1. Introduction

B.V. Amstel Hotel Maatschappij (InterContinental Amstel Amsterdam)  is committed to preserving the privacy of our guests and all visitors to websites owned or controlled by Amstel Hotel Maatschappij .

Please read this privacy notice to understand how Amstel Hotel Maatschappij uses and protects information that you provide as a result of accessing the websites or staying with us.

This privacy notice sets out our personal data collection and sharing practices for our website visitors and hotel, restaurant and bar guests and is intended to inform you of the ways in which we collect personal data, the uses of that personal data and the ways in which we will share any personal data you choose to provide to us.

In this privacy notice we use a number of terms that have a specific meaning under applicable privacy rules (such as “personal data” or “data controller”, clause 13 of this privacy notice contains an overview of these defined terms.

If after reviewing this privacy notice you have any questions or privacy concerns please send an e-mail to our data protection officer: cor.hijlkema@ihg.com or send a letter to:

Data Protection Officer
InterContinental Amstel Amsterdam
Prof. Tulpplein 1
1018 GX Amsterdam – The Netherlands

Our websites do not intentionally solicit or collect personal data about children under the age of 16. If you are under 16 and would like to use our website, please ask a parent or guardian for assistance.

 

2. Which personal data may we collect and process about you?

 

What is personal data?

Personal data means any information relating to an identified or identifiable natural person, such as a name, address, e-mail addresses and e-mails, or a copy of a passport but also personal preferences, provided that such information relates to a natural person.

 

We may collect and process all or some of the following information about you:

(a)     Your contact and identification information ► including your name, address, and other contact details (e.g. e-mail and telephone details). We may also collect a copy of your ID and your date and place of birth.

(b)  Identification information of your family members ► names of family members, ID copies, date and place of birth;

(c)     Financial information ► credit card information, bank account number, or other financial information required to make a reservation

(d)     The way we handle your preferences and other information we collect when you visit our hotel ► this information will be registered in the GDPR Guest information file.

(e)     Our correspondence ► if you contact us or we contact you, we will typically keep a record of that correspondence;

(f)      Information you provide to us when visiting our websites or using our apps ► personal data that you provide to us, such as when using the contact form on our website, including your name, email address, and other contact details. If you choose to apply for a job at the Amstel Hotel and submit a job application to us, we will collect information that you submit via our careers site. Please refer to our applicants privacy statement for information on how we process this information. (can be found at the application part of the website);

(h)    Survey information ► if we ask you to complete surveys that we use for research purposes, we shall collect the information provided in the completed survey;

(i)     Website and communication usage ► details of your visits to the website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access. Please refer to  our cookie policy for more information.

Certain personal data is also collected when you participate in the IHG® Rewards Club or Ambassador® Club program in which Amstel Hotel Maatschappij participates, such as rewards and points that you earn when staying in one of the IHG® hotels, including the Amstel Hotel. In order to sign-up for membership or for more information please see https://www.ihg.com/rewardsclub/content/us/en/home#scmisc=nav_home_6c or
https://www.ihg.com/intercontinental/content/gb/en/ambassador-anon#scmisc=nav_ambassador_ic. IHG® Rewards Club is operated by InterContinental Hotels Group, for a link to the applicable privacy policy click here: https://www.ihg.com/content/us/en/customer-care/privacy_statement#16 .

 

3. What legal basis do we have for processing your personal data?

Amstel Hotel Maatschappij only processes your personal data for legitimate purposes. The use of your personal data will also be justified on the basis of one or more legal “processing grounds” that are provided for in the GDPR.

The table below contains an explanation of the scope of the various legal processing grounds available under the GDPR for processing of personal data on which the Amstel Hotel Maatschappij relies:

(i) Contract performance: where the Amstel Hotel Maatschappij requires your personal data in order to enter into a contract with you, for example when you stay with us.

(ii) Legitimate interests: where the Amstel Hotel Maatschappij uses your personal data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

(iii) Legal claims: where your personal data is necessary for Amstel Hotel Maatschappij to defend, prosecute or make a claim against you, us or a third party.

(iv) Our legal obligations and rights: where we are required to process your personal data under a statutory obligation, for example to retain certain transaction data to comply with tax legislation.

(v) Consent: where you have consented to our use of your personal data (in which case you will have been presented with a consent form in relation to any such use and you may withdraw your consent at any time by the method explained in the communication with you or, and in any event, by giving notice to our DPO).

Generally, the Amstel Hotel Maatschappij processes personal data on the basis that it is necessary to do so in connection with the performance of our contractual relationship with you.

Amstel Hotel Maatschappij may also process personal data when we have a legitimate interest to do so and provided specific conditions are met, for example for marketing purposes and other business interests. Where we rely on this legal processing ground, we will mitigate the effect(s) this may have on your privacy by appropriately minimising our use and putting in place adequate access and security safeguards to prevent unauthorised use.

