Great northern
Privacy Policy
Privacy Policy for Great Northern
At Great Northern (“we”, “us” or “our”), we prioritize data security and confidentiality. This Privacy Policy sets out clear guidelines for Great Northern’s processing of your personal data when you visit our website, Great Northern | Golf – Spa – Restaurant – Hotel | Experiences of a Special Class, or otherwise communicate with Great Northern.
1. Data Controller
Great Northern is the data controller responsible for the processing of your personal data:
Great Northern A/S
Great Northern Ave. 1
5300 Kerteminde
CVR No.: 35801987
Telephone: +45 3333 7711
Email: info@greatnorthern.dk
2. Purpose, Legal Basis and Types of Personal Data
Below we outline the purposes for which we process your personal data when you interact with Great Northern.
a. Responding to inquiries
If you contact us via our website, email or otherwise, we process your personal data in order to respond to your inquiry. We typically process the following ordinary personal data: name, address, email, telephone number, company name, job title and booking information.
The legal basis for this processing is Article 6(1)(f) of the GDPR (legitimate interests), as the processing is necessary to respond to your inquiry and communicate with you.
We collect the personal data directly from you and store it only for as long as necessary to fulfill the above purpose.
b. Hotel
If you book an overnight stay or a package, we process ordinary personal data about you. Typically, we process the following data in order to make your booking: name, invoicing details, address, email, telephone number, company name, country, confirmation of acceptance of terms and conditions, details of the selected stay and included services, and passport or identification details.
The legal basis is Article 6(1)(b) of the GDPR, as the data is necessary to perform the contract with you. In addition, processing is based on Article 6(1)(f) (legitimate interests), as we have a legitimate interest in tailoring our services to your needs and sending evaluation questionnaires in connection with your stay.
In certain cases, we are legally required to process information about your name, nationality, occupation, address, arrival date, passport details or other travel identification. The legal basis is Article 6(1)(c) of the GDPR and Danish regulations requiring authorized guest registers (Executive Orders no. 1206 of 23 August 2022 and no. 2693 of 28 December 2021).
Personal data is collected directly from you and stored only for as long as necessary to fulfill the above purposes.
Invoice information is stored for the current financial year plus five (5) years in accordance with Danish bookkeeping legislation.
Passport and identification data is stored for a maximum of two (2) years and then deleted in accordance with the above regulations.
Upon booking, a customer profile is created in Great Northern’s booking system (see section e).
Stays including spa, golf or events are described in the relevant sections of this Privacy Policy.
c. Spa
In connection with your visit to Great Northern Spa, we collect, process and store information about you and any accompanying guests in order to complete your booking or inquiry.
We may process name, address, telephone number and email address.
A guest profile is created for all guests to monitor occupancy and enforce spa rules. Photo ID must be presented when creating the profile; the ID itself is not stored, but used to verify the provided information.
The guest profile includes: name, telephone number, date of birth via health insurance card (the last four digits of the CPR number are encrypted and not visible), and a photograph. For subsequent visits, date and time of visits are registered via scanning the health insurance card.
In case of expulsion, the reason, date and duration are recorded in the guest profile.
Processing is based on Article 6(1)(b) of the GDPR, as the data is necessary to perform the booking and create the guest profile.
Registration of CPR numbers is based on consent pursuant to section 11(2)(2) of the Danish Data Protection Act and Article 7 of the GDPR. If consent is withdrawn for an expelled guest, the guest profile is maintained during the quarantine period without the CPR number.
We also rely on Article 6(1)(f) (legitimate interests) when processing information about expulsions or breaches of spa rules, to ensure expelled guests do not regain access and to protect guests and staff.
Booking data is also processed for spa optimization based on Article 6(1)(f).
Guest profiles are deleted no later than 12 months after the last spa visit. Profiles of expelled guests are retained for 24 months unless special circumstances apply.
Online bookings generate a customer profile in the booking system (see section e).
d. Restaurant
If you book a table or a stay including dining, we process ordinary personal data such as email, telephone number, name, number of guests, special requests, dietary requirements and confirmation. Online bookings may include additional profile information (see section e).
Processing is based on Article 6(1)(b) (contract performance) and Article 6(1)(f) (legitimate interests).
