Who are we?

Sircle Collection BV is a company registered in the Netherlands under registration number 34369785 with its registered address at Nieuwezijds Voorburgwal 271, 1012 RL Amsterdam (“Sircle Collection” or in the personal pronoun “we” or “our”).

Sircle Collection, together with its subsidiaries and affiliates (collectively the “Sircle Group”), creates and operates hospitality brands, including hotels, members clubs and restaurants. Our hospitality brands include:

Hotel Brands

  • Sir Hotels
  • Max Brown Hotels
  • Park Centraal Hotels

(Collectively, the “Hotel Brands” and each hotel that we operate under as one of the Hotel Brands a “Hotel”)

Restaurants

  • Seven North, Vienna, Austria
  • Bar Claes, Amsterdam, the Netherlands
  • Miznon, Vienna, Austria
  • The Rooftop, Barcelona, Spain

(Collectively, the “Restaurants”)

Our Hotel Brands, hotels and restaurants operate a number of websites including:

Hotel Websites

  • sirclecollection.com
  • sirhotels.com
  • maxbrownhotels.com
  • parkcentraal.com

(Collectively, our “Hotel Websites”)

Restaurant Websites

  • sevennorthrestaurant.com
  • miznonvienna.com
  • therooftop.com
  • barclaes.com

(Collectively, our “Restaurant Websites”)

(Our Hotel Websites and our Restaurant Websites collectively, our “Websites”)

The Data Controller

Sircle Collection determines the purposes and means of the processing of personal data for the members of the Sircle Group and the Hotels and Restaurants.

As such, Sircle Collection is the ‘Data Controller’ for the purposes of this privacy policy and for the Sircle Group and the Hotels and Restaurants.

You can contact Sircle Collection’s data protection representative by sending an email to:

privacy@sirclecollection.com

Privacy Policy

This privacy policy sets out the privacy practices of the members of the Sircle Group, our Hotels and our Restaurants.

By using our Websites or our software applications, such as the Sircle Collection app (our software applications collectively, our “Apps”), or submitting your personal information to any member of the Sircle Group, our Hotels or our Restaurants you are deemed to accept the terms of this privacy policy.

What is This Privacy Policy For?

The purpose of this privacy policy is to set out and explain why and how we collect information, how this information is used, and what your rights are regarding your personal information held by the Sircle Group.

What is Personal Data?

Personal data is information that relates to an identified, or identifiable, person.

What Does it Mean To ‘Process’ Personal data?

Processing your personal data means that we collect and use your personal data and undertake other actions including, amongst others, recording, structuring, storage, adaption or alteration, disclosure, erasure or destruction of your personal data.

Personal Data Covered Under This Privacy Policy

This privacy policy covers personal data relating to existing, prospective and potential members and guests of our Hotels and Restaurants and persons who visit our Websites, use any of our Apps, or visit or interact with any of our social media pages (the “Personal Data”)

What Personal Data Do We Process?

We collect information as part of the normal operation and marketing activities for the hotels with our Hotel Brands and the Restaurants and to improve our services to you.

Subject to the nature of your booking or reservation and your interaction with our Hotels, Restaurants, Sircle Collection BV or any member or affiliate of the Sircle Group, we may process the following personal data:

Personal Details

Includes information such as:

  • Name
  • Honorific

Contact Information

Includes information such as:

  • Personal address
  • Telephone number
  • Email address

Hotel Bookings

Includes information such as:

  • Date and place of birth
  • Nationality
  • Passport, visa or other officially-issued identification data
  • Dietary or other health requirements that you may disclose
  • Any personal preferences or requests that you may make
  • Personal details of any companions / family members
  • Names and ages of any children accompanying you
  • Confirmation of parental responsibility for accompanying children

Restaurant Reservations

Includes information such as:

  • Dietary or other health requirements that you may choose to disclose
  • Any personal preferences or requests that you may make known to us

Billing Information

Includes information such as:

  • Credit and debit card number or other payment data
  • Business address

Usage Data

Includes information such as:

  • Prior stays at the Hotels or Restaurant visits and other interactions

Transaction Data

Includes information such as:

  • Details of payments by and between you and Sircle Group and our Hotels and Restaurants

Profile Data

Includes information such as:

  • Information you may provide to us through our ‘Your Portfolio’ membership programme
  • Any content you generate on, our upload to, or make available on, our Websites, our Apps, our social media pages or any other of our digital channels.
  • Language preference
  • Previous special services or amenity requests
  • Feedback from prior stays at our Hotels or visits to our Restaurants; including customer surveys

Marketing and Communications Data

Includes information such as:

