Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. Privacy Policy of B&B HOTELS in Denmark
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

Privacy Policy of B&B HOTELS in Denmark

PDF version
 

Status: February 2025 (Denmark)


Preamble

As part of our business activities, we process the personal data of visitors to our websites, users of our app, hotel guests, participants in our loyalty programmes, interested parties, service providers and other business partners.

This data protection notice is intended for users, guests and future guests (hereinafter "you") in connection with (i) visiting the website https://www.hotel-bb.com/da (hereinafter "website") and the B&B HOTELS mobile application (hereinafter "app") as well as the channels on social media platforms in Danish, (ii) participating in one of the loyalty programmes and (iii) staying in a hotel in Denmark.

It serves to inform you about how your personal data is processed via our website, app and social media channels and in particular in connection with accommodation in one of our hotels and with our loyalty programmes, in accordance with Regulation No. 2016-679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "General Data Protection Regulation" or "GDPR").

The protection of your personal data is a priority for the companies of the B&B HOTELS group. Therefore, the companies of the B&B HOTELS group undertake to process this data in strict compliance with the General Data Protection Regulation and other applicable data protection laws. 

 

1.    Definitions

App: refers to the B&B HOTELS mobile application available in IOS and Android versions.

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Website: is the website that is accessible at the URL address https://www.hotel-bb.com/da.

User: means any person who accesses the Website and the App, regardless of whether they are a Customer, an Operator or a normal internet user with or without an Account.  We also refer to the definitions in Art. 4 GDPR for the terms used.

Personal data is all information that relates to an identified or identifiable natural person. This includes, for example, your name, your address and communication data or your e-mail address. 
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

 

2.    Responsible persons

1. The controller within the meaning of the GDPR is the person who decides on the purposes and means of processing personal data. If several persons jointly decide on the purposes and means of processing, they are jointly responsible for the processing. For some processing operations, the Danish operating company of the B&B HOTELS Group named below is solely responsible. For others, the operating companies of the B&B HOTELS Group are each jointly responsible for the processing and act jointly with other companies.

Solely responsible:
B&B Hotels Denmark ApS, Christians Brygge 28, 1. th, 
1559 København V (Denmark), registered under CVR-number 40380388 ,
is the sole controller for the following processing operations:
(1) Processing of reservations that were not made via the online booking system;
(2) Management of accommodation contracts;
(3) Exercising the rights of data subjects under the GDPR;
(4) Processing of insurance claims; 
(5) Management of accommodation registration forms; 
(6) Installation and operation of a video camera system in the self-operated hotels;
(7) Operation and provision of guest WLAN in the self-operated hotels;
(8) Processing of guest complaints and claims; 
(9) Accounting and receivables management in connection with accommodation in the self-operated hotels.

The companies of the B&B HOTELS Group operate the online booking system, which is the central reservation system for all B&B Hotels. 

Companies of the B&B HOTELS Group act as joint controllers for the following processing operations:

(1) Operation of the online booking system and processing of reservations made via this system;
(2) Implementation of direct marketing measures; 
(3) Management of the loyalty programmes.

The companies on the list, which you can access here, are jointly responsible for managing the B&B HOTELS Club paid loyalty programme. 
The companies on the list, which you can access here, are jointly responsible for managing the free B&me loyalty programme. 
The companies in the list, which you can access here, are jointly responsible for the other aforementioned processing operations.

The joint controllers have concluded joint controllership agreements for the aforementioned processing operations, which set out their respective obligations. The main contents of these agreements are available on request at the following address: datenschutz@hotelbb.com

Information about the processing operations carried out in this context is provided in detail below. The data protection officer of B&B Hotels Denmark ApS can be contacted by email at datenschutz@hotelbb.com or by telephone on +49 (0) 6146 9090-0 or via the postal address provided with the addition "The Data Protection Officer". 

 

3.    General criteria for storage duration

Unless a more specific storage period is specified in this data protection notice, your personal data will be stored until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other compelling reasons for the continued storage of your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply. 

 

4.    General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. Consent can be revoked at any time. If your data is required for the establishment or fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data on the basis of Art. 6 para. 1 lit. c GDPR if this is necessary to fulfil a legal obligation. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. We provide information on the relevant legal bases in each individual case in the following paragraphs of this data protection notice.

