One of Comwell a-s’ overall goals is to maintain the highest level of security for our guests, clients and staff. This also applies to the protection of personal data. With this policy Comwell a-s aims to provide a clear overall picture of how Comwell a-s handles your personal data.

Data Controller

Comwell a-s runs conference and spa hotels in Scandinavia. In Denmark these are: the Comwell hotels in Aalborg, Rebild, Aarhus, Kolding, Sønderborg, Roskilde, Sorø, Køge, Holte, Borupgaard at Elsinore, Kellers Park at Vejle Fjord; the Comwell hotels in Middelfart: Kongebrogaarden and Comwell Middelfart; and in Korsør: Klarskovgaard and Comwell Korsør.

In Sweden the properties are Varbergs Kusthotell and Aspenäs Herrgård.

With BC Hospitality Group, Copenhagen, Comwell a-s co-manages Comwell Conference Centre Copenhagen.

In Aarhus, Comwell a-s runs ‘Centralværkstedet’, which comprises two unique and protected meeting and event spaces: Centralværkstedet and the Smedien.

Comwell a-s (hereinafter referred to as ‘Comwell’) is the Data Controller.

Comwells contact information is:

Comwell a-s
Skovbrynet 1
DK-6000 Kolding
Attn.: CPO, Julie Høgsberg
E-mail: persondata@comwell.dk

Comwell handles all personal data in accordance with existing laws.

As a hotel company, Comwell provides a wide range of services. Each service has its own particular terms and conditions.

When, upon booking one or more of these services, you submit your personal information to Comwell, you also give Comwell consent to process your personal information.

How does Comwell gather personal information?

Comwell gathers personal information in the following ways:

• When you choose to purchase and/or request one of Comwells services.
• From persons acting on your behalf.
• On the B2B market. For example, in a sales situation, in which you request a quote for one of Comwells services and/or request a cooperative agreement.
• Via browser cookies and web beacons.
• In the context of using Comwells digital services.
• When joining Comwell Club and when subscribing to Comwells newsletter.
• From social media, advertising and analysis providers and public registers.
• Via TV surveillance.

At all times the gathering and processing of personal information will be implemented in accordance with the law.

What information does Comwell gather?

The personal information that Comwell gathers includes the following:

• Name, address, telephone number, email address, date of birth and other common personal data.
• Credit card details – for example, as a guarantee for your reservation.
• Demographic information.
• Purchase history. This includes the use of Comwells apps and/or other digital services.
• Use of Comwell Club.
• Feedback via our customer surveys.
• Feedback via physical and online-based competitions.
• Feedback on social media and other digital platforms.
• Browser information.
• Information about your company and relevant contact people.

If you wish, you can choose to provide Comwell with personal information other than common personal data, which you consider may be significant for security reasons and/or to enable Comwell to customise a service especially for you.

This might be information about:

• Disability
• Allergy
• Special food preferences
• Medical condition

If you make this choice, Comwell will also regard this as consent to their recording and storing these sensitive details in your profile.

In certain cases, in addition to receiving information from you, Comwell will supplement our information with data, which we have received from a third party: for example, a group manager or a business partner.

In these cases, the third party is required to inform the guests involved about Comwells terms and conditions and existing Personal Data Policy. The third party is also required to obtain the necessary consent for the recording and processing of any sensitive information.

Online purchase with credit card

Comwell uses Dansk Internet Betalings System (DIBS www.dibs.dk), whenever you purchase goods and pay with a credit card. Both DIBS and Comwell.dk are approved and certified by Pengeinstitutternes Betalings System (www.pbs.dk). 

When orders and bookings are made, Comwell stores the information you have submitted for up to 5 months, following which the information is deleted.

In addition to its purpose in the completion of the actual order, the information supplied will only be used if, say, you contact us with questions or if an error occurs in relation to your order.

What is the purpose of gathering personal information?

Comwell only gathers personal information that is necessary for the purpose described in the individual terms and conditions for the services in question and in this Personal Data Policy.

It is the individual services that determine the personal information, which Comwell gathers, and the reason for gathering it.

Comwells reason for gathering personal information may be one or more of the following:

• Processing your reservations and purchase of Comwells services.
• Contact with you before, during or after your stay.
• Compliance with your request about services.
• Improvement and development of Comwells services.
• Customising Comwells communication and marketing to suit you.
• Analysis of user behaviour and re-marketing.
• Customising the communication and marketing of business partners to suit you.
• Administration of your relationship with Comwell.
• Compliance with legal requirements.

