INFORMATION ON DATA PROTECTION
- WE TAKE PRIVACY SERIOUSLY
Personal data is data about you. This data includes, for example, your name, address and email address.
The protection of your privacy when processing personal data is important to us. By default, when you visit our website, our web servers store the IP address of your Internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is mandatory for the technical transfer of websites and secure server operation. A personalized evaluation of this data does not take place.
- RESPONSIBLE BODY
Hotel Laki ehf
Phone: +354 412 4600
Represented by: Eva Bjork Hardardóttir
- DATA PROTECTION OFFICER
Hotel Laki ehf
Phone: +354 412 4600
You do not have to expose any personal information in order to visit our website, except your IP address. In some cases, we need your name and address as well as further information to offer you the desired service.
The same applies in the event that we supply you with information material on request or if we answer your inquiries. In these cases, we will always point this out to you. In addition, we only store the data that you have sent to us automatically or voluntarily.
When you use one of our services, we usually only collect the data necessary to provide our service. We may ask you for more information, which is voluntary in nature. Whenever we process personal information, we do so to provide you with our service or to pursue our commercial goals.
The legal basis is Art. 13 para 1 lit (a) or (b) GDPR.
- FOR WHAT PURPOSES DO WE USE PERSONAL DATA AND ON WHICH LEGAL BASIS DO WE PROCESS?
5.1 MANDATORY DATA
If you want to make a booking through our site or if you want to apply with us, you have to provide certain data within the scope of the contract to be concluded. In any other context, the provision of personal data is neither required by law nor by contract nor are you required to provide personal information. However, the provision of personal data for the use of our services may also be partially required within the services we provide. In other words, if you do not provide us with the information, we specify to be necessary, we may not be able to provide you with the full scope of services. When you visit our website, we store certain information for administrative and technical reasons.
5.2 HOTEL BOOKINGS
If you make a booking via Hotel Laki, personal data such as full name, address and credit card details are required in order to process the booking(s) – required data is explicitly indicated during the booking process. We will process such data under the contract we enter with you. Obligatory and additional voluntarily submitted data – the extent of which can be extracted from the personal information form – is transferred to the respective member hotel for the arrangement of the contractual relationship. With each booking on hotellaki.is the indicated email address will be automatically registered with an account that stores the booking, as well as the given email address, full name and address provided during the booking. The legal basis is Art. 13 para 1 lit. (b) GDPR.
When making a booking with Hotel Laki as part of our contract with you, the required data needed to fulfil the accommodation contract is forwarded by Hotel Laki to the individual contract partners, i.e. the member hotel(s). Your bookings will be recorded for the purpose of making the specific information accessible to you and the statistic information available to Hotel Laki. The processing is necessary for the purposes of legitimate interests. Our interest is to provide relevant offers to our Community and to improve the user experience on hotellaki.is.
5.3 WEBSITE TECHNOLOGIES AND TRACKING
When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard disk. This information, which is stored in the cookies, allows us to automatically recognize you the next time you visit our website, which will facilitate your use of the same.
5.4.2 AUTO LOG IN
If you choose to stay logged in on our website, we will store your login information in a cookie on your computer so that you do not have to authenticate upon return to our website but will be automatically logged in (“auto login”). The cookie and thereby the auto log in expires automatically after 60 days.
On our website we use different services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter “Google”.
Google is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
18.104.22.168 GOOGLE TAG MANAGER
22.214.171.124 GOOGLE ANALYTICS WITH ANONYMIZATION FUNCTION
We use Google Analytics, a web analytics service provided by Google. Hereby cookies are stored on your computer and thereby allow an analysis of the use of the website by you.
We use Google Analytics on our website with the addition “_gat. anonymize”. In this case, your IP address will already be shortened and thus anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Google will use this information to evaluate your use of our site, to compile reports on our website activity, and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.
If you’ve consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize your ads, Google will use your data with Google Analytics data to provide audience lists to create cross-device remarketing. To do this, Google Analytics will initially track your Google-authenticated ID associated with your Google Account (that is, personally identifiable information) on our website. Afterwards, Google Analytics will temporarily link your ID with your Google Analytics data to optimize our audiences.
If you do not agree, you can opt-out of this through the “My Account” section of your Google Account.
126.96.36.199 GOOGLE REMARKETING
This website uses the Google Remarketing feature. The feature is designed to present interest-based ads to web page visitors within the Google Network. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website. For this purpose, a cookie is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he calls web pages belonging to the advertising network of Google. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is used to associate the web browser with a particular computer. On the pages of the Google Network, advertisers can then be presented with ads related to content that the visitor previously viewed on web pages that use Google’s remarketing feature.
If you visited https://www.google.com/settings/u/0/ads/authenticated you agree to link your browsing history of Google with your Google Account, and information from your Google Account is used for ad personalization, as well as the remarketing feature across devices. Google collects your Google ID and uses it for cross-device discovery.
