This Privacy Policy describes how ION Hótel ehf., Síðumúla 29, 108 Reykjavík, reg. no. 431011085 (hereinafter referred to as “ION Hotels” or “we”), processes personal data. The Privacy Policy is based on the Icelandic Privacy Act no. 90/2018, as well as the EU General Data Protection Regulation no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (referred to as “GDPR”).
The aim of this Privacy Policy is to provide our guests, customers and potential customers with information about the purpose and legal basis for the processing of personal data and their rights in relation to such processing.
The policy applies mainly, but is not limited to, guest and customer data. If you have had any correspondence with ION Hotels, the policy most likely applies to you. The policy furthermore applies to the collection, storage, and disclosure of data and or information that can identify the above-mentioned parties in any way possible.
If you are unsure of how this policy might concern you, or have any questions or observations with respect to this Privacy Policy please contact us directly at ion@ionhotels.is for more information.
To whom it applies
This Privacy Policy applies, but is not excluded to, the below-mentioned parties;
- Guests who stay at our hotels,
- Persons who correspond with employees of our hotels,
- Persons who contact ION Hotels electronically, by email, visit our websites and or social media profiles, and sign up for our mailing lists.
ION Hotels collects and processes information about these parties either directly through the parties themselves or a third party such as a travel agency, company, or online travel agencies in accordance with this Privacy Policy
Compliance
In any processing of personal and identifiable information, ION Hotels ensures that it is compliant with Data Protection Legislation effective in Iceland at any given time, as well as the GDPR.. In parallel, ION Hotels ensures that the rights of any individual and legal entity are respected and that their personal and private information is handled with the utmost care in compliance with best practices of handling personal and identifiable information and applicable laws and regulations.
Information collection
ION Hotels mainly collects and processes certain personal data for the purposes of providing its services. Personal information means any information that can be used to directly or indirectly identify a specific individual. Where ION Hotels processes your personal information under this Privacy Policy, it is considered to be the “data controller” of your personal information under the abovementioned Icelandic Privacy Act and GDPR.
The information ION Hotels collects and keeps on guests is limited to the following information:
- Name
- Address
- Email and other communication information
- Phone number
- Nationality
- Passport number
- Financial information, such as credit card information
- Reception and restaurant video surveillance
- Cookies
- Traveler market segment
- Personal information you decide to share with us regarding your upcoming stay
Information use and legal grounds
Your personal information will only be processed by ION Hotels where there is an appropriate legal basis for the processing. The legal basis may differ based on the purpose of the processing of your personal information. In almost all cases the legal basis for the processing is to fulfill our contractual obligations in regard to your reservation at our hotels, for analytical purposes, for fulfilling legal obligations required of us by applicable privacy laws and regulations, to safeguard the legitimate interests of ION Hotels, to protect the vital interests of you or another person, and processing based on your consent given to ION Hotels for processing your information for a specific purpose. Whenever we process personal information based on your consent, you may withdraw your consent at any time.
The information you provide to us, is mainly collected and processed to be able to provide our services and to make your stay at ION Hotels better.. Please be aware that such information may include personal preferences regarding food and or bedrooms, food allergies, etc. Video surveillance recordings are only used to safeguard the legitimate interests of ION Hotels. Information that ION Hotels processes and collects in accordance with this Privacy Policy, is never shared with third parties or used for any other purpose unless in accordance with applicable privacy laws and regulations.
Data retention
The information we collect is stored for the time necessary to fulfill the abovementioned obligations, and in accordance with applicable laws and regulations at any given time. ION hotels actively review personal information so that personal information is not retained longer than there is a legal basis for it being processed. When data is no longer considered necessary it is deleted.
Website
When you visit our website, ION Hotels collect cookies with the goal of a better understanding of how guests visit our website. We never ask for information on kids under the age of twelve. If needed, we will store with the utmost care.
When visiting ionhotels.com, information on use is collected. We collect your IP address, what browser and operating system you are using, how much time you’ve spent on the website, and what sub-pages you use. The information we collect is only used to enhance our website. The information we collect is never used for direct marketing purposes unless you strictly give us consent via our mailing list. For more information, please see our Cookie Policy.
Security and rights
ION Hotels has taken appropriate security, technical and organizational measures that it can be expected to take to make sure the information collected and stored is protected. The way we do this is by our organizational structure along with a high standard of computer security. ION Hotels will not transfer personal information outside of the European Economic area unless permitted by applicable laws and regulations. We always do our best to make sure your information is always kept secure in accordance with applicable privacy laws and regulations.
According to the applicable privacy laws mentioned in this policy, you may be entitled to know and receive information on what personal information ION Hotels has stored on you. You may also be entitled to know where said information originates. You can also request to know in which manner your personal information is processed and object processing if applicable. If your information has been sent to a third party, you may be entitled to know which party has your information and what the purpose of the data transfer was. You can ask us to update, rectify and or delete specific personal information about you and also ask us to limit the use and collection of the data and how said data is used internally. In case of a situation where ION Hotels are unable to meet your request, we will seek to explain why such a request is rejected, with respect to applicable laws and regulations. In any of these cases, please contact us directly at ion@ionhotels.is, and we will respond accordingly.
If applicable, you also have a right to lodge a complaint, with respect to the abovementioned rights, to the Icelandic Data Protection Authority. A complaint can be made in writing to:
The Icelandic Data Protection Authority
Rauðarárstígur 10
105 Reykjavík
Iceland
Revision of this Privacy Policy
ION Hotel may update this policy on a regular basis in accordance with changes to applicable laws or regulations or as a result of changes made by ION Hotel with respect to the processing of personal data. ION Hotels encourages you to review this policy on a regular basis in order to be informed about how we use and protect your personal information.
This Privacy Policy was adopted on 09.12.19.