Privacy statement

Visiting the Websites
Each time you visit the Fletcher Hotels Websites, data relating to you is processed. This is necessary in order to provide you with a technically functional website and its content. Fletcher Hotel Exploitaties B.V. also uses this data to technically optimise the Websites and to ensure the security of its IT systems. In this context, Fletcher Hotel Exploitaties B.V. processes data that is automatically collected when you visit the Websites or that you provide yourself through your input and user behaviour. This data includes in particular:

Information about the type of browser you use, including its version and language and country settings.

• The operating system you use.
• Your internet service provider.
• Your IP address.
• The date and time of your visit.
• With your consent, we also process:
• Web pages from which you visited our Websites.
• Web pages that you visit through our Websites.

This data is also stored in the log files of the IT systems of Fletcher Hotel Exploitaties B.V. The data is not stored together with other data about you. IP addresses are automatically destroyed after 24 hours, which means that your data is anonymised after 24 hours.

Wettelijke grondslag
This processing takes place on the basis of the legitimate interest of Fletcher Hotel Exploitaties B.V. in providing functional, user-friendly and secure Websites. In addition, the data is processed in order to provide investigative authorities with information required for prosecution in the event of a cyberattack, to pursue legal claims, to compile statistics and to further develop and improve our hotels and services.

The legal basis for this processing is Article 6(1), first sentence, point (f), GDPR.

To the extent that we process your personal data during your visit to our website by means of cookies, we request your voluntary and informed consent. In that case, the legal basis for the processing is Article 6(1), first sentence, point (a), GDPR.

Processing also takes place if we are required to do so under other legal or statutory obligations, for example due to retention and documentation obligations under tax and commercial law. The legal basis for this is Article 6(1), first sentence, point (c), GDPR.

Example: when making a reservation, we process your name, address and date of birth in order to confirm your booking and comply with legal obligations, such as identity checks under local law.

Access to and disclosure of data
In principle, only organisations responsible for maintaining our Websites have access to your data. Data is only disclosed to the appointed hosting provider, with whom we have concluded a data processing agreement in accordance with Article 28 GDPR.

Transfer to third countries
A transfer to third countries outside the European Economic Area is not envisaged, unless otherwise stated in this privacy statement or our cookie statement.

Booking and stay data via fletcher.nl
By booking an overnight stay, a package, a table reservation or one of our meeting rooms via www.fletcher.nl , you enter into an agreement with Fletcher Hotel Exploitaties B.V. in the case of our hotels in the Netherlands, or with Fletcher Hotels GmbH in Germany in the case of our hotels in Germany.

For this purpose, we require your first and last name, your address, your telephone number, your email address, your arrival and departure dates, payment details such as credit card details, your confirmation that you are of legal age and, where applicable, information about your Fletcher Friend membership or business account. In the case of an online booking via our website, technical data relating to your booking is also collected as described above.

We may also receive your booking and stay data from third parties through which you completed the booking process, for example Booking.com and Vakantieveilingen. We may ask you for additional data in order to provide our services and/or to comply with legal requirements, for example your nationality or nationalities, the number and nationality or nationalities of your fellow travellers, the serial number of your identity document, your date of birth or specific interests and wishes.

We process health data, information about your ethnic origin and your political opinions, religious or philosophical beliefs or other sensitive data only in accordance with Article 9(1) GDPR and only with your explicit consent, for example in order to offer special services, such as providing access for disabled guests or meeting special dietary requirements. In addition, we may be legally required to verify your identity.

During your stay, data about you is also collected and processed, for example data relating to your check-in, your access rights to hotel rooms and other areas of our hotels, additional paid services such as consumption in our bars and restaurants, telephone and internet services or pay-TV services, as well as any questions or complaints.

We may be legally required to collect additional data about you during check-in, for example your nationality or nationalities, the number and nationality or nationalities of your fellow travellers, the serial number of your identity document or citizen service number.

Use of Data

Your booking and stay data are analysed and used by us to compile statistics in order to further develop and improve our hotels and services for specific target groups and to carry out marketing activities. If you have consented to receiving our newsletter, your data will also be used to personalise the newsletter.

Your booking and stay data are also used within Fletcher Hotel Exploitaties B.V. for service calls. During these service calls, we ask about your experience with Fletcher Hotel Exploitaties B.V. and, if desired, offer you an attractive proposal for similar products or services provided by us. If you make use of the opt-out option offered during the reservation or booking process, your data will not be used for this purpose.

Legal basis
The processing of the above data is necessary for the performance of the agreement. The legal basis for this is Article 6(1), first sentence, point (b), GDPR. Without your name, address and place of residence details, information about your payment and information about your other requests, for example, we cannot perform the agreement with you.

In addition, the processing is based on our legitimate interest in offering our customers high-quality services, implementing marketing measures based on your preferences through the opt-out option offered and your right to object, including processing data for research and statistical purposes, properly managing the contractual relationship and, where necessary, proving and enforcing our legal claims. The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

Processing also takes place if we are legally or statutorily obliged to do so, for example due to retention and documentation obligations under tax, commercial or reporting legislation. In that case, the legal basis is Article 6(1), first sentence, point (c), GDPR.

Retention period
We retain your booking and stay data only for as long as necessary for the stated processing purposes. Data required to fulfil our obligations towards you is generally deleted automatically after your stay.

However, data is stored for longer if we need it to obtain evidence in accordance with the applicable limitation periods, for example to prove the services provided by us, in the event of a threatened or actual legal dispute, and/or to comply with a legal or statutory retention obligation, for example under tax, commercial and reporting legislation. If you consent to the use of your data for service calls by Fletcher Hotel Exploitaties B.V., we retain your data for these purposes for a maximum period of 3 years from the end of your stay at one of our hotels.

Booking data via fletcherpartnerhotels.nl
By booking an overnight stay or a package via www.fletcherpartnerhotels.nl , you enter into an agreement with one of the Fletcher Partner Hotels. In this context, Fletcher Hotel Exploitatie B.V. processes your personal data in its role as intermediary in that agreement.

To facilitate this agreement, we process your first and last name, your address, your telephone number, your email address, your arrival and departure dates, payment details such as credit card details and your confirmation that you are of legal age.

We may ask you for additional data in order to provide our services as intermediary and/or to comply with legal requirements applicable to our Fletcher Partner Hotels, for example your nationality or nationalities, the number and nationality or nationalities of your fellow travellers, the serial number of your identity document, your date of birth and/or specific interests and wishes.

We process health data, information about your ethnic origin and your political opinions, religious or philosophical beliefs or other sensitive data only in accordance with Article 9(1) GDPR and only with your explicit consent, for example in order to offer special services, such as providing access for disabled guests or meeting special dietary requirements.

In addition, we and/or our Fletcher Partner Hotels may be legally required to verify your identity.

Fletcher Hotel Exploitaties B.V. is not involved in the processing of personal data during your stay at Fletcher Partner Hotels. For this processing, we refer you to the privacy statement(s) of our Fletcher Partner Hotels.

Use of data
Your booking data is used by us to establish the agreement between you and the Fletcher Partner Hotel where you have made your booking. We share your booking data with the Fletcher Partner Hotel where you have booked, so that it can manage your stay at the hotel. For more information about the processing activities of the Fletcher Partner Hotel, please contact that hotel directly.

In addition, your booking data is analysed and used to compile statistics in order to further develop and improve our services for specific target groups and to carry out marketing activities. If you have consented to receiving our newsletter, the data is also used to personalise your newsletter.

Legal basis
The processing of the above data is necessary for the performance of the agreement to which you are a party. The legal basis for this is Article 6(1), first sentence, point (b), GDPR. Without your name, address and place of residence details, information about your payment and information about your other requests, for example, we cannot provide our intermediary services and cannot establish the agreement between you and the Fletcher Partner Hotels.

In addition, the processing is based on our legitimate interest in offering our customers high-quality services, implementing marketing measures, including processing data for research and statistical purposes, properly managing the contractual relationship you have with our Fletcher Partner Hotels and, where necessary, proving and enforcing our legal claims. The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

Processing also takes place if we are legally or statutorily obliged to do so, for example due to retention and documentation obligations under tax, commercial or reporting legislation. In that case, the legal basis is Article 6(1), first sentence, point (c), GDPR.

Retention period
We retain your booking and stay data only for as long as necessary for the stated processing purposes. We retain your booking and stay data for a maximum of seven years after the end of your stay, unless we are legally required to retain the data for longer.

However, data is stored for longer if we need it to obtain evidence in accordance with the applicable limitation periods, for example to prove the services provided by us, in the event of a threatened or actual legal dispute, and/or to comply with a legal or statutory retention obligation, for example under tax, commercial and reporting legislation.

Email and other contact options
You can contact the companies of Fletcher Hotel Exploitaties B.V. through the options offered on the Websites, in particular by email and telephone. In that case, Fletcher Hotel Exploitaties B.V. processes the information you voluntarily provide, for example your name, your email address, your telephone number and/or your specific request, in order to handle your enquiry. With the exception of the hosting provider, your data is only disclosed to third parties if this is necessary to process your enquiry.

Legal basis for processing
The legal basis for the processing is Article 6(1), first sentence, point (a), GDPR, if consent has been given. If the contact takes place in connection with entering into an agreement, the legal basis may also arise from Article 6(1), first sentence, point (b), GDPR. Without your name, address and place of residence details, information about your payment and information about your other requests, for example, we cannot perform the agreement with you.

In addition, the processing is based on the legitimate interest of Fletcher Hotel Exploitaties B.V. in handling your enquiry efficiently and to your satisfaction. Processing may also be based on our legitimate interest in providing our customers with high-quality services, carrying out marketing activities, including processing data for research and statistical purposes, properly managing the contractual relationship and, where necessary, proving and enforcing our legal claims.

The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

Retention period
Fletcher Hotel Exploitaties B.V. retains the above data only for as long as necessary for the purpose for which it is processed. We therefore delete your data as soon as the conversation with you has ended. This is generally deemed to be the case when the relevant matter has been definitively resolved.

However, data is retained for longer if we must store it in accordance with the applicable limitation periods in order to obtain evidence, in particular to prove the services provided by us, in the event of a threatened or actual legal dispute and/or if we are legally required to retain the data for longer, for example due to retention and documentation obligations under tax, commercial and reporting legislation.

In that case, the legal basis for processing may also be Article 6(1), first sentence, point (c), GDPR.

Camera surveillance
Where necessary, some hotels use camera surveillance to protect persons and property. The camera footage provides us with insight into the activities of persons. At certain hotels, car parks and/or parking garages are equipped with barriers that register your vehicle registration number when entering and leaving the car park. The registration of your vehicle registration number is used exclusively for parking purposes.

Legal basis
The processing is based on our legitimate interest in preventing criminal offences such as assault, intimidation, theft, burglary, arson, drug trafficking, robberies and vandalism in our hotels, in proving and, where necessary, enforcing our legal claims, and/or in facilitating the use of our car parks or parking garages. The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

If vehicle registration data is processed for barriers, the processing may also take place for the performance of an agreement. The legal basis for this is Article 6(1), point (b), GDPR.

Retention period
Camera footage is generally retained for a maximum of seven days and then deleted, unless a longer retention period is necessary for the investigation and prosecution of criminal offences in individual cases. In such cases, the recordings may also be disclosed to investigative authorities.

The data is also retained for longer if this is necessary to obtain evidence in accordance with the applicable limitation periods, for example to prove the services provided by us, in the event of a threatened or actual legal dispute and/or in accordance with other legal or statutory retention obligations. In that case, the legal basis for processing may also be Article 6(1), first sentence, point (c), GDPR.

Fletcher Friend account
You can create a Fletcher Friend account while booking on fletcher.nl. This makes it easier to make reservations and obtain information during a subsequent visit, because we do not have to request your basic data again. In addition, you may optionally consent to receiving newsletters in which we inform you about our offers; our comments regarding the newsletter apply in that case. You can also easily view your booking history.

To create an account, we ask for your name, place of residence, telephone number and email address. These personal data are stored in our database. In addition, we link your respective booking and stay data to your Fletcher Friend account.

You can cancel your account at any time.

Use of data
The above data is also analysed in order to improve our hotels and services, adapt them to the needs of our customers and carry out marketing activities.

Legal basis
The processing is carried out in order to perform the agreement you have entered into with us for participation in Fletcher Friend. The legal basis for this is Article 6(1), first sentence, point (b), GDPR.

In addition, the processing is carried out on the basis of our legitimate interest in providing our customers with high-quality services and a user-friendly booking experience, implementing marketing measures, including processing data for research and statistical purposes, properly managing the contractual relationship and, where necessary, proving and enforcing our legal claims. The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

Retention period
We retain the above data only for as long as necessary to fulfil the purpose of the processing. Your data is generally deleted as soon as you have cancelled your Fletcher Friend membership.

However, data is stored for longer if we need it to obtain evidence in accordance with the applicable limitation periods, for example to prove the services provided by us, in the event of a threatened or actual legal dispute and/or in accordance with other legal or statutory retention obligations, for example under tax, commercial and reporting legislation. In that case, the legal basis for processing may also be Article 6(1), first sentence, point (c), GDPR.

Business account
With a business account, you can book on account, benefit from cancellation conditions as set out in the contract and enjoy pricing arrangements as contractually guaranteed. To create an account, we ask for your name, your place of residence, the name, trade register number and VAT number of the company, as well as your business telephone number and email address. This data is stored in our database. You can cancel your business account at any time.

Furthermore, the above conditions for the Fletcher Friend account apply accordingly.

Fletcher Partner Hotels
As an employee of one of our Fletcher Partner Hotels, we may process your personal data if you place your hotel’s offer on our Fletcher Partner Hotels Platform. You can do this with or without a Fletcher Partner account.

If you place an offer on our Fletcher Partner Hotel Platform without a Fletcher Partner account, we process the name, email address and telephone number of our contact person at your Fletcher Partner Hotel and the trade register number and VAT number of the Fletcher Partner Hotel itself in order to keep you informed of any bookings made through the Fletcher Partner Hotel Platform.

You can also have a Fletcher Partner account created. This makes it easier to manage your offer and bookings through the Fletcher Partner Hotel. To create a Fletcher Partner account, we ask for your name, email address and telephone number and the trade register number and VAT number of the Fletcher Partner Hotel itself. These personal data are stored in our database. You may request us to delete your Fletcher Partner account at any time.

In that case, you may no longer have access to your offer and bookings.

Use of data
We use the data from the Partner account to manage and forward your offer and bookings. The above data is also analysed in order to improve our hotels and services, adapt them to the needs of our customers and carry out marketing activities.

Legal basis
The processing is carried out in order to perform the agreement you have entered into with us for participation in our Fletcher Partner programme. The legal basis for this is Article 6(1), first sentence, point (b), GDPR.

In addition, the processing is carried out on the basis of our legitimate interest in providing our customers with high-quality services and a user-friendly booking experience, implementing marketing measures, including processing data for research and statistical purposes, properly managing the contractual relationship with our Fletcher Partners and, where necessary, proving and enforcing our legal claims. The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

Retention period
We retain the above data only for as long as necessary to fulfil the purpose of the processing. We retain your booking and stay data for a maximum of seven years after the end of your stay, unless we are legally required to retain the data for longer.

