Privacy Policy and Cookie Policy – Arp-Hansen Hotel Group A/S

Privacy Policy

Updated on 19 January 2026

This Privacy Policy describes which personal data Arp-Hansen Hotel Group collect about you, the purposes for which we use it, the legal basis for the processing, with whom we share the data, how long we retain it, and which rights you have in relation to your personal data.

Arp-Hansen Hotel Group (“Arp-Hansen”, “we”, “us”, “our”) protects your personal data and processes it in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act. We want you, as a guest, customer, business partner or user of our digital services, to feel confident about how we process your personal data.

1. Who we are and when this policy applies

Arp-Hansen Hotel Group A/S (CVR no. 54399219) is the data controller responsible for the processing of your personal data in connection with our services. This means that we determine the purposes and means of the processing.

This Privacy Policy applies when you book and use stays with us, including hotel and hostel stays, as well as our meeting and conference facilities, restaurants, and other services; when you participate in our loyalty programs; when you communicate with us through customer service; or when you visit our websites and digital platforms. It also applies when you apply for a job with us or otherwise engage with us as a business partner.

2. Collection and processing of personal data

We place great emphasis on protecting your privacy and we take various measures to ensure that your personal data is processed responsibly. This Privacy Policy describes how we collect and process your personal data.

Depending on which of our services you use, the methods of collection, the purposes and means of processing may vary. Below you will find a description of the purposes for which we process your personal data.

2.1 Bookings

When you make a booking with Arp-Hansen Hotel Group, we process your personal data in order to complete the reservation, manage your stay and deliver the services you have ordered.

2.1.1 Hotel reservations

When you make a reservation for a hotel or hostel stay, as well as any selected additional products or services, we process and register the personal data necessary to complete and manage your stay.

Categories of personal data that may be processed:

  • Contact details (e.g. name, address, email and telephone number)
  • Age
  • Payment details
  • Reservation and purchase information (e.g. room type, length of stay and purchase of additional services)
  • Special categories of personal data (e.g. health data, to the extent necessary to accommodate special needs or ensure appropriate care during your stay)

Legal basis for processing:

  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary for the performance of a contract to which the data subject is a party, e.g. in connection with your hotel or hostel reservation.
  • Article 9(2)(a) GDPR (consent): For special categories of personal data, we obtain your consent. 

Retention:

We retain your booking data for 730 days after the end of your stay. The data may be stored for a longer period if we have a legitimate need to do so, for example if it is necessary to establish, exercise or defend legal claims, or if longer retention is required by law.

For bookings at Tivoli Hotel, personal data and booking data are retained for 380 days after the end of your stay.

2.1.2 Meeting and conference bookings

If you book a meeting or conference room, we process your personal data for the purpose of administering and completing the booking, including handling the reservation, follow-up, and payment and invoicing.

Categories of personal data that may be processed:

Contact details (e.g. name, address, email and telephone number)

Payment details

Special categories of personal data (e.g. health data, to the extent necessary to accommodate special needs such as allergies or to ensure appropriate handling in connection with the booking)

Legal basis for processing:

  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary for the performance of a contract, e.g. in connection with your meeting or conference booking.
  • Article 9(2)(a) GDPR (consent): For special categories of personal data, we obtain your consent.

Retention:

We retain personal data for as long as necessary to fulfil the purposes for which the data was collected. The data may be retained for a longer period if we have a legitimate need to do so, for example to establish, exercise or defend legal claims, or where longer retention is required by law.

2.2 Facilities and other services

If you use our facilities and services, including restaurants, bars, room service, pool and wellness treatments, laundry services, parking or similar services at our hotels, we process your personal data for the purposes of:

a) administering your booking and use of the services, and

b) communicating with you about your bookings via our communication channels (e.g. email, SMS or telephone).

If you provide us with sensitive personal data in connection with such services (e.g. information about allergies or special preferences), we will obtain your consent for processing this data to accommodate your requests.

Categories of personal data that may be processed:

  • Contact details (e.g. name, address, email and telephone number)
  • Special categories of personal data (e.g. health data such as allergies or other preferences)

Legal basis for processing:

  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary for the performance of the contract with you. 
  • Article 9(2)(a) GDPR (consent): For special categories of personal data, we obtain your consent.

Retention:

We retain personal data for 730 days after the completion of the relevant service in order to document and handle potential complaints.

For Tivoli Hotel, personal data is retained for 380 days after completion of the relevant service.

2.3 Registration cards

Pursuant to Danish law, guests staying at our hotel or hostel are required to complete a registration card. Guests with permanent residence and registration in a Nordic country are exempt from presenting a passport or other travel identification.