 

5.    General information on data transfer to third countries 

Some B&B HOTELS Group companies are based in a third country outside the European Union and the European Economic Area. The EU standard contractual clauses have been concluded for the transfer of data with these companies of the B&B HOTELS Group, which you can obtain on request via the contact details provided, e.g. by e-mail to privacy@hotelbb.com. Great Britain and Switzerland have been confirmed by adequacy decisions of the EU Commission of 28 June 2021 (Great Britain) and 26 July 2000 (Switzerland) to have a level of data protection comparable to that of the EU. 

Subject to your consent, or our legitimate interests, tools are used on the website and on the app and external content and media are integrated that are offered by companies based in third countries. If these tools are activated, your personal data may be transferred to these third countries and processed there. In these cases, data is transferred on the basis of additional guarantees in accordance with Art. 44 et seq. GDPR. Under certain conditions, the EU Commission classifies the USA as a safe third country with a level of data protection comparable to that in the EU. Data transfer to the USA is therefore permitted if the data recipient is certified under the "EU-U.S. Data Privacy Framework" (DPF). Information on transfers to third countries, including the data recipients, can be found in this privacy policy and in the information on cookies and other trackers.

 

6.    Information on the processing of personal data

6.1.    Visit the website
When you visit the website, your browser transmits certain system and browser data for technical reasons. This involves the following data (so-called server log files), which are processed by the companies jointly responsible for the online booking system:


●    IP address
●    Date and time of the server request 
●    Browser, language and version of the browser software
●    Operating system used
●    Host name of the accessing computer
●    Website from which the request originates ("referrer URL")

This data is not stored together with other personal user data. 

The temporary storage of the user's IP address by the web server is technically necessary in order to display the website. For this purpose, the IP address must necessarily remain stored for the duration of the session.

The above-mentioned data is stored in the log files in order to ensure the functionality of the online booking system. This data is also used to ensure the security of the information technology systems (e.g. to detect attacks). The data is not analysed for marketing purposes in this context.

The legal basis for the temporary storage of this data and the log files is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the technically error-free presentation and optimisation of the website - the server log files must be recorded for this purpose, and it is our assessment that, in this context, our legitimate interests prevail.

The above-mentioned data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of data stored in the log files, the retention period is up to 3 months. Storage beyond this period is possible if this data is required (e.g. to investigate attacks, misuse or fraud). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

The collection of data for the provision of the website and its storage in log files is absolutely necessary for the operation of our website for technical reasons. You therefore have no option to object to our collection of such data, but you can object if the personal data is wrong, inaccurate, or unlawful, and therefore, for example, requires rectification or erasure. Please refer to Section 11 below regarding your rights.

 

6.2.              Contact form on the website

If you send us enquiries via the contact form on the website, we collect the data requested in the contact form (e.g. name, email address) and the details of your enquiry. Mandatory fields are marked accordingly. We process your personal data in order to answer your enquiry and process your request. We store your data in case of follow-up questions.
If your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures (e.g. offer), the processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR), and it is our assessment that, in this context, our legitimate interests prevail.

The data will only be used to process the conversation and to deal with your enquiry. The data you enter in the contact form will remain with us until you ask us to delete it, the purpose for storing the data no longer applies (e.g. after your enquiry has been processed), or until it is no longer necessary for the establishment, exercise, or defense of a legal claim. 

Personal data will in general be deleted after 24 months at latest, unless it is recorded for specific purposes or deleted manually beforehand.

Mandatory statutory provisions - in particular retention periods - remain unaffected. 

 

6.3.         Enquiries by e-mail or telephone 

If you contact us via the e-mail addresses provided on the website or by telephone, we will store and process your enquiry, including all resulting personal data (name data, address data, contact data, enquiry) for the purpose of processing your request.

If your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures (e.g. offer), the processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. 
In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) and it is our assessment that, in this context, our legitimate interests prevail.

The data will only be used to process the conversation and to process your request.

The data transmitted by you via contact enquiries will remain with us until you request us to delete it, the purpose for data storage no longer applies (e.g. after your enquiry has been processed), or until it is no longer necessary for the establishment, exercise, or defense of a legal claim. Generally, personal data is automatically deleted after 24 months unless it is recorded for specific purposes or deleted manually beforehand. Mandatory statutory provisions - in particular retention periods - remain unaffected.  