The legal basis for processing

Below we account for the legal basis for Comwells processing of your personal data.

For example, Comwell can process your personal information because it is necessary for the performance of a contract, to which you are party. This could, for instance, be in the context of a hotel stay, the organisation of a meeting and/or cooperative agreements.

Comwell can also process your personal information in order to take certain actions and/or make preparations at your request prior to entering into a contract.

Processing can also take place if it is necessary for the purpose of the legitimate interests pursued by Comwell, except where such interests are overridden by your interest.

Legitimate interests pursued by Comwell can include statistics, customer surveys, interest-based marketing and analysis of general customer behaviour: for example, for the purpose of improving your benefits, your experience and the quality of Comwells services.

If you inform Comwell about special preferences and interests such as health information, disability, religious belief or the like, Comwell will use the information to customise the service in question in accordance with your instructions and your stay with Comwell as a whole.

In certain cases Comwell will receive personal information from a third party: for example, in the context of a group reservation and/or the individual stay of a third party – an assistant, for instance.

In these cases, the person responsible for the group and/or reservation is obliged to inform the guests involved about Comwells terms and conditions and this Personal Data Policy.

Comwell is also legally obliged to process your personal information. This is the case, for example, in the context of guest registration at check-in, for which the law prescribes which personal data Comwell is obliged to register.

Your rights

In accordance with the EU General Data Protection Regulation, you have a number of rights.

These rights are as follows:

• The right of access
• You have the right to obtain a copy of the personal data, that Comwell process about you, as well as other supplementary information. Access may be limited to protect other people’s private lives, trade secrets and/or intellectual property rights.
• The right to rectification
• You have the right to have the personal data that Comwell has registered about you rectified and/or updated.
• The right to erasure
• You have the right to have your personal data erased. If you wish to have your personal data deleted, Comwell will delete all the personal data, which Comwell is not legally obliged to store.
• The right to restrict processing
• You have the right to restrict the processing of your personal data in certain circumstances.
• The right to data portability
• You have the right to receive your personal data in a structured, commonly used and machine readable format to move to another supplier. It only applies to the personal data that you have provided Comwell with and that Comwell process based on your consent or Comwells fulfilment of an agreement with you.
• The right to object
• You have the right to object to the processing of your personal data. The right to object only applies in certain circumstances. Whether it applies depends on Comwells purposes for processing as well as the lawful basis for processing.
• Withdrawal of consent
• If the processing of personal data is based on your consent, you have the right to withdraw that consent. This means that the processing will then be discontinued, unless Comwell is legally obliged to process that personal data.

If you would like to use your rights, please send your request by e-mail to persondata@comwell.dk.

Comwell will respond to all such requests within 1 month of the receipt of the request, unless the request is complicated, in which event Comwell may take up to 3 months to respond.

Comwell will inform you, if we expect the response to take longer than 1 month. In addition Comwell will not respond to any request unless we are able to verify your identity. In that case, Comwell might ask you to send a copy of e.g. your driver’s license or your passport.

If you are a Comwell Club member, the information you provided us with at the time of registration may be accessed, reviewed and updated at any time by signing in to your Comwell Club profile.

You can also contact Comwell at persondata@comwell.dk, if you think that the processing of your personal data breaches the law or other legal obligations.

Comwell can reject requests, which: are unreasonably repetitive; require disproportionate technical action (for example, the development of a new system or substantial changes to an existing practice); affect the protection of other people’s personal information; entail situations, in which the desired action may be considered excessively complicated (for example, requests for information that exists only as security copies).

 If you apply for a job with Comwell

When you apply for a job with Comwell, we process the information, which you have submitted to Comwell in the context of your application.

This usually entails: regular personal information such as name, address, telephone number and email address; information about your educational background; and information about current and previous employment.

In the context of the recruitment process Comwell can ask for a copy of criminal record and/or obtain references from previous employers. In both cases Comwell obtains consent from the applicants.

Furthermore for selected positions, Comwell can ask candidates to take a personality test. The result of this test is processed by Comwells HR Department and the relevant departmental manager.

Comwell uses this information to assess whether Comwell wishes to offer you a job, and to communicate with you in the course of the recruitment process.

Your information will be stored in Comwells HRM system and in the Master Danmark system (personality test).

Only relevant managers, the HR Department and IT administrators have personal passwords to access your information.

If you are employed in Comwell, your data will be filed in accordance with Comwells Personal Data Policy for staff, which you can find on Comwells intranet.

Applications from candidates, who are not employed, are usually filed for 6 months after the date of the rejection. Comwell obtains consent from an applicant for the filing of his/her application in the recruitment system.

