1. Privacy policy
We at Hotel Hafnia P/F handle your personal information when you book our services, stay overnight at our hotels, use services we provide and in some other contexts. In our privacy statement you will find more information about our processing of personal data. Below you will also find contact information if you have questions or require access to your personal information.
We process your personal information in accordance with the current Faroese Data Protection Act, which is based on the European General Data Protection Regulation, hereinafter GDPR.
2. Processor for your personal information
As Data Controller Hotel Hafnia P/F is responsible for the processing of personal information in our booking, billing, and hotel management systems, and our marketing and information emails to our customers and contacts. The Data Processor will be ourselves or any company that we have made agreements with to handle the processing on our behalf.
3. Processing of personal information related to booking and stay
In connection with any bookings made by you or by others on your behalf, we process the personal information we need to fulfil the agreement on booking and purchasing services. This is information you have provided us with directly or through a travel agency or agent. We process information about your identity, your contact information, and your payment information etc. In some cases, we will save your passport number. In addition, we handle other information you may have provided, and which is relevant to your stay with us. This may be information about allergies or special requests for your stay. We register all purchases and orders you make with us such as spa, restaurant, room service etc., to be able to provide such services and to collect payment for them.
We process this information if necessary to fulfil the booking agreement with you, and if applicable laws or regulations require us to do so.
To be able to provide a satisfactory service to our returning guests we will store personal information relating to just accommodation for 4 years. Personal information regarding financial relations will be stored for as long as legal claims may be put forward unless we have received acceptance to store it longer.
Where electronic locks are installed, we log in using key card. We do this to counteract and solve crime, and for security, including fire safety. We keep the logs for 21 days.
4. Processing of personal data for marketing purposes
If you sign up for our newsletter, we will store your email address to send you news and offers.
Based on marketing legislation we will also use your email address or phone number to send you news and offers within existing customer relationship rules.
Based on consent or legitimate interest we may contact you via social media, this within existing customer relationships regulations. To do this we need to share your email address or social networking number with the media.
You can withdraw any consent you have given us at any time. You can also object to receive marketing communication within existing customer relationships. To do this, send an email to privacy@smyrilline.fo.
5. Processing of personal data for development, troubleshooting and security
We will process data that includes personal information to troubleshoot and correct errors, and to improve our services and the technology we use, and to analyse usage and user behaviour. Furthermore, we will process personal information to verify your identity, including verifying your identity in connection with your use of our digital services.
We use anonymized and statistical data, when at all possible, but we sometimes need to process personal data for development, troubleshooting, statistical and security purposes.
6. Processing of personal information in other cases
If you contact our customer service department or otherwise address us with requests, we will process your personal information as far as it is necessary to be able to answer and log your inquiry. This is based on legitimate interest or to fulfil agreements with you or to answer your inquiries.
In addition to the processing described in our privacy statement we may process personal data when applicable law (including the Faroese Personal Information Protection Act and the GDPR), or valid government or court order requires or allows us to do so.
7. Disclosure of personal data and statutory treatment
We will not disclose your personal information to third parties unless you have consented to this, or unless applicable law, including the Faroese Personal Data Protection Act and GDPR, valid government orders or courts allow or require us to do so.
For the record, we wish to state that our use of data processors to process information on behalf of us is not considered disclosure.
8. Your rights
You as a private person have more rights under the personal information protection act.
You have the right to request access, rectification, or erasure of any of your personal information we are processing. You also have the right to demand restriction of processing, object to processing and claim the right to data portability.
To exercise your rights, please send an email to privacy@smyrilline.fo. Please include enough information for us to identify you in our systems, preferably including a booking or invoice number. We will respond to your inquiry as soon as possible and no later than 30 days.
We will ask you to confirm your identity or ask you to provide further information before we allow you to exercise your rights in this manner. We must do this to ensure that we only provide access to your personal information to you – and not someone who claims to be you.
9. Data protection officer
We are part of Smyril Line P/F. Smyril Line P/F does not have an appointed Data Protection Officer, but the Company Information Security Officer performs the data protection tasks. The Information Security Officer will be the ombudsman for all hotels affiliated with Smyril Line, including us.
The Information Security Officer is our point of contact for the Data Inspectorate.
Our Information Security Officer will provide all hotels in the Smyril Line corporation, our computer service providers and our employees with advice and guidance on the processing of personal information and the rules for this. The representative will be working to ensure our compliance with the privacy policy and our internal guidelines.
Our officer can also help you safeguard your rights or help answer questions about personal information you have with us.
You can contact our information security officer at privacy@smyrilline.fo.
If you believe that our processing of personal information does not match what we have described here or that we in some ways are in violation of privacy laws, you may alternatively appeal to the Faroese Data Protection Authority (Dátueftirlitið). Information about how to contact the Faroese Data Protection Authority can be found on their website: www.dat.fo
10. Personalizing your stay with us
Hotel Hafnia P/F wishes to offer our customers the best possible hotel stays according to each guest’s preferences and purchase history.
Based on legitimate interests, we will use information we have received from you about your preferences for rooms (such as e.g., “window overlooking sea”, or “quiet room desired”) and information about your purchases with us (“sparkling water” rather than “still water” ») to offer you a more personalized stay.
This information is collected based on your purchases with us and any wishes or requests you express to our employees.
In addition, and based on legitimate interest, we will occasionally collect information about you from open sources such as the Internet and social media but limited to information relevant to offer you a personalized stay with us.
The information will not be delivered to others.
You can object to our use of your information for personalizing your stay. You can do this by sending an email to privacy@smyrilline.fo.
11. Changes in privacy statement or in processing
We are continuously working on developing and improving our services to our customers. This will change the method or extent of our processing of personal data. The information we provide through this privacy statement will therefore be adjusted and updated sporadically. We will also make changes to the privacy statement when new rules or government practices make it necessary.