What is the purpose of this policy?
(i) who we are and our role;
(ii) the personal data that we process about you;
(iii) the reasons why and on the basis of which legal ground we process personal data; and
(iv) how we process personal data.
You will also find herein all the relevant information about your rights and how to exercise these rights, as well as our contact information if you wish to contact us.
Who are we?
We are the controller in relation to the personal data processed in accordance with this policy.
RELEVANT INFORMATION ON THE PROCESSING OF YOUR DATA
Whose personal data do we process?
We may process data relating to you if you are or work for:
- one of our customers or one of our suppliers; and
- a person to whom we wish to promote our products and services or to whom we wish to sell them.
What personal data do we process and how do we collect them?
We process the following personal data relating to you:
(i) if you are staying or have stayed in the Hôtel Métropole:
o your name and surname(s);
o your address;
o your email address;
o your country / place of residence;
o your phone number;
o your fax number;
o the name of the company you work for and your title;
o information on the credit card you use for de booking, namely the name of the card holder, card number, billing address of the card, and expiry date of the card;
o details about your trip and your preferences, namely information on flights, flight numbers, arrival and departure dates as well as departure time and place and the destination, room preferences and other services; and
o other desires and interests you provide on the occasion of your booking or your stay.
(ii) If you are a customer of Café Métropole:
o your name and surname(s) ;
o your email address ;
o the name of the company you work for and your title ; and
o your phone number.
(iii) if you work for a company with which we have an existing business relationship or wish to maintain such a relationship:
o your name and surname(s) ;
o your address ;
o your email address ;
o your phone number ;
o your fax number ; and
o the name of the company you work for and your title.
(iv) if you use our website:
o technical information, including the IP address (Internet Protocol), used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
o information about your visit, including the full Uniform Resource Locators (URLs) accessed before, through and from our website (including date and time) ; products you viewed or searched for ; page response times, download errors, length of visits to certain pages, interaction information with these pages (such as scrolling, clicks and mouse-overs), as well as methods used to browse away from the page, and any phone numbers used to call our customer service number or social media handle used to connect with our customer service team.
We collect this information:
(i) directly from you, among others, during one of your visits to the reception desk of our premises, by the deposit of your business card at the reception desk, through our website, during a meeting or a telephone interview, at a trade show or exhibition, or in the context of the organization of a competition; or
(ii) from another source, namely the company you work for or the association of which you are a member, databases of online restaurant booking platforms, databases of our partners or associations of which we are a member, databases of our global hotel management system, and editors of print and audio-visual media.
Why and what are the legal grounds for our processing of your personal data?
The legal basis on which we process your personal data is as follows:
- where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned ;
- otherwise, we will process your personal data where the processing is necessary:
o for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
o for compliance with a legal obligation to which we are a subject ; or
o for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (most circumstances in which we proceed your personal data on a relationship that we have with the person that you work for will fall into this category).
In particular, we process your personal data for the following purposes:
(i) if you are or work for a customer or supplier of the Hotel or a company with which we have an existing business relationship or wish to maintain such a relationship:
o to conclude and execute a contract with you or the person you work for, in particular, in order to:
provide products and services to customers or other users of those goods and services;
provide us goods and services from suppliers or service providers; and manage and administer our relationships with customers, suppliers and other users of our goods and services.
o if you have agreed to be informed regarding our rooms and/or spaces and our services, in particular, our promotions as well as the new services we provide.
(ii) if you are or work for a customer or supplier of Café Métropole or a company with which we have an existing business elationship or wish to maintain such a relationship:
o If you have agreed to be informed about our services and actions, in particular:
- every Monday on our Lunch Menu,
- punctually on the special actions we are organizing on the occasion of events such as New Year’s Eve, Mother’s Day etc.; and on
- a quarterly basis, on the actions of our Chef and of Café Métropole.
