1. Introduction
Dronningens Ferieby is a privately run, accessible holiday facility built in 1990 by The Danish Multiple Sclerosis Society, an organisation that works to combat MS. Its main object is to support Danes who have multiple sclerosis and to improve conditions for the many Danish families whose lives are affected by the disease. Dronningens Ferieby offers holidays in light, newly renovated chalets that have been tastefully decorated and designed with safety and freedom in mind, particularly for wheelchair users, people with reduced mobility and people who need extra flexibility or aids in their daily lives. Accordingly, all the holiday chalets at Dronningens Ferieby have been modernised to a high standard and thoroughly tested by no fewer than 10 groups of people with various disabilities – for example, people with multiple sclerosis or visual impairments, and wheelchair users. Dronningens Ferieby thus benefits numerous residential facilities, day centres, care centres and families.
According to law, we are required to inform you about how we process and disclose personal data. When, as a holiday village guest or an anonymous user, you visit Dronningens Ferieby’s website and possibly book a stay with us, as the data controller, Dronningens Ferieby (hereinafter ‘Feriebyen’) collects and processes a range of personal data.
We process personal data for certain general purposes:
- To give you, as a user of Feriebyen’s website, a better visitor experience.
- To enable us to improve and develop our products and services for the benefit of our guests.
Below are further details regarding our processing of personal information.
2. Types of personal data
Categories of registered persons (data subjects) and of personal data
Categories of individuals and categories of personal information are collected and processed if you provide the following information:
For all anonymous users:
- Name
- Address
- Email address
- Phone number
In addition to the above data, for all users wishing to book a stay at Feriebyen, we collect and process the following:
- Need for daily living aids (indicating health information)
- The Danish Multiple Sclerosis Society membership number (indicating health information), which entitles the user to apply for a holiday village grant (discounted stay) if the user has multiple sclerosis.
If you receive newsletters from Dronningens Ferieby, we also collect and process:
- Statistics about your email behavior regarding push notifications and email newsletters, such as whether you have opened an email and which links you have clicked on.
3. Purpose
For all anonymous users:
We process personal data for these purposes:
Personalisation
- To optimise and personalise your user experience, which includes an analysis of your user behaviour, selected content and interests to serve as a basis for recommending content we believe you’ll find interesting and relevant.
- To personalise content on the basis of your personal preferences in terms of sporting activities, etc.
Direct Marketing, etc.:
- To send email newsletters or digital marketing from Dronningens Ferieby on Dronningens Ferieby’s services/websites (based on your permission, where required by law).
- To send you offers and recommendations about Dronningens Ferieby’s offerings and activities (based on your permission, where required by law).
- To send you marketing materials, if this is also in compliance with the applicable marketing law.
Business development
- Statistical and analytical purposes so we can improve Feriebyen’s digital products and make them easier and better for our users and members. This entails, for example, improving technological solutions and the user experience across Feriebyen’s digital services and/or developing all-new initiatives and services.
Compliance with legislation and other legitimate purposes
- Compliance with current legislation (eg, the EU General Data Protection Regulation and the Danish Data Protection Act) and other legitimate purposes.
- Duty to provide documentation
- Compliance with the basic principles governing personal data processing and the legal basis for the processing
- Initiating and maintaining technical and organisational security measures, including measures to ensure operational stability and our options for protecting our services against any hostile attacks, eg, hacking.
- Safeguarding Feriebyen’s legal interests, eg, in respect of the violation of user rights and legislation concerning, for instance, personal data and intellectual property rights.
- Investigations of suspected security breaches or knowledge thereof, and reporting such breaches to individuals and authorities
- Handling enquiries and complaints from data subjects and others
- Handling inspections and enquiries from supervisory authorities
- Settling disputes with data subjects and third parties
- Statistical investigations and reports
For all users wishing to book a stay at Feriebyen:
We process personal data for these purposes (in addition to those mentioned above):
Personalisation
- To target and personalize our communication to you.
Active contact
- To provide customer service if you contact us with questions.
- To enable you to ask questions, participate in competitions or in any other way submit comments and content to our organisation.
4. The legal basis for collecting and processing personal data
For all anonymous users:
The information below concerns the legal basis for our data processing
Processing/legal basis
All anonymous users
Display of content, etc:
Article 6(1)(f) of the General Data Protection Regulation regarding legitimate interests; see section 6 of the Data Protection Act.
The legitimate interests of Feriebyen are to allow you to use and access public web pages with articles and information about Dronningens Ferieby as well as book stays.
