When you use one of our digital services, we collect information about your usage. Some of this information may be personal data. This privacy notice sets out how we collect, store and process this personal data when you use MyHotel.
For more information about our processing of your personal data please visit your tour operator’s privacy policy on their website.
Personal data is any information that can be directly or indirectly used to identify a living person. It can be data such as name, address, national ID number, email address and phone number. It is also information like booking number, encrypted data and electronic identities, like an IP number, if they can be traced back to an identifiable living person.
Log in
If you log onto MyHotel using your MyPage account and log in information, MyHotel will automatically download your name, email address, age, nationality, phone number and password from your MyPage account and store them in a local database. The data is stored for 20 days and then anonymized in such a way that it cannot be used to identify anyone individually.
Activities
When you make a booking through MyHotel we collect the information we need to be able to organize the activity. This is the name, room number and email address of the participant.
If relevant, we also collect the name of any child who is to participate in the activity. We also collect information about the child’s age, spoken language, any allergies, and the name, phone number, email address, room number and location of the child’s guardian/responsible adult during the activity.
If needed for offering the best possible experience, we will ask you to provide information about any food intolerance and/or allergies. Please note that providing this information is optional.
Using websites, apps or other digital services
Whenever you use one of our websites, apps or another of our digital services we collect information about your usage of the service. We collect information about how you navigate the service, your searches and which of our products you show an interest in.
Activities
The information we collect when you make a booking through MyHotel is used for administration of the activities. This means the information is used to make lists of participants, collect payment, and contact you on matters relating to your booked activity should the need arise. Information about food intolerance and/or allergies is collected to offer the best possible experience.
When providing us with information about food intolerance and/or allergies you consent to the processing of such information. Access to this information will be restricted and the information will only be used during the performance of the activity.
Log in and using websites, apps or other digital services
To analyze usage patterns, we use cookies. You can read our cookie policy here.
We use the information we collect about our customers' use of our digital services to develop and improve our products and services. For our digital services we use usage pattern information to determine how and what information, offers and promotions we show on our websites and what functions we develop and provide. We also use customer information to develop our holiday products to suit customer preferences and behavior, and to e.g. address problems or improve customer safety.
We mainly use anonymous or anonymized data on an aggregated level to analyze user behaviours. We may use personal data for these purposes if it is relevant.
We store your personal data only as long as it is needed to fulfil the purposes of the data collection and processing.
Information collected when you make a booking through MyHotel is stored for three (3) weeks. At that point the data is anonymized. We store anonymous user data to analyze and develop our product offering. Information about food intolerance and/or allergies is deleted.
Activities booked through MyHotel take place at the destination. This means that your personal data may be processed outside the EU/EEA. The data may also be processed by resort staff at the destination not employed directly by us. The data is only processed in our systems and in our express direction.
We use a number of IT services and IT systems in our business. Some of these systems process personal data. We take your integrity and the security of your personal data seriously during all such processing. Some systems are locally installed and only accessible by our staff. In these cases, no personal data is transferred to any third party. Some systems are cloud solutions or installed at a provider’s premises and require transferring personal data to a third party. In all such cases the provider is our data processor, acting on our behalf and in accordance with our instructions.
Internally we process personal data in our customer management system, our booking- and sales systems, our customer service system and in a system for data processing and optimization. These systems are required to provide you with the services you have requested from us and to provide customer care and support in conjunction with those services. Any personal data we collect may be processed in any or all of these systems.
We use external providers for profiling and user behavior analysis on our websites and for handling user feedback. These providers process personal data under a data processing agreement on our behalf. The data being processed is for the most part information collected by cookies which is processed on an anonymous and aggregated basis.
Your personal data is processed when it is necessary to fulfil a contract or legal obligation or when it is within our legitimate interest. Our legitimate interest is analyzing customer behaviors to improve our service and products and sharing information within our business group. The processing of information on food intolerance, allergies or other special categories of personal data is based on your consent. You can withdraw your consent at any time should you so wish by following the instructions given when you consented to the processing.
