Privacy policy and cookie policy – Bellagroup

Data Protection Policy and Cookie Policy – Bellagroup

Processing of personal data

Updated Nov 2023

Bellagroup is a hotel, conference, exhibition, and hospitality company, which handles all personal data in accordance with applicable laws. Bellagroup concludes agreements with guests, customers, tenancies and suppliers on the delivery, purchase, and sale of various services and products.

When a guest, customer or tenancy orders and purchases one or more of Bellagroup’s services, and in connection with this purchase provides their personal data to Bellagroup, the guest/customer/tenancy also consents to the processing of their personal data by Bellagroup.

The same applies with regards to any personal data provided to Bellagroup by suppliers to Bellagroup in connection with the submission of offers or conclusion of agreements with Bellagroup.

The policy of Bellagroup is that such processing of personal data must be transparent. Consequently, this policy describes how Bellagroup processes the personal data which is collected in connection with your stay at a hotel within Bellagroup, your tenancy contract, attending a conference, exhibition or other events in our facilities and when using our websites, including but not limited to www.bellagroup.dk and www.ciff.dk

  1. Data controller

Bella Operation A/S, CBR no. (CVR no.) 37 93 98 38, Center Boulevard 5, 2300 Copenhagen S, Denmark, as well as Crowne Plaza Copenhagen Towers, CBR no. (CVR no.) 30 54 80 43, Ørestads Boulevard 114-118, 2300 Copenhagen S, Denmark, and the following hotels: Copenhagen Marriott Hotel and AC Hotel Bella Sky Copenhagen are the data controllers in relation to the collection and processing of personal data described in this policy.

  1. Collection of personal data

Bellagroup collects and processes personal data on you in connection with your visit to Bellagroup’s hotels, restaurants, and conference facilities, entering a tenancy contact, and when you use our websites and register to receive our newsletters. You will always receive a notification of the collection of your personal data.

The following data is collected:

  • Name, address, telephone number, email address, date of birth, and similar non-sensitive information.
  • Payment card data – as a guarantee for a reservation and payment for stays.
  • Demographic data.
  • Picture ID for access card.
  • Picture ID when signing a tenancy contract.
  • Purchase history, including the use of Bellagroup apps and/or other digital services provided.
  • Browsing data.
  • Data from customer surveys.
  • Data from competitions conducted by Bellagroup.
  • Data from Bellagroup’s social media accounts.
  • Data about guests/customers/tenancies/suppliers’ company and relevant contact persons including key accounts.

In connection with the provision of data, it will always be indicated whether such provision is voluntary or necessary for the completion of the required act, such as booking of hotel accommodation or for safety/security reasons.

Personal data is generally collected directly from you, but we may also receive information from other sources, including independent providers, travel agencies or booking services.

  1. Why does Bellagroup process your personal data?

Bellagroup processes your personal data for the following purposes:

Booking of hotel accommodation or restaurant visits

In order to complete the booking of hotel accommodation or restaurant visits, we process your personal data to

  1. process your inquiry and verify availability
  2. complete the booking
  3. send you a receipt

In this connection we may process information on, for instance, your name, email address, telephone number, information about accompanying guests as well as arrival and departure dates.

When booking accommodation or restaurant visits on our websites, your credit card information will be processed by our payment provider.

The basis of the processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR) since the processing of the personal data is required in order to perform the agreement with you. Personal data on any accompanying guests is processed based on our legitimate interest in performing the agreement with you, see Article 6(1)(f) of the GDPR.

Stays at Bellagroup’s hotels
Bellagroup processes and stores your personal data in connection with your stay at our hotels as well as offers and services you may have ordered. The basis of our processing is the performance of the agreement on your stay, cf. the above.

As for all other services, we will collect and process your personal data based on our legitimate interest in giving you the best experience during your stay at one of Bellagroup’s hotels, as well as the best possible services in connection with any future stays, see Article 6(1)(f) of the GDPR.

In certain cases, we are under an obligation to request that you show ID in the form of passport or the like for identification purposes. We process personal data based on Article 6(1)(c) of the GDPR since we are legally obliged to affect such processing.

Digital Services
You may obtain relevant information on your hotel stay, including information on reception desk and restaurant opening hours, Wi-Fi code, routing information, etc. using our digital services.

If you use any of our digital services we may process personal data on your name, telephone number, email address, room number, date of arrival, information on your orders as well as input for our visitors' book.

The basis of the processing is Article 6(1)(b) of the GDPR since the processing takes place in order to perform the agreement with you on the delivery of the services made available in digital services as well as our legitimate interest in giving you the best experience during your stay with Bellagroup, see Article 6(1)(f) of the GDPR.

