Last revised on May 29, 2018
The hotel is committed to protecting the privacy of the hotel’s users and customers.
- Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
- EU Privacy Law - regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the “GDPR”), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to the processing of Personal Data and privacy.
- Processor – a natural or legal person, public authority, agency or other body, which processes Personal Data on behalf of the controller.
- Recipient - a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a Third Party or not.
- Third Party - a natural or legal person, public authority, agency or body other than the data subject, controller, Processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.
- Supervisory Authority - An independent public authority that is established by a Member State pursuant to Article 51 of the GDPR.
- Personal Data - any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing - any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Standard Contractual Clauses - sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of Personal Data.
- Personal Data Breach - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
2. Collecting and processing Personal Data
2.1. The hotel collects, processes and stores Personal Data when booking is made through the hotel website, by phone, by the third party or when a guest stays in the hotel.
2.2. Processed data categories: Address, Date of arrival and departure, Email address and clicking and opening behavior, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date, Telephone number.
2.3. Source of data.
- Directly from the client through the online booking form;
- Through the online booking channel the client used to make the booking;
- From travel agents;
- From the hotel email analytics service provider
2.3. Ground for processing.
- to take steps to enter into and perform a contract;
- to receive a guest satisfaction surveys by email during or after the stay to enable to measure the performance of the hotel. A guest may unsubscribe from the hotel guest satisfaction survey emails at any time by clicking on the unsubscribe link in the sent emails;
- to ensure and follow up on the good performance of the contract with the hotel.
2.4. Recipients of data.
- The SKYEXPO hotel;
- IT service providers involved in the (online) booking process;
- IT service providers;
- Email communications service provider.
- Email communications service provider;
- Provider of targeted advertisements;
- Guest satisfaction survey provider;
- IT service providers;
- Email analytics service provider.
3. Hotel booking process
In the context of the hotel booking process – whether this takes place online on the hotel websites, through an online booking channel, via a travel agent, by telephone or directly at the hotel – the hotel processes the client’s Personal Data for the purpose of enabling you to reserve a room in the hotel; verifying the availability of the hotel and to administer the booking; sending you a booking confirmation; and sending non-commercial pre-arrival emails.
4. Hotel stay
3.1. The hotel collects and processes Personal Data of the guests for the purposes of registering the arrival and departure at the hotel; obtaining a credit card guarantee or hotel deposit to ensure payment of the stay; managing (and archiving) the hotel registration card; creating or updating guest's profile in the hotel management system; managing payment of the stay; establishing, printing or sending an invoice for the stay; and paying a commission to the travel agent (if applicable).
In the event you have booked a room in one the hotel but do not show up – without cancelling – on the date of arrival communicated, we will process your Personal Data for the purposes of cancelling your stay and any other reservation you may have made; and managing, processing and settling any outstanding payment that may be due.
3.2. The hotel endeavors to make guests stay as pleasant as possible. This requires processing their Personal Data for the purposes of providing specific services during the hotel stay. These services include housekeeping and maintenance; returning lost or forgotten items; providing a better service during stay at the hotel.
4. Hotel guest additional services
In the hotel a guest can benefit from additional services, such as breakfast, room service, minibar, pool, restaurants and bars, spa treatments, laundry services, parking, taxi requests, free Wi-Fi, etc. When making use of additional services, guest's Personal Data may be processed to manage the booking and use of such additional services; to administer any advance bookings of additional services to the guest's file; personalize returning guests’ arrival to the hotel and the choice of room amenities and room features; and manage the expenses incurred for such additional services.
5. Subscription to the Newsletters
5.1. Newsletters and marketing
If a client has explicitly consented to receive the hotel’s newsletters or marketing communications, the hotel may contact the client with information about the services and latest offers and process his Personal Data for this purpose. If a client no longer wants to receive the hotel’s newsletters or marketing communications, the client can unsubscribe from the marketing emails by clicking on the unsubscribe link in the sent emails.
5.2. Newsletters and marketing communications analytics.
In the context of the hotel’s newsletters and marketing communications, the hotel may process and collect the clients’ Personal Data.
6. Mobile Applications
In order to assist guests in booking, planning and enjoying their stay, the hotel offers mobile applications.
Depending on how a guest uses the hotel’s mobile applications, his Personal Data may be processed for the purposes of enabling to reserve a room in the hotel; performing special services; enabling to book meetings and events in the hotels; feedback on the guest’s stay; addressing the requests made through the mobile app, including through the chat.