  • Any consents to receive marketing newsletters and marketing materials from us
  • Your communication preferences

Technical Data

Includes information such as:

  • Data on your visits to our Websites, pages visited, referring URL, statistical data and other aggregated traffic data
  • Data collected when you visit our websites or use our Wi-Fi, such as, your device’s Media Access Control (MAC) address, screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version
  • Data generated when you use our Apps, such as, the date and time the App accesses our servers, location data, mobile device advertising identifiers, and the data and files downloaded to the App

(This information collectively, the “Technical Data”)

Security Cameras

Includes information such as:

  • Images and video and audio data via security cameras located in public areas, such as hallways and lobbies, in our Hotels and Restaurants

Privacy Protection Data

Includes information such as:

  • Consents for the processing of personal data
  • Personal data processing preferences

How and Where We Collect Your Information

We use different methods to collect data from and about you including through:

  • Direct interactions. You may directly provide us with information when you communicate with the staff at our Hotels or Restaurants, by filling in online forms or by corresponding with us by post, phone, and email or otherwise. This includes personal data that you provide to us when you:
  • make a reservation at one of our Hotels or Restaurants, either directly with the respective Hotel or Restaurant or through a third party booking or travel agent
  • visit or are a guest at one of our Hotels or use on-property services and outlets, restaurants, concierge services, health clubs and spas
  • visit or are a guest at one of our Restaurants
  • Provide us with any personal preferences, including dietary and other health requirements
  • Join, or update your personal information in our membership programme, ‘Your Portfolio’
  • purchase goods and services from our Websites or Apps
  • connect with, or post to, our social media pages
  • Sign up to receive any publications or marketing materials or participate in a survey, contest or promotional offer
  • Communicate with our customer service operations or provide us with feedback
  • Automated data collection. When you interact with one of our websites, connect to the Wi-Fi in one of our Hotels or Restaurants, or use one of our Apps, we may automatically collect Technical Data. We collect these Technical Data by using cookies, server logs and other similar technologies.
  • Strategic Business Partners. We collect information from companies with whom we partner (“Strategic Business Partners”) to provide you with goods, services, or offers based upon your experiences at our Hotels and Restaurants, or that we believe will be of interest to you. Examples of Strategic Business Partners include spas, gyms, on-property retail outlets, travel and tour partners, rental car providers and travel booking platforms. Strategic Business Partners are independent from the Sircle Group
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, such as:
  • Analytics providers
  • Advertising networks
  • Search information providers
  • Data brokers or aggregators
  • Contact, financial and transaction data from providers of technical, payment and delivery services you use when you make payments on any of the websites or at any of our Hotels or Restaurants
  • We also use CCTV surveillance in order to prevent our services and facilities from being used for illegal purposes and to protect our employees and customers at our locations
  • Other Sources. We collect personal data from public databases, joint marketing partners and other third parties.

Why We Process Your Personal Information and The Legal Basis

In line with the European regulations governing the protection of European Union residents’ rights, we require specific legal ‘grounds’ / authorisation to process your data. These grounds form the ‘legal basis’ for processing your information. The legal bases for processing your personal data include:

“Performance of Contract”: where processing your personal data is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

“Consent”: where you have given consent to processing your personal data for one or more specific purposes.

“Legitimate Interest”: where we have a legitimate interest to process your personal data subject to your reasonable expectations based on your relationship to us.

“Legal Obligations”: processing your personal data where we are required to comply with or carry out a legal or regulatory obligation.

“Legal claims”: processing your personal data where your information is necessary for us to defend, prosecute or make a claim.

“Vital Interests”: processing your personal data where processing is necessary to your, or another person’s, vital interests.

Booking & Guest Registration

  • Business Activities

    Personal data is required for our business activities, such as:

    • Making bookings and reservations for our Hotels and Restaurants
    • Pre‑arrival communications (logistics, changes, preferences, etc.)
    • Processing any pre-payments and security deposits
  • Legal Basis

    • Performance of contract: such as recording details of bookings and reservations, guest communications and processing payments
    • Legitimate interest: such as processing information on our guest’s preferences
    • Legal obligations: such as those relating to financial transactions and the obligation to maintain books and records

Reception

  • Business Activities

    Personal data is required for our business activities, such as:

    • Check-in and check-out
    • Processing payments
  • Legal Basis

    • Performance of contract: such as providing services and processing payments
    • Consent: such as processing information regarding dietary requirements or health issues that our guest may choose to disclose
    • Legitimate interests: such as providing tailored services in line with our guest’s preferences
    • Legal obligations: such as processing personal identification where legally required

Hotel Services

  • Business Activities

    Personal data is required for our business activities such as:

    • Providing consistent and personalised service and advice about the on-site services (based on past usage or expressed preferences)
    • Providing concierge, luggage storage and parking services
    • Making arrangements with third‑party providers on behalf of guests (such as coordinating offsite activities, arranging taxi, shuttle and chauffeur services and facilitating reservations and bookings at restaurants and events)
    • Enabling and supporting access to Wi-Fi, TV and other connectivity services and entertainment systems
    • In-room dining (including taking into account any dietary or other health requirements expressed by the guest)
    • Housekeeping services (including any personal preferences) and dry-cleaning services
    • Handling customer requests, inquiries and complaints
    • Determining eligibility for age‑restricted goods and services (such as alcohol or in-room adult entertainment)
  • Legal Basis

    • Performance of contract: such as providing services, Wi-Fi access and processing payments
    • Consent: such as processing information and providing tailored services in line with dietary or other health requirements and personal preferences that our guests may choose to disclose
    • Legitimate interest: such as optimising IT systems and Wi-Fi or disclosing personal data to third-party providers
    • Legal obligations: such as those relating to financial transactions, including the obligation to maintain books and records, or processing personal identification or confirming our guest’s age where legally required

Restaurant, Food & Beverage Services

  • Business Activities

    Personal data is required for our business activities such as:

    • Providing for dietary or other health requirements or preferences
    • Providing consistent and personalised service and advice about the on-site services based on past usage or expressed preferences
    • Providing parking services
    • Handling customer requests, inquiries and complaints
    • Enabling and supporting access to Wi-Fi

    Determining eligibility for age‑restricted goods and services (such as alcohol)

  • Legal Basis

    • Performance of contract: such as providing services and processing payments
    • Consent: such as processing information and providing tailored services in line with dietary or other health requirements and personal preferences that our guests may choose to disclose
    • Legitimate interest: such as optimising IT systems and Wi-Fi
    • Legal obligations: such as those relating to financial transactions, including the obligation to maintain books and records, or processing personal identification or confirming our guest’s age where legally required

Operations & General Business

  • Business Activities

    Personal data is required for our business activities such as:

    • Providing guest services to enable and address inquiries, comments and complaints about any of our services (such as in person, through phone lines, email, or on social media)
    • Security and fraud prevention
    • Managing our websites, Apps and our social media pages (including troubleshooting, data analysis, testing, system maintenance, support, reporting and the hosting of data)
    • Monitoring and analysing usage of services and using data analytics to improve services, marketing, programmes, overall customer experience, gathering feedback, carrying out pilot programmes for potential new services and both developing new and improving existing services
    • Facilitating mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions)
    • Collecting unpaid debts and claiming for damages or breaches of contract
    • Using usage data for capacity and staff planning and to comply with permits and regulations
  • Legal Basis

    • Performance of contract: such as providing services and processing payments
    • Consent: such as implementing marketing programmes and functional, targeting and performance cookies
    • Legitimate interest: such as responding to guest complaints and concerns, forecasting and operations planning, improving services, the prevention of fraud and collecting unpaid debts or damages and using Technical Data to ensure that our Webpages, Apps and our social media pages function properly
    • Legal obligations: such as those relating to financial transactions and the obligation to maintain books and records

Websites, Apps & IT systems

  • Business Activities

    Personal data is required for our business activities such as:

    • Provide access to information about of our Hotels and restaurants, online booking, Wi-Fi and personal accounts and your booking information
    • Maintaining the security of our Websites, Apps and IT systems
    • Personalising your experience while using our Websites, Apps and IT systems
    • Improving design and functionality and displaying content more effectively
  • Legal Basis

    • Performance of contract: such as providing for guest communications, access to Wi-Fi, and personal online accounts
    • Consent: such as collecting information from functional, targeting and performance cookies
    • Legitimate interest: such as processing information necessary to operate our Websites and Apps
    • Legal obligations: such as providing appropriate security for, and the integrity of, your personal data

Emergency & Incident Response

  • Business Activities

    Personal data is required for our business activities such as:

    • Ensuring the security of our on-site services
    • Responding to, handling and documenting on-site accidents and medical and other emergencies
    • Actively monitoring properties to ensure adequate incident prevention, response and documentation (including security cameras)
    • Requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, and telephone calls etc.)
  • Legal Basis

    • Performance of contract: such as ensuring the safety of guests
    • Legitimate interest: such as monitoring properties through security cameras to ensure the safety of guests and personnel
    • Legal obligations: such as documenting on‑site accidents
    • Vital interests: such as contacting medical or emergency