In certain cases Comwell may also disclose your personal data, if the law, a court order or applicable legislation requires this.

Comwell protects your personal data in accordance with the provisions described in chapter 10 of this Personal Data Policy.

If you want access to the information, which Comwell processes about you, either in connection with updating your information or because you wish to delete your information, you can email Comwells HR Department at hr@comwell.dk or by phoning them on (+45) 7634 1100.

At any time you can object to the further processing of your personal information.

Camera surveillance 

Varbergs Kusthotell is equipped with camera surveillance with recording of image recording without sound. When a person can be identified through the image recording, the recording constitutes personal data. The purpose of the camera surveillance is to increase the safety and security of our customers, our staff and to protect our assets. The purpose of the camera surveillance and the processing of recorded material is to prevent and investigate crime, accidents and vandalism and, where appropriate, to assist the police and prosecutors in the event of suspected or established crime. The legal basis for us processing your personal data in connection with the camera surveillance is through balancing of interests and can be forwarded to police authorities with the support of "legal obligation" (art. 6.1 c data protection regulation) 

Varbergs Kusthotell makes the assessment that the need for camera surveillance is greater than the intrusion into personal privacy that camera surveillance can mean for our customers and our staff. The camera surveillance only takes place on limited surfaces. Furthermore, we have ensured that only a limited number of people have access to the recorded material and will only use the recorded material according to the purposes stated above. Recorded material is only saved as long as necessary to fulfill the purposes for which the recording was collected according to this policy, but no longer than 30 days, after which it is automatically deleted. We may save the material for longer than 30 days if necessary to fulfill a legal obligation. 

Your personal integrity is very important to us. We have ensured that only a limited number of employees have access to the recorded material. Your data may also be processed by so-called personal data assistants, i.e. by companies that we hire regarding surveillance, security, camera systems, error reporting and customer support. These parties may not use your personal data for any purpose other than to provide the services they have been engaged for and only on the terms we specify. The recorded material is stored in Sweden. Data may also be processed by police authorities, for example in the event of a police report or completion of a legal process.

Information to guests at Varbergs Kusthotell

If you visit Comwell as a patient at Kurortskliniken at Varbergs Kusthotell, Comwell gathers personal information about you in your patient record.

In accordance with the Health Act as well as the Patient Data Act in Sweden, Kurortskliniken keeps patient records. The patient record contains documented information about your treatment.

Among other things, the law regulates who can access your patient record and why. The information in your patient record can only be accessed by health professionals and only the health professionals, who are responsible for your treatment.

You have the right to read your patient record yourself, block information in the record or to see who has accessed your patient information.

The secure storage and sharing of your personal data

Comwell protects your personal information and has adopted internal rules for information security, which contain instructions and precautionary measures to protect your personal information from unauthorised publication and from unauthorised persons gaining access to, or knowledge of it.

Comwell has procedures in place for the sharing of access rights with those of our staff who process sensitive personal data and data that reveals information about your personal interests and habits.

Comwell controls their actual access through logging and monitoring.

To prevent loss of data, Comwell continuously backs up its data set.

In the event of a security breach that results in a high risk of discrimination, ID theft, financial loss, loss of reputation or other significant inconvenience for you, Comwell will notify you of the security breach as soon as possible.

Comwells security procedures are regularly revised on the basis of the latest technological development.

In order to provide the highest level of service, Comwell shares selected personal information, for example at your request, with external providers such as restaurants, hotels etc.

In addition Comwell shares and discloses your personal information internally in the group. The purpose of sharing is to be able to provide you with the very best service, regardless of which hotel or department in the Comwell group you contact.

In certain cases, Comwell may also be obliged to disclose personal information in accordance with legislation or on the basis of a ruling from a public authority.

Comwell deletes your personal information, when Comwell has no further legal obligation to store the information, or when there is no longer any reason to process it.

Cookies

Comwell uses cookies for Comwells digital services. Further information about our cookie policy can be found here.

Contact

If you have any questions, comments or complaints about Comwells processing of personal information, please write a letter or send an e-mail to:

Comwell a-s
Skovbrynet 1
DK-6000 Kolding
Attn.: CPO, Julie Høgsberg
E-mail: persondata@comwell.dk

Should this not clarify the matter, you can then register a complaint with the Danish Data Protection Agency.

You can find the current contact address on www.datatilsynet.dk.

Any changes to the Personal Data Policy will be announced with the publication of new terms and conditions on Comwells website.

You can see the date of the last revision of the Policy below.

June 2018