You have the right to demand that personal data about you is erased, amended or corrected. You also have the right to object to processing your personal data for specific purposes, such as direct marketing or profiling.
It is possible that the same information is being processed for multiple purposes, some of which require consent and some of which do not. This means that even if you do withdraw your consent and the consent-based processing is stopped, the information may still be retained and processed by us for other purposes that do not require your consent.
If you want to know what personal data we hold about you, you can apply for a record of your personal data using the contact information listed below. Such a record is provided on request free of charge once per year.
You can contact the Nordic Leisure Travel Group's data protection officer through this form, tel. +46 (0)8 5513060, e-mail DPO@nltg.com or regular mail sent to NLTG AB, Rålambsvägen 17, 105 20 Stockholm.
The tour operator (Ving, Spies or Tjäreborg) is the data controller for personal data collected and processed on this website. The tour operators are part of the Nordic Travel Leisure Group AB (NTLG). The tour operator and NTLG are joint data controllers for this personal data collection and processing. However, the tour operator is your point of contact for any issues or requests.
Personal data collected by the tour operator will be processed by NTLG for the same purposes.
If you have questions regarding your personal data during your holiday with us we kindly ask you to contact the reception at your resort.
** Please, read this privacy policy carefully. **
In this policy you will find important information about video surveillance on Sunwing, Sunprime, O.B.C and Family Garden Hotels and the subsequent processing of your personal data. You will also find information about your rights as a data subject according to the European Data Protection Legislation (GDPR) and related national legislation
For information about who is responsible for the collection and processing of your data and contact details, please see the section Hotel Information below.
We are using video surveillance, and processing the data obtained from it, for the purpose of ensuring the security at our facilities.
This processing is based on our legitimate interest in upholding and ensuring the safety and protection of people, property and premises, and preventing crime. We have weighed our interests against the rights and freedoms of the data subjects (the individuals getting recorded),. We have taken extensive measures to limit the surveillance to what is necessary to fulfil our purposes, including ensuring that we only collect the data necessary for our purposes (no sound is recorded) and that cameras are not installed in places where there is an expectation of privacy (e.g. bathrooms, changing rooms or similar places). The material is stored for a limited time and in a secure manner, and we have ensured that only authorized persons have access to the material. There are signs informing about the surveillance at all entrances to supervised areas. In view of the restrictive measures taken, we’ve assessed that the processing has a limited impact on privacy and is in accordance with what can reasonably be expected.
The data will be deleted within a maximum period of 30 days from when it was collected. If necessary due to applicable legal provisions or for the purpose of establishing, exercising or defending legal claims, the material will be processed for the time needed in the present case.
Upon request from competent authorities, recorded material may be extradited. Each request will be assessed on a case-by-case basis. If necessary for establishing, exercising or defending legal claims, recorded material may be shared with needed expertise or legal representatives.
You have the right to obtain confirmation of whether we are processing your personal data and, if so, access it. You can also request that your data be rectified when it is inaccurate or that it be completed when it is incomplete, as well as request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, you may request the limitation of the processing of your data. If applicable, we will only process the data for establishing, exercising or defending legal claims or for the protection of the rights of other individuals.
Under certain conditions and for reasons related to the specific circumstances, you may object to the processing of your data. If applicable, we will stop processing the data except for compelling legitimate interests that prevail over your interests or rights and freedoms, or for establishing, exercising or defending legal claims.
You also have the right to lodge a complaint with a data protection authority. You can consult the list and contact details of the European data protection agencies on the European Commission website at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
We reserve the right to update this information and our privacy policy at any time due to business decisions, as well as to comply with possible legislative or jurisprudential changes. If you have questions or need any clarification regarding the processing of personal data or your rights as a data subject, you can contact us through the channels indicated below.
Information about controller and contact information