Privacy Policy
HOTEL COPENHAGEN
Last updated: 23 April 2026
Hotel Copenhagen (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share personal data when you book a stay, visit our website, or otherwise interact with us. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven).
1. Data Controller
The data controller for the processing of your personal data is:
Hotel Copenhagen
Egilsgade 33
2300 København S
Denmark
CVR-no.: 27625126
Email: reception@hotelcopenhagen.dk
Phone: +45 32 96 27 27
For any questions concerning this Privacy Policy or our processing of your personal data, please contact us using the details above.
Privacy Contact
We have designated a dedicated privacy contact who is responsible for handling questions and requests related to your personal data and our compliance with data protection laws. You can reach our privacy contact at:
Email: reception@hotelcopenhagen.dk
Subject line: “Privacy – Data Protection Enquiry”
Language of Communication
We may communicate with you in English or other languages based on your preferences.
2. Categories of Personal Data We Collect
Depending on your interaction with us, we may collect and process the following categories of personal data:
– Identification and contact information: full name, date of birth, nationality, passport or ID number (where required by Danish law), postal address, email address and phone number.
– Booking and stay information: arrival and departure dates, room type, number of guests, special requests, preferences, travel companions, and history of previous stays.
– Payment information: credit/debit card details, billing address and transaction data. Card details are processed directly by our payment provider (see section 6) and are not stored on our own systems.
– Communication data: correspondence with you via email, phone, our website or third-party platforms such as Booking.com.
– Technical and usage data: IP address, browser type, device information, and cookie data when you visit our website.
– Marketing data: your preferences in receiving marketing from us and your communication preferences.
If you book on behalf of another person, you are responsible for ensuring that the other person is aware of and accepts how we process their personal data.
3. Purposes and Legal Bases for Processing
We process your personal data for the following purposes and on the following legal bases under the GDPR:
| Purpose | Legal basis |
|---|---|
| To process and manage your reservation, check-in and check-out, and deliver the hotel services you have booked | Performance of a contract (Art. 6(1)(b) GDPR) |
| To handle payments and prevent payment fraud | Performance of a contract and legitimate interests (Art. 6(1)(b) and (f) GDPR) |
| To comply with legal obligations, including bookkeeping under the Danish Bookkeeping Act (Bogføringsloven) and guest registration obligations for hotels under Danish law | Legal obligation (Art. 6(1)(c) GDPR) |
| To respond to enquiries and provide customer service | Performance of a contract or legitimate interests (Art. 6(1)(b) and (f) GDPR) |
| To send marketing communications, newsletters and special offers | Consent (Art. 6(1)(a) GDPR), which you can withdraw at any time |
| To improve our services, website and guest experience, including analytics and statistics | Legitimate interests (Art. 6(1)(f) GDPR) |
| To ensure the security of our premises, guests and staff, and to prevent, detect and investigate fraud or illegal activity | Legitimate interests (Art. 6(1)(f) GDPR) |
| To establish, exercise or defend legal claims | Legitimate interests (Art. 6(1)(f) GDPR) |
Where we rely on legitimate interests, we have carried out a balancing test to ensure that our interests are not overridden by your rights and freedoms. You can request further information about this assessment by contacting us.
4. How We Collect Your Personal Data
We collect personal data:
– Directly from you when you make a booking, check in, contact us, subscribe to our newsletter, or otherwise communicate with us.
– From third-party booking channels such as Booking.com and other online travel agencies when you make a reservation through them.
– Automatically through cookies and similar technologies when you use our website (see section 9).
– From third parties, such as payment service providers and, where applicable, public authorities.
5. Booking Through Third-Party Platforms (Booking.com)
If you book a stay with us through Booking.com or a similar online travel agency, your personal data will initially be collected by that platform in accordance with its own privacy policy. The platform will transfer the necessary booking details to us so that we can fulfil your reservation. From that point on, we act as an independent data controller for the personal data we receive and process it in accordance with this Privacy Policy.
We encourage you to read Booking.com’s privacy policy before making a reservation through their platform.
