Privacy Policy

Sir Hotels
This Privacy Statement applies to the processing by Sir Hotels of your (our guests') personal data. Sir Hotels takes your privacy very seriously and treats all your personal data with great care. Sir Hotels acts in accordance with the applicable data protection legislation.

Introduction

When you visit our websites (or subdomains) (the “Website”), make a reservation, contact us, purchase products from us or visit one of our hotels, we collect personal data from and about you. This Privacy Statement describes which personal data is collected and for which purposes this personal data is processed by Sir Hotels. It also states which rights you have under applicable data protection law.

Who processes your personal data?
Your personal data may be processed by or on behalf of:

A. all Sir Hotels entities operating under Europe Hotels Private Collection, whether owned or licensed by Sir Hotels Operations B.V. and its wholly and partially owned affiliates (each hereinafter referred to as a: Sir Hotels Hotel; see the full list of our Sir Hotels, and the legal entities that operate these hotels here; and/or:


- Sir Adam Hotel Amsterdam
- Sir Albert Hotel Amsterdam
- Sir Savigny Hotel Berlin
- Sir Nikolai Hotel Hamburg
- Sir Joan Hotel Ibiza
- Sir Victor Hotel Barcelona

B. Europe Hotels Private Collection B.V., a limited liability company registered under the laws of the Netherlands, having its statutory seat in Amsterdam, the Netherlands and its offices at Nieuwezijds Voorburgwal 271, 1012 RL Amsterdam, the Netherlands. Europe Hotels Private Collection B.V. is registered with the Dutch Chamber of Commerce under registration number 34369785.

Which personal data do we process, and for what purposes do we process personal data?
Regardless of which hotel you stay in, your personal data will be stored in (i) centralized systems which are under the control of Europe Hotels Private Collection and accessible for authorized staff of Sir Hotels, and (ii) local systems controlled solely by the relevant Sir Hotels. We want to get to know you, because that enables us to make your stay more pleasant, so you may one day decide to return to our hotels. We collect, store and process personal data at two different stages: (i) before you decide to stay in one of our hotels and (ii) when you stay or have stayed in one of our hotels.

Overview of activities under stage (i) and (ii)
We may at each of the stages outlined above use your personal data. For your convenience, we have made an overview of activities that involve the processing of your personal data, and the corresponding legal basis/legal bases that allow/s us to process this data.

First of all, we store the personal data you provide to us in our systems for administrative purposes.

- consent (if required)
- enter into or perform a contract to which you are a party

Under several jurisdictions and/or local city regulations we are legally obliged to ask you to provide us with certain information when you arrive at a Sir Hotels. This may include information such as: birth date, nationality, place of residence, date of arrival and profession.

- compliance with a legal obligation

We will have to verify your identity when you arrive at a Sir Hotels. We will use your passport or other identification document. We will not store a copy of your passport, unless to the extent permitted by law.

- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests

We store information of your use of the systems in the guest room to ensure that they work correctly. This information is used by our 24/7 support team for preventative and reactive support purposes.

- for the purposes of our, or a third party's, legitimate interests

We store your personal data in our database(s), also after your transaction has been completed and after you have stayed in one of our hotels, in order to comply with data retention obligations and to be able to contact you and welcome you again in the future.

- compliance with a legal obligation
- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests

Since we operate internationally, it may be necessary to transfer personal data to a Sir Hotels or other recipient (such as franchisees, partners and third party service providers) in a country outside of the country where it was originally collected or outside of your country of residence or nationality. For many of our business purposes we use cloud based services. Therefore, for technical and organizational reasons, it may be necessary that your personal data is transferred to servers located in the US, or to servers located in countries outside of the European Economic Area ('EEA').

- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests


When we transfer the data to a country outside of the EEA that does not offer an adequate level of data protection, we will ensure compliance with applicable law by way of:

  • EU Model Clauses
  • EU-US Privacy Shield-certification
  • other legally accepted safeguards, as applicable

We process your booking, howsoever made (directly via our website or via a third party (online) travel agent.