Categories of personal data that may be processed:

  • General information (e.g. name, address and country)
  • Arrival and departure dates
  • Passport number or CPR number
  • Signature

Legal basis for processing:

  • Article 6(1)(c) GDPR (legal obligation): The processing is necessary to comply with a legal obligation.

Retention:

Registration cards are retained for 730 days from the date the card was created.

2.4 Loyalty Club membership

If you join Arp-Hansen Hotel Group’s loyalty programme, we process your personal data to administer your membership. The purpose of the processing is to create and manage your membership, provide you with associated benefits, and tailor information and offers based on your preferences and history.

Categories of personal data that may be processed:

  • Contact details (e.g. name, address, email and telephone number)
  • Date of birth
  • Membership number and status
  • Information you provide in connection with the membership
  • Earned and redeemed benefits or points
  • Purchase behaviour (history of stays and purchases made in connection with the membership)

Legal basis:

  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary to fulfil the agreement entered into with you regarding your membership.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is carried out in order to tailor offers and communications based on your membership and your history, and to improve our services and the relevance of our communications.

Retention:

We retain your membership data for as long as you have an active membership. If you terminate your membership, your data will be deleted immediately unless we are legally required to retain it for a longer period.

2.5 Marketing of products and services

When we market products and services, we may use your personal data to target marketing activities. The processing is based on our legitimate interests or your prior consent.

Categories of personal data that may be processed:

  • Contact details (e.g. name, address, email and telephone number)
  • Date of birth
  • Your cookie ID, device type/ID (including information automatically transmitted from your device such as language settings, IP address and demographic data), and your behaviour on our websites

Legal basis for processing:

  • Article 6(1)(a) GDPR (consent): We obtain your consent.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest in marketing products and services that are relevant and of interest to you.

Retention:

We retain personal data for as long as necessary to fulfil the purpose of the processing. This means that we store the information for the period when we have an objective purpose for the storage, e.g. to be able to check whether you have opted out of direct marketing from us.

When marketing through our own channels (e.g. newsletters, email, SMS and push notifications), we use your data to send relevant communication and offers from Arp-Hansen Hotel Group.

When targeting marketing through external channels (e.g. Google, Meta/Facebook/Instagram or LinkedIn), this is solely for the purpose of presenting you with relevant content and offers, as further described in section 2.11.

Data used for segmentation or personalization is processed only to the extent necessary and is deleted or anonymized when you withdraw your consent.

You can always object to our direct marketing by contacting us at +45 45 97 05 00.

2.6 Digital services and platforms

We process personal data when you visit our websites, interact with us on social media, or use our applications. Below you can read more about which data we collect in different situations, for which purposes, and on what legal basis.

2.6.1 When you visit our websites

When you visit our websites, we may process information about your use of the site. The purpose is to optimize your user experience, improve the functionality of our websites, and compile statistics.
If you have given consent to statistics and marketing cookies, we may furthermore use the information to present content, offers, and direct marketing that are relevant to you, including to target and personalize marketing both on our own websites and through partners.

Categories of personal data that may be processed:

  • User behaviour
  • Contact details (e.g. name, address, email and telephone number)
  • Membership information
  • Browser history
  • Clicks
  • Search terms
  • IP address
  • Demographic data
  • Purchase history

Legal basis for processing:

  • Article 6(1)(a) GDPR (consent): The processing is based on your consent to the use of statistics and marketing cookies.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest in improving our websites and making our communications and direct marketing as relevant as possible.

Withdrawal of cookie consent:

You may withdraw your consent to cookies at any time via the cookie icon on our website. However, you cannot opt out of cookies that are necessary for the functionality of the website (“necessary cookies”), as these do not require consent.

Once you have withdrawn your consent to cookies, we will no longer collect information via such cookies. To delete cookies that have already been stored on your device, you must block and delete cookies in your browser yourself.

Please note that if you block or disable cookies, certain features and services may not be available, as they rely on the website being able to remember the choices you make.

2.6.2 Visits to our social media profiles

When you visit our social media profiles, we may process the information you have made available through your privacy settings, as well as your reactions to and interactions with our posts, including likes, shares, and comments. The purpose of the processing is to respond to your questions, communicate with you, improve our services, market our hotels and hostels and other services, measure the effectiveness of our campaigns, and avoid repeatedly exposing you to the same advertisements.

Legal basis for processing:

  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest in targeting our marketing on social media. Our interest is to reach our guests on the platforms they already use and present relevant content and offers.

Retention:

Information that you share with us on our social media profiles will generally remain on those profiles as part of the page history unless you delete it yourself.

