a subsidiary of Tallink Grupp
Open navigation Search
Close navigation

Book a room You can modify or cancel your booking here

1

2

3

4

INTRODUCTION

This is the privacy policy (“Privacy Policy”) of OÜ TLG Hotell (“Tallink Hotels Hotels”) that presents the ways Tallink Hotels Hotels processes its customers’ and other data subjects’ personal data at its disposal.

Processing in the context of this Privacy Policy means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruct; any activity carried out with personal data.

Personal data in the context of this Privacy Policy means any information related to a data subject that can be used to directly or indirectly identify the person, like name, e-mail or contact address.

Customer satisfaction is the highest priority for Tallink Hotels Hotels. For better customer service and the correct performance of all contractual relationships and legal obligations, Tallink Hotels Hotels processes customers’ personal data subject to the principles laid down in this Privacy Policy and in the applicable law. The availability of proper personal data processing ensures accurate and swift customer service by Tallink Hotels Hotels and is therefore foreseen to fulfil the best interests of Tallink Hotels’s customers.
This Privacy Policy does not concern or protect the processing of anonymous information or information about legal persons.

1. PERSONAL DATA CONTROLLER, PROCESSORS AND DATA PROTECTION OFFICER

Personal Data Controller
Name of the controller: OÜ TLG Hotell
Company registration code: 10952552
Address: Sadama 11a, 10111 Tallinn, Estonia
Contacts: telephone +372 630 0808, e-mail hotelbooking@tallink.ee
Personal data ‘controller’ is a legal person which determines the purposes and means of the processing of personal data.

Personal Data Processors
Tallink Hotels’s data processors are the third parties with whom we may need to share personal information to help us provide services and products to you. Tallink Hotels’s data processors include:
• our subsidiaries or affiliates;
• our third party partners who process information on our behalf to help us run some of our internal business operations;
• law enforcement bodies in order to comply with any legal obligation.

Data Protection Officer
In order to ensure high level of personal data protection, Tallink Hotels has designated a Data Protection Officer (“DPO”) with expert knowledge of data protection law and practices. DPO assists Tallink Hotels in maintaining personal data protection compliance.

The DPO in Tallink Hotels serves as a contact point for data subjects in case of requests and/or questions related to personal data protection and personal data processing in Tallink Hotels. Data subjects may contact the DPO with regard to all issues related to processing of their personal data and to the exercise of their rights.

Tallink Hotels DPO’s contact details are:
Data Protection Officer
Sadama 5/7, 10111 Tallinn, Estonia
dpo@tallinkhotels.com

2. PRINCIPLES OF PERSONAL DATA PROCESSING

Tallink Hotels processes Your personal data subject to the principles laid down in this Privacy Policy.

Transparency
Tallink Hotels processes Your personal data in a fair and transparent manner and only when we are allowed to process Your personal data according to the law.

Purpose limitation
Tallink Hotels collects Your personal data for specified, explicit and legitimate purposes. We will not further process Your personal data in a manner that is incompatible with the initial purposes. When processing Your personal data for a purpose other than the initial purpose, we rely on the legal bases originating from the law (e.g. when receiving requests from courts or law enforcement authorities) or we ask for Your approval for processing Your personal data for a purpose other than for which You originally provided us with Your personal data.

Data minimisation
Tallink Hotels is doing its best to ensure that personal data processed by Tallink Hotels is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We don’t process any redundant information about You.

Accuracy
Our aim in Tallink Hotels is to ensure that personal data shall be accurate and kept up to date where necessary. Tallink Hotels shall take every reasonable step to ensure that inaccurate personal data will be erased or corrected without delay. If the personal data should prove to be false, Tallink Hotels also gives You the possibility to correct and/or delete it. To do so, please write to: privacy@tallink.com

Storage limitation
Tallink Hotels keeps Your personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality

Tallink Hotels processes Your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing. Tallink Hotels will take all reasonable measures in its power against accidental data loss, destruction or damage. Tallink Hotels uses technical and organizational measures to enhance security when processing personal data. For raising awareness and knowledge about personal data protection in Tallink Hotels, privacy trainings are organized for Tallink Hotels employees who handle Your personal data. In addition, our employees are bound by obligation of confidentiality and we do everything in our power to keep Your personal data safe with us. Tallink Hotels employees may access and use personal data only if they are authorized to do so and only in compliance this Privacy Policy.

Tallink Hotels normally does not process special categories of personal data (sensitive data such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health). Tallink Hotels only processes such type of personal data when there exists a legal basis for that, for example if we are obligated or allowed by law to process this kind of sensitive personal data. For example, we might process data concerning health when there occurs a need to give emergency aid or when you have asked us to help you due to your health condition.

Data protection by design and by default
When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data, Tallink Hotels takes into account the data subject’s right to personal data protection.