 

6.4.    Newsletter

You can subscribe to a newsletter on our website. We only send newsletters with the consent of the recipient. We use a double opt-in procedure for this purpose. After registering for the newsletter, you will receive an e-mail in which you must confirm your registration. We use this procedure so that no-one can register with a third-party email address. We log subscriptions to the newsletter in order to be able to prove the registration process in accordance with legal requirements. This includes the date, time and IP address at the time of registration. To register for the newsletter, we collect the name and email address.
We send newsletters for advertising purposes to inform you about offers, promotions and other news about B&B HOTELS.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR in conjunction with Section 10(1) of the Danish Marketing Practices Act, (in Danish; Markedsføringsloven). Your data in connection with the registration for the newsletter and the dispatch will be processed by the marketing department of B&B Hotels Denmark ApS. The companies of the B&B Hotels Group, whose overview is available above, are jointly responsible for the administration and implementation of direct marketing measures. The joint controllers have commissioned B&B HOTELS DITIGAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, and MOVE ON B&B HOTELS, 271, rue du Général Paulet, 29200 Brest, France, to manage and send the newsletter. The contractors act on the basis of order processing contracts on the instructions of the joint controllers. 

Consent to receive our newsletter can be revoked at any time without giving reasons with effect for the future, for example via the unsubscribe function in each newsletter. In the event of cancellation, your e-mail address will be blocked to document that you no longer wish to receive newsletters in the future. Data that is no longer required will be deleted immediately. The blocking notice and your email address will be retained solely for documentation purposes and for general recipient segmentation purposes, subject to proper aggregation. Personal information regarding your newsletter profile, or your choice to opt out will be retained for a maximum of 12 months after you opt out, unless it is necessary to process for a longer period of time for the establishment, exercise, or defense of a legal claim. . 

 

6.5.    Online booking of hotel stays and check-in

If you book a room via the online booking system on the website or the app, we process the personal data requested via the booking form (e.g. personal master data, contact details, reservation/booking details, conditions, payment and invoice data) in order to carry out the booking and establish an accommodation contract. Your email address will be processed in order to send you reservation/booking confirmations, changes, cancellations and other notifications in connection with the reservation/booking and the accommodation contract. You will also receive an automatically generated invitation to online check-in by email before the planned arrival date. Online check-in requires that you register via the link in the email and provide your credit card details (card number, expiry date, verification number) for the purpose of payment. 
We offer a self check-in solution based on facial recognition combined with a passport scanner. Please note that our self check-in solution is non-mandatory - if you prefer personal service, we have personnel ready to check you in on-site. If you choose to use our self check-in solution, based on your consent, we scan you face and your passport to verify your identity. The companies of the B&B Hotels group, whose overview is available above, are jointly responsible for data processing via the online booking system on the website and the app. The joint controllers have appointed B&B HOTELS DITIGAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, and MOVE ON B&B HOTELS, 271, rue du Général Paulet, 29200 Brest, France, to operate and manage the online reservation system. The contractors operate on the basis of data processing agreements on the instructions of the joint controllers. 

For the purpose of establishing and implementing the accommodation contract, the data from the online booking system may be transmitted to the operator of the hotel for which you have booked your stay. 
In order to comply with legal reporting obligations, it may be necessary to transfer your personal data to the Danish national authorities to comply with the legal obligations we are subject to. . You are obliged to provide this data when you check in. 

In the case of accommodation for a minor travelling alone, the hotel where the overnight stay takes place will request a declaration from a legal representative stating the name, contact details and a copy of an identity document. Details on data processing can be found in the corresponding form.  

If you use our self-check in solution, we process your personal data based on your explicit consent, as per Art. 9 para 2 lit. a, as per Art. 6 para 1 lit. a GDPR, and Section 7(1) of the Danish Data Protection Act (in Danish; Databeskyttelsesloven). You may revoke your consent at any time. 

The personal data in the form of the scan of your face is deleted, once the facial recognition is validated. Your passport information is stored for seven (7) days and is deleted automatically afterwards.
If you use our regular check in option, the legal basis is Art. 6 para. 1 lit. b GDPR, as the processing of the data is necessary for the establishment and execution of an accommodation contract in a B&B Hotel. By reporting guest data to the relevant national authority, the B&B Hotel fulfils its legal obligations, e.g. its obligations to document all transactions in accordance with the Danish Bookkeeping Act (in Danish; Bogføringsloven). 