We also process your data for the following purposes:
o to administer our website under our terms and for internal operations, including troubleshooting, and data analysis, testing, research, statistical and survey purposes;
o to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
o to keep our website and other systems safe and secure; and
o to measure or understand the effectiveness of the advertising we submit to you and propose to third parties, and to propose relevant advertising.
If we plan to process your personal data for other purposes than those above-mentioned, we will notify you beforehand.
How long will your personal data be retained ?
If you are or work for a customer or a supplier, we retain your personal data for the duration of the contractual relationship and for a maximum of 3 years following your last booking, after which they will be deleted or archived except if we must continue their process in order to comply with legal obligations to which we are subject or for any other legitimate and lawful purpose.
If you are or work for a person with whom we have a business relationship or wish to maintain such a relationship, we will retain your personal data up to 3 years from the collection of your data, after which they will be deleted or archived, except if we must continue their process in order to comply with legal obligations to which we are subject or for any other legitimate and lawful purpose.
Who has access to your personal data?
The following departments within our company have access to your personal data:
- the booking department;
- the commercial department (including marketing) ;
- the general management;
- the financial department (including purchases) ; and
- IT department (internal or external).
- to appropriate third parties, including :
o our business partners, customers, suppliers and subcontractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for; and
o our auditors, legal advisors and other professional advisors or service providers;
- in relation to information obtained via our website:
o to our advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may use the personal data we have collected from you to enable us to comply with our advertiser’s wishes by displaying their advertisement to that target audience and subject to the cookie section of this
o to analytics and search engine providers that assist us in the improvement and optimization of our site and subject to the cookie section of this policy.
Other disclosures we may make
We may disclose your personal data to third parties:
- if we (or a significant portion of our assets) are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets ; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property or our safety, our customers or others safety.
Where do we process your personal data?
The data that we process in relation to you are not transferred to a destination outside the European Economic Area (“EEA”).
All personal data processed is stored securely. Any payments transactions are encrypted using the appropriate technology. Where we have given to you (or where you have chosen) a password which enables you to access certain parts of our website or systems, you are responsible for keeping this password confidential. We ask you not to share it with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although, we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security measures to prevent unauthorized access.
What are your rights?
You have the following rights regarding the personal data relating to you that we process :
- you may request access to your personal data ;
- when we are processing your personal data on the basis of the pursuit of one of our legitimate interests (including profiling), you have the right to object at any time to the processing of such data ;
- you have the right to receive personal data relating to you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit it to another data controller when the data processing is based on your consent or performance of a contract and when processing is performed using automated processes (right to portability). You may also obtain that the personal data in question are directly transmitted to another controller.
- you have the right to obtain a limitation of processing when:
o you challenge the accuracy of the data;
o the processing is illegal and you object to deletion of the data; or
o we no longer need your personal data for the purpose of processing, but you need them for the purpose of constituting, exercising or defending your rights in court;
o you objected to the processing, during verification of whether the legitimate grounds pursued by the controller prevail over yours.
- you may request that incorrect data that we are processing be rectified.
In certain circumstances (normally where the personal data has been provided by you and it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
When we are processing personal data, on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned.
If you have a complaint about our processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with the Data Protection Authority.
How to withdraw your consent to processing?
You can withdraw your consent to any relevant processing of personal data:
- By emailing us at firstname.lastname@example.org, or
- By writing us at the address below given in the Our contact details section.
How to exercise your rights regarding your personal data?
You can exercise the rights described above:
- By emailing us at email@example.com, or
- By writing to us at the address below given in the Our contact details section.
Please note that we may be required to ask you further information in order to confirm your identity before we provide the information requested.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with the Data Protection Authority.
DATA PROTECTION AUTHORITY
The Data Protection Authority is the supervisory authority in Belgium. It may provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you may have about our processing of your personal data.
If you have any questions about your personal data or how we process them, or if you have concerns about a possible data breach, please email us at firstname.lastname@example.org.
OUR CONTACT DETAILS
Place de Brouckère 31
Contact person : RGPD Controller
Email address : email@example.com
This policy was last updated on May 25th, 2018