However, data is stored for longer if we need it to obtain evidence in accordance with the applicable limitation periods, for example to prove the services provided by us, in the event of a threatened or actual legal dispute and/or in accordance with other legal or statutory retention obligations, for example under tax, commercial and reporting legislation. In that case, the legal basis for processing may also be Article 6(1), first sentence, point (c), GDPR.

Cookies and other tracking technologies

Our Websites also use cookies and other tracking technologies. More information about the use of these technologies can be found in our cookie statement.

Alert List
We consider it important to prevent harassment and criminal activity in our hotels and restaurants. We therefore maintain lists, namely an alert list and contact list, containing the names and addresses of persons to whom we refuse access to our hotels and restaurants for serious reasons or for whom we attach special conditions to a reservation, for example limited payment options.

In exceptional cases, we reserve the right to refuse a guest access to our hotels and/or services or to attach special conditions, for example advance payment, to the offered payment methods. This may be the case, for example, in the event of fraud, harassment of our guests and/or employees, violation of the house rules, theft, damage to property, physical injury, insults, racist and/or sexist remarks or other inappropriate behaviour.

Fletcher Hotel Exploitaties B.V. naturally applies a strict and careful policy with regard to the data processing and data security of the alert list and contact list.

Legal basis
The processing takes place on the basis of our legitimate interest in ensuring proper business operations in our hotels and preventing misuse and fraudulent activities. The legal basis for this is Article 6(1), first sentence, point (f), GDPR.

Retention period
We retain the above data only for as long as necessary for the purpose of the processing. We therefore delete entries from our alert list as soon as we lift the relevant access restrictions. This is generally the case after no more than three years.

In the event of particularly serious reasons and/or repeated violations of our house rules, we reserve the right to store the data for an indefinite period. In doing so, we regularly assess, at the latest after five years, whether the access restriction and the associated storage of the data are still necessary.

No automated decision-making
We do not use automated decision-making processes, including profiling.

With whom do we share your personal data?
We share your personal data with third parties only in accordance with the GDPR and exclusively in the following cases:

Within the Fletcher Hotels Group
We may share your personal data within the Fletcher Hotels Group. We grant access to your personal data only to departments that need this data to perform their respective tasks.

External parties
We share data with third parties involved in providing our services. We work with carefully selected and reliable partners who process personal data on behalf of Fletcher Hotels. For example:

• Payment service providers such as iDEAL and credit card companies, for processing payments;
• IT service providers that provide hosting, maintenance or security of our systems;
• Email providers for sending our newsletters and reservation confirmations;
• Suppliers of booking systems that we use to manage your reservation;
• External service providers for providing additional services, such as breakfast delivery or reservations at affiliated restaurants;
• Analytics and marketing agencies that help us develop personalised offers.

To the extent that these parties qualify as processors within the meaning of the GDPR, we conclude data processing agreements with them that comply with the GDPR. We make personal data available to our processors so that they can process it on our behalf. This is done on the basis of a data processing agreement within the meaning of Article 28 GDPR, our documented instructions and in accordance with our data protection guidelines and other appropriate technical and organisational measures.

Legal bases for sharing personal data
We share your data with third parties on the basis of the following legal bases:

Performance of the agreement
Your personal data may be made available to third parties if this is necessary to fulfil our contractual obligations towards you. This includes, for example, the processing of your reservation at Fletcher Hotels Exploitatie B.V. If you make a booking through our Fletcher Partner Hotel Platform, we forward your booking data to the Fletcher Partner Hotel where you have booked.

If necessary for the payment of bookings, we engage a third party to process online payments.

In addition, it may be necessary to disclose your data in order to carry out an individual instruction from you, for example to engage a required transport service provider, caterer, etc. The legal basis for the transfer of data in this context is Article 6(1), first sentence, point (b), GDPR.

Consent
Where necessary, we disclose your data to third parties when you have given your voluntary and informed consent. In that case, the legal basis for the disclosure is Article 6(1), first sentence, point (a), GDPR.