Customer satisfaction surveys
If you have provided us with your email address in connection with your booking of a stay at one of Bellagroup’s hotels, we will in certain circumstances send you an email following your stay containing a link to a customer satisfaction survey. This processing is based on the balancing of interests’ rule laid down in Article 6(1)(f) of the GDPR, as we have a legitimate interest in improving our services.

Marketing and newsletters
If you have given your prior consent, Bellagroup will process your personal data for the dispatch of emails and newsletters from Bellagroup, including information on events and Bellagroup offerings and discounts. If, at some point, you do not wish to receive such emails and newsletters, you may request to be removed from the mailing list by sending an email to info@bellagroup.dk or by using the unsubscribe link at the bottom of the newsletter. The legal basis of the processing is your consent, see Article 6(1)(a) of the GDPR.

We use Facebook pixels to collect your website behavior data. The purpose of collecting data is to target our Facebook marketing for the visitors on our website who also have a Facebook profile. This also applies to Instagram and LinkedIn. The processing of such data takes place based on Bellagroup’s legitimate interest in showing you relevant offers and news, see Article 6(1)(f) of the GDPR.

Video surveillance
Bellagroup monitors our premises by video surveillance. Signs have been put up in the areas which are subject to video surveillance.

The recordings will be reviewed only in the event of suspicion of criminal activities, violation of our guidelines or with a view to settling any disputes or security-related incidents. Only particularly trusted employees with Bellagroup have access to such video recordings.

Video surveillance takes place based on Bellagroup’s legitimate interest in preventing crime as well as guaranteeing the safety of our guests, tenancies, and employees, see Article 6(1)(f) of the GDPR and section 8(3) of the Danish Data Protection Act (databeskyttelsesloven).

The recordings may be disclosed to the police for the purpose of preventing or investigating crime, provided that the purpose is to safeguard public or private interests which clearly override the regard for the interest’s justifying confidentiality, see section 8(4) of the Danish Data Protection Act, including if such presentation of data is otherwise subject to statutory requirements. If presentation of the recordings is required for purposes other than the above, we will ask for your consent to such a presentation if you are included in the recordings.

Whistleblowing scheme
Suspicion of misconduct and violations of applicable law or internal guidelines may be reported via our whistleblowing scheme.

When a reporting is made, we will process personal data on the data subjects being part of the reporting (meaning the reporting party, the reported person and other third parties involved) with a view to handling and investigating the report.  

If you report a suspected violation, such a report will remain confidential and anonymous at your discretion. In all circumstances, you should, however, state an email address at which you can be contacted since we may need to collect additional information on the violation in order to handle the matter properly.

We may process the following personal data on the reported person: Name, position, contact details and reported information, including a description of the suspected violation.

The following personal data may be processed on other third parties mentioned in the report: Name, position, contact details and reported information.

We process the personal data based on our legitimate interest in investigating any reported incidents, see Article 6(1)(f) of the GDPR. Since it became mandatory as of December 17th, 2021, for Bellagroup to have a whistleblowing scheme, the personal data will then be processed to fulfil our legal obligation, see Article 6(1)(c) of the GDPR.

Customer inquiries and communication
When you contact one of Bellagroup’s hotels or venues or otherwise communicate with Bellagroup, we collect and process the data given by you with a view to processing your inquiries. We urge you not to provide us with sensitive personal data unless such sensitive personal data is strictly required for the processing of your inquiry. In such an event, the sensitive personal data should be forwarded in highly encrypted format only if forwarded by email.

Our basis for such processing depends on the nature of your inquiry. The basis will, however, often be that the processing is required prior to the conclusion of an agreement, see Article 6(1)(b) of the GDPR, or our legitimate interest in handling your inquiry, see Article 6(1)(f) of the GDPR.

Use of website
Bellagroup has access to information on website visitors and the visitors' use of the website and its functionalities.

When you have visited Bellagroup’s website, we collect the following information on you:

  • The sites visited by you, when and how long you visited such sites
  • User behaviour
  • Browser type
  • IP address

The said information will be used to gain knowledge about the users' use of the website and to improve the website. In addition, we use data on the navigation of all our users to be able to understand how our users as a total group use the website and, against this background, we attempt to improve the website. We cannot see where you come from or go to on the internet when you leave our site. In addition, we collect information about which products our users as a total group prefer. This information is also used to improve the website.

The personal data collected is processed based on the legitimate interest of Bellagroup in pursuing the aforesaid purposes, see Article 6(1)(f) of the GDPR.

Recruitment
If you seek employment with Bellagroup via our websites, we will collect the personal data on you provided by you in connection with the submission of your application, your CV, and any attachments, etc., with a view to evaluating your application.

