Privacy notice – Mobile Key 

Last updated: 11th June 2018

Hoist Group is providing you this mobile key application (the ‘Service’) and we do it with your privacy in mind. We use and collect the least amount of information from the hotel, your online travel agent (if applicable) and your device in order to provide mobile key services in ways consistent with your privacy rights. Hoist Group and the hotel at which you are using this Service are controllers in common of your information (‘subject data’). Hoist Group is based in Sweden but provides its mobile key services through local subsidiaries. 

Hoist Group collects the following data when you use the mobile key:

  1. Information about your reservation from the hotel or online travel agent. 
  2. Your name, surname, email address and or phone number. 
  3. Log data: information about communications between your device and the hotel: including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use and other statistics

Legal Basis of Collection

This Service is provided as part of your contract with the hotel. 

Sharing of Data

When you use our Service, we receive some personal data from the hotel or online travel agent such as your email address and the dates of your stay at the hotel.  In addition, the Service may automatically share certain information with the Wi-Fi provider at your hotel to automatically log you in when you re-enter the hotel. Hoist Group does not share or sell your data other than to provide you the Service. 

Length and Place of Storage of Data

Hoist Group will keep your data as it is obligated to keep it under the Data Retention laws in place in the country where you access the service. It will not sell your data to third parties or transfer it out of the EU. Hoist Group protects your data in Switzerland (under Commission Decision 2000/518/EC of 26 July 2000) and the EU with equal protection to the EU.

Your Data Rights

The General Data Protection Regulation gives you, the data subject, rights as follows: 

  1. The right to be informed – Hoist Group has provided this Privacy Notice
  2. The right of access – A copy of the subject data Hoist Group has on you may be retrieved by a request at the email below
  3. The right to rectification – Hoist Group automatically collects metadata in the provision of the mobile key application that is not subject to rectification. However, data you provide such as your email address that is shared with the hotel may be rectified by contacting the hotel, as the hotel becomes the data controller. 
  4. The right to erasure – Hoist Group permanently erases your data when it is no longer obligated by law to keep it. There is therefore not a separate right to erasure. 
  5. The right to restrict processing – This right does not apply to the subject data held by Hoist Group. 
  6. The right to data portability – As above, this right does not apply to the subject data held by Hoist Group.
  7. The right to object – Again, this right does not apply to the subject data held by Hoist Group. 
  8. Rights in relation to automated decision making and profiling - This right does not apply to the subject data held by Hoist Group. 
  9. To exercise your right of access, or if you have any questions about your data, please email Hoist’s Data Protection Officer dpo@hoistgroup.com . Hoist Group has the right to ask you for information to assist in locating that data and confirming your identity.  Hoist Group’s Supervisory Authority is in Sweden and can be reached through: http://www.datainspektionen.se/in-english/contact-us/ 

Communications

The hotel where you use this Service may use your data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Security

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.

Links to Other Sites

The Service contains links to websites as designated by the Controller in Common of your subject data, the hotel where you are using the Service.  This is in order to provide you seamless hospitality service.

Children’s Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.

Changes To This Privacy Notice

We may update our Privacy Notice for Mobile Key from time to time.