Fletcher Hotel Exploitaties B.V. may be required to share personal data with government authorities or other parties where this is legally required. In that case, we may share your personal data with external parties. For example:

When the police or another investigative authority requests data in connection with a criminal investigation.

When we are required to provide data to the Dutch Tax and Customs Administration, for example in connection with tax obligations.

In addition, the municipality may request data for the purpose of checking tourist tax.

Transfer outside the European Economic Area (EEA)
If your data is transferred to recipients in third countries outside the EU/EEA, this will take place only on the basis of an adequacy decision of the European Commission under Article 45(1) GDPR or subject to appropriate safeguards in accordance with Article 46 GDPR, for example EU standard data protection clauses or binding corporate rules.

However, a transfer to recipients in third countries outside the EU/EEA is not envisaged, unless otherwise stated in this privacy statement or our cookie statement.

Booking data: 7 years
We retain data such as reservations, invoices and payment information for 7 years, as required by the tax retention obligation prescribed by the Dutch Tax and Customs Administration. After this period, your data will be securely deleted or anonymised.

Camera footage: up to 28 days
Camera footage is stored exclusively for security purposes. The standard retention period is up to 28 days, unless an incident occurs that requires further investigation. In such cases, the footage may be retained for longer until the investigation has been completed or legal requirements prescribe otherwise.

Marketing data: until withdrawal of consent
Your data, such as your email address and preferences, is stored for as long as you consent to receiving our marketing communications. You can withdraw your consent at any time via the unsubscribe link in our emails or by contacting us at privacy@fletcher.nl . After withdrawal, your data will be deleted or anonymised within a reasonable period.

Alert List: 1 year after the last incident
Fletcher Hotel Exploitaties B.V. maintains an internal Alert List for security or legal reasons, such as incidents involving non-payment, serious nuisance or criminal offences. Data on this list is retained for a maximum of 1 year after the last registered incident, unless a longer retention period is necessary on the basis of legal obligations or legal proceedings.

Right of access
If you wish to access the personal data that Fletcher Hotel Exploitatie B.V. processes about you and wish to receive information about our processing of that data, you have the right to request access to this data from us.

Right to rectification or completion
If you notice that your personal data is incorrect or incomplete, you have the right to have it corrected or completed. For example:

• Changing an incorrect address.
• Updating contact details.
• Correcting incorrect dates of birth.

Right to erasure (“right to be forgotten”)

You may request us to delete your personal data, for example in the following situations:

• The data is no longer necessary for the purposes for which it was collected.
• You withdraw your consent and there is no other legal basis for processing.
• You object to the processing and there are no compelling legitimate grounds for further processing.

Right to restriction of processing
You have the right to temporarily restrict the processing of your data, for example in the following cases:

• When you contest the accuracy of your data, during the verification period.
• When the processing is unlawful, but you would prefer us to restrict the data instead of deleting it.
• When we no longer need the data, but you need it for a legal claim.

During a restriction, your data will not be actively processed, except with your consent or in the context of legal obligations.

You have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format. You may also request that the data be transferred directly to another party, where technically possible. This right applies only to data that:

• You have provided to us yourself.
• Is processed on the basis of your consent or the performance of an agreement.

You have the right to object to the processing of your personal data, for example:

• When we process your data on the basis of a legitimate interest.
• When we use your data for direct marketing purposes, such as sending newsletters or offers or for service calls.

If you object to marketing, we will no longer use your data for that purpose. If you object by telephone to the use of your data for marketing, this applies only to service calls. To exercise your right to object to direct marketing by email, we ask you to use the unsubscribe option in our newsletters.

Right to lodge a complaint
If you believe that we do not comply with privacy legislation, you have the right to lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority in the Netherlands.

How can you exercise your rights?
You can exercise your rights by sending an email to privacy@fletcher.nl . In order to verify your identity, we may ask you for additional information.

We aim to respond to your request within 30 days. If this is not possible due to the complexity of the request or the number of incoming requests, we will inform you within this period of the extension of the term by a maximum of 2 months.