptions of the Personal Information we process, the source of the Personal information, how we may use it, and for what purposes and what our legal basis is.
|Use of your Personal Information when you are||Categories of Personal Information we process||Source of the Personal Information||Legal basis|
||You and/or the information we receive through our Franchisor and/or Travel itinerary.||
Contract: for the service you purchased;
Legitimate Interest: to ensure security and safety of our
||You and/or the information we receive through our Franchisor and/or Travel itinerary||
Legitimate interest: to offer and provide you with communication on our services.
Consent: we will send you marketing communications by email of newsletters.
||First and Third party cookies analytics cookies||Legitimate interest : to offer and provide you with communication on our services.|
||You, your references, your former employers, recruitment-websites and pubic sources.||Pre- contractual measures: To contract potential candidates.|
||You||Contract: The contract we have with you as a suppliers|
5. Cookies and other Data Collection Technology (Online Services)
- Cookie at our web site: this is used for providing information about our services/products and business. General information about visitors is registered on our website. In particular the following are registered: the IP address of their computer, their username, the date of their visit and data from their browser.
- Retargeting: This may be used if you have accepted the use of such cookies in your browser. This type of advertising enables specific advertisements to be shown to visitors who have left cookies on our website. Other marketing services may be used. If so, we will provide you with information about this and obtain your consent before we use personal data which we have already recorded about you.
- We use Google Analytics to track how visitors use our website, and to gauge the effectiveness of our digital advertisements on Google AdWords or other digital media. Please read Google’s Privacy Guidelines or other information, as well as specific information about Google Analytics.
- Google Adwords. We use this service for marketing our services/products on Google’s advertising network. The information capsule (cookie) on our website provides us with an insight into how visitors use our website, through Google AdWords advertisements. This information is used for optimising and to enable us to offer you more relevant advertisements in the future.
- Social media: We will be using retargeting script from Facebook/Instagram to target people visiting our website, see our cookie statement. Further information about personal data can be found on Facebook and Instagram. Please remember that you yourself can directly manage your relationship and how these parties process your personal data.
6. How we may share your personal information
We may share your Personal information with our:
- Franchisor: We disclose Personal Data and Other Data to our Franchisor for the purposes described in this Privacy Statement, such as providing and personalizing our Services.
- Service Providers: We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Statement. Examples of service providers include companies that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services.
7. Security and protection of your personal information
We implement appropriate technical and organizational measures to ensure the personal information we process is protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. Unfortunately, no data transmission or storage system can be guaranteed to be completely secure and we cannot guarantee the security of Personal Information. If you believe that your Personal Information is no longer secure, please notify us in using the contact information provided below.
8. Retention of Personal Information
We will retain your Personal Information for as long as necessary to fulfill the purpose we collected it for, including any legal requirement. To determine the retention period we consider:
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of invoices and registration cards for a certain period of time before we can delete them);
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations);
- If you are a website user the retention period at user level and at events associated with cookies, user IDs and advertising IDs are stored in our Google Analytics for 26 months before they are automatically deleted.
- The length of time we have an ongoing relationship with you and provide our Services to you (for example, for as long as you have a subscription to one of our newsletters).
- If we have not had any meaningful contact with you during a period of 5 years, we delete your data, unless the law or relevant regulators require us to retain it for a longer period of time.
9. Your Rights and choices
You have the following rights with regard to your Personal Information:
- Right to access information about how we process your Personal Information, including the categories of Personal Information we process, recipients of your Personal Information, and purposes for our processing.
- Right to rectification of inaccurate Personal Information concerning you, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Information completed.
- Right to erasure (deletion) of Personal Information concerning you where: (a) the Personal Information is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the Personal Information have been unlawfully processed; or (e) the Personal Information have to be erased for compliance with a legal obligation applicable to us.
- Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the Personal Information, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the Personal Information and requests the restriction of their use instead; (c) we no longer need the Personal Information for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of you.
- Where processing is based on your consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Information in some limited circumstances.
- Where processing is based on your consent, or on a contract, the right to data portability, i.e. the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.
- Right to object to the processing of Personal Information based on our legitimate interests, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Please note that if you decide to exercise some of your rights, we may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use the Services we offer you.
10. International Transfers of Personal Information
Belvar’s entities are operating in the EEA. We are proving you with our services and by receiving the services at the expected level you acknowledge that we may share your personal information with our franchisor, our service providers, and other third parties, which may be located in countries outside the EEA.
Although the data protection laws of various countries may differ from those in the EEA, we as a data controller will take appropriate steps to ensure that your personal information is handled as described in this Privacy statement and in accordance with the law.
11. How to contact us
If you have any questions about this Privacy Statement, please contact us
|By Email:||[email protected]|
c/o Hettenheuvelweg 51
1101 BM Amsterdam
Contact details of the Data Protection Officer:
You can reach our Data Protection Officer by Email: [email protected]
You always have the right to lodge a complaint with your local Data Protection Authority.
12. Changes to this Privacy StatementThe Effective Date of this Privacy Statement is set forth at the bottom of this statement. If we make material change to the way we treat your Personal Information, we will notify you by posting a notice on our website.
Effective date: 2018-11-12