Data is stored as long as necessary to fulfill the agreement and for evaluation. Invoice data is stored for the current financial year plus five (5) years. Profile data is deleted only when you delete your profile or request deletion.
e. Great Northern Customer Profile
Restaurant
When booking a table at Restaurant Eat, a customer profile is created to support planning, service and reservation management.
The profile contains the data listed in section d and a reservation ID.
Processing is based on Articles 6(1)(b) and 6(1)(f).
The profile is deleted when you delete it or request deletion.
Hotel and Spa
When booking a hotel or spa stay, a customer profile is created to manage bookings, add-ons and billing, and to optimize service.
The profile contains the personal data listed in sections b and c.
Processing is based on Articles 6(1)(b) and 6(1)(f).
The profile is deleted when it is no longer needed, but no later than five (5) years after the last booking. You may request deletion, noting that service personalization will no longer be possible.
f. Gift Cards
When ordering a gift card, we process personal data such as name, email, telephone number, amount, address, date of birth, delivery and payment details.
Processing is based on Article 6(1)(b).
Data is stored as long as necessary to fulfill the agreement. Invoice data is stored for the current financial year plus five (5) years.
g. Events
When participating in seminars or workshops, we process name, title, email, telephone number, company and event type.
Processing is based on Article 6(1)(b) and, where relevant, Article 6(1)(f).
Data is stored as long as necessary for the event and evaluation. Invoice data is retained for the current financial year plus five (5) years if payment is involved.
h. Images, Video and Audio Recordings
We may photograph or record activities for marketing and documentation purposes. Participants are always informed in advance.
Publication is based on Article 6(1)(f) or, where applicable, Article 6(1)(a) (consent).
Recordings are stored only as long as necessary, and no longer than five (5) years after the event.
i. Marketing / Newsletters
We process personal data for marketing purposes, including newsletters, based on Article 6(1)(f) and explicit consent pursuant to the Danish Marketing Act.
Consent may be withdrawn at any time. Marketing data is deleted upon withdrawal or after one (1) year of inactivity. Consent records are stored for two (2) years.
j. Use of Our Website
We use cookies and plugins on our website. Necessary cookies are processed under Article 6(1)(f); other cookies require consent under Article 6(1)(a).
Further details are available in our Cookie Policy.
k. Surveillance
We use CCTV in marked areas to ensure security and prevent crime. Processing is based on the Danish Act on TV Surveillance and Article 6(1)(f).
Recordings are deleted or anonymized within 30 days unless required for investigation.
l. Great Northern Golf Club
Personal data processed by Great Northern Golf Club is subject to a separate privacy policy, available on the club’s website.
m. Golf
Golf bookings are processed via GolfBox. Data such as name, contact details, handicap and club affiliation may be processed based on Article 6(1)(b).
Visibility of data in GolfBox can be managed via user settings.
n. Facebook Fan Page and Instagram
Great Northern and Facebook are joint controllers for data processed on social media platforms.
Processing is based on legitimate interests (Article 6(1)(f)) and consent (Article 6(1)(a)), as described in Facebook’s privacy policies.
3. Recipients
Personal data may be shared with data processors such as IT providers, booking systems (e.g. GolfBox A/S, VisBook), payment providers and authorities where legally required.
4. Processing Outside the EU/EEA
Data is generally stored within the EU/EEA but may be transferred outside under appropriate safeguards, including Standard Contractual Clauses or adequacy decisions.
5. Sources
Data is collected primarily from you, but may also come from third parties such as DGU, employers or event organizers.
6. Deletion
Data is stored only as long as necessary or as required by law.
7. Withdrawal of Consent
Consent may be withdrawn at any time. Withdrawal does not affect prior lawful processing.
8. Your Rights
You have rights of access, rectification, deletion, restriction, objection, data portability and objection to marketing.
Requests may be sent to info@greatnorthern.dk.
9. Changes to This Privacy Policy
Updates will be published at:
https://greatnorthern.dk/persondatapolitik/
10. Links to Other Websites
We are not responsible for third-party websites or their privacy practices.
11. Questions and Complaints
Contact us using the details in section 1, or file a complaint with:
The Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
DK-2500 Valby
Tel.: +45 33 19 32 00
Email: dt@datatilsynet.dk
Privacy Policy version 4.0 – August 2024