According to Google’s own account, Google does not collect any personal data during this process. However, if you do not wish to use Google Remarketing, you can disable it by following Google ads settings here: https://adssettings.google.com/authenticated.
You can also prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all functions of this website in full.
188.8.131.52 GOOGLE SITE SEARCH (GOOGLE AJAX SEARCH API)
184.108.40.206 GOOGLE GOOGLEADSERVICES / GOOGLE ADWORDS CONVERSION
If you would like to know more about these methods, or if you would like to know what you can do to prevent this information from being used by Google, click here: https://www.google.com/settings/u/0/ads/authenticated.
5.4.4 NEW RELIC
If you are a member of New Relic and you do not want New Relic to collect information about you on our sites in order to associate it with your member data stored on New Relic, you must log out of New Relic before visiting our pages. You can also prevent data transfer by clicking on Opt-Out.
NewRelic is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active.
5.4.5 MICROSOFT BING ADS
On our pages, we use conversion tracking from the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads places a cookie on your computer if you have accessed our website via a Microsoft Bing ad. Microsoft Bing, as well as ourselves, can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is given.
If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the necessary setting of a cookie – for example, via a browser setting that generally disables the automatic setting of cookies. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link: http://choice.microsoft.com/de-DE/opt-out and objecting to the use of these cookies. For more information about privacy and cookies used by Microsoft and Bing Ads, visit the Microsoft Web site at https://privacy.microsoft.com/de-de/privacystatement.
Microsoft is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
On our website, we use different services provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”).
Facebook is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
220.127.116.11 FACEBOOK SOCIAL PLUGINS
Our website uses social plugins (“plugins”) provided by Facebook. The plugins are marked with a Facebook logo or the addition “Facebook Social Plugin”.
If you visit a part of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and through it incorporated into the website.
By integrating the plugins Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example, press the “Like” button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there.
18.104.22.168 FACEBOOK IMPRESSIONS
In this context, we use the function of Facebook Impressions. Through this feature information about the frequency with which a post of our site is displayed is gathered. Here the frequency of the page views is recorded by the visitors of our website.
The information generated by these cookies, such as time, location and frequency of your website visit, including your IP address, will be transferred to the Facebook servers in the United States.
22.214.171.124 FACEBOOK CUSTOM AUDIENCES PIXELS
To promote interest-based advertisements to visitors to our website while visiting Facebook, we use Custom Audiences Pixel from Facebook. It connects to the Facebook servers when visiting our website. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account.
This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. The data collected by Mouseflow are non-personal and will not be disclosed to third parties. The storage and processing of the collected data take place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link: https://mouseflow.de/opt-out/
- WHO WILL RECEIVE PERSONAL DATA?
As explained above we will share your personal data with the hotels if you make a booking and we will use external parties as data processors as explained in section 5.4 Website technologies and tracking. We will also use the following data processors:
- The daily point, provided by Toedt, Dr Selk & Coll. GmbH, Augustenstraße 79, 80333 Munich for the purposes of customer relationship management and the sending of emails.
• Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Germany for the purposes of customer relationship management and the sending of emails.
• A reservation system for bookings provided by Roomer. Promoir BV Kastanjelaan 4 – 5283 WE Boxtel, (https://roomerhotelsystem.com) whom we have entered a contract under the standard contractual clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN) with, that guarantees an adequate level of data protection.
• GetWebCraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus, operating as get side control, who provide smart widgets for website optimization.
- Valitor payment provider, Dalshrauni 3, 220 Hafarfirdi Iceland. https://valitor.is
Accordingly, these may receive personal data.
- RIGHTS OF THE INDIVIDUALS AFFECTED
Every person affected has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to GDPR Art. 18, the right to object from Art. 21 GDPR, as well as the right to data portability from Art. 20 GDPR. In case of the right of access and the right to erasure, restrictions apply pursuant to § 34 and 35 BDSG.
Furthermore, you have the right to complain to the responsible data-protection supervisory authority about the processing of your personal data by us.
You can withdraw any consent to the processing of personal data at any time with respect to us. This also applies for the revocation of consent declarations which have been made before the validity of the basic data protection regulation (before 25th May 2018) with respect to us. Please note that the withdrawal affects the future. Any processing implemented prior to the withdrawal is not affected by this.
In accordance with Art. 21 Sect. 2 GDPR, you have the right to make an objection at any time to the processing of personal data concerning you. In case of your objection to processing for purposes of direct advertising, we will not process your personal data for these objectives any longer. Please note that the objection comes into effect for the future only. Any processing implemented prior to the objection is not affected by this.
As far as we base the processing of your personal data on a weighting of interests, you can make an objection to the processing. In case of the exercise of such an objection, we request that you explain the reasons why we should not process your personal data as described. In case of your reasonable objection, we check the state of affairs and will either cease or adapt the data processing, or explain to you our compelling reasons worth being protected.