Privacy policy

1. Principles of Data Processing

Koidulapark Hotel OÜ greatly values the privacy of each of its clients. We understand the importance of personal data protection and recognize that, due to the nature of our business, we collect and store more personal data than the average company. Therefore, we take great care in protecting your personal data. We strictly adhere to all legal requirements concerning the processing of personal data. Compliance with these requirements is not just a formal one-time action for us, but a substantial daily practice integrated into all our operations.

This privacy policy explains what data we collect about you, why we do so, and how we handle your data. In data processing, we prioritize customer satisfaction, and our purpose for collecting data is to provide you with the best possible service and to fulfil all contractual obligations accurately.

Below, we explain how we process your data when you:

Make a reservation at our hotel
Stay at our hotel
Use our website or otherwise communicate with us (e.g., via social media).

2. Who Are We?

Koidulapark Hotel is a two-star hotel located in the centre of Pärnu. We implement the necessary technical, physical, and organizational security measures to protect your personal data and mitigate risks.

If you have any questions about this privacy policy, please contact us at: office@koidulaparkhotell.ee

3. What Personal Data Do We Collect?

Personal information: e.g., first and last name, date of birth/personal identification number, nationality, as well as the name, date of birth, and nationality of a spouse or minor staying with you
Contact details: e.g., home address, email address, phone numbers
Contact details of business clients, such as name, job title, and preferred language
Booking information: bookings made at our hotel including personal preferences like room view, floor preference, room category, special needs. This data is usually collected directly from you through our website, by phone, email, or in person
Payment and financial data: e.g., account number, cardholder name, card number, expiration date, payment method, and payment behaviour (e.g., delays)
Loyalty program participation and consent/refusal for direct marketing
Data from video surveillance systems, i.e., footage of your movements in and around the hotel for security purposes

We may also receive your data from travel agents, booking platforms, and accommodation service intermediaries through whom you ordered our services.

4. Why Do We Need Your Data? What Happens If You Don’t Provide It?

We use your data to provide you with accommodation and other services you have requested, to meet our legal obligations, and for general business purposes, such as:

Personal data – needed to verify your identity to ensure services are provided to the correct person
Contact data – required to reach you, typically via email or phone, and occasionally by mail
Registration card data – required by the Tourism Act to prevent risks like illegal immigration
Credit card data – used to reserve or charge for services in accordance with the service agreement
Personal preferences – used to offer you more personalized services based on your interests

Failure to provide the required registration card data may prevent us from providing accommodation. Also, without contact and credit card details, online, phone, or in-person reservations cannot be confirmed.

To ensure smooth service delivery and contract performance, we may send you relevant information using the contact details you have provided. We may also contact you after your stay for feedback, to resolve service issues, or return lost items.

5. On What Legal Grounds Do We Process Your Data?

We process personal data in accordance with applicable Estonian legislation. Main legal grounds include:

To establish or fulfil a contract with you
To meet our legal obligations (e.g., retaining registration card data for 2 years)
To pursue our legitimate interests (e.g., business operations, fraud prevention)
To protect vital interests (e.g., in emergencies, providing data to rescue services)
Other legally permitted grounds

If we rely on your consent, you may withdraw it at any time.

6. With Whom Do We Share Your Data?

We do not share your data except in limited cases:

With authorities or regulators, if legally required or to protect our rights
With authorized processors, advisors, or those legally entitled to access such data
With third parties during corporate transactions (e.g., sale, merger, restructuring)

When sharing data, we ensure protection via data processing agreements.

We do not transfer your personal data outside the European Economic Area or to countries without an adequacy decision under Article 45(1) of Regulation (EU) 2016/679.

7. How Long Do We Store Your Data?

We retain personal data only as long as required by law or necessary for the purposes stated in this policy. For example:

Credit card data is stored only until the contract is fulfilled
Other data is stored based on legal or regulatory obligations (e.g., for accounting or Tourism Act purposes)
We may store certain data if your client account is active or you engage with us via the website

When no longer needed, data is deleted or anonymized.

8. Security of Your Data

We prioritize data security but note that no internet transmission or electronic storage method is 100% secure.

We take all reasonable measures to ensure safe processing in compliance with this privacy policy and Estonian law. Data is shared only if legally justified and security is assured.

9. Your Rights Regarding Your Data

Under the EU General Data Protection Regulation (GDPR), you have the following rights:

Right to access – clear information about how your data is used
Right to rectification – correction of incomplete or inaccurate data
Right to erasure – deletion of your data, except when legal obligations require retention
Right to restrict processing – temporarily block processing under certain conditions
Right to object – to processing based on legitimate or public interest or for direct marketing
Right to data portability – transfer of your data in machine-readable format
Right to withdraw consent – at any time, without affecting prior processing based on consent

To exercise your rights or ask questions, email us at: office@koidulaparkhotell.ee. We usually respond within one month. If you are unsatisfied, you may contact the Estonian Data Protection Inspectorate.

10. Visiting the Website koidulaparkhotell.ee

Our website logs visitor data, including:

Device type
IP address
Browser type
ISP
Visit date/time
Entry and exit pages, click behaviour

This data is used for analysis and administration, without personally identifying users.

Our website may link to third-party sites. We recommend reviewing their privacy policies, as we do not control or take responsibility for their content or practices.

11. Cookie Usage Policy

Like most websites, koidulaparkhotell.ee uses cookies—small text files stored on your device to remember preferences, regional settings, and service choices. You can disable cookies in your browser settings, but it may impact service quality.

Cookies are either session-based (deleted after browser closes) or persistent (stored longer).

Types of cookies:

Necessary cookies – enable core functions like authentication
Consent cookies – record cookie consent
Functionality cookies – remember choices like login info or language
Google Analytics cookies – analyse visitor behaviour and site usage

Data collected via cookies may be used to:

Operate and improve the site
Gather statistics and user behaviour insights
Identify users and communicate via email, phone, or social media
Preventing fraud and ensuring security
Review chat history for better support
Develop or enhance services and features
Improve user experience and site navigation

12. Privacy Policy Updates

We reserve the right to modify this privacy policy. Updates are marked with a revised date at the bottom of the document. Continued use of our website implies consent to these changes.