The data stored by us will be deleted as soon as it is no longer required for its intended purpose, until we are no longer obligated to store it, or until it is no longer necessary for the establishment, exercise, or defense of legal claims. The retention periods under  the Danish Bookkeeping Act is five (5) years, and all other information will in general be deleted after 24 months at latest, unless it is recorded for specific purposes or deleted manually beforehand.

 

6.6.    User account and participation in the B&me loyalty programme

It is possible to create a personalised user account ("B&me Account") on the website and the app in order to view bookings and make future reservations more quickly and to take advantage of the B&me loyalty programme. 

The data requested in the registration form (personal master data, contact details, language and country settings, password, communication settings) are processed for the creation and maintenance of the B&me account. Details of bookings and hotel stays as well as benefits used from the B&me loyalty programme are stored in the B&me account and can be accessed at any time. Registration for the user account and participation in the B&me loyalty programme is verified via a double opt-in procedure. You will receive a confirmation email with a link that you must click on to activate your B&me account. Your e-mail address will be stored for this purpose and for further communication in connection with your B&me account. 

The legal basis for data processing is Art. 1 lit. b GDPR. The processing of the data is necessary for the registration for the user account and the establishment and implementation of participation in the B&me loyalty programme. 

If our processing of your personal data is necessary to comply with a legal obligation to which we are subject, e.g., the Danish Bookkeeping Act, e.g., to document the transactions made, the processing is carried out on the legal bases of Art. 6 para 1 lit. c GDPR. 

The companies of the B&B Hotels group, whose overview is available above, are jointly responsible for data processing in connection with the implementation of the B&me loyalty programme. The joint controllers have appointed B&B HOTELS DITIGAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, to provide services related to the management of the B&me loyalty programme. B&B HOTELS DIGITAL SERVICES processes the personal data on the basis of an order processing contract on the instructions of the joint controllers. 

The personal data will be stored for the duration of the existence of the user account and participation in the B&me loyalty programme, until we are no longer under an obligation to store it, or until it is no longer necessary for the establishment, exercise, or defense of a legal claim. You can terminate your B&me account and your participation in the B&me loyalty programme at any time via the user account itself.. 
The retention period under the Danish Bookkeeping Act is five (5) years, and all other information will in general be deleted after 24 months at latest, unless it is recorded for specific purposes or deleted manually beforehand.

 

6.7.    B&me Club loyalty programme

Via the B&me account on the website and the app, it is possible to register for participation in the B&me Club loyalty programme for a fee.

The data requested in the registration form for the B&me account (personal master data, contact details, language and country setting, password, communication settings) are processed for the purpose of establishing and implementing participation in the B&me Club loyalty programme. Details of bookings and hotel stays as well as benefits used from the B&me loyalty programme and the B&me Club loyalty programme are stored in the B&me account and can be accessed at any time. An identification number is also stored for each member. Participation in the B&me Club loyalty programme is confirmed by sending a message to the e-mail address provided during registration. The email address will be used for further communication regarding the B&me Club loyalty programme. The legal basis for data processing is Art. 1 lit. b GDPR. The processing of the data is necessary  for the registration for the user account and the establishment and implementation of participation in the B&me Club loyalty programme.  

If our processing of your personal data is necessary to comply with a legal obligation to which we are subject, e.g., to document transactions in accordance with the Danish Bookkeeping Act, the processing is carried out on the legal basis of Art. 6 para 1 lit. c GDPR. 

The companies of the B&B Hotels group, whose overview is available above, are jointly responsible for data processing in connection with the implementation of the B&me Club loyalty programme. The joint controllers have appointed B&B HOTELS DITIGAL SERVICES, 9 boulevard Romain Polland, 75014 Paris, France, to provide services related to the management of the B&me Club loyalty programme. B&B HOTELS DIGITAL SERVICES processes the personal data on the basis of an order processing contract on the instructions of the joint controllers. 

The personal data will be stored for the duration of participation in the B&me Club loyalty programme, until we are no longer under an obligation to store it, or until it is no longer necessary for the establishment, exercise, or defense of a legal claim. 

The retention period under the Danish Bookkeeping Act is five (5) years, and all other information will in general be deleted after 24 months at latest, unless it is recorded for specific purposes or deleted manually beforehand.

 

6.8.      Gift voucher shop 

On the website there is the possibility to purchase vouchers for stays in a B&B Hotel. Information on the processing of personal data in connection with this voucher shop can be found directly in the shop area under "Privacy Policy". 

