General Data Protection Regulation (GDPR)
Dear Mefjord Brygge customer,
The EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. It places new obligations on organisations based in the EEA or which hold or process personally identifiable information (PII) about EU citizens.
Mefjord Brygge has taken several steps to ensure we are fully compliant with our obligations and have clear policies and processes to respond to customer and partner questions. Further information is available below.
Data Protection Officer
Collection, storage and usage of personal data
- We only collect personal data needed for lawful reasons in order for us to be able to deliver our products and services in a safe and legal way for both us and the Guest
- We assume the guest gives consent by a clear affirmative action such as entering their own personal data by themselves and confirming the reservation – by telephone, email, online booking system, reservation agents or other communication/reservation channels
- For all the reservations, in case the information voluntarily provided by the guests at the booking process is not sufficient, we collect additional information in order to comply with applicable local laws. That notably includes full name of the guest and contact phone number that can be used in case of any emergency (such as fire). This applies to all reservations that are made either directly via our reservation channels or through third-party booking channels (e.g. Booking.com or Expedia). It also includes reservations made by walk-in guests or over the phone.
- For each guests we collect all or just some of the following personal data: name, address, phone-number, e-mail address, ID-number/passport number, credit card data and/or some other custom data. The extent of the required personal data depends on individual situations are we acknowledge only information provided with consent of our guests to process the reservation.
- We never collect personal data for accompanying children under 16 other than the children’s name and date of birth
- The only place we store personal data is in our booking system, mailboxes, printed accounting documentation and authorized computer hard drives. The stored information is used solely to provide our services and to communicate with the guests.
- All of the online information is processed using HTTPS protocol and it is stored offline on computers that are accessible to authorized persons only and are password protected
- The supplier of our PMS (Property Management System), Little Hotelier, is contractually obliged not to disclose any of our data to third parties.
- Once the check-out is made we may keep the simplified user data (name, phone number & email address) only for the purpose of communicating with guest and for making future reservation easier.
- We never disclose any information for third parties.
- We never store credit card information after the payment is made or the booking is checked-out.
- The guests have explicit right to completely remove their personal information from our database.
Guest data access requests
- If a guest asks for their personal data, we will immediately provide it free of charge
- We actively communicate which personal data we store about the guest to the guest both through the booking confirmation, invoices, emails and in the arrival information.
- The only exception to this rule is credit card information which we use solely for the purpose of completing the remote transactions using secure payment terminal.This information is stored in a way that offers minimum two-layer protection for extra safety.
Data privacy, protection and disclosure
Mefjord Brygge shall take reasonable steps to protect personal data (i.e., information that relates to an identified or identifiable natural person) in the context against loss and unauthorized access, use, deletion and disclosure. Mefjord Brygge will process personal data in a manner that ensures appropriate confidentiality and security of the personal data.
Mefjord Bryge acknowledges that it is responsible for handling and security of the personal data it holds and processes. The data is used within the context of providing information, handling requests and reservations for the Guests. Mefjord Brygge shall provide personal data to any other party only if such disclosure is permitted under applicable laws. Mefjord Brygge is a data controller (i.e. it determines the purposes of the data processing) for any personal data it processes.
Any data received either directly or indirectly through a connectivity partner acting on Guest’s behalf shall be processed in accordance with applicable laws. Unless agreed otherwise, Mefjord Brygge’s partners handle personal data on behalf of Mefjord Brygge. Each Party shall be solely responsible for the processing of personal data by itself or on its behalf in accordance with applicable data protection laws.
The Parties shall, if required by applicable laws, cooperate in good faith and provide assistance in the event data subjects wish to exercise their rights of access, correction, erasure or portability, or in case of requests from competent authorities to demonstrate compliance with applicable obligations.
Communication with Guests
- We may use various forms of communication to contact our guest to facilitate communication regarding past, current or future reservations.
- Mefjord Brygge may from time to time facilitate the communication with the guest using common communication tools (such as email, telephone or by using Mailchimp mailing service).
- Mefjord Brygge has duly and diligently informed the employees, representatives, partners and other individuals about using the communication tools used on Mefjord Bryge’s behalf including the processing, receipt, insight, storage, screening and access of such communications as required by applicable laws
Safeguarding of Personal Data
Mefjord Brygge is safeguarding and keeping any personal data information of the Guest in a confidential and secure way. Any information is not disclosed to any person other than those who need to have access to our Extranet to fulfill their job responsibilities and to facilitate communication between Mefjord Brygge and the Guest.
Should any actual or suspected breach of security or confidentiality of data be revealed, we assume the responsibility to take any necessary preventive action, inform the Guests about such circumstance and cooperate in the best possible way.
Payment Card Security
Some of our partners process payment card information obtained from individuals during the booking process. Such information is stored and processed in a secure way (according to policies of our partners, notably: Little Hotelier (Property Management System), Booking.com, Expedia and other Holiday providers. In every case we process such information, we exercise maximum safety measures and use it solely to perform required remote transaction in secure way and remove such sensitive information afterwards.
Mefjord Brygge observes compliance criteria and validation processes set in the current Payment Card Industry (PCI) Data Security Standard issued by the major credit card companies.
Your individual rights
Under the GDPR you have following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
- The right to complain to the authorities you feel there is a problem with the way we are handling your data
Some cookies are required to enjoy and use the full functionality of this website.
Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Information about Partners and Third Parties
We have carefully chosen partner companies that are directly or indirectly involved in processing and storing some of the personal information. These companies are compliant with GDPR and their policies can be viewed on the respective websites:
- Little Hotelier (our Property Management System)
- Domeneshop (our hosting and web services provider)
- Microsoft (our mailbox and computer software provider)
- GoFish (safety system for the boats operated by Dualog)
- Mailchimp (mailing service provider)
We also cooperate with a number of Partners with whom the information flow is going only in the direction from the Partner to Mefjord Brygge (such as Booking.com or Expedia). We believe that respective policies of such partners are also GDPR compliant, however, should any of the guests decide to use services of such partners, we cannot assume any responsibility for their individual policies.
Resources & further information
For detailed information on these rights please refer to EU GDPR Information Portal https://www.eugdpr.org/