3. DATA SUBJECT’S RIGHTS

Respecting data subject’s rights is of importance to Tallink Hotels and therefore handled with special attention. When requested by the data subject, the information about that specific data subject will be provided by Tallink Hotels. Please note that we need you to prove who you are before we can help you with any request related to personal data.

This means that, when looking through Your request and in case of doubt, Tallink Hotels may ask additional information to be provided by You for data subject’s identification. We do this to be sure about the data subject’s identity and to ascertain that we provide the correct information to the right person.

If the purposes for which Tallink Hotels processes personal data do not or do no longer require the identification of a data subject, Tallink Hotels will not be obligated to maintain, acquire or process additional information in order to identify the data subject. Upon data subject’s request and if possible, Tallink Hotels will inform the data subject accordingly about this kind of processing.

Right of access by the data subject – You have the right to access Your personal data which is processed by Tallink Hotels. This enables You to be aware and verify which type of personal data and how Tallink Hotels processes about You. You can also turn to Tallink Hotels and ask for which purposes we process Your personal data if it remains unclear to You or You would like to ask additional questions from us. We aim to answer You as soon as possible but we try to do this no later than in one month. In more complex requests we might need to extend the answering time by a further two months. In the latter case, we will contact You about the extension of the answering period and explain You the reasons. To ask us questions related you data processing, please write to privacy@tallink.com.

Copies – Tallink Hotels will provide a copy of Your data of upon Your request free of charge when You need it. For any further copies requested, Tallink Hotels may charge a fee based on actual costs if the requests from a data subject are of repetitive character. Tallink Hotels may refuse to disclose the data in a copy entirely or refuse to provide a copy when this disproportionately affects the rights and freedoms of other data subjects besides You and less strict measures cannot be taken.

Right to rectification – every data subject who notices that his/her personal data is not up-to-date, false or needs to be corrected can turn to Tallink Hotels and have this data rectified and corrected. You can also have Your incomplete personal data completed. Tallink Hotels will make sure this personal data will be corrected as soon as possible. In order to have this done, You are welcome to contact us by writing to the e-mail address privacy@tallink.com.

Right to erasure (“right to be forgotten”) – this right allows data subjects to have their personal data erased where one of the following grounds applies:
• the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
• when the data subject withdraws consent;
• the data subject objects to the processing and there is no overriding legitimate interest for the processing;
• the personal data have been unlawfully processed;
• the personal data have to be erased in order to comply with a legal obligation or because the personal data was processed in relation to the offer of information society services (e.g. apps) to a child.

Right to erasure is not an absolute right and therefore Your request to have Your personal data erased may not mean that all of Your data will be erased after the request. Sometimes we are obligated by law to retain some data and in cases like this we might not be able to satisfy Your request to erasure. This can also be the case when we need to retain this data for the exercise or defence of legal claims.

Right to restriction of processing – when exercising this right, data subjects may “block” or suppress the processing of personal data by Tallink Hotels. As a result of that, Tallink Hotels may be permitted to only store the existing personal data but not further process it. Tallink Hotels restricts the processing of Your personal data upon Your request until the verification of accuracy or when You contest the accuracy of Your personal data. Tallink Hotels may also be obligated to restrict the processing of personal data, for example, when Tallink Hotels no longer needs it, but You require the data to establish, exercise or defend a legal claim.

Right to data portability – You may use the right to receive the personal data concerning You, which You have provided Tallink Hotels, in a structured, commonly used and machine-readable format. In exercising this right, You may use the right to have Your personal data transmitted directly from one controller to another, where it is technically feasible.

Right to object – You have the right to object, on grounds relating to Your particular situation, at any time to processing of personal data concerning You which is based on legitimate interest, including profiling. In that case, Tallink Hotels will no longer process the personal data unless Tallink Hotels has a legitimate grounds for the processing the personal data.

• Where Tallink Hotels processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing at any time and free of charge.
• Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes by Tallink Hotels. In this case, Tallink Hotels stops processing Your personal data for marketing purposes but might not stop processing it for other lawful purposes.

The right to lodge a complaint with a supervisory authority – every data subject has the right to turn to a data protection supervisory authority with a complaint if the data subject considers that the processing of personal data relating to him or her infringes and is not in accordance with provisions foreseen by the data protection laws and GDPR. The national supervisory authority in Estonia is “Andmekaitse Inspektsioon”, in Finland “Tietosuojavaltuutettu”, in Latvia “Datu Valsts Inspekcija” and in Sweden “Datainspektionen”.

The right to withdraw consent – if the personal data processing is based on consent, the data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. Tallink Hotels will stop processing personal data if the sole basis for the processing is consent. If there exist other legal ground(s) for personal data processing (e.g. contract, legitimate interest) the processing may be continued based on this other legal ground.

