Processing of personal data
On this day, 24/05/2018, the following policy has been drawn up for Story Hotels.
We take care of your privacy. You should be able to feel secure when entrusting your personal data to us. For this reason, we have drawn up this policy. It is based on current data protection legislation and clarifies how we work to safeguard your rights and privacy.
The purpose of this policy is to make you aware of how we process your personal data, what we use them for, who may view them and under what conditions, and how you can safeguard your rights.
The main reason why we process your personal data is to fulfil our obligations towards you. We proceed on the basis that we do not process more personal data that is necessary for the purpose, and always endeavour to use the least sensitive information.
We also need your personal data to provide you with a good service, for example, in terms of marketing, monitoring and information. In addition, we may need your personal data to comply with laws and carry out customer and market analyses.
You have the right to object to our use of your personal data for direct marketing purposes. When we collect personal data about you for the first time, you will receive more information on this and how you can object to it.
What personal data do we process?
We only process personal data where there is a legal basis for this. We do not process personal data unless this is necessary for the fulfilment of obligations in accordance with agreements and the law. Examples are given below of the personal data we process:
- Email address
- Telephone number
- Date of birth
- Personal Identity number or Passport number
- User name
Payment card numbers, credit card numbers and other bank-related information
Information that you registered without being requested to do so and which you provide voluntarily
How do we gain access to your personal data?
Where possible, we try to obtain your consent before starting to process your personal data. We do this by asking you to complete explicit consent clauses if the processing is based on consent.
You have the right to withdraw your consent at any time. In such case, we will no longer process your personal data or obtain new data, provided that this is not necessary for the fulfilment of our obligations in accordance with an agreement or the law. Note that withdrawing your consent means we are unable to fulfil the obligations we have towards you.
We also gain access to your personal data in the following ways:
- Information you provide to us direct
- Information that is registered when you visit our website
- Information that we obtain from public records
- Information that we obtain when you consult one of our employees
- Information that we obtain when you register for our courses or seminars
- Information that we obtain when you subscribe to newsletters or other mailings
- Information that we obtain when you reply to our questionnaires and surveys
- Information that we obtain when you contact us, seek employment with us, visit us or otherwise make contact with us
What information do we give you?
When we collect your personal data for the first time, we will inform you how we have obtained your personal data, what we will use them for, what rights you have according to the data protection legislation, and how you can safeguard these rights. You will also be informed of who is responsible for the processing of the personal data and how you can contact us if you have any queries or need to submit a request or enquiry that concerns your personal data and/or your rights.
Are your personal data processed in a satisfactory manner?
We draw up procedures and methods of working to ensure that your personal data are processed in a secure way. The basic condition is that only employees and other persons within the organisation who need the personal data to carry out their work duties have access to them.
As regards sensitive personal data, we have established authorisation controls, which means there is a higher level of protection for your personal data.
Our security systems are developed with your privacy in mind, and provide a high degree of protection against intrusion, destruction and other modifications that may pose a risk to your privacy.
We have several policies for IT security, to ensure that your personal data are processed securely.
We do not transfer your personal data other than as explicitly stated in this policy.
When do we disclose your personal data?
Our basic principle is that we do not disclose your personal data to third parties if you have not given your consent to this or if it is not necessary for the fulfilment of our obligations in accordance with agreements or the law. In those cases where we disclose personal data to third parties, we draw up a confidentiality agreement to ensure that the personal data are processed in a satisfactory manner
Story Hotels is a data controller, which means that we are responsible for the processing of your personal data and for ensuring that your rights are safeguarded.
If you have any questions or concerns regarding GDPR you can reach us at: