Privacy policy

Hotel Palace / HMP Hotellid OÜ (from here on “we or us”) values the privacy of our individual guest (from here on „you“) highly. In this privacy notice we explain which kind of Personal Data we collect and use, why we collect this data and how we process an individual’s Personal Data.

This Privacy Policy applies to all Personal Data which we as an responsible data processor collect and process.

This Privacy Policy is intended to inform you which kind of Personal Data we process, gather and how and why we do it. Additionally this Privacy Policy describes to you our rights and responsibilities on protecting and processing an individual’s Personal Data.

1. Definitions

In this Privacy Policy we use notions defined as following:

EEA – European Economic Area (according to effective legislation  the members of the EEA are the members of the European Union and Norway, Iceland and Liechtenstein).

GDPR – General Data Protection Regulation (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA), valid since 25.05.2018.

Personal Data – any information relating to an  identified or identifiable natural person (or Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

External and Internal Personal Data – is a typer of personal data which determines individual’s race, ethnicity, religious, philosophical or political views or association with any labour union as well as individual’s genetical data, unique biometrical data, medical data and sexual preferences and history.

Personal Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

Guest –  a person using or buying the services from a organization or enterprise.

Third Party – A natural or legal person, public authority, agency or body other than the data subject, controller, Processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.

Affiliate – a representative person (partner or associate) officially attached or connected to an organization.

Guest Registration Card – registration of user of accommodation service according to Estonian Tourism Act: the first and last name (or names), date of birth, citizenship and country of residence; the period of provision of the accommodation services; the purpose of the trip; the number of minor children accommodated together with him or her. If the user of accommodation serice is not a citizen of Estonia, another state within the European Economic Area or Switzerland or an alien residing in Estonia the number of a travel document and the state which issued it is required.

Profiling – is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Processing – Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing may be manual or automatic using IT-systems.

Employee – a person employed by a contract  by an organization or enterprise, including the board of directors.

Controller – The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

If the natural or legal person determines the purposes and means of the processing of Personal Data themselves they are cotroller.

Processor – A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller. If the natural or legal person processing the Personal Data instructed by a Controller they are a Processor.

2. Who we are?

HMP Hotellid OÜ is an Estonian-owned accommodation and catering company established in 2020.

HMP Hotellid Ltd. operates Hotel Palace****SUPERIOR and restaurant „Konrad“ located in Tallinn.

Hotel Palace / HMP Hotellid OÜ

Vabaduse väljak 3, 10141 Tallinn, Estonia
Reg. code: 16027283
VAT nr: EE102282755

We apply necessary technical, physical and organizational safety measurements to protect your Personal Data from disappearing, being destroyed or accessed by unauthorized persons.

In case of any questions arising regarding our Privacy Policy kindly contact our Data Protection Officer by e-mail .

3. Which kind of data we collect and where we get your data from?

We collect following Personal Data from you:

  • Personal Data like name, date of birth, data from your travel document (passport or ID card) or copy of the travel document;
  • contact information like home address, telephone number, e-mail address;
  • data from guest registration card (including vehicle registration plate number if required);
  • credit card information like card number and validate;
  • data determing individual’s personal preferences;
  • External and Internal Personal Data like allergies and food allergies.

We mostly gather your data directly from you when submitting an inquiry through the online form or reservation through the online booking channel you used to make the booking, by phone or e-mail or from our hotel you made a direct booking with.

Additional sources of data include travel agencies, booking agencies and other agencies or persons whose services you may have used for reserving or booking the accommodation or service. In case the data is not collected directly from you, we will present our Privacy Policy to you as soon as possible after receiving your data.

4. Why do we need your Personal Data? What happens when you do not present your Personal Data?

We use your Personal Data to provide you accommodation and/or other services ordered and/or booked, as well as to comply with the laws regulating our field of business and in general entrepreneurial purposes like:

  • Personal Data – required to determine an individual to provide services to a person who has ordered the services;
  • contact information – required to contact you. Foremost we contact you by telephone or e-mail;
  • Guest Registration Card data – required to comply with the Estonian Tourism Act;
  • credit card information – required in case according to our general conditions and/or accommodation agreement we are enforeced to charge your credit card a certain sum for  compensating accommodation and/or services ordered by you;
  • personal preferences data – in the events of  requiring or if you choose to present certain data we will use the data to provide you personalised services taking into account your interests and needs.

If you do not present your Personal Data to us, we are not able to offer you accommodation services.


5. On what legal grounds do we process your Personal Data?

We process your Personal data on different legal grounds as following:

  • in need to create a contractual realtion or execute already valid contractual realtion with you;
  • your consent – if we relay on your consent while processing your Personal Data you have the right to take back your consent any time;
  • in need to comply with the laws regulating our field of business (e.g. filling in the Guest Registration Card and preserving the Guest Registration Card for 2 years);
  • in need to comply with our justified business interests, including managing the business and implementing general business; exposing possible violations of law or frauds;
  • in need to protect your or any other individual’s vital life or interests (e.g. reveal your Personal Data to ambulance personnel in case of an accident);
  • in any other case permitted or required by law.

6. How is Personal Data shared with Third Parties?

We do not share your Personal Data excluding in limited occasions, which are described below and in case it is necessary to achive any of the end goals described in this Privacy Policy:

  • service providers: we may purchase Personal Data procession services from trustworthy Third Party service providers, e.g. IT, consultation or customer communication services;
  • government authorities and/or law enforcement officials: we may share your Personal Data if mandated by law or if required for the legal protection or protection for our own legal rights;
  • professional advisors or consultats: we may share your Personal Data with professionals like auditors, lawyers, accountants and other counseling services;
  • Third Parties involved in business deals: from time to time we may share your Personal Data with Third Parties in case of a corporate transaction, e.g. selling the business or part of the business to another company. As well as restructureing or merging a business or in any other business deal including relocating business assets or stocks.

In case we share your Personal Data with any parties mentioned above, we guarantee the protection of your Personal Data with a binding data processing agreement between us and the Third Party.

We do not maintain or share your Personal Data outside the European Economic Area (EEA) nor to countries which are not acknowledged in it’s official Directive 95/46/EU Chapter 25 art. 6 or in it’s Regulation (EL) 2016/679 Chapter 45 art. 1.

7. For how long do we keep your Personal Data?

We keep your Personal Data as long as it is necessary for achieving particular data processing goal.

Organisation relies on following criteria when keeping Personal Data:

  • as long as it is required to preserve Personal Data to provide services;
  • when the company has a legal obligation according to the law, contractual realtions or any other obligation of the same kind to preserve the data;
  • after ending the contractual realtions we preserve required data as long as the data subject is legally authorized to assert a claim against the other party.

For example we preserve Guest Registration Cards for 2 years after submition to comply with the Estonian Tourism Act. Credit card information is preserved until we have succesfully finished providing accommodation services according to agreement.

If we have received your consented for using your Personal Data for direct marketing purposes, we will be preserving your data until you have withdrawn your consent.

8. Which rights do you have regarding your Personal Data?

As a data subject you have following rights:

7.    Right to access your data – you have the right to access and review your personal data and know how your Personal Data is being processed.

8.    Right to rectify your data – you have the right to rectify your Personal Data if the data preserved is incorrect.

9.    Right to erasure („right to be forgotten“) – under certain cases you have the right to erasure of your Personal Data processed by us (e.g. the data is not required to comply with the laws regulating our field of business, you withdraw your consent given to us, etc).

10.  Right to restriction of processing – under certain circumstances you have the right to deny or restrict the processing of your Personal Data (e.g. when you contest the accuracy of your Personal Data).

11.  Right to object to processing – under certain circumstances described you have the right to object to the processing of your Personal Data, when your Personal Data is being processed taking into account our justified business interests or public interests. When  your Personal Data is processed for direct marketing purposes you have the right to object to processing any time.

12.  Right to data portability –  if you have provided your data directly to us and where the processing is carried out by automated means and based on your consent or the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, where technically possible and machine-readable format, and to transmit this data to another service provider.

13.  Automatic decision making (incl. profiling) – when we have noted you about performing Personal Data profiling based on automated decision making, which may lead to personal legal implications or may have a significant effect on you, you have the right to demand the decision to be made  not only by automated profiling.

9. Which are our principles of using cookies?

Using cookies

Hotel Palace websites use cookies to provide a better service for the users. Domains belonging to Hotel Palace may, among other things, include an element that saves cookies for third parties.

Declining cookies

The User has the right not to allow cookies to be saved on their computer. If the Subscriber wishes to decline cookies, they must change their browser settings. Different browsers use different methods to decline cookies. More information can be found on the website

The User has to take into account that not all of the website’s functions may be available to them if they block cookies.

10. What is a cookie?

A cookie is a text file which is sent to and saved on the User’s computer by the websites that the user visits. Cookies are saved in the directory of files in the User’s browser. If the User has previously visited a website, the browser will read the cookie and forward this information to the website or element that originally saved the cookie. Additional information about cookies can be found on the website

Cookies enable statistics regarding website use and the popularity of different sections and other actions on a website to be monitored. The information received by the cookies is utilised to make the website more convenient to use and to improve the content of the website.

Types of cookies used on website:

  • permanent cookies – necessary to navigate the website and use its contents. Users are unable to use all of the website’s functions without permanent cookies;
  • session cookies – enable the website to remember previous choices made by the User (username, language settings, etc.) and provide more efficient and personal functions;
  • tracking cookies – collect data about a user’s behaviour on the website. Information received by tracking cookies helps make the website more convenient to use.

In case of any questions, requests or complaints  regarding this Privacy Policy please contact us by e-mail .

We do our best to address all your requests and complaints in time and without extra fees, unless excessive costs will be entailed due to the request. If you are not satisfied with our response you may file a complaint to Estonian Data Protection Inspectorate.

This website uses cookies. Read more Accept