Amstel Hotel Maatschappij processes copies of ID’s (such as a copy of your passport) in order to comply with EU law.

 

4. For what purposes does Amstel Hotel Maatschappij collect your personal data and what are our justifications of uses?

This section specifies the purpose for which we use the various categories of personal data we collect from you. For each use, we note the applicable legal processing grounds by which we justify the relevant use of your personal data:

 

(a)     To manage and confirm hotel reservations and communicate with you Amstel Hotel Maatschappij requires your personal data to confirm and manage your hotel, restaurant and bar reservations. This includes use of your contact information, financial information (such as credit card information), personal preferences, and, where required under applicable law, a copy of your ID. We also use your personal data to respond to customer service inquiries or requests. We may ask for personal data when you contact our Customer Service department. This will allow us to protect your confidentiality by verifying your identity.

(b) Use justification: contract performance, legal obligations and rights, legitimate interests (to enable us to provide our services and share personal data between our affiliates where appropriate).

(b)     To manage our relationship with you and provide you with personalised services ► Amstel Hotel Maatschappij very much values our relationship with you and collects certain personal data (such as personal preferences) in order to make you stay with us as comfortable as possible.

• Use justification: contract performance, legitimate interests (to enable us to provide you with a personalised service).

(c)     For marketing purposes ► we may use personal data to contact guests that have stayed with us by e-mail for marketing purposes. When you join Amstel Hotel Maatschappij Group Email List, we request your email address in order to send you email on the latest offers, advanced notice of events, and more. You may opt-out from these marketing communications when you make a reservation and at any time thereafter. We will only market our own services to you and not provide your contact details to any third party for marketing purposes (with the exception of third parties processing personal data on our behalf).

Some of our promotional offers have a “Tell A Friend” feature that allows you to have the offer sent to a friend with your comment. If you choose to use this feature, we collect the email address of your friend(s) to facilitate the referral but do not store it for other uses.

• Use justification: legitimate interests (to enable us to promote our services and products), consent.

(d)     To conduct surveys ► if we ask you to evaluate your stay with us via a satisfaction survey. Please see section 5 below for more details;

• Use justification: legitimate interests (to allow us to improve our services)

(e)     To conduct contests ► From time-to-time, we may request personal data from you through contests, including contact information (such as name and shipping address), and demographic information (such as zip code, age level). Participation in these contests is completely voluntary. Contact information from contests will be gathered and used to notify the winners and award prizes. Demographic information will be used for purposes of monitoring and improving your experience on this site.

We may co-sponsor some contests on our site with other companies. If you enter one of these contests, our co-sponsor may receive the information collected or may collect the information directly. In such cases, we will tell you who is collecting your information, how our co-sponsor may use the information and how you can contact our co-sponsor.

• Use justification: legitimate interests (to enable us to promote our services and products), consent.

(f)      To ensure website content is relevant ► to ensure that content from our websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers.

• Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on the websites)

5. How do we communicate with you?

Guest Satisfaction Surveys
We strive to maintain and continually improve the quality of our hotel and restaurants. Customer comments and feedback are valued and used as a quality tool. As part of the hotel stay experience, we engage a third party to randomly survey guests and request an evaluation of the hotel property and service. These surveys are sent via email and postal mail. If you have a preference for either email or postal mail or if you do not wish to be contacted for satisfaction surveys, please advise the hotel either at check-in or during your stay. You may also contact our DPO.

Email Communications for marketing purposes
If you choose to receive periodic communications from us, we may from time to time send you email messages describing new promotions and special offers. If you do not wish to receive these offers, you may discontinue at any time by using the “Unsubscribe” feature included on each email message.

Email communications to provide our services to you
Reservation/Stay Related Interactions: We may send you a reservation confirmation email to confirm any reservation you make with Amstel Hotel Maatschappij or one of its restaurants. A similar confirmation may be sent if you modify or cancel a reservation. These confirmations will only be sent if a transaction is conducted.

Pre-Arrival Communications: We may use your email address used for your reservation to provide a reservation summary with the hotel and local area information a few days prior to that particular stay.

Post-Stay Communications: We may use your email address used for a hotel reservation to thank you for your hotel stay or to request your feedback on your stay.

Operational Notices: Email addresses may also be used to respond to your customer service inquiries and to answer any other questions you may have about our site. We may also need to send emails to inform you of any changes to our site that might affect your personal data or to notify you of problems with your reservation.

 

6. From where do we collect your personal data?We obtain personal data from you directly or from booking agencies or other third-parties facilitating your stay with us.

