PRIVACY STATEMENT
Last date of revision: 08/08/2019
1. WHAT IS COVERED BY THIS PRIVACY STATEMENT?
1.1 Crowne Plaza Brussels Airport (“Holiday Inns of Belgium” – “We ”) is a business hotel. We make part of the Intercontinental Hotels Group (“IHG ”).
1.2 We are committed to protect your privacy and to process your personal data in an open and transparent manner, in particular with respect of the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”).
With this Privacy Statement we would like to inform you about why and how we process your personal data when we perform our business activities or when you use our webpage [www.cpbrusselsairport.be], who we give that information to, what your rights are and who you can contact for more information or queries.
Depending on the activity, we may act as a separate controller of your personal data or as a joint controller with one or more other hotels of IHG. For IHG’s privacy statement, please click on this link.
1.3 For detailed information about the cookies and similar technologies used on our webpage, please consult the Cookie Policy.
2. OTHER WEBSITES AND SOCIAL MEDIA
2.1 Our website may link to other sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.
When linking to any such sites, we strongly recommend you to review the Privacy Statements on these sites, before disclosing any personal information.
2.2 Please be aware that, when you visit our pages on social media (Facebook, Instagram, Twitter and LinkedIn), cookies are used by these social media. In this way, we can obtain information – in an anonymised way – about the public that visits our social media pages.
For more informations about why and how your personal data are processed in this respect, we refer to the privacy and cookie policies of the social media mentioned above:
- cookie policy Facebook: https://www.facebook.com/policies/cookies/
- privacy policy Facebook: https://www.facebook.com/about/privacy/
- cookie policy Instagram: https://help.instagram.com/1896641480634370
- privacy policy Instagram: https://help.instagram.com/519522125107875
- cookie policy Twitter: https://help.twitter.com/en/rules-and-policies/twitter-cookies
- privacy policy Twitter: https://twitter.com/en/privacy
- cookie policy LinkedIn: https://www.linkedin.com/legal/cookie-policy
- privacy policy LinkedIn: https://www.linkedin.com/legal/privacy-policy
2. WHY WE USE YOUR DATA
2.1 I AM A HOTEL GUEST
2.1.1 We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:
- the good organisation of our services;
- respecting our legal obligations;
- guest management;
- invoicing and accounting;
- the provision of information on our company, services and activities;
- dealing with enquiries, requests and complaints;
- dispute management;
- statistics and market research;
- security.
2.2 I AM A WEBPAGE VISITOR OR A CONTACT PERSON RECEIVING DIRECT MARKETING
2.2.1 We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:
- providing our (online) services;
- advertising and (direct) marketing;
- system logs and gathering statistics about the use of the webpage;
- maintenance;
- improving performance and design of the webpage;
- dealing with enquiries, requests and complaints (e.g. sent through our webpage);
- maintenance.
2.3 I AM (A CONTACT PERSON OF) A SUPPLIER, OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A VISITOR, A BUSINESS CONTACT ETC.)
2.3.1 We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:
- respecting our legal obligations;
- order and supply management;
- invoicing and accounting;
- the provision of information on our company, services and activities;
- the good organisation of our services;
- dealing with enquiries, requests and complaints;
- dispute management;
- public relations and press contacts;
- statistics and market research;
- security.
3. THE LEGAL GROUNDS FOR PROCESSING YOUR DATA
3.1 I AM A HOTEL GUEST
3.1.1 We process your personal data for the purposes mentioned above in the framework of our contractual rights and obligations or in order to take steps at your request prior to entering into a contractual relationship. Occasionally, we may also process your personal data for for compliance with our legal obligations.
3.2 I AM A WEBPAGE VISITOR OR A CONTACT PERSON RECEIVING DIRECT MARKETING
3.2.1 When you send a message via the webpage, your personal data will in principle be processed for the purposes of our legitimate interests (namely the interest to handle all enquiries, requests and complaints sent via this form in the best possible way).
Before relying on legitimate interests, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.
3.2.2 If you have already stayed in our hotel or made a reservation thereto, your e-mail address might be added to our mailing list for e-mail messages containing information of commercial or promotional nature about the hotel, which is in our legitimate interest. If you have not stayed in our hotel or made a reservation yet, we will send such e-mail messages based on your consent.
3.3 I AM (A CONTACT PERSON OF) A SUPPLIER, OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A VISITOR, A BUSINESS CONTACT ETC.)
3.4 We process your personal data for the purposes mentioned above:
- when necessary for the performance of contracts to which you are party or in order to take steps at your request prior to entering into a contract;
- when necessary for compliance with our legal obligations;
- for the purposes of the legitimate interests of our company and/or of a third party, including (but not limited to) our business activities, supplier management etc. In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.
4. YOUR RIGHTS
4.1 You have several rights concerning the information we hold about you. We would like to inform you that you have the right to:
- obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
- ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
- ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it;
- withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
- receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
- object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.
You have also the right to object at any time to the processing of personal data for direct marketing. If you do not want to continue receiving any direct marketing from us, you can contact us (see below) or click on the unsubscribe function in any such communication. In that event, the personal data shall no longer be processed for such purposes.