The hotel may use any data a client provides for analytical purposes to optimize the clients’ experience, enhance marketing, business and operational efficiency of the hotel, create segments of the customers based on their Personal Data and tailor the hotel’s offers and promotions to their preferences and consumption habits. In the context of such analytics, the hotel analyzes and may combine different data about the guests, including responses to guest satisfaction surveys; communications guests have with the hotel; click-through rates for marketing communications; the guests’ behavior on the website; bookings.
8. Social Media and Online Reviews
The hotel may process client’s Personal Data obtained through social media platforms (including VKontakte, Facebook, Instagram) or online reviews (including on TripAdvisor) for the purposes of addressing questions or complaints; monitoring hotel online reputation; and improving its services and identifying opportunities on which the hotel can focus.
Some of social media pages of the hotel allow users to submit their own content. The customers can view any content submitted to one of the hotel social media pages and they should be cautious about providing certain personal information via these platforms. The hotel is not responsible for any actions taken by other individuals if a customer posts personal information on one of the hotel’s social media platforms (e.g., Facebook or Instagram).
9. Clients Rights – Under EU Privacy Law
10.1. If a customer is in the EU, EU Privacy Law grants specific rights, which he can exercise free of charge, subject to statutory exceptions. These rights may be limited, for example if fulfilling a request would reveal Personal Data about another person, or if a customer asks a hotel to delete information which it is required by law to keep or have compelling legitimate interests in keeping.
Should there are unresolved concerns, there is a right to lodge a complaint with a Supervisory Authority.
10.4. In accordance with EU Privacy Law, a customer has right to erasure his Personal Data processed by the hotel as described in this Privacy.
10.5. A customer has right to restriction of processing his Personal Data. Under certain circumstances described in EU Privacy Law, a customer may ask the hotel to restrict the processing of his Personal Data.
10.6. Under certain circumstances described in EU Privacy Law, a customer has right to object to processing his Personal Data, including where his Personal Data is processed for direct marketing purposes.
10.7. Russian Citizens. In accordance with Russian Federal Law “On Personal Data” No. 152-FZ the hotel collects, records, systematizes, accumulates, stores, updates and extracts Personal Data about Russian citizens using databases located in the territory of the Russian Federation.
If a customer indicates that he is a Russian citizen of the Russian Federation, the hotel will process his Personal Data in compliance with this requirement and his profile will be maintained on databases in the Russian Federation. Information containing Personal Data of Russian citizens may be transmitted from the Russian Federation to countries that ensure an adequate level of protection for Personal Data, including member states of the EU and other countries, which Russian law recognizes as ensuring adequate to protection. By submitting information to the hotel's sites and apps, submitting forms to the hotel, registering on the hotel's site, programs and apps, or making reservations, a customer grants the hotel consent to process his Personal Data.
10.8. Security Measures.
Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of security of your Personal Data, including but not limited by encryption techniques, physical and IT system access controls, obligations of confidentiality, etc.
In the event Personal Data is compromised as a result of a Personal Data Breach the hotel will make the necessary notifications, as required under applicable laws.
10. Third Parties
10.1. The hotel shares or discloses information as described herein, including with Third Parties.
A client's Personal Data will also be shared with government authorities and/or law enforcement officials if mandated by law or if required for the legal protection of the Controller(s) legitimate interests in compliance with applicable laws. In addition, the hotel may share the Personal Data of a client and other information with a successor to all or part of the business, where this is in the legitimate interests in facilitating a business sale and in this context the business interests prevail over client's.
11. International Data Transfers
If a client is in the European Economic Area (EEA), the data that collects the hotel may be transferred to and stored at a destination outside the EEA, including for the purposes of processing that data by selected Processors. Countries outside the EEA may not have laws, which provide the same level of protection to clients’ Personal Data as laws within the EEA.
12. Retention period of Personal Data
To determine the appropriate retention period for the information the hotel collects from a client, the hotel considers the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether the hotel can achieve those purposes through other means, and the applicable legal requirements.
13.1. We do not knowingly collect or solicit Personal Data from anyone under the age of 16 or knowingly allow such persons to book a room in one of our hotels. In the event we learn that we have collected Personal Data from a child under the age of 16 without verification of parental consent, steps will be taken promptly to remove that information.