Go directly to content

Thon Hotels

Olav Thon Group Privacy Statement

Your privacy is important to the Olav Thon Group and we are committed to protecting the integrity, availability and confidentiality of your personal information. All processing of personal data in the Olav Thon Group must comply with the applicable privacy rules, including the GDPR and the Norwegian Personal Data Act.

This Privacy Statement provides in-depth information about what personal information is collected, how the information is collected, and what rights you have if personal information about you is registered with us.

Data Controller

Thon Holding AS determines the purpose of processing personal data and the methods to be used for the various companies in the Olav Thon Group. It is our view that Thon Holding AS should be regarded as the Data Controller for the personal data processed in the Olav Thon Group; see overview below. The responsibility for daily monitoring of our compliance with the privacy rules has been delegated to the privacy coordinator for the Olav Thon Group.

Our processing of personal data

The Olav Thon Group processes personal data for the following main purposes:

Operation of shopping centres

In order to operate our shopping centres, it is necessary to process personal information relating to tenants, including names and contact details for tenants, and the names of employees recorded in the IT systems in order to register daily turnover, as well as personal data processed as part of our control activities, such as security guards.

Rental of commercial property

In connection with the rental of commercial property, it is necessary for us to process personal information such as names and contact details of contact persons for tenants.

Rental and sale of homes

In order to enter into or fulfil agreements for the rental or sale of homes, it is necessary for us to process names, contact details, social security numbers, credit checks (for leasing), family situation/marital status etc.

Operation of hotels

In order to manage hotel bookings and offer accommodation to our guests, it is necessary for us to process data including name, address, date of birth, details of the stay (name of hotel, room number, price, payment method, number of nights, number of guests etc.), passport number (only for guests with registered address abroad), employer (for overnight stays covered by a corporate agreement).

Thon DISCOVERY

Thon DISCOVERY is Thon Hotels’ loyalty programme where members receive bonuses and discounts on overnight stays and meals in selected restaurants in Oslo. In order to fulfil the agreement it is necessary for us to process data including name, contact details, language, currency, booking history (see above), and any preferences that you have specified.

Customer clubs for shopping centres

Each of our shopping centres has a customer club where members receive offers and newsletters sent by e-mail or text. In order to fulfil this agreement it is necessary to process your name, address, telephone number, e-mail address, gender, date of birth etc. We use the auto-lookup from Link Mobility AS, through Eniro AS, to make registration easier. Members can also choose to enter their interests, number of children and the children’s ages.

Thon Wifi

We offer free wifi at our shopping centres and hotels. In order for you to take advantage of this service it is necessary for us to process e.g. IP address, MAC address and phone number.

Customer parking (Time Park)

When you drive into and out of our car parks we take a picture of the number plate on your vehicle. We use the images, along with details of the time and place where they were taken, to calculate the parking fee. If there is no fee payable at the exit, the photos will be deleted after you leave. If a fee is payable, the images will only be deleted when the fee has been paid or the charge has lapsed for some other reason. The camera does not pick up the people inside the vehicle.

If you complain about a calculated parking fee or penalty, we will process personal information that you provide in the complaint. This will typically include the name and address of the driver. There may also be further details of the driver and other people given in your reasons for the complaint and any documentation that you attach to it. Time Park will collect details of the owner of the vehicle from the Norwegian Register of Motor Vehicles.

How long do we store your personal data?

Personal data will not be stored any longer than necessary to fulfil the purpose of the processing or any statutory requirements placed on us; for example, the Norwegian Accounting Act requires us to keep detailed purchasing history for five years.

We will also delete personal information about you if you ask us to, unless we have a legal requirement or statutory obligation to keep your personal data for longer.

Can others access your personal information?

We will only share your personal information with other companies in the Olav Thon Group to the extent necessary to maintain day-to-day operations. As Thon Holding is responsible for the administrative work within the Olav Thon Group, this means that personal information processed by Thon Hotels, including Thon DISCOVERY, and Thon Eiendom, including the customer clubs, as well as Time Park, will be shared with Thon Holding. Beyond that, personal information about hotel operations and Thon DISCOVERY will be shared with the companies within Thon Hotels. The legal basis for this is a legitimate interest, as we want to streamline operations and provide the best possible service.

Unpaid bills will be passed to collection companies. We will also share your personal information with public authorities to the extent necessary to meet our legal obligations.

Beyond this, we will not share your personal information with other businesses unless you consent to this.

Information security

We take information security seriously and have established appropriate security measures to safeguard the integrity, availability and confidentiality of your personal data. Access to your personal information is limited to employees who have a professional need for such access. We will provide training to employees and third parties where relevant, to promote awareness of the Olav Thon Group’s privacy policy and procedures.

Use of Data Processors

The Olav Thon Group enters into data processing agreements with all businesses that process personal data on our behalf. Our Data Processors are cannot process your personal information except as agreed with us and as described in this Privacy Statement.

Where is your personal information stored?

Personal information processed by the Olav Thon Group is all stored on servers in Norway and Europe. We do not store personal information in countries outside the EU/EEA. Personal information processed in connection with Thon DISCOVERY is stored on the vendor’s servers in Frankfurt.

Rights

You have the right to access, correct or delete any personal information or to restrict any processing that relates to yourself. Under certain conditions you also have the right to object to this processing, and the right to data portability. You can also withdraw any consent to the processing of your personal information at any time.

You also have the right not to be subject to any decision based solely on automated processing that has a binding legal effect on you or significantly affects you in a similar way.

Any questions or requests for access to information recorded about you may be addressed to:

  • Norway:  or Thon Holding AS, PB 489 Sentrum, N-0105 Oslo, Norway.
  • Belgium:
  • Netherlands:

If you believe that we are processing personal information in breach of the law, you can submit a complaint to the Norwegian Data Protection Authority ().

Data Protection Officer

The Olav Thon Group has appointed its own Data Protection Officer to provide guidance, to ensure that personal information is processed responsibly and in line with the regulations. If you have any questions or objections relating to the Olav Thon Group’s processing of personal data, you can send an e-mail to the Data Protection Officer at .

Changes

If we make any changes to this Privacy Statement, the changes will be published on this website 14 days before they take effect.