4.2 In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at bruzm.dataprivacy@ihg.com.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
4.3 If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction.
5. HOW WE OBTAIN DATA
5.1 I AM A HOTEL GUEST
5.1.1 We obtain your personal data when you (register for a) stay in our hotel. We obtain such data because you give them to us (e.g. by completing online forms) or because others give them to us (e.g. your employer / organisation, a booking website etc.).
5.2 I AM A WEBPAGE VISITOR OR A CONTACT PERSON RECEIVING DIRECT MARKETING
5.2.1 We may obtain your personal data when you use our webpage. The data may be freely provided by the user (e.g. via an online form), or collected automatically (e.g. usage data).
5.2.2 The personal data we hold in our marketing database were provided to us by you or by a third party (e.g. a booking organisation, your employer etc.).
5.3 I AM (A CONTACT PERSON OF) A SUPPLIER OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A VISITOR, A BUSINESS CONTACT ETC.)
5.3.1 We may obtain you personal data in the framework of the execution of our business activities.
5.3.2 We may obtain such personal data because you give them to us (e.g. by contacting us, by completing online forms,…), because others give them to us (e.g. your employer or other third parties) or because they are publicly available.
5.3.3 When we obtain personal data from external parties, we make reasonable efforts – if necessary – to enter into contractual clauses with these parties obliging them to respect the data protection legislation.
6. DATA WE COLLECT
6.1 I AM A HOTEL GUEST
6.1.1 When we process your data because you stay in our hotel, it may concern – among other things – the following data:
- Identification data (e.g. name, e-mail address, country of residence, …);
- personal characteristics (e.g. age, gender, date of birth, place of birth, nationality, language, family composition, etc.);
- financial specifics (e.g. bank account number);
- camera images;
- data about the room you are staying in and which services you order;
- data about how you interact with us and other similar information.
6.2 I AM A WEBPAGE VISITOR OR A CONTACT PERSON RECEIVING DIRECT MARKETING
6.2.1 When we process your data because you use our webpage or in order to send you direct marketing, it may concern – among other things – the following data:
- Identification data (e.g. name, e-mail address, , …);
- electronic identification data (e.g. IP addresses, browser type, cookie identifiers, …);
- data about how you interact with us (e.g. when you contact us,) and other similar information.
6.3 I AM (A CONTACT PERSON OF) A SUPPLIER OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A VISITOR, A BUSINESS CONTACT ETC.)
6.3.1 The personal data that we collect or obtain may, among other things, include:
- Identification data (e.g. name, address (private/work), phone number (private / work), e-mail address (private / work), country of residence), national identification number, passports etc.
- personal characteristics (e.g. age, gender, date of birth, place of birth, nationality, language, family composition, etc.);
- financial specifics (e.g. bank account number, …);
- employment and educational data (e.g. organization you work for, job title, current responsibilities, …);
- camera images;
- data about how you interact with us (e.g. when you contact us, when you visit us at exhibitions etc.) and other similar information
7. DISCLOSURES
7.1 We may disclose your personal data to affiliated companies, third parties that provide services to us that reasonably require access to personal data relating to you for one or more of the purposes referred to above. The following external parties may for instance be involved:
- external service providers we rely on for various business services;
- law enforcement authorities in accordance with the relevant legislation
- external professional advisors (e.g. attorneys or consultants of the company).
7.2 [OPTION 1: In principle, we do not transfer your personal data to recipients located in countries outside of the European Economic Area whose laws may not provide the same level of data protection.]
OR
[OPTION 2: As we make part of on international hotel group, s ome of the recipients of your personal data referenced above may be based in countries outside of the European Economic Area whose laws may not provide the same level of data protection. In the latter case, we will take appropriate safeguards to process your personal data in accordance with the data protection legislation.]
7.3 We reserve the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
8. SECURITY OF YOUR DATA
8.1 We employ strict technical and organizational (security) measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.
8.2 We also limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs.
9. DATA RETENTION
9.1.1 Your personal data will not be retained longer than necessary for the purposes described above.
As a general rule, records in the framework of our business activities that may contain personal data (e.g. contracts, orders, correspondance etc.) are stored for a period of 10 years.
9.1.2 Personal data processed for direct marketing purposes, are however stored for a period of 5 years as from the last contact with the individual concerned. If you have become a customer during this period, we may however retain your personal data for a longer period, namely 10 years as from the delivery of the products or services, or as from the latest contact with us (if this contact would take place at a later date).
9.1.3 Depending on the specific situation and the applicable national legislation, we may however retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer : (i) as long as is necessary for our daily business; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise.
10. AUTOMATED DECISION-MAKING
10.1 Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
10.2 As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.
11. HOW TO CONTACT US?
11.1 We hope that this Privacy Statement helps you understand, and feel more confident about, the way we process your data. If you have any further queries about this, please contact us at bruzm.dataprivacy@ihg.com.
12.CHANGES TO THIS PRIVACY STATEMENT
12.1 We may modify or amend this Privacy Statement from time to time. To let you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Please check back periodically to see changes and additions.