6. Recipients and Data Processors
We share your personal data only with recipients who have a legitimate need to receive it. These may include:
– Spectra – our third-party property management and booking system provider, which acts as our data processor and stores booking and guest data on our behalf under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.
– Nets Easy – our payment service provider, which processes card payments and related transaction data.
– Booking.com and other online travel agencies – when your reservation originates from or is managed through their platforms.
– IT suppliers and hosting providers – who support our IT infrastructure under written data processing agreements.
– Professional advisors – such as auditors, lawyers and accountants, where necessary.
– Public authorities – including the police and tax authorities (SKAT), where we are legally required to disclose information.
All data processors acting on our behalf are bound by written data processing agreements that ensure an adequate level of data protection.
7. Transfers of Personal Data Outside the EU/EEA
Your personal data is primarily processed within the EU/EEA. If any of our data processors transfer personal data to countries outside the EU/EEA, such transfers will only take place where an adequate level of protection is ensured, for example through:
– an adequacy decision by the European Commission, or
– appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), supplemented by additional technical and organisational measures where necessary.
You can obtain a copy of the relevant safeguards by contacting us.
8. Retention Periods
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law:
– Booking and guest data: generally retained for the duration of your stay and for a reasonable period thereafter for customer service purposes.
– Accounting records (including invoices and transaction data): retained for 5 years from the end of the relevant financial year, in accordance with the Danish Bookkeeping Act (Bogføringsloven).
– Marketing data: retained for as long as you remain subscribed and for a reasonable period after you unsubscribe, unless a longer retention period is required or permitted.
– Enquiries and correspondence: generally retained for up to 3 years, depending on the nature of the enquiry.
– Video surveillance footage (if applicable): retained for a maximum of 30 days, in accordance with Danish rules on TV surveillance (TV-overvågningsloven), unless needed for a specific incident.
Once the relevant retention period has expired, your personal data will be deleted or anonymised.
9. Cookies
Our website uses cookies and similar technologies to ensure that the website functions properly, to analyse traffic, and (where you consent) for marketing purposes. You can manage your cookie preferences at any time through our cookie banner or your browser settings. For more information, please see our separate Cookie Policy.
10. Your Rights
Under the GDPR, you have the following rights in relation to the personal data we process about you:
– Right of access – to obtain confirmation of whether we process personal data about you and, if so, a copy of that data.
– Right to rectification – to have inaccurate or incomplete personal data corrected.
– Right to erasure (“right to be forgotten”) – to have your personal data deleted under certain circumstances.
– Right to restriction of processing – to request that we limit how we process your personal data.
– Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
– Right to object – to object to processing based on legitimate interests, including profiling, and to object to direct marketing at any time.
– Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of your rights, please contact us at reception@hotelcopenhagen.dk. We will respond within one month of receiving your request. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests.
We may ask you to verify your identity before acting on your request.
11. Right to Lodge a Complaint
If you are dissatisfied with how we process your personal data, we kindly ask you to contact us first so that we can try to resolve the matter. You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet):
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Website: www.datatilsynet.dk
Email: dt@datatilsynet.dk
Phone: +45 33 19 32 00
12. Security
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, alteration or disclosure. These measures include access controls, encryption where appropriate, secure hosting, staff training, and written data processing agreements with our suppliers.
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you and the Danish Data Protection Authority in accordance with the GDPR.
13. Children’s Personal Data
Our services are not directed at children. We only process personal data about children (under 13 years of age under Danish law in the context of information society services) where a parent or legal guardian has made a booking or otherwise provided consent on the child’s behalf.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities or legal requirements. The latest version will always be available on our website, and we will indicate the date of the most recent update at the top of the policy. Material changes will be communicated to you where appropriate.
15. Contact
If you have any questions about this Privacy Policy or how we process your personal data, please contact us at:
Hotel Copenhagen
Egilsgade 33, 2300 København S, Denmark
Email: reception@hotelcopenhagen.dk
Phone: +45 32 96 27 27
CVR-no.: 27625126
For data protection enquiries specifically, please contact our privacy contact at reception@hotelcopenhagen.dk with the subject line “Privacy – Data Protection Enquiry”.
We may communicate with you in English or other languages based on your preferences.