- enter into or perform a contract to which you are a party

We create a general and simple profile of you on the basis of information disclosed by you via public sources on the internet. We will not use any sensitive personal data that we may collect or derive from your stay or from public sources on the internet.

- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests

We offer and provide services and products you request from us or which we may think you are interested in, via email, telephone or other media. You can subscribe to our newsletter, which contains commercial offers and news of Sir Hotels and related third parties. We use the email address you provide to send the newsletter to. If you no longer wish to receive the newsletter, you can use the link provided in every newsletter to unsubscribe.

- consent (if required)
- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests

We use credit card data or other payment data for invoicing purposes.

- enter into or perform a contract to which you are a party

If you would like to park in our parking garage we may collect your license plate number in order to provide you access to the parking garage.

- enter into or perform a contract to which you are a party

We collect (meta)data on your use of our Wi-Fi services for security and anti-piracy purposes (such as: IP address, your device's MAC address, connections made, location, etc.). We do not process the content of traffic.

- consent (if required)
- for the purposes of our, or a third party's, legitimate interests

We collect automatically generated information for statistical (research) purposes. This information tells us how well our services are functioning. This information may be provided to third parties, but only if permitted by law or if this information cannot be traced back to you.

- for the purposes of our, or a third party's, legitimate interests

We track information on your purchases for future use in case you return to a Sir Hotels.

- for the purposes of our, or a third party's, legitimate interests

We track and record your use of our, or our affiliates', (online) services, either through cookies or via other means. Cookies enable us and others to monitor your browsing behavior. Please read our Cookie Statement for further information on cookies.

- consent (if required)
- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests

We engage in the advertising and marketing of our brand, company, affiliates, services and/or products both online and offline, possibly via third party service providers. For this, we use your contact details, information on your stay at a Sir Hotels and information collected through cookies.

- for the purposes of our, or a third party's, legitimate interests

We endeavor to provide a high level of security of both the information we store as well as our facilities, (IT) systems and premises, by means of encryption, physical security measures, passwords, company procedures and policies and professional IT support. Personal data may be processed in this context by Sir Hotels and its vendors.

- for the purposes of our, or a third party's, legitimate interests

We endeavor to prevent our services and facilities (hotels) from being used for illegal purposes, of any kind. Personal data may be processed in this context by Sir Hotels and its vendors, such as through CCTV surveillance.

- for the purposes of our, or a third party's, legitimate interests

We engage in activities required for compliance with legal obligations, third party claims or requests from public authorities, such as (i) the mandatory storage/containment of certain information because of a criminal investigation, (ii) requests from third parties for access to information (iii) any further instructions from third parties, such as supervisory authorities, that involve data processing.

- consent (if required)
- enter into or perform a contract to which you are a party
- for the purposes of our, or a third party's, legitimate interests

We may engage and/or authorize photographers, video producers and/or other media production companies, for promotional purposes. Production companies always have to obtain authorization from us and as a part thereof has to sign an Agreement with us. We will always do our utmost in maintaining a pleasant and carefree atmosphere for you.

When it is possible that you and/or our other guests could be identifiably displayed or recorded on (parts of the) production, the production company has to guarantee that it will warn our guests in a clear manner and has to guarantee to process the personal data on a legal processing ground. These grounds may include (i) your explicit consent or (ii) the legitimate interest of the production company for processing such data.

When we engage production companies, this Privacy Statement is applicable. We will solely process for promotional purposes. When we authorize production companies, the Privacy Statement of the relevant production company is applicable

  • for the purposes of our, or a third party's, legitimate interests; or
  • consent (if required).

Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward.


Right of access to your information
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by sending an email to privacy@ehpc.com. We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.


Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to privacy@ehpc.com.


Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with section 20 of the General Data Protection Regulation.


