Schlössle processes personal data according to the General Data Protection Regulation (Regulation (EU) 2016/679), as well as the other domestic and European privacy laws and regulations.
Schlössle is a company of two hotels: Schlössle Hotel in Tallinn and Grand Palace Hotel in Riga. You can contact us respectively:
Schlössle Hotel (Tallinn):
Phone: + 372 699 7700
Grand Palace Hotel (Riga):
Phone: + 371 6704 4000
We place a high value on the privacy of our every customer. For this purpose we apply the necessary technical, physical and organisational security measures to protect your personal data against losses, destruction and unauthorised access.
2. What data do we collect concerning you, and from whom do we obtain the data?
We collect and process the following types of data about you:
- Basic personal data: for example, your first and family name, date of birth / identity code.
- Contact data: for example, your residential address, phone number and e-mail address.
- Guest registration card data: this is data required by the tourism legislation concerning visitors to places with accommodation; e.g. your citizenship, name of your accompanying spouse and underage children, date and place of birth, dates of your stay in our hotels, etc.
- Credit card data: for example, your card number, owner’s name and card´s expiry date.
- Surveillance camera recordings: when you visit our accommodation, the public premises may be equipped with video surveillance systems for security reasons.
- Data concerning personal preferences: for example in relation to food or accommodation.
The personal data we process about you is provided by yourself when you make a booking or a query on our website, by phone or e-mail, or when you purchase services directly from us at the location.
Your data is also forwarded to us by travel companies, booking companies and other persons involved in the intermediation of accommodation services, through which you have ordered the accommodation or other services provided by us.
3. Why do we need your data? What happens if you do not present us with the data?
We use your data to provide the accommodation and/or other related services you have ordered from us, as well as for fulfilling the obligations placed on us through the legislation regulating our activities and general business aims, such as:
- Basic personal data: this data is required for identifying your person, which is important to ensure that the services are provided to the person for whom they were actually ordered.
- Contact data: this data is required to contact you for providing accommodation or restaurant services, but also to send you marketing material in case you have expressed your interest for this. We will most often contact you by phone or e-mail; however, under certain circumstances, it may be necessary to use your residential address (e.g. when other means of communication fail to function).
- Guest registration card data: we have an obligation, according to tourism legislation, to collect this data. The aim of this data collection is to avoid problems; for example, the dangers inherent in illegal immigration.
- Credit card data: this data is required to secure a a reservation for a certain amount on your credit card, as a payment for the services ordered or as compensation for expenses.
- Surveillance camera recordings: this data is required for ensuring security in the premises, for preventing and where relevant, investigating security incidents.
- Data concerning your personal preferences: we will use such data, when we request it or when you voluntarily offer it, to offer you better services based on your needs and desires.
We are not able to provide you with accommodation services if you do not present us with the guest registration card data.
Occasionally, we may process personal data for other additional reasons. We try to ensure that the people concerned are informed of the data processing aims at the time of the data collection. We will endeavour to inform people at the first opportunity, after receiving the personal data or before it is processed for other reasons, if it was not possible or sensible to inform the people concerned at the time of the data collection.
4. What is the legal basis for the processing of your data?
We rely on different legal bases for the processing of your data:
- Consent: We rely on this legal basis to send you marketing materials, such as newsletters and offers.
- Contract: We rely on this legal basis to create a contractual relationship with you, or to fulfil an agreement that has been signed.
- Legal obligation: We rely on this legal basis to comply with legal obligations, for example completing and storing guest registration cards for a period of 2 years.
- Vital interest: We rely on this legal basis to protect your vital interests or those of other persons, for example releasing your data to ambulance workers in the case of an accident.
- Legitimate interest: We rely on this legal basis to carry out interests such as the management of the company and the general realisation of its business activities, as well as the discovery of unlawful activites and fraud.
5. With whom do we share your data?
- Our subsidiary and related companies: we may share your personal data with our subsidiary or related companies, all of which are located within the European Union;
- Service providers: like many other companies, we may order data processing services from reputable third party service providers – for example, IT services;
- Public authorities and state institutions: we may share the data if we are legally obligated to share the data with public institutions, or if the data sharing is necessary to ensure the protection of our rights;
- Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other persons responsible for providing consultation services;
We will ensure the protection of your data if we share your data with the abovementioned persons, through establishing a data processing agreement between us and such persons.
