TallinnHotels OÜ (from here on “we or us”) values the privacy of our individual guest (from here on „you“) highly. In this privacy notice we explain which kind of Personal Data we collect and use, why we collect this data and how we process an individual’s Personal Data.
EEA – European Economic Area (according to effective legislation the members of the EEA are the members of the European Union and Norway, Iceland and Liechtenstein).
GDPR – General Data Protection Regulation (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA), valid since 25.05.2018.
Personal Data – any information relating to an identified or identifiable natural person ( or Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
External and Internal Personal Data – is a typer of personal data which determines individual’s race, ethnicity, religious, philosophical or political views or association with any labour union as well as individual’s genetical data, unique biometrical data, medical data and sexual preferences and history.
Personal Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Guest – a person using or buying the services from a organization or enterprise.
Third Party – A natural or legal person, public authority, agency or body other than the data subject, controller, Processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.
Affiliate – a representative person (partner or associate) officially attached or connected to an organization.
Guest Registration Card – registration of user of accommodation service according to Estonian Tourism Act: the name, date of birth, citizenship and address; the name, date of birth and citizenship of the spouse or a minor accommodated together with him or her; the period of provision of the accommodation services. If the user of accommodation serice is not a citizen of Estonia, another state within the European Economic Area or Switzerland or an alien residing in Estonia the number of a travel document and the state which issued it is required.
Profiling – is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Processing – Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may be manual or automatic using IT-systems.
Employee – a person employed by a contract by an organization or enterprise, including the board of directors.
Controller – The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
If the natural or legal person determines the purposes and means of the processing of Personal Data themselves they are cotroller.
Processor – A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller. If the natural or legal person processing the Personal Data instructed by a Controller they are a Processor.
TallinnHotels is an Estonian-owned accommodation and catering company established in 2005.
TallinnHotels OÜ operates Savoy Boutique Hotel*****, Hotel Palace****SUPERIOR and Hotel Bern located in Tallinn and restaurants “MEKK“ and „Konrad“ located in Tallinn.
Vabaduse väljak 3, 10141 Tallinn, Estonia
Reg. code: 11084782
VAT nr: EE100952346
We apply necessary technical, physical and organizational safety measurements to protect your Personal Data from disappearing, being destroyed or accessed by unauthorized persons.
We collect following Personal Data from you:
We mostly gather your data directly from you when submitting an inquiry through the online form or reservation through the online booking channel you used to make the booking, by phone or e-mail or from our hotel you made a direct booking with.
We use your Personal Data to provide you accommodation and/or other services ordered and/or booked, as well as to comply with the laws regulating our field of business and in general entrepreneurial purposes like:
If you do not present your Personal Data to us, we are not able to offer you accommodation services.
We process your Personal data on different legal grounds as following:
In case we share your Personal Data with any parties mentioned above, we guarantee the protection of your Personal Data with a binding data processing agreement between us and the Third Party.
We do not maintain or share your Personal Data outside the European Economic Area (EEA) nor to countries which are not acknowledged in it’s official Directive 95/46/EU Chapter 25 art. 6 or in it’s Regulation (EL) 2016/679 Chapter 45 art. 1.
We keep your Personal Data as long as it is necessary for achieving particular data processing goal.
Organisation relies on following criteria when keeping Personal Data:
For example we preserve Guest Registration Cards for 2 years after submition to comply with the Estonian Tourism Act. Credit card information is preserved until we have succesfully finished providing accommodation services according to agreement.
If we have received your consented for using your Personal Data for direct marketing purposes, we will be preserving your data until you have withdrawn your consent.
As a data subject you have following rights:
7. Right to access your data – you have the right to access and review your personal data and know how your Personal Data is being processed.
8. Right to rectify your data – you have the right to rectify your Personal Data if the data preserved is incorrect.
9. Right to erasure („right to be forgotten“) – under certain cases you have the right to erasure of your Personal Data processed by us (e.g. the data is not required to comply with the laws regulating our field of business, you withdraw your consent given to us, etc).
10. Right to restriction of processing – under certain circumstances you have the right to deny or restrict the processing of your Personal Data (e.g. when you contest the accuracy of your Personal Data).
11. Right to object to processing – under certain circumstances described you have the right to object to the processing of your Personal Data, when your Personal Data is being processed taking into account our justified business interests or public interests. When your Personal Data is processed for direct marketing purposes you have the right to object to processing any time.
12. Right to data portability – if you have provided your data directly to us and where the processing is carried out by automated means and based on your consent or the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, where technically possible and machine-readable format, and to transmit this data to another service provider.
13. Automatic decision making (incl. profiling) – when we have noted you about performing Personal Data profiling based on automated decision making, which may lead to personal legal implications or may have a significant effect on you, you have the right to demand the decision to be made not only by automated profiling.
The User has the right not to allow cookies to be saved on their computer. If the Subscriber wishes to decline cookies, they must change their browser settings. Different browsers use different methods to decline cookies. More information can be found on the website http://www.allaboutcookies.org/.
The User has to take into account that not all of the website’s functions may be available to them if they block cookies.
A cookie is a text file which is sent to and saved on the User’s computer by the websites that the user visits. Cookies are saved in the directory of files in the User’s browser. If the User has previously visited a website, the browser will read the cookie and forward this information to the website or element that originally saved the cookie. Additional information about cookies can be found on the website http://www.allaboutcookies.org/.
Cookies enable statistics regarding website use and the popularity of different sections and other actions on a website to be monitored. The information received by the cookies is utilised to make the website more convenient to use and to improve the content of the website.
Types of cookies used on website:
We do our best to address all your requests and complaints in time and without extra fees, unless excessive costs will be entailed due to the request. If you are not satisfied with our response you may file a complaint to Estonian Data Protection Inspectorate.