 

7. Do we share your personal data and where do we keep it?

We have engaged various data processors for the processing of your personal data on our behalf. We use for example third-party IT providers, marketing agencies, and other service providers (including for fulfilling guest reservations for which we use Oracle’s Hospitality Opera system).

Some of these third parties are situated outside the EEA. Service providers accessing your personal data act as data processors on behalf of Amstel Hotel Maatschappij. Where we engage data processors, we will ensure that transfers of personal data outside of the EEA take place in accordance with data protection legislation and that there will be an appropriate level of protection. In addition, we will implement legal safeguards governing such transfer, such as model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. EU data protection laws allow Amstel Hotel Maatschappij to freely transfer personal data to such countries. Please contact our DPO if you would like to see a copy of the safeguards we apply in relation to the export of your personal data.

Where the Amstel Hotel Maatschavppij discloses personal data or criminal personal data in response to requests from regulators and law enforcement or security agencies, these regulators and law enforcement or security agencies will be acting as a controller. The Amstel Hotel Maatschappij will always assess the legitimacy of such requests before disclosing any personal data and/or criminal personal data and only disclose the data required to comply with the request.

 

8. How We Protect the Security of Your Personal data

We have implemented appropriate technical and organisational measures to secure the processing of personal data. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the personal data, and include measures designed to keep personal data protected from unauthorized access. These safeguards are continually updated and maintained by qualified information security professionals.One of the security techniques we use for online transactions is a technology called Secure Sockets Layer (SSL). If your browser is capable of SSL (and most are), your sensitive information (including geo-location data) will be automatically encrypted, or encoded, before it is sent over the Internet or through our mobile applications.

What is the credit card fraud Notice?

In the unlikely event that you experience unauthorized use of your credit card on our web site or any web site, promptly report the fraudulent activity to your credit card company. Under applicable law, you may be only liable for the first $50 of the fraudulent charges. Please check with your credit card company to verify specific terms and conditions

 

9. How long do we retain your personal data?

Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as it is necessary for the processing purpose(s) for which the personal data was collected, and any other permissible, related purpose. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data.

 

10. Changes to the Amstel Hotel Maatschappij privacy notice

Amstel Hotel Maatschappij reserves the right to change, modify or amend this Notice at any time. However, if there are changes made to the use of users’ personally identifiable information in a manner different from that stated at the time of collection we will notify you by posting a notice on our website for 30 days prior to the changes taking effect.

 

11. How do I correct or update my information?

Under EU data protection rules, you have certain rights in relation to your Personal Data. Please contact our DPO should you wish to exercise any of the rights below. Also questions regarding Amstel Hotel Maatschappij’s privacy notice should be directed to our DPO.

Please be aware that certain exceptions apply to the exercise of these rights and so you may not be able to exercise these in all situations (please see below):

• Subject Access: You have a right to be provided with access to any personal data held about you by Amstel Hotel Maatschappij either by contacting our DPO
• Rectification: You have a right to ask for any rectifications in relation to the personal data that we process about you.
• Erasure: You can ask us to erase personal data in certain circumstances and we will take reasonable steps to inform other data controllers that are processing the personal data that you have requested the erasure of any links to, copies or replication of it.
• Restriction: You can require certain personal data to be marked as restricted whilst complaints are resolved and also restrict processing in certain other circumstances.
• Portability: You can ask us to transmit the personal data that you have provided to us and we still hold about you to a third party electronically insofar as permitted under the GDPR.
• Raise a complaint: You can raise a complaint about our processing with the data protection regulator in the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

In addition, under certain conditions, you have the right to:

• where processing is based on consent, withdraw the consent;
• object to any processing of personal data that Amstel Hotel Maatschappij justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
• object to direct marketing (including any profiling for such purposes) at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within one month.

 

12. Some Legal Terms

Under the applicable privacy legislation (including, but not limited to, the GDPR), the below terms have a defined meaning as set out in the table below:

GDPR	The European General Data Protection Regulation, EU 2016/679. The GDPR is effective per 25 May 2018.
Criminal Personal Data	Any personal data that provides information on persons’ criminal convictions or offences
Data Controller	The legal person, administrative body or any other entity which, alone or in conjunction with others, determines the purpose of and means for Processing of Personal Data.
Data Processor	The person or body which processes Personal Data on behalf of the Controller, without being subject to the Controller’s direct control.
Personal Data	Any information relating to an identified or identifiable natural person (e.g. a person whose identity can be established reasonably without disproportionate effort by means of name, address and date of birth). By way of example but not limitation, video and voice recording is also personal data if the video images or the voice recording is identifiable to a natural person.
Processing of Personal Data	Any operation or any set of operations concerning Personal Data, including in any case the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction of Personal Data
Special Categories of Personal Data	Any Personal Data that provides information on persons’ religious or philosophical beliefs, race, political opinions, health, sexual life or membership of trade unions.