 

6.9.      Payment service provider 

If you use third-party payment services (e.g. PayPal, Visa, Mastercard, Maestro, American Express), the companies of the B&B HOTELS Group work together with the payment service provider Adyen N.V. (hereinafter "Adyen"), Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands.

Adyen is a full payment service provider that handles payment processing, among other things. The data required for the respective payment method is transmitted to Adyen, unless it is collected directly by the respective payment service (e.g. PayPal) itself. 

The bank card number, expiry date and cryptogram are processed exclusively by Adyen, which only provides us with a token for the guarantee and payment of bookings. 

The purpose of the transfer is identity verification, the desired payment processing, the performance of any credit check and fraud prevention. Insofar as this is necessary for the fulfilment of the contractual obligations, Adyen also passes on the personal data to service providers or subcontractors. 

If our processing of your personal data is necessary to comply with a legal obligation to which we are subject, e.g., to document transactions in accordance with the Danish Bookkeeping Act, the processing is carried out on the legal bases of Art. 6 para 1 lit. c GDPR. 

To be able to facilitate payment processing, we process your personal data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).

The personal data will be stored until we are no longer obligated to store them, or until it is no longer necessary for the establishment, exercise, or defense of a legal claim. 

The retention period under the Danish Bookkeeping Act is five (5) years, and all other information will in general be deleted after 24 months at latest, unless it is recorded for specific purposes or deleted manually beforehand.

The terms and conditions and privacy policy of our partner for electronic payment processing apply. Further information on data protection can be found at 

 

6.10.      Guest reviews

In order to receive feedback from our guests about their stay, we use a review service offered by TrustYou GmbH, Schmellerstraße 9, 80337 Munich, www.trustyou.com. If you have agreed to receive the newsletter, you will receive an email from B&B Hotels Denmark ApS after a stay in a B&B hotel in Denmark with a link to submit a review of your last stay. If you make use of the option to submit a review, your name, email address and/or telephone number, IP address, your review result and details of the review, other data entered and system data (browser type and version, device used, date and time of submission of the review, referring URL) will be transmitted to TrustYou GmbH and analysed by TrustYou and B&B Hotels Denmark ApS. The rating result, details of your rating, your first name, the first letter of your surname and the date of the rating may be made publicly available on the website and the app. 

Collecting and analysing reviews helps us to improve our quality. 

The legal basis for  processing your feedback is your consent to receive the newsletter (Art. 6 para. 1 lit. a GDPR), your consent to submit a public review (Art. 6 para. 1 lit. a GDPR), or the legitimate interest of B&B Hotels Denmark ApS in operating  a rating system and the evaluation of ratings after the voluntary use of the rating system by guests (Art. 6 para. 1 lit. f GDPR). 

The submission of a review is voluntary. You can object to receiving further invitations to rate hotels by email at any time by clicking on the corresponding link in each email. 

TrustYou GmbH acts on the basis of an order processing contract on the instructions of B&B Hotels Germany GmbH. You can find more information on how TrustYou handles data in TrustYou's privacy policy at: https://www.trustyou.com/privacy-policy/

The personal data will be stored until it is no longer necessary to fulfil its purpose, or until no longer necessary for the establishment, exercise, or defense of a legal claim. ln general, all personal data is deleted after 24 months at latest, unless it is recorded for specific purposes or deleted manually beforehand.

Reviews are made publicly accessible on the website and the app for a maximum period of 24 months from the date of submission, unless it is recorded for specific purposes or deleted manually beforehand. The data collected in connection with a review will be stored and analysed for a maximum period of five years from the submission of the review. TrustYou GmbH is authorised to anonymise the data thereafter and to store and use it for analysis purposes for an unlimited period of time and space. 

 

6.11.    Realisation of competitions 

We occasionally organise competitions or other contests in which guests and other interested parties can participate, e.g. in connection with the submission of a guest review. For this purpose, we process the data required for participation, such as names, e-mail addresses and answers to competition and contest questions. In the event of a win, address data may subsequently be requested in order to be able to send a prize. 

The processing is carried out solely for the purpose of organising the competition or contest, i.e. to determine and notify winners and to send out prizes. 

For competitions and other contests in connection with the submission of a guest review, we use the support of TrustYou GmbH, Schmellerstraße 9, 80337 Munich, which acts on our instructions on the basis of an order processing contract. 