Right to object
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data which is based on the legal basis of either point (e) or (f) of section 6(1) of the General Data Protection Regulation (i.e. the performance of a task carried out in the public interest; the purposes of our, or a third party's, legitimate interests) including profiling based on those provisions [see the Schedule under clause 4 of this Privacy Statement]. We will only cease the processing if so required under section 21(1) of the General Data Protection Regulation. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes by either (i) opting out by using the option we provide in the relevant direct marketing message (e.g. an email newsletter), or (ii) by sending an email to privacy@ehpc.com. For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing.


General information relevant for all requests and queries
You must exercise your rights, as explained in this clause, in accordance with applicable law, in particular section 15, 16, 17, 18, 20 and 21 of the General Data Protection Regulation, if and when it applies. We will solely review your request or query in light of our obligations under applicable mandatory data protection law. Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law. We will use reasonable endeavors to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honor your request or answer your query, we will explain our reasons for doing so in our reply.


Protection and storage of your data
We have used and will continue to use reasonable endeavors to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state of the art protection measures. A strictly limited amount of people have access to your personal data. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Statement, generally 2 years, unless a longer retention period is required or permitted by law (which is typically the case in the context of our obligations under tax law).


Cookies

A cookie is a simple small file that is sent with pages from this website (and/or Flash applications] and is saved through your browser onto your computer’s hard drive. The information stored in the cookie can be sent back to our servers during a subsequent visit to our site.


Cookies save your preferences
Using a permanent cookie, we can recognize you when you visit our website. This means that the website can be adjusted specifically according to your preferences. When you have given permission to place cookies, we can remember this using a cookie. This means that you don’t need to keep repeating your preferences, which saves you time and means that you can enjoy using our website more. You can delete permanent cookies using your browser settings.


Cookies for sharing pages via social media
We have included buttons on our website to promote or share web pages on social networks such as Facebook and Twitter. These buttons work via pieces of code that originate from Facebook and Twitter. Cookies are placed using this code. We don’t have any influence over this. Please read the Facebook and Twitter privacy statements (which can change regularly) to read what they do with your personal details that they process via these cookies. The information they collect is anonymized as much as possible. The information is transferred and stored by Twitter, Facebook, Google+ and LinkedIn on servers in the United States. LinkedIn, Twitter, Facebook and Google+ state that they adhere to the Safe Harbor principles and are affiliated to the American Ministry of Trade’s Safe Harbor program. This means that there needs to be an appropriate protection level for processing personal details.


Cookies to improve the website
As part of their Analytics service the American company Google places a cookie on our website. We use this service to follow and receive reports about how visitors use our website. Google can provide this information to third parties if Google is legally obliged to do so, or if third parties process this information on behalf of Google. We don’t have any influence over this. The information that Google collects is anonymized as much as possible. We emphasize that your IP address is not shared. The information is transferred and stored by Google on servers in the United States.


Inspection, correction or removal of details
You have the right to ask to inspect, correct or remove your details. See our contact page about this. In order to prevent misuse we may ask you to provide appropriate identification. If this concerns inspection of personal details linked to a cookie, you should send a copy of the cookie in question. Only you can delete cookies, as they are stored on your computer. Consult your browsers user manual for this.


Supervisory authority and applicable law
With respect to the processing of your personal data, Sir Hotels Operations is the 'main establishment' of the Europe Hotels Private Collection. This means that the data protection authority of the Netherlands (Autoriteit Persoonsgegevens) shall have jurisdiction with respect to the cross-border processing of your personal data in which Sir Hotels Operations is involved. Notwithstanding the foregoing you shall be entitled to lodge a complaint with the competent supervisory authority in the territory of a Sir Hotels. The processing of your personal data by Sir Hotels Operations and the relevant Sir Hotels Hotel(s) shall be subject to the laws of the Netherlands, including the General Data Protection Regulation, when it applies from 25 May 2018 onwards. The applicability of the laws of the Netherlands and General Data Protection Regulation shall be without prejudice to any provisions that may apply to a particular processing activity under local mandatory data protection law.


General

In case you have any questions in relation to this Privacy Statement, you may send an email to privacy@ehpc.com.

We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date. To make sure you consult the most recent version of our Privacy Statement, please check the Privacy Statement published on our Website.

Last update: 23 May 2018.