Legal & Compliance

  • Business Activities

    Personal data is required for our business activities such as:

    • Complying with applicable laws and legal processes
    • Responding to requests from public and government authorities
    • Meeting national security or law enforcement requirements
    • Enforcing our terms and conditions and pursuing available legal remedies
    • Protecting our operations
    • Protecting the rights, privacy, safety, or property of the Sircle Group, guests, visitors and other relevant individuals
  • Legal Basis

    • Legitimate interest: such as enforcing payment obligations, damages and other claims
    • Legal obligations: such as providing information to authorities in accordance with our legal obligations, providing the security and integrity of your personal data, and use in connection with judicial proceedings
    • Vital interests: such as contacting emergency services in case of disturbances and incidents involving guests

Spa & Fitness Services

  • Business Activities

    Personal data is required for our business activities such as:

    • Reservations and bookings
    • Determining eligibility for services
    • Providing for disability or other health-related restrictions through appropriate and safe activities, services and treatments
    • Providing consistent and personalised service based on past usage or expressed preferences
    • Processing payments
    • Arranging requested professionals for specific treatments and services
    • Handling customer requests, inquiries and complaints
  • Legal Basis

    • Performance of contract: such as providing services and processing payments
    • Consent: such as collecting information regarding health requirements when providing our services
    • Legitimate interest: such as providing personalised services based on past activity
    • Legal obligations: such as those relating to financial transactions, such as the obligation to maintain books and records
    • Vital interests: Such as when an individual becomes ill while using the fitness equipment

Child-Related Services (for Parents & Legal Guardians)

  • Business Activities

    Personal data is required for our business activities such as:

    • Making reservations and bookings for children
    • Preparing for and coordinating hotel accommodations and services in accordance with guest preferences, instructions and expectations
    • Payment and billing services;

    Applying special rates and ‘child options’ such as special menus for children or special discounts for children under a certain age

  • Legal Basis

    • Performance of contract: such as applying extra charges or discounts or providing children’s beds
    • Consent: such as processing a child’s personal information
    • Legitimate interest: such as communicating special offers, initiatives or activities for children and parents
    • Legal obligations: such as processing personal identification to confirm parent or legal guardian or those relating to financial transactions, such as the obligation to maintain books and records

Loyalty & Other Member Programmes

  • Business Activities

    Personal data is required for our business activities such as:

    • Registering users in loyalty and other member programmes
    • Determining eligibility for various programmes and related services
    • Administering loyalty and other member programmes
    • Providing consistent and personalised service based on past usage and the preferences expressed by members
    • Ensuring access to our Websites, Apps and your personal online account
    • Processing payments
    • Communicating membership activities, events and new initiatives
    • Notifying members about changes to programmes, terms and conditions
    • Handling members’ requests, inquiries and complaints
  • Legal Basis

    • Performance of contract: such as application of discount rates benefits and processing payments and providing access to personal online accounts
    • Consent: such as sending membership communications, newsletters and other marketing communications
    • Legitimate interest: such as providing personalised services based on past activity
    • Legal obligations: such as those relating to financial transactions such as the obligation to maintain

Marketing, Promotions, & Contests

  • Business Activities

    Personal data is required for our business activities such as:

    • Sending out newsletters about new developments, initiates or promotions
    • Communicating about products and services that may be of interest to guests
    • Providing personalised advertisements for products and services on selected websites
    • Participation in competitions, sweepstakes and other promotions
    • Utilising cookies to identify which advertisements or offers are most likely to appeal to potential guests and deliver relevant products, content or advertisements to display on our Website, Apps or external advertising
    • Utilising cookies to track responses to online advertisements and marketing actions

    Handling customer requests, inquiries and complaints

  • Legal Basis

    • Performance of a contract: such as processing guest requests
    • Consent: such as sending newsletters and other marketing communication and collecting information from functional, targeting and performance cookies
    • Legitimate interest: such as providing advertisements for similar products and services
    • Legal obligations: such as handling data protection law queries or complaints or complying with rules relating to competitions

Personal Data Protection

  • Business Activities

    Personal data is required for our business activities such as:

    • Complying with our legal obligation to retain information regarding your consents or personal preferences
  • Legal Basis

    Legal obligations: such as our obligation to provide confirmation of data privacy consents and other actions

Failure to Provide Personal Data

If certain personal data is required to perform our obligations under contract, or we are obliged by law to process such data, and you fail to provide that data when requested, we may not be able to perform the agreed services or may be obliged to terminate the contract, but we will notify you if this is the case at the time.


If we request your consent to use personal data and you decline to grant us consent we may not be able to perform the services for which the specific personal data is required.