2.6.3 Use of our applications

When you use Arp-Hansen Hotel Group’s applications, we collect and process your personal data. The purpose is to understand how the application is used so that we can improve functionality, and to deliver marketing and the services you request via the application.

Categories of personal data that may be processed:

  • Information about user behaviour, clicks, search terms, and date/time of application use
  • IP address
  • Which websites you visited immediately prior to accessing the application
  • Contact details (e.g. name, address, email and telephone number)
  • Booking information, add-on services and payments
  • Membership information (e.g. loyalty programmes)
  • Browser history, browser settings, browser configuration and plugins
  • Device and system information (e.g. device type, operating system, settings, application ID, unique device identifiers and crash data)
  • Location data (if you have consented to this)

Legal basis for processing:

  • Article 6(1)(a) GDPR (consent): The processing is based on your consent, for example in connection with the collection and use of location data and the sending of direct marketing where consent is required.
  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary for the performance of a contract entered into with you, for example in connection with bookings made via the application.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest in analyzing the use of the application, improving its functionality, and sending direct marketing where this may be carried out on the basis of legitimate interest.

Retention:

We retain personal data for as long as the customer relationship with you continues. You always have the right to object to our direct marketing or unsubscribe directly in the app. If you delete the app, we retain your data for 730 days, unless we have a legitimate need for longer retention, for example to handle complaints or meet documentation requirements.

2.6.4 Participation in competitions

When you participate in competitions arranged by Arp-Hansen Hotel Group - e.g. via our website, social media or email - we process the personal data you provide in connection with your participation.

The purpose of the processing is to administer the competition, including registering your participation, selecting and contacting winners, and sending prizes.

Categories of personal data that may be processed:

  • Contact details (e.g. name, email and telephone number)
  • Information you choose to share in connection with the competition (e.g. likes, shares and comments)
  • Information you have made available via your privacy settings, including your reactions and interactions with our posts

Legal basis for processing:

  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest.

Retention:

  • Information that you share with us on our social media profiles will generally remain on those profiles as part of the page history unless you delete it yourself. Personal data processed in connection with your participation in competitions which is copied into our own systems is deleted no later than after 12 months.

2.7 Satisfaction surveys

Arp-Hansen conducts satisfaction surveys in connection with your stay or your experience with us. The purpose of the surveys is to collect feedback so that we can improve the quality of our services, products and customer service.

Categories of personal data that may be processed:

  • Contact details (e.g. name, city, postal code and email)
  • Booking information

Legal basis for processing:

  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest in evaluating and developing guest experiences.

Retention:

  • We retain your personal data for 60 days, after which it is deleted.

2.8 CCTV (video surveillance)

At our hotels and hostels, we use CCTV as a security measure for both guests and employees. Surveillance generally takes place at hotel entrances, in reception areas and in bar areas. The purpose of the surveillance is to prevent and investigate crime, protect guests, employees and property, and to manage incidents or disputes, should they arise.

Legal basis for processing:

  • Article 6(1)(f) GDPR (legitimate interest): The processing is based on our legitimate interest in maintaining safety and security for guests, employees and property, and in preventing and investigating crime.

Retention:

  • CCTV recordings are retained only for a limited period and are generally deleted after 5 days, unless the recordings are necessary in connection with a specific case, e.g. a police report or a dispute.

2.9 Customer enquiries and communication

When you contact Arp-Hansen Hotel Group, e.g. via email, telephone, contact forms on our website, social media, or otherwise, we process the personal data you provide in connection with your enquiry. This may include your name, contact details, reservation information, and the content of your message.

The purpose of the processing is to respond to and handle your enquiry, provide customer service, and - where relevant - follow up on your questions, requests or complaints.

We encourage you not to send sensitive personal data (e.g. health data or CPR number) in your enquiry unless it is necessary to handle your case. If you must provide such data, it should be sent in encrypted form.

Categories of personal data that may be processed:

  • Contact details (e.g. name, address, email and telephone number)
  • Reservation information
  • The content of your enquiry, including any information you choose to provide
  • Any attachments or documents you submit in connection with your enquiry

Legal basis for processing:

  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary to handle your enquiry related to a reservation or other agreement with us.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is necessary to respond to enquiries or communications and we have a legitimate interest in providing service and handling correspondence efficiently.
  • For other enquiries, the legal basis depends on the purpose to which the enquiry relates.

Retention:

  • Personal data related to customer enquiries is retained only for as long as necessary to handle and document the case.

2.10 Artificial intelligence and chatbot

Arp-Hansen Hotel Group uses a chatbot on our digital platforms to respond to enquiries and assist with questions regarding our hotels, hostels, services and bookings. The chatbot is an automated communication tool that can provide quick answers and guide you to the right information.