If we obtain your consent in the context of a competition or contest, this is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Otherwise, if you win the competition or contest, and we are to award you with a price, Art. 6 para. 1 lit. b GDPR is the legal basis, as the data processing is necessary for us for us to perform a contract to which you are part in the form of being able to award you your competition or contest price.. 

The data will be deleted after the competition or contest has been completed, or after it is no longer necessary for the establishment, exercise, or defense of a legal claim, at latest after 24 months.

 

6.12.    Video surveillance in hotels 

Video surveillance can be used in individual areas of hotels and their premises, particularly car parks. In this context, images of guests can be recorded and analysed on a case-by-case basis. 
Video surveillance is carried out within the legal limits. The legal basis is the legitimate interest in the safety of our guests and the hotel property in accordance with Art. 6 para. 1 lit. f GDPR. 

The CCTV-recordings will be deleted after 30 days upon recording, as per Section 4c (4) of the Danish TV-Surveillance Act (in Danish: "TV-Overvågningsloven"), unless it is necessary to store it for a longer period of time due to a reported criminal offense, our handling of a specific dispute, or the processing of information for crime prevention purposes. If retention is necessary due to a specific dispute, we will inform you before 30 days after the recordings are made and will, upon request, provide you with a copy of the recording, as per the Danish TV-Surveillance Act, Section 4c(5).

Detailed information on the use of video cameras and data processing in this context can be found on site at the hotels. 

 

6.13.    Guest WLAN in hotels 

In the hotels operated by B&B Hotels Germany GmbH in Germany, access to a guest WLAN is provided. 

When using the guest WiFi, the following data may be processed, some of which is stored via the use of cookies and some of which you can optionally provide: MAC or IP address of the terminal device used, e-mail address, user name, name, room number, login date. 

B&B Hotels Denmark ApS has commissioned m3connect GmbH, Friedlandstraße 18, 52064 Aachen, Germany, to provide and operate the guest Wi-Fi system. m3connect GmbH processes your data in accordance with instructions on the basis of an order processing contract. 

We process your personal data in our Wifi network based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, which is to be able to deliver a functioning Wifi-solution to our customers. The cookies are technically necessary to ensure the functionality of the Wi-Fi system. This is also our legitimate interest. 

The data is processed for authentication and to ensure error-free operation of the guest WLAN. 

The data will be deleted after 10 weeks ,or after it is no longer necessary for the establishment, exercise, or defense of a legal claim, at latest after 10 weeks. The technically necessary cookies are session cookies that have a maximum functional duration of one day.

Further details can be found when registering for the guest WLAN on site. 

 

7.         Cookies 

Our website uses so-called "cookies" and other tracking tools. Details on this and your setting options can be found in our information on cookies and other trackers.

 

8.     Our presence on social media 

B&B Hotels Denmark ApS maintains its own channel on several social media platforms. When you visit our profile on one of the social media platforms, the respective provider of the social media platform processes data from you in order to create user profiles and to operate and improve its own services. Furthermore, some social media platform providers provide us with anonymised evaluations of the use of our profile. Some of the data processing takes place regardless of whether you are registered on the social media platform or not. The analyses usually contain the following information:
•    Reach measurements regarding profile, posts and other functions, i.e. total number of people who have visited/used the profile, posts and other functions;
•    Aggregated data on the age, gender and place of residence (country, region/city) of the people who visit the profile;
•    Usage time for videos and other functions;
•    Time and location of utilisation;
•    Devices, operating systems and software used;
•    Interactions in connection with posts, e.g. click rates, shares, comments.

With regard to the data processing operations for the purposes of the aforementioned analyses, B&B Hotel Denmark ApS is jointly responsible with the respective providers of the social media platforms within the meaning of the GDPR and has concluded corresponding agreements on joint responsibility.

We have no influence on whether and to what extent the providers collect personal data on their social media platforms. We are also unaware of the scope, purpose and storage period of data collection. It must be assumed that at least the IP address and device-related information is collected and used. It is also possible that the providers use cookies and similar technologies on their platforms with which the usage behaviour on the platforms and other services of the providers can be tracked and evaluated. 