We do not store or forward your data outside the European Economic Area or to countries to which the General Data Protection Regulation (EU) 2016/679 does not apply.
6. How long do we store your data?
We will store your data for as long as it is necessary for the purpose of fulfilling our different data processing aims.
The company shall consider the following criteria when storing personal data:
- The data will be stored for as long as it is necessary for the purpose of providing our services.
- If the person has a customer account or a loyalty card, then the personal data will be stored for as long as the account / card is active, or for as long as is required in order to offer personalised services.
- When the company has a legal, contractual or other similar obligation for storing the personal data, then the data will be stored for as long as is required to fulfil such an obligation.
- After the end of the contractual relations, certain data will be stored for as long as the person (data subject) or the company itself has the right to present demands to the other party based on a contract.
Guest registration card data, for example, is stored for a period of 2 years from the moment when the card is filled in according to the requirements of the tourism legislation. However, credit card data is only stored until the accommodation services have been provided in an orderly fashion, according to the contract existing between us.
7. What are your rights concerning your data?
Your rights as a data subject are:
1. Right to access your data – you have the right to know what data concerning yourself is being stored, and how that data is processed.
2. Right to data rectification – you have the right to demand corrections to your personal data, in cases where it is inaccurate.
3. Right to data erasure (“right to be forgotten“) – you have the right, under certain conditions, to request that we erase your personal data (e.g. if we no longer need the data, if you revoke the agreement giving us the right to process the data, etc.).
4. Right to restrict data processing – you have the right, under certain circumstances, to forbid or restrict the processing of your personal data for a certain period (e.g. if you have submitted an objection concerning the data processing).
5. Right to present objections – you have the right to present objections concerning the processing of your personal data, considering the concrete situation, if the data processing is taking place according to our legitimate interests or the interests of the general public. Objections to the processing of data for direct marketing purposes can be made at any time.
6. Right to data portability – you have the right to demand that the data you have forwarded to us is transferred to you in a machine-readable format. You may also demand that the data be transferred directly to another controller, but only if such a transfer is technically possible. The right to a data transfer is only valid for the data which we are processing based on your permission, or for fulfilling a contract signed with you.
7. Profile analysis – you have the right to demand that your personal data is not used for automated processing such as profiling. Profiling is an activity where certain personal aspects of data subject are evaluated. Schlössle uses profiling, for instance, to analyse or predict aspects concerning customer´s personal preferences, interests, behavious, location or movements. This is done with a purpose to make offers.
8. The use of “cookies”
Cookies are files that collect various technical information about a user’s computer, browser, and site usage, such as the pages on which the user has visited and in which order. Cookies enable statistics regarding website use and the popularity of diferent sections and other actions on a website to be monitored. The information received by cookies is utilised to make the website more convenient to use and to improve the content of the webiste
When visiting our websites you have the right not to allow cookies to be saved on your computer. In this case you have to take into account that not all of the website´s functions may be available.
We use the following types of cookies on our websites:
- Permanent cookies: these are necessary to navigate the website and use its contents. In case these are blocked you are unable to use all of the websites´ functions.
- Session cookies: these enable the website to remember previous choices made by you (username, language settings etc) and provide more efficient and personal functions.
- Tracking cookies: these collect data about your behaviour on the website. Information received by tracking cookies helps making the website more convenient to use.