When you use our chatbot, we may process the personal data you enter in the chat. The purpose of this processing is to respond to your enquiry and improve our customer service.

Arp-Hansen Hotel Group may use artificial intelligence (AI) to improve our services, streamline operations and offer more personalized experiences for our guests. This may include automated processes, analysis of customer interactions, recommendation tools, or quality assurance of service and communications.

We use and develop such technologies with respect for guests’ privacy and in accordance with applicable data protection legislation. Processing involving AI will always be subject to human oversight, and no automated decisions producing legal effects or similarly significant impacts will be made about you without your consent.

Legal basis for processing:

  • Article 6(1)(a) GDPR (consent): The processing takes place when you voluntarily consent to the use of our chatbot, for example by entering information in the chat.
  • Article 6(1)(b) GDPR (performance of a contract): The processing is necessary to perform or administer an agreement entered into with you, for example in connection with the booking, modification, or administration of your stay via the chatbot.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is carried out as part of our legitimate interest in providing efficient customer service and developing and improving our services and communications.

Retention:

  • We retain chatbot data for 5 days, after which it is deleted.

2.11 Marketing in external channels and profiling

When you visit our digital platforms, we may – provided that you have given consent to the use of cookies – collect information about your use of our websites and digital services. This may include, among other things, information about which pages you visit, which content and offers you interact with, and which products or services you have shown interest in. The information is used to improve the user experience, adapt content and functionality, and present recommendations and marketing that are relevant to you.

In this context, we may process personal data that you have provided yourself or that has been collected via our websites, applications, newsletters and other digital channels. This may include, for example, your email address, cookie ID, technical information about your device, and information about your behaviour, preferences and interactions with our content. The information may be combined and analysed in order to gain a better understanding of your interests and needs, for example by taking into account previous visits, interactions, and any bookings or purchases.

Based on this information, we may carry out segmentation, create audiences and target our marketing, as well as exclude existing customers from certain campaigns, so that you do not receive content that is not relevant to you. Content, offers and advertisements may be adjusted on an ongoing basis as we obtain new insights into your use of our digital platforms and your preferences.

If you have initiated a booking or reservation without completing it, we may in certain cases contact you via email or SMS with a reminder regarding the unfinished booking. Such communications may relate to the specific reservation or the services you have shown interest in, with the aim of making the communication as relevant as possible.

When you subscribe to our newsletter or otherwise consent to receiving marketing communications from us, we process your personal data in order to send you news, inspiration, campaigns and relevant offers relating to Arp-Hansen Hotel Group and our services. Marketing communications may be tailored based on your previous interactions, preferences or association with specific hotels, types of stays or services. You may opt out of marketing communications at any time by using the unsubscribe link included in the relevant message or by contacting us at info@arp-hansen.dk.

In order to offer more relevant and personalized advertising and to measure the effectiveness of our marketing, we cooperate with external advertising and platform partners, such as social media, search engines and other digital advertising platforms. This may include, among others, Meta (Facebook and Instagram), LinkedIn and Google, as well as comparable platforms. In this context, we may share selected information, such as technical identifiers and, in certain cases, an encrypted (hashed) version of your email address, and/or telephone number, as well as, where applicable, your first name and last name, with these partners for the purpose of identifying relevant audiences and displaying advertisements to you on third-party websites and applications. If no match is achieved with the relevant advertising partner, the information is deleted in accordance with the partner’s procedures.

Our advertising partners act as independent data controllers for their own processing of personal data, including any transfers to countries outside the EU/EEA, and such processing is subject to their respective privacy policies.

Legal basis for processing:

  • Article 6(1)(a) GDPR (consent): When you have voluntarily given your consent to the use of cookies, direct marketing, or other forms of tracking.
  • Article 6(1)(f) GDPR (legitimate interest): The processing is carried out as part of our marketing activities and our legitimate interest in offering relevant and personalized services and improving our communications.

Retention:

  • We retain your personal data for as long as you have a customer relationship with us, or until you object to receiving direct marketing. You have the right at any time to object to our use of your personal data for direct marketing. If you no longer wish to receive marketing, you can unsubscribe via the link in the relevant message or contact us at info@arp-hansen.dk

3. Disclosure and transfer of personal data

Arp-Hansen Hotel Group only discloses personal data when this is necessary and lawful.

In certain cases, we use external partners and suppliers who provide services on our behalf, for example in connection with the operation and support of IT systems, booking systems, payment solutions, marketing, customer satisfaction surveys, newsletters, loyalty programmes, and recruitment. These suppliers process personal data solely on behalf of Arp-Hansen Hotel Group and in accordance with our documented instructions.

