Privacy Policy
Processing of personal data at 1 Hotel Copenhagen
1 Introduction
1.1 This privacy notice explains how NCH SOUTH ApS ("1 Hotel Copenhagen", "we", "us", "our") processes personal data in various situations. We provide you with this information as we are required to do so under the General Data Protection Regulation (the "GDPR").
1.2 Below, you will find information on the various situations where we process personal data:
• When you visit our website (cookies) and use the 1 Hotel mobile application
• When you communicate with us on behalf of business partners etc.
• When you are a hotel guest
• When you are a recipient of direct marketing
• When you are a member of the Mission membership program
• When you appear on video surveillance footage (CCTV)
2 Controller
2.1 NCH SOUTH ApS, c/o 1 Hotel Copenhagen, Krystalgade 22, 1172 Copenhagen, CVR no. 35255494, acts as a data controller for the processing of personal data in connection with the below mentioned purposes. If you have any questions about how we process personal data, please contact us at Omid Farrokhpey, omid.farrokhpey@1hotels.com, + +45 33 45 91 00
3 Description of the processing
3.1 Below, please find the specific purposes for our data processing, the categories of personal data that we process, the legal basis for such processing, and the retention periods that we have decided (in specific situations, we may defer from our general retention periods in case of e.g., complaints, objections, or other specific situations).
3.2 When you visit our website (cookies) and when you use the 1 Hotel mobile application
To ensure the functionality and security on our website (strictly necessary cookies).
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in ensuring the functionality and security of our website.
See our cookie declaration http://www.fjoracph.com/cookie-policy
We use targeting cookies for the purpose of tracking our website visitors for marketing purposes, including targeted advertising. The targeting cookies are set by our advertising partners, who may use them to build a profile of your interests and show you relevant ads on other websites (performance cookies).
For this purpose, personal data is processed about your visits to our website, including your IP address, location, language, date/time of access, user agent, device type, operating system, browser, screen resolution, pages visited, web requests, search queries, and any other actions taken on the site.
According to the Danish Executive Order on Cookies we are required to obtain you consent to use cookies for statistical purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR.
See our cookie declaration http://www.fjoracph.com/cookie-policy
We use performance cookies to count visits and traffic sources to our website in order to measure and improve the performance of our website. Performance cookies help us understand which pages are the most and least popular and how visitors move around the site. All information collected via performance cookies is aggregated. (marketing and performance cookies).
For this purpose, personal data is processed about your visits to our website, including your IP address, location, language, date/time of access, user agent, device type, operating system, browser, screen resolution, pages visited, web requests, search queries, and any other actions taken on the site.
According to the Danish Executive Order on Cookies we are required to obtain you consent to use targeting cookies for marketing purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR.
See our cookie declaration http://www.fjoracph.com/cookie-policy
To ensure the functionality and security and continuous improvement of our 1 Hotels mobile application, its features and services.
Your log-on and connection data, computer equipment identification data, your language preferences, geographic location data, data relating to your use of the platform and the services, data collected via cookies and similar tracking technologies.
Article 6(1)(f) of the GDPR, as we have a legitimate interest in improving and assuring you the best experience on our application and the best quality of services offered. With regards to data collected via cookies and other trackers, the legal basis is Article 6(1)(a) of the GDPR, as you have given your consent.
See our cookie declaration http://www.fjoracph.com/cookie-policy
3.3 When you communicate with us on behalf of business partners etc.
Communicating with you when you represent a business partner, supplier, or another third party.
Name and contact information, title, and position. The relationship to the business that you represent.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing business contacts and fulfilling any agreement, we may have concluded with the company you represent.
As long as the business relationship exists and up to [2 years] after the end of the financial year in which the customer or supplier relationship has ended.
Managing customer relations, such as customer support and assistance
Name and contact information, data relating to historic reservations and transactions and any information included in your inquiry.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in providing answering queries, customer support, etc.
Up to [12 months] after the last inquiry.
Bookkeeping purposes.
Information stated on invoices such as name and contact details.
Article 6(1)(c) of the GDPR. The legal obligations derive from the Danish bookkeeping legislation.
Up to 5 years after the end of the financial year in which the customer or supplier relationship has ended.
3.4 When you are a hotel guest
Private guests: Reservation management
Name and contact information, address, date of birth and age. Data related to your reservation (arrival and departure dates, confirmation number, data on the other occupants of the reserved rooms such as names and ages and room preferences). Data relating to transactions (the number of the transaction, data relating to the means of payment (bank card number, expire date etc.), details of the purchase, data related to invoice payments such as payment terms, discounts granted, receipts, balances and outstanding amounts).
Article 6(1)(b) of the GDPR, as the processing is necessary in order for us to fulfil our agreement with regard to the reservation made by you. For bookkeeping purposes, article 6(1)(c) of the GDPR. The legal obligations derive from the Danish bookkeeping legislation.
Information regarding executed bookings is kept for [6 months] after your stay. Information regarding cancelled bookings are kept for [30 days] after the cancellation. For bookkeeping purposes up to 5 years after the end of the financial year in which the reservation has ended.
Business guests: Reservation management
Name and contact information, address, date of birth and age. Data related to your occupation (the business you represent and your affiliation with the business). Data related to your reservation (arrival and departure dates, confirmation number, data on the other occupants of the reserved rooms such as names and ages and room preferences). Data relating to transactions (the number of the transaction, data relating to the means of payment (bank card number, expire date etc.), details of the purchase, data related to invoice payments such as payment terms, discounts granted, receipts, balances and outstanding amounts).
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in providing answering queries, customer support, and fulfilling any agreement we may have concluded with the company you represent. For bookkeeping purposes, article 6(1)(c) of the GDPR. The legal obligations derive from the Danish bookkeeping legislation
Information regarding executed bookings is kept for [6 months] after your stay. Information regarding cancelled bookings are kept for [30 days] after the cancellation. For bookkeeping purposes up to 5 years after the end of the financial year in which the reservation has ended.
Keeping a guest protocol
Full name, date of birth and permanent address. We are also obliged to require presentation of photo documentation to verify your identity details.
The legal basis for data processing is article(6)(1)(c) of the GDPR in conjunction with Section 31 of the Danish Executive Order on Passports etc. no. 2693 of 28/12/2021.
We are obligated to retain your data in the guest protocol for two years after the reservation has ended.
Collecting registration form for foreign guests.
Full name, date of birth, nationality, permanent address, date of arrival, serial number of the recognised and valid passport or other valid travel identification.
The legal basis for data processing is article(6)(1)(c) of the GDPR in conjunction with Section 36 of the Danish Executive Order on the Entry of Foreigners into Denmark no. 949 of 25/06/2025.
We are obligated to retain your data in our registers for minimum one year and up to two years after the collection of the data in our register.
3.5 When you are a recipient of direct marketing
To send out newsletters (direct marketing)
Name, email address and any preferences you have given in connection with your subscription.
The consent you have given in accordance with article 6(1)(a) of the GDPR and section 10 of the Danish Marketing Practices Act. You can read more about your right withdraw your consent below.
Personal data pertaining to our distribution of electronic newsletters will be deleted 2 years after our last newsletter has been distributed to document that we comply with the Danish Marketing Practices, unless you have withdrawn your consent (i.e., unsubscribed) before such time.
3.6 When you are a member of the Mission membership program
Administration of your Mission membership.
Name and contact information, address, birthday. Data related to your reservation (arrival and departure dates, data on the other occupants of the reserved rooms such as names and ages and room preferences). Data relating to transactions (the number of the transaction, data relating to the means of payment (bank card number, expire date etc.), details of the purchase, data related to invoice payments such as payment terms, discounts granted, receipts, balances and outstanding amounts). Information on the charity cause chosen by you for which we will pay donations via our partners at GlobalGiving Data related to historic reservations at 1 Hotels.
Article 6(1)(b) of the GDPR, as your participation in our membership program is a contractual arrangement between you and us.
Personal data pertaining to our distribution of electronic newsletters will be deleted 2 years after our last newsletter has been distributed to document that we comply with the Danish Marketing Practices, unless you have withdrawn your consent (i.e., unsubscribed) before such time.
3.7 When you appear on video surveillance footage (CCTV)
Crime prevention
premises are covered by video surveillance cameras where you may be portrayed when visiting our hotel. We process time and place/location, and actions recorded by the CCTV cameras. We have put up signage in the places where we have installed CCTV cameras.
Article 6(1)(f) of the GDPR as we pursue the legitimate interests in protecting our employees, customers and property. If the recordings show criminal offences, the legal basis is section 8 of the Danish Data Protection Act.
We process such personal data for up to 30 days, unless the information is part of or will be used in a specific case or dispute.
Section 3.8. When you make a reservation or make an enquiry at Fjora or Paere
Managing your reservation and communicating with you in relation to your reservation or other enquiry.
Name, email address, phone number and any other information you provide, such as dietary preferences or circumstantial details about the reservation or event enquiry (e.g. if it relates to a special occasion etc.).
Article 6(1)(b) of the GDPR, as the processing is necessary in order for us to fulfil our agreement with regard to the reservation made by you.
Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in ensuring adequate communication with you in relation to your enquiry or reservation.
We retain personal data for as long as necessary to fulfill the purposes for which we collected it. This typically means retaining data for up to [30 days] after the reservation or latest enquiry to manage communication.
4 Categories of recipients
4.1 We may process and share your personal data with external partners who process personal data on our behalf (data processors). Such external partners include e.g. providers of hosting services, IT systems and technical assistance with regard to our IT.
4.2 Further, we may share your personal data with suppliers or subcontractors, if relevant in their work, insofar as reasonably necessary for the purposes set out in this privacy notice.
4.3 If necessary, e.g., in relation to any disputes or when we otherwise need external advice, we may disclose information to our advisors, such as auditors and lawyers.
4.4 Additionally, we may share personal data with public authorities such as the police, if necessary in relation to a specific case or dispute.
5 Transfer to third countries
5.1 We transfer your personal data to countries outside the EU/EEA, when making data available to our processors and other third parties, including the US and Canada.
5.2 Unless the country in question has been approved by the European Commission as having sufficient level of protection (including companies located in the US that are covered by the EU-US Data Privacy Framework, the European Commission Standard Contractual Clauses.
5.3 Further, some of our processors may use sub-processors located in other countries outside the EU/EEA.
5.4 If you want additional information about our transfer of personal data to third countries, you may make a request for such additional information by contacting us (see above).
6 Your rights
6.1 As a starting point and depending on the specific situations, you have the following rights:
• Right to withdraw consent: Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us (see contact details above). If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
• Right of access: You have the right to have confirmed whether collection or processing your personal data has taken place, and, if so, you have the right to request a copy of your personal data in a digital format.
• Right of rectification: You have the right to require that we correct any inaccurate personal data, and that we complete incomplete personal data.
• Right of erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes in which it was originally collected.
• Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, for example, if you believe that the personal data is not accurate or lawfully processed.
• Right to object to the processing: In certain circumstances, you have the right to request that we stop processing your personal data.
• Right to data portability: In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
6.2 You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at datatilsynet.dk (in Danish) and at datatilsynet.dk (in English). Please contact us if you wish to exercise any of your rights. The relevant contact details are stated above.
7 Complaint to a supervisory authority
7.1 If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.