The legal basis for our processing of your personal data is your application for the conclusion of an employment contract with Bellagroup, see Article 6(1)(b) of the GDPR, as well as our legitimate interest in processing the personal data provided to us by you, see Article 6(1)(f) of the GDPR.

We recommend that you do not disclose any sensitive personal data in your application, such as personal data revealing racial or ethnic origin, religion, trade union membership, sexual orientation, health data, etc.

You will receive further information on our processing of your personal data during the recruitment process.

Other purposes
In addition to the aforesaid purposes, Bellagroup may also process your personal data with a view to complying with statutory requirements, see Article 6(1)(c) of the GDPR, or to establish, exercise or defend legal claims, see Article 6(1)(f) and Article 9(2)(f) of the GDPR.

Our website may contain links to other websites or to integrated websites. We are not responsible for the contents of the websites of other companies, nor for their practices regarding the collection of personal data. When you visit third-party websites, you should read the owners' policies on the protection of personal data and other relevant policies.

  1. With whom does Bellagroup share your personal data?

In certain circumstances, Bellagroup may share personal information with our business partners. These can be defined as follows:

Franchisors: Personal data is shared with franchisors of the brands that Bellagroup operates. This is for the purpose of providing the purchased service.

Service Providers: Personal data may be shared with third-party service providers that offer services, such as website hosting, data analysis, payments processing, related infrastructure provision, customer service and surveys.

We refer you to Bellagroup’s franchise partners data privacy policies for further information.

Marriott International Privacy Center

IHG Privacy and Cookie Centre

In certain circumstances and subject to law, it may be necessary to disclose personal data to the authorities, see Article 6(1)(c) of the GDPR. Personal data may also be disclosed if this is necessary to perform an agreement to which you are a party, for example, in connection with travel bookings. We may also disclose your personal data in order to establish, exercise or defend our legal rights, see Article 6(1)(f) and Article 9(2)(f) of the GDPR. In addition, we may disclose your personal data to external auditors to fulfil our statutory audit obligation, see Article 6(1)(c) of the GDPR.

In connection with the development of Bellagroup, the corporate structure may change, such as in the event of a sale of Bellagroup in whole or in part. In the event of a partial transfer of assets including personal data, the basis of processing incidental to the disclosure of personal data in question is, as a general rule, Article 6(1)(f) of the GDPR, since Bellagroup has a legitimate interest in transferring part of its assets as well as making commercial changes.

If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA, which have not implemented an adequate level of protection, such transfer will as a general rule be based on standard contractual provisions of the European Commission.

  1. Withdrawal of consent

You may at all times withdraw any consent you may have given to Bellagroup. Withdrawal of your consent, however, may result in us no longer being able to offer the same products and services to you. If you wish to withdraw your consent, you may contact us by email or telephone as stated below in paragraph 6.

Your consent to receive our newsletters may also be withdrawn by using the unsubscribe link directly in the newsletter.

Withdrawal of your consent does not affect the legality of the processing which is based on your consent prior to such withdrawal.

  1. Your rights

You have a right to know which personal data Bellagroup processes on you and for which purposes such personal data is processed. You also have a right to object to the processing of your personal data, including a right of profiling and a right to demand rectification, erasure or blocking of personal data, which is incorrect, misleading, or otherwise processed in violation of statutory provisions or demand restriction of the processing.

In certain circumstances, you are also entitled to have the personal data, which Bellagroup has recorded about you, handed out in a structured, generally used, and machine-readable format, and have the said data transmitted to another data controller.  

If you wish to exercise one of the said rights, you may contact:

Bella Operation A/S
Att.: Jane Blanchet
Center Boulevard 5
2300 Copenhagen S
Denmark
Email: PersonData@bellagroup.dk
Tel.: +45 32 52 88 11

  1. Security

Bellagroup sets great store by the confidentiality of all personal data, allowing such data to be processed only by employees who have received proper processing instructions in order to prevent that such data is destroyed or disclosed to any unauthorized third parties.

  1. Storage of personal data

Bellagroup undertakes to ensure the required updating of the stored personal data to the effect that such data is always correct.

Your personal data will be deleted when it is no longer necessary for Bellagroup to process or store such data for the aforesaid purposes or for other legitimate purposes.

The personal data which we have registered on you in connection with visits to any of our restaurants or venues will be stored by us for up to 2 years as from your most recent visit. Data on guests collected in connection with bookings and stays at Bellagroup’s hotels will be stored for up to 2 years as from the most recent stay.

If you are a member of IHG Rewards and/or Marriott Bonvoy Loyalty Program, we refer to their privacy policies which can be found on their websites.

The storage periods have been determined on the basis of our legitimate interest in being able to offer our services and handle any legal claims.  