Personalisation
Consent: see Executive Order no. 2011/1148 on Information and Consent Required for Storing and Accessing Information in End-user Terminal Equipment (the ‘cookie executive order’)
Business development
Article 6(1)(f) of the General Data Protection Regulation regarding legitimate interests; see section 6 of the Data Protection Act.
The legitimate interests of Feriebyen are to further develop our existing products and be aware of trends and future products and services.
Initiating security measures, etc:
Article 6(1)(c) of the General Data Protection Regulation, see articles 32–36; and Article 6(1)(f) of the General Data Protection Regulation regarding legitimate interests, see section 6 of the Data Protection Act.
The legitimate interests are to protect personal information.
For all users submitting consent to receive newsletters from Feriebyen (in addition to all those mentioned above)
Direct marketing purposes, etc:
Article 6(1)(f) of the General Data Protection Regulation regarding legitimate interests; see section 6 of the Data Protection Act.
Feriebyen’s legitimate interest is our ability to send you any marketing information and notifications you have requested, eg, via your permission for e-mail marketing; see Article 6(1)(f) of the General Data Protection Regulation regarding legitimate interests, section 6(1) of the Data Protection Act and section 10 of the Danish Marketing Act.
For all users booking a stay at Feriebyen (in addition to all the above):
In connection with Feriebyen’s collecting and processing of sensitive personal health data. Article 9(2)(h)–(j) of the General Data Protection Regulation regarding conditions for the lawful processing of sensitive data and Article 6(1)(b) of the General Data Protection Regulation regarding the conclusion of contracts.
5. Voluntary submission
When we collect personal data directly from you, you submit this data voluntarily to gain access to the services we offer. You are under no obligation to provide us with personal data, but if you do not, you may be unable to book a stay at Feriebyen and thus access a range of Feriebyen’s services and products.
6. Disclosure of personal data
Feriebyen discloses personal data to third parties in the following situations:
In connection with travel planning, information is disclosed to the travel organizers; see Article 6(1)(b).
7. Transfer of personal data to data processors and recipients outside the EU/EEA.
We use the providers we deem can help us best, and some of them process personal data in countries outside the EU/EEA. For instance, our data processors help plan travel in third countries outside the EU for which visa applications may be needed.
The legal basis for our international transfers is the EU’s ‘Standard Contractual Clauses’ for transfers from data controllers to data processors in non-secure countries outside the EU/EEA. The standard agreement is available in various languages via this link:
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1401799946706&uri=CELEX:32010D0087, recipient’s code of conduct, certification or ‘Binding Corporate Rules’ (BCR). Transfers to the USA may also be based on the EU-US Privacy Shield.
8. Storage period
We store your personal data for as long as necessary for the purposes stated above. Data is stored in accordance with the rules on bookkeeping and limitation of criminal liability and liability in damages (mandatory time limits) if relevant. If this is not relevant, we erase personal data at an earlier time.
Under the Danish Bookkeeping Act (Bogføringsloven) the minimum storage period at present is the current calendar year plus five years.
9. Your rights
When data processing is based on your consent, you have the right to withdraw your consent at any time without this having any negative consequences for you. However, this withdrawal does not affect any processing or personal data transfer carried out prior to the withdrawal of consent.
Within the limits of the law, you have certain rights, including:
- The right to access your personal data
- The right to have incorrect personal data rectified
- The right to have personal data erased
- The right to have the processing of personal data restricted
- The right to data portability
- The right to object to the processing of personal data, including data related to automated, individual decision-making
Should you wish to exercise one or more of the above rights, you can contact us at post@dronningensferieby.dk.
You are also entitled to complain to a relevant supervisory authority such as the Danish Data Protection Agency.
Comments relating specifically to objections
You are entitled – for reasons relating to your particular situation – to object to the processing of personal data based on Article 6(1)(e)–(f), including profiling based on these provisions. Thereafter, Feriebyen may no longer process personal data unless Feriebyen demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims.
If your personal data are processed for direct marketing purposes, you are entitled at any time to raise an objection against such processing. This includes objections raised against profiling to the extent it relates to direct marketing. If you raise an objection against data processing for direct marketing purposes, your personal data must no longer be processed for this purpose.
10. Contact
If you have any questions regarding the processing of your personal data or how to exercise your rights, you are welcome to contact Dronningens Ferieby.
Dronningens Ferieby
Dronningens Ferieby 1
8500 Grenaa, Danmark
+45 8758 3650
post@dronningensferieby.dk