Normal personal data
CAH A/S (“CAH”) processes inter alia the following personal data about you as a guest: name, address, email, telephone number, credit card details, IP address, information about the various services, you can purchase on our website, pass-port details, catering requests etc.
Special categories of personal data (sensitive personal data)
CAH does not, in general, process sensitive personal data about you. CAH does, in certain circumstances, process sensitive personal data about you that relate to your health if you choose to send these when booking a dinner in our restaurant and/or when booking your stay with us.
Normal personal data
Processing of your normal personal data happens if the processing is inter alia necessary for:
• fulfilment of a contract of which you are a part, or
• ensuring CAH can pursue a legitimate interest where CAH’s interest overrides the concern for your fundamental rights and freedom rights.
The processing of your normal personal data is often necessary to fulfil a booking and/or deliver the service(s) you order via our website, i.e. the fulfilment of a contract with you. Additionally, the processing can be necessary for meeting your specific requests, delivering a good service, improving your experience as a guest, and for marketing those of our services we believe you could be interested in.
Upon signing up for our newsletter, inter alia name and email address is registered. When you log onto our wi-fi, we process your name and your email address, just like we process your name when we respond to your query on social media.
Sensitive personal data
The processing of your sensitive personal data, e.g. health details, happens because we believe you have given your explicit consent (either verbally, in writing, or digitally). The purpose of processing your sensitive personal data is to provide you with the best possible service in connection with your stay and/or restaurant visit.
You can recall your permission at any time without it affecting the legality of the processing that is based on your consent before the recalling thereof.
CAH uses certain data processors that carry out an array of tasks on behalf of CAH. These data processors will get access to your personal data. Though, the data processors can only legally access and process your personal data on behalf of CAH to accomplish the specific purposes that are dictated by CAH—and may therefore not use the information for own purposes.
CAH does not disclose your details to third parties for marketing use, but there can be possible disclosure to public authorities or the police if CAH is requested to disclose such.
To the extent that your personal data is transferred to non-EU/EEA countries, CAH ensures a sufficient level of protection for such a transfer by agreement of the European Commission’s standard contracts with the recipient of the personal data or the use of recipients that are subject to special certification mechanisms such as EU-U.S. Privacy Shield. If you have questions about the legal basis for possible non-EU/EEA data transfers, you can contact us as specified below.
We store your personal data as long as it is necessary to fulfil the purposes that are described above. Personal data that are used in our accounting are stored for five years after the conclusion of the current financial year. If you are considered a regular guest or visit us with certain, more or less periodically, your personal data are stored for up to 5 years after your last visit. Personal data that are necessary to send you our newsletter are stored and processed as long as you have not chosen to unsubscribe from our newsletter.
You have as the registered:
If you have questions regarding this GDPR policy, including your rights as the registered or you wish to complain about the CAHs processing of your personal data, you can contact Finance Manager Connie Hartmann Krogh at email@example.com. You can also file a complaint with The Danish Data Protection Agency which has the following contact details:
This GDPR policy is updated regularly, and when it is necessary due to changes in the relevant data protection legislation. The GDPR policy will always include the date of the latest version. To the extent that the changes are deemed as significant changes, you will be explicitly informed about such, e.g. on our website. In certain instances, you may receive a request from CAH to accept the changes before its effect, e.g. in an e-mail.