Such processing is always governed by a written data processing agreement, which ensures that the suppliers are not permitted to use the personal data for their own purposes and that an appropriate level of technical and organisational security measures is maintained.

We may also disclose personal data where this is necessary to perform an agreement to which you are a party, for example in connection with the completion of reservations, payments, or deliveries, or where such disclosure is required by applicable law, for example to public authorities.

Legal basis:

  • Article 6(1)(b) GDPR (performance of a contract): Where the disclosure is necessary to provide the service you have requested or to administer your reservation or membership.
  • Article 6(1)(c) GDPR (legal obligation): Where we are required to disclose personal data in accordance with applicable law.
  • Article 6(1)(f) GDPR (legitimate interest): Where the disclosure is carried out as part of our legitimate interest in using external partners for the operation, support, and development of our services, or where the disclosure is necessary to establish, exercise, or defend a legal claim.

If your personal data is transferred to processors or controllers outside the EU/EEA that are not covered by an adequacy decision, the transfer is safeguarded through the use of the EU Commission’s Standard Contractual Clauses (SCCs) or other approved transfer mechanisms ensuring an adequate level of protection in accordance with Chapter V of the GDPR.

4. Withdrawal of consent

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.

Withdrawal of consent means that we will stop processing your personal data for the relevant purpose going forward. However, withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn.

If you wish to withdraw consent - e.g. for newsletters, marketing or other communication - you may do so by using the unsubscribe link in the relevant message or by contacting us at info@arp-hansen.dk

5. Your data protection rights

As a data subject, you have certain rights under the GDPR. These rights are intended to ensure transparency and control over your personal data. You can contact us at any time to exercise your rights by writing to info@arp-hansen.dk.

Right of access
You have the right to obtain confirmation as to whether we process personal data about you and, if so, access to the personal data and information about the purposes of processing, categories of data, recipients, retention periods and your rights.

Right to rectification
You have the right to have inaccurate or incomplete personal data about you corrected or updated. If you become aware that data, we have registered is incorrect, please contact us so that we can correct it.

Right to erasure
You have the right to request deletion of your personal data if the data is no longer necessary for the purpose for which it was collected.

Right to restriction of processing
 You have the right to request that processing of your personal data be restricted. This means that in certain cases you have the right for us to process the data only (other than storing it) with your consent, for legal claims or for important reasons of public interest.

Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have the data transmitted to another controller.

Right to object
You have the right to object to our processing of your personal data where the processing is based on our legitimate interests. If you object, we will assess whether our legitimate interests override your privacy interests. If not, we will cease the processing.

You always have the right to object to processing of your personal data for direct marketing purposes, including profiling.

Right to withdraw consent
Where we process your personal data based on your consent, you have the right to withdraw your consent at any time.

Right to lodge a complaint with a supervisory authority
If you are not satisfied with the way we process your personal data, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), which supervises compliance with data protection rules in Denmark:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Tel.: +45 33 19 32 00
Email: dt@datatilsynet.dk
www.datatilsynet.dk

6. Links to other websites etc.

Our services may contain links to other websites or integrated third-party features. Arp-Hansen Hotel Group is not responsible for the content of such websites or for their processing of personal data.

7. Contact

Arp-Hansen Hotel Group A/S is the data controller for the processing of personal data described in this Privacy Policy.

If you have any questions, comments or concerns regarding our processing of your personal data, this Privacy Policy, or if you wish to exercise one or more of your rights as a data subject, you are always welcome to contact us.

Contact details:

Arp-Hansen Hotel Group A/S
Nybrovej 75
2820 Gentofte
Denmark
Email: info@arp-hansen.dk
Telephone: +45 45 97 05 00

8. Changes to this Privacy Policy

Arp-Hansen Hotel Group reserves the right to update this Privacy Policy on an ongoing basis. The most recent version of the Privacy Policy will always be available on our website www.arp-hansen.dk.

This Privacy Policy was most recently updated on 19 January 2026.

This Privacy Policy is available in several languages on our websites. In case of any inconsistencies between the Danish version and other language versions, the Danish version will take precedence.

Cookie policy

We use cookies on our website arp-hansen.com in accordance with this cookie policy.

Owner information

Arp-Hansen Hotel Group A/S
Nybrovej 75
2820 Gentofte, Denmark
Central Business Register no. (CVR no.): 54 39 92 19
Telefon: +45 4597 0500
Email: sales@arp-hansen.dk

Get up to 15% off as a STAY&SAVE member. Read more about all the benefits