How We Use Cookies

Our Websites use cookies to, amongst other things, measure and improve the performance of, and personalize, our Websites and for marketing purposes. Our Websites each use their own set of Cookies. For clarity and transparency we have set out a cookie policy for each Website explaining how we use cookies and detailing the specific cookies used on the respective Website. The cookie policy can be found by clicking on the ‘Data Protection’ link at the bottom of each webpage.

How and When We Share Information

We share your personal data with the following parties:

Sircle Group

We disclose personal data to entities within the Sircle Group members and our Hotels and Restaurants for the purposes set out in this privacy policy, such as processing your reservations, the provision and personalisation of our Hotel or Restaurant services, communication with you, facilitating the loyalty programmes and to accomplish our business purposes.

Service Providers

We disclose personal data to third party service providers including, for example, companies that provide website hosting, data analysis, payment processing, credit reference agencies, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, web analytics providers, digital advertising service providers, providers of CRM, marketing and sales software solutions and other services.

Strategic Business Partners

We disclose personal data and Other Data with select Strategic Business Partners to provide you with goods, services and their own marketing.

Legal Obligations and Reporting

We may need to disclose your personal data to legal and regulatory authorities to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process or reporting requirements from public health organisations, local councils and governmental authorities.

Disclosure Necessary to Protect Our Business Interests

We may need to disclose your personal data to legal and regulatory authorities, to our accountants, auditors, lawyers or similar professional advisers or to other third parties, when necessary to enforce our terms and conditions, house rules or other applicable contract terms, protect our operations, pursue available remedies or limit the damages that we may sustain. We may also disclose personal data to these third parties if it is necessary to take action regarding illegal activities or to protect the safety of any person. This may include (without limit) exchanging information with the police, courts or law enforcement organisation.

Business Transactions

We may need to disclose your personal data to as yet unknown third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Sircle Group business, assets or stock (including any bankruptcy or similar proceedings).

Security

The transmission of information over the internet or public communications networks can never be completely secure. We will take appropriate technical and organisational security measures to protect the personal data that you submit to us against unauthorised/unlawful access or loss, destruction or damage, however, we cannot fully guarantee the security of personal data that you provide to us online.

How Long Do We Store Your Personal Data?

We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this privacy policy or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is longer.

We retain information submitted through our Website for 50 months following your account closure or our last contact with you, as applicable. When you consent to receive marketing communications, we will keep your data until you unsubscribe.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.

Your Personal Data Protection Rights

Your personal data protection rights are based on the data protection laws governing the processing of your personal data. If you are a resident of the European Union, the General Data Protection Regulation grants you the following rights in relation to your personal data:

Right of Access

You have the right to request, and receive, confirmation whether or not we are processing your personal data and, if so, have access to your personal data to receive information regarding how your personal data has been processed.

Right to Rectification

If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data.

Right to Erasure

We are obliged to delete or remove your personal data if you request us to do so, where such data is no longer necessary for the purpose for which it was collected, or if you withdraw your consent where such consent was required. We shall not be required to erase the data if there is a legal requirement to retain the information or if the data is required for the establishment, exercise or defence of legal claims. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data.

Right to Restrict Processing

You may ask us to restrict or 'block' the processing of your personal data in certain circumstances such as where you contest the accuracy of the data or the lawfulness of the data processing. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data.

Right to Data Portability

In certain circumstances you have the right to receive your personal data from us in a format that can be transferred to you and to another data controller. This right relates to data processed on the basis of your consent and data required for the performance of a contract with you. You may reuse it elsewhere.

Right to Object

You may object at any time and instruct us to stop processing your personal data:

  • That is being processed solely on the grounds of our ‘legitimate interest’ (in which case we must demonstrate compelling legitimate grounds to continue processing the data)
  • That is being processed for direct marketing

Right to Withdraw Consent

If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing your data before we received notice that you withdrew your consent.

Right to Lodge a Complaint With The Data Protection Authority

If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the Netherlands data protection authority (the ‘Autoriteit Persoonsgegevens’), or, as the case may be, any other competent data protection authority of an EU member state that is authorised to hear those concerns. (You may find EU Data Protection Authorities' contact information at https://edpb.europa.eu/about-edpb/board/members_en).

If you wish to exercise any of these rights, please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.

Such requests are usually provided free of charge, however, a reasonable fee may be applied to cover our administrative costs for requests that are manifestly unfounded, excessive or repetitive.

Changes to Our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or modifications.

Contact

For any questions, comments or requests regarding this privacy policy you can contact Sircle Collection’s data protection representative by sending an email to:

privacy@sirclecollection.com

Last update: 17 May 2021