9. Implementing provision
10. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter referred to as “Google”). Google Analytics uses so-called cookies. Cookies are text files which are stored on your computer and enable us to analyze how you use our website. The data on your visits to our website generated by such cookie shall be transmitted to and stored on one of Google’s servers in the USA. This website uses IP anonymization “_anonymizeIp()” so that your IP address is shortened within the member states of the European Union or in other countries which are parties to the treaty on the European Economic Area. Only in exceptional cases shall the full IP address be transmitted to one of Google’s servers in the USA and shortened thereafter. Such shortened IP address excludes the possibility of establishing a direct relation to the person via the IP address. Google will use such information in the name of the operator of this website in order to analyze how our visitors use the website, to prepare reports on the website activities and to render other services to the website operator in connection with the use of the website and of the internet. The IP address transmitted by your browser in connection with Google Analytics shall not be combined with other data collected by Google. You can prevent the storage of the cookies by changing the relevant settings of your browser software; however, we must point out that in such case you might not be able to fully use all of this website’s functions. In addition, you can prevent the collection of your personal data in relation to your use of the website as generated by the cookie (incl. your IP address) by Google as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link:
By clicking on the following link, you can prevent Google Analytics from collecting your data. An opt out cookie shall be installed which prevents the collection of your data on future visits to this website:
“Deactivate Google Analytics”
In case your cookies are deleted after you close your browser, such opt out cookie must be stored again.
For the general data protection information of Google, please click on the following link: https://policies.google.com/privacy?hl=en
For the data protection information on Google Analytics by Google, please click on the following link:
Our website uses plugins of the social network Facebook. Such plugins are exclusively operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). Such plugins are marked by a white “F” or by the button “like”. If you activate such plugin on our website by clicking on it, the browser will establish a direct connection with Facebook’s servers. Based on such connection, Facebook will transmit to your browser the content of the Plugin and your browser will embed it in the website. In addition, Facebook will be informed that you visited our website. Should you be logged in on your personal Facebook user account during your visit on our website, Facebook can allocate this visit of our website to your user account. The same shall be true for interactions with plugins, e.g. the clicking on the “like” button or for writing comments. Such information shall be directly transmitted to and stored by Facebook. If you wish to prevent the data transmission to your Facebook account, you have to log out from Facebook before you visit our website.
The purpose and scope of the data collection and their processing and use by Facebook are explained in Facebook’s data protection provisions (https://www.facebook.com/policy.php).
12. Use of Twitter’s tweet button
13. Google+ buttons
We embedded the Google+ button of the social network “Google+” in our websites. Such social network is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Google+ button shows the symbol “G+”.
If you click on the Google+ button on one of our webpages and activate the link connected therewith, your browser will establish a direct connection to the Google servers and the button is loaded there, transmitting the information to Google Inc. that our website was accessed by directly transmitting the contents of the “G+” button to your browser which links them to the website.
For this reason, we do not have control of the data Google collects via this button. In accordance with the information we received from Google, no personal data are collected as long as you do not click on the button. Only if members of the social network Google+ are logged in, data such as IP address will be collected and processed. If you are a Google+ member and do not wish Google to collect information about you via our website, please log out from Google+ before you visit our website.
Our company is not informed of whether or when you use the Google+ button. Google only provides us with summarized, non-personal statistics on the use of the Google+ button.
For information on the individual data Google collects for its own purposes and on the processing and use of such data, please go to Google’s data protection information at: https://policies.google.com/privacy
If you wish to prevent the data transmission to your Instagram account, you have to log out from Instagram before you activate the plugin.
If you wish to prevent the data transmission to your Pinterest account, you have to log out from Pinterest before you activate the plugin.
By clicking on the button with the white rectangle and the grey triangle you will be directed to our company’s page on YouTube. With this click, your browser establishes a direct connection with YouTube’s servers. Should you be logged in on your personal YouTube user account during your visit on our website, YouTube can allocate this visit of our website to your user account. If you wish to prevent the data transmission to your YouTube account, you have to log out from YouTube before you click on the YouTube button. For more information on the purpose and scope of the collection of data and on the processing and use thereof, please consult the user guidelines of YouTube (http://www.youtube.com/t/terms) and the data protection information of Google included on YouTube’s website (https://policies.google.com/privacy). YouTube’s website is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 – represented by Google Inc.
This website contains links to third-party websites. Such links were carefully checked before activation. However, we cannot exclude that the operators change the contents of such websites afterwards. This data protection information only applies to the website of SIA Hotel Grand Palace. Any liability for the contents or the correctness of the data protection information for third-party websites shall be excluded. For information on the data protection regulations of third-party providers, please go to their websites or contact the provider directly.