Any documentation of your consent under marketing law will be stored for two years from the date when you withdrew your consent to receive direct marketing material. The storage period has been determined based on Bellagroup’s legitimate interest in being able to document that direct marketing took place in accordance with applicable law.

Recordings from video surveillance for the purpose of preventing crime will be deleted or anonymized no later than 30 days after the recording took place, unless is it necessary for Bellagroup to store the recordings for the purpose of dealing with a specific dispute, for example in relation to solving crime or other illegal actions. Recordings from video surveillance for other purposes will be deleted when it no longer serves an objective purpose to store the data.

Any reports received via our whistleblowing scheme falling outside the scope of such scheme or otherwise proving to be unfounded will be deleted immediately after the manifestation thereof. Any reports being considered but not leading to any filing of a police report will be deleted two months after the investigation has ended. If a report is filed with the police or other relevant authorities, the data will be deleted immediately after the matter has ended, unless the data is transferred to the personal folder of the reported employee. If so, such personal data will be deleted no later than five years and six months after termination of employment.

Any personal data included in bookkeeping records will be stored for five years and six months as from expiry of the financial year at which time the data will be deleted. The storage period has been determined based on the storage requirements laid down in s. 10 of the Danish Consolidated Bookkeeping Act (bogføringsloven) and, consequently, with a view to complying with applicable law.

Any personal data collected in connection with recruitment procedures will be stored for the duration of the recruitment procedure. If we cannot offer you employment, we will keep your application, CV, and any attachments on file for a period of six months after our rejection, unless you have given your consent to storage of your application for a longer period of time.

The personal data may, however, be stored for a period longer than stated above if such storage is required by law or if it is necessary in order to establish, exercise or defend a legal claim. The data may also be stored for a longer period of time when in anonymized form, meaning in a form in which it will no longer be possible to relate the information to you.

  1. Links to other websites, etc.

Our website may contain links to other websites or to integrated websites. We are not responsible for the contents of the websites of other companies, nor for their practices regarding the collection of personal data. When you visit third-party websites, you should read the owners' policies on the protection of personal data and other relevant policies.

  1. Contact

If you have any questions or if you wish to file a complaint against the processing of personal data, please contact Bellagroup by email or telephone as stated above. If your complaint is not dealt with by us and you wish to proceed with the matter, you may file a complaint with the Danish Data Protection Agency:

The Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Denmark
Telephone: +45 33 19 32 00
Email: dt@datatilsynet.dk

Cookie policy

We use cookies on our website bellagroup.dk in accordance with this cookie policy.

Owner information

Bella Operation A/S
Center Boulevard 5
2300 Copenhagen S, Denmark
Central Business Register no. (CVR no.): 37 93 98 38
Telephone: +45 32 52 88 11
Email: info@bellagroup.dk

Processing of personal data by using cookies

This website uses cookies which may lead to the processing of personal data. We recommend that you read our https://www.bellagroup.dk/en/privacy which describes our processing activities and your user rights.

What is a cookie?

A cookie is a small datafile that is saved on your computer, tablet, or mobile phone. A cookie is not a program that can contain harmful programs or viruses.

How/why the homepage uses cookies

Cookies are necessary for the homepage to function. Cookies help us get an overview of your visit to the homepage so that we can continually optimize and adjust the homepage to your requirements and interests. For example, cookies remember what you might have added to a shopping cart, if you have previously visited the page, if you are logged in and what languages and currency you want displayed on the homepage. We also use cookies to target our ads to you on other homepages. On a very general level, cookies are used as part of our services to show content that is as relevant as possible to you.

How long are cookies saved?

How long cookies are saved on your device can vary. The time when they are scheduled to expire is calculated from the last date you visited the homepage. When cookies expire, they are automatically deleted.

This is how you can reject or delete your cookies

You can always reject cookies on your computer, tablet, or phone by changing your browser settings. Where these settings can be found depends on the type of browser you use. If you do change the settings, please be aware that there will be some functions and services that you cannot use because they rely on the homepage being able to remember the choices you have made.
You can choose to not receive cookies from Google Analytics here.

Deleting cookies

You can delete cookies that you have previously accepted. If you use a PC with a recent version of a browser, you can delete your cookies by using these shortcut keys: CTRL + SHIFT + Delete.

If the shortcut keys do not work or if you use an Apple computer, you must find out what browser you use and then click on the relevant link:

Remember: If you use several different browsers, you must delete the cookies in all of them.

Do you have any questions?

Should you have any questions or comments in connection with this information and/or our processing of personal data, you are welcome to get in touch with us. The cookie declaration itself is updated every month via Cookie Information. If you have any questions regarding the Cookie Information, you can send an email to info@cookieinformation.com.

Cookie policy was last updated November 1st, 2023