4. PURPOSES OF PROCESSING OF PERSONAL DATA

Tallink Hotels processes personal data for several different purposes. In different cases Tallink Hotels processes personal data for purposes, which include:
• sale activities;
• marketing, direct marketing by profiling and for making sale and promo offers;
• data analytics for marketing purposes;
• booking and customer services;
• invoicing and related correspondence with customers;
• providing accommodation and additional services;
• legal purposes and legal obligations;
• receiving and handling client feedback;
• conducting surveys for customer feedback and service improvement;
• applying security measures and for solving incidents.

5. CATEGORIES OF PERSONAL DATA PROCESSED

The personal data processed by Tallink Hotels includes data subject’s:
• name and surname;
• date of birth;
• nationality and sex;
• address, phone number, e-mail address and other contact data;
• credit card, loyalty card (Club One) and customer’s account numbers information;
• data about purchases and services offered by Tallink Hotels, including data related to goods/services and quantities thereof;
• sales and accommodation data, including the date and time;
• customers’ health data (only when Tallink Hotels customers provide us with this data or it is necessary in order to protect the vital interests of the data subjects);
• other personal data voluntarily revealed to Tallink Hotels by data subjects (e.g. personal data provided to Tallink Hotels by customers in customer feedback forms).

7. PROFILING AND MARKETING

Profiling in Tallink Hotels represents itself of any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a data subject. In Tallink Hotels, profiling may be carried out, for instance, to analyse or predict aspects concerning customer’s personal preferences, interests, behaviour, location or movements. As a result of profiling, Tallink Hotels is determined to make offers, for the best services and goods to Tallink Hotels customers on the basis of a consent, contract or legitimate interest in order to satisfy all the needs of Tallink Hotels’s customers.

Tallink Hotels may use different ways of profiling. For making offers, Tallink Hotels distinguishes receivers of the offers for example on the ground of travel behaviour, language, citizenship and place of residence (to send the offer in an understandable language and to target customers in particular region), age (to make an offer most suitable for certain age group), previous accommodations and purchases (to send offers and products customer prefers the most).

Where personal data is processed for the purposes of direct marketing, data subjects may “opt-out” from having his or her personal data used for such purposes and exercise the right to object to processing for direct marketing purposes. For example, if Tallink Hotels sends You a newsletter with different offers and You no longer wish to receive them in the future, You have always the chance to opt-out from receiving these offers. Customers are welcomed to express their wish to receive these offers again in the future after withdrawal of such offers.

Tallink Hotels may send advertisements or display them on Tallink Hotels website to its customers regarding its services, or customer satisfaction questionnaires for the purpose of improving service quality, or the offers of other business partners. Customers may refuse to receive such advertisements, questionnaires and offers at any time by informing Tallink Hotels via links for automated refusals.

8. THE USE OF „COOKIES“

Cookies are files that collect various technical information about a user’s computer, browser, and site usage, such as the pages on which the user has visited and in which order. Tallink Hotels uses cookies that are purely of technical nature (e.g. for statistics) and cookies that can identify guest users, facilitate and personalize the sign-up and movement of visitors on the site, and measure and analyse user habits. Cookies allow the website to remember information about data subject’s visit, e.g. preferred language and other settings.

When Tallink Hotels customers are using Tallink Hotels services, Tallink Hotels and external service providers and partners may send cookies or similar technology to user’s computer to enhance and develop user’s online experience. However, You can also set your browser settings in such a way that it informs You when you receive a cookie or automatically declines to accept it. Therefore, You can decide for yourself whether You wish to accept cookies or not. At the same time, please be aware that some Tallink Hotels website features or services may not function properly without cookies.

Tallink Hotels’s website may also use various tracking and analytics tools to gather information, analyze and measure the use of the site or the effectiveness of Tallink Hotels’s communications or advertising, i.e. how Tallink Hotels’s communication reaches to customers.

9. SAFEGUARDS

Tallink Hotels keeps all personal data revealed to it strictly confidential and protects customers’ and employees’ personal data from illegitimately falling into the hands of third parties by applying effective IT security measures.

Tallink Hotels uses safeguards which take into account the nature, scope, context and purposes of the processing and the risk to the rights and freedoms of natural persons. These measures include inter alia appropriate IT, technical and organisational data protection measures, pseudonymisation and anonymization. Such measures are put in place to ensure that by default personal data are not made accessible to an indefinite number of persons where there is no will for that and to ensure personal data protection in general. In addition, when using CCTV, Tallink Hotels displays signs, which are visible and readable to data subjects.

10. IMPLEMENTING PROVISION

Taking into account possible changes in legislation, case law and developments in the practices of technologies ensuring high level of personal data protection, Tallink Hotels reserves the right to make changes to this Privacy Policy. Therefore, this Privacy Policy is subject to a periodical review and possible changes where necessary. We will post any Privacy Policy changes on Tallink Hotels websites and, if the changes are significant, we will provide a more prominent notice. We will also keep prior versions of this Privacy Policy in an archive.