Some of the providers of the social media platforms are based outside the territory of the European Union (EU) and the European Economic Area (EEA) (so-called "third countries"), in particular in the USA. Some of these third countries do not have a level of data protection equivalent to that of the EU or the recognition of an adequate level of data protection is dependent on further requirements, such as certification in accordance with the EU-U.S. Data Framework Agreement in the case of US companies. In some third countries, for example in the USA, government agencies have far-reaching access rights to data from companies headquartered in these third countries. We cannot rule out the possibility that data may also be transferred to Group companies in the USA or another third country, even if the providers are based in the EU.

Further information on the individual providers of the social media platforms on which we operate a profile:
•    Facebook and Instagram: The provider for the European region is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, "Meta"). Further information on data protection can be found at https://facebook.com/policy.php and in relation to Instagram at https://help.instagram.com/519522125107875. Information on the cookies used by Meta when you visit our Facebook page or our Instagram channel can be found at https://www.facebook.com/policies/cookies. For the processing operations where we are joint controllers with Meta, the following joint controllership agreement applies: https://www.facebook.com/legal/controller_addendum. The group headquarters Meta Platforms Inc, Menlo Park, California, USA, is certified under the EU-U.S. Data Privacy Framework.
•    LinkedIn: The provider for the European region is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). Further information on data protection can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy and in the cookie policy at https://www.linkedin.com/legal/cookie-policy. For the processing operations for which we are jointly responsible with LinkedIn, the following joint responsibility agreement applies: https://legal.linkedin.com/pages-joint-controller-addendum. The corporate headquarters LinkedIn Corporation, Sunnyvale, California, USA, is certified according to the EU-U.S. Data Privacy Framework. 
•    YouTube: The provider for the European region is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Further information on data protection can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de. The corporate headquarters Google LLC, Mountain View, California, USA is certified in accordance with the EU-U.S. Data Privacy Framework.
•    TikTok: The provider for the European region is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Further information on data protection can be found in the privacy policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=de

 

9.    Automated decision-making

No automated decision-making processes are used to establish and conduct business relationships and no profiling takes place. If these procedures are used in individual cases, we will inform you separately if this is required by law. 

 

10.   Obligation to provide data 

For the establishment, implementation and termination of a business relationship (e.g. booking, accommodation contract, participation in a loyalty programme, receipt of a newsletter), it is necessary or in some cases legally required that you provide us with personal data. Without this data, it will generally not be possible to establish a business relationship or it will have to be terminated. This data is regularly labelled as mandatory information in forms. 

 

11.    Data security 

We attach particular importance to the security of personal data. We implement technical and organisational measures that are appropriate to the degree of sensitivity of the personal data in order to ensure the integrity and confidentiality of the data and to protect it from malicious intrusion, loss, alteration or disclosure to unauthorised third parties. These security measures include, for example, the encrypted transmission of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions over the Internet if the key symbol appears in your browser window and the address begins with https://. TLS (Transport Socket Layer) protects data transmission against illegal access by third parties using encryption technology. If this option is not available, you can also decide not to send certain data via the Internet.

 

12.    Your rights

If we process your personal data, you have the following rights: 

Right to information (Art. 15 GDPR): You have the right to request information about the personal data processed about you. This right also includes a copy of the relevant data.
Right to rectification (Art. 16 GDPR): You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of personal data concerning you if it is incomplete.
Right to erasure (Art. 17 GDPR): You have the right to demand that the personal data concerning you be deleted immediately, provided that one of the reasons stated therein applies, for example, if you withdraw your consent to our processing of your personal data.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data if one of the reasons stated therein applies.
Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and, under certain circumstances, you have the right to transmit those data to another controller without hindrance.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on a balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you lodge an objection, your personal data will no longer be processed unless there are demonstrably compelling legitimate grounds for the processing which override your interests or the processing serves the establishment, exercise or defence of legal claims. 
Withdrawal of consent (Art. 7 para. 3 GDPR): In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future without giving reasons

You can exercise your rights: 
●    at the following e-mail address: datenschutz@hotelbb.com;
●    or via the postal address: B&B HOTELS Legal Department/Data Protection, Altkönigstraße 10, 65239 Hochheim am Main.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG) if you believe that the processing of your personal data is not lawful. This can be done with the supervisory authority responsible for B&B Hotels Denmark ApS: Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, dt@datatilsynet.dk

 

13.    Changes to the data protection information

We reserve the right to amend the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Please inform yourself regularly about the content of the privacy policy.
 

  1. B&B HOTELS
  2. Privacy Policy of B&B HOTELS in Denmark