Privacy statement

This privacy policy therefore applies to Fletcher Hotel Exploitaties B.V. located at Buizerdlaan 2, Nieuwegein, Netherlands ("Fletcher Hotels"), email: support@fletcher.nl; phone: +31 (0)347 750 430, and Fletcher Deutschland Betriebs GmbH, c/o Steuerberater Martin Wenzel, Graf-Adolf-Str. 1, 40878 Ratingen, Germany, phone: +31 (0)347 750 430, email: support@fletcher.nl. ("Fletcher Hotels Duitsland"; together "Fletcher Hotels Groep" or "we").

Fletcher Hotels operates, among other things, the website www.fletcher.nl, the central hotel reservation system of the Fletcher Hotels Groep and the hotels of Fletcher Hotels located in the Netherlands. Fletcher Hotels is therefore responsible for processing your personal data collected through your visit to the website, your booking or cancellation process, your (optional) Fletcher Friend or Business account, our newsletter, the marketing activities of Fletcher Hotels and – with respect to our services in the Netherlands – the performance of the contract, your hotel stay, or the related hotel services.

Fletcher Hotels Duitsland is responsible – with respect to our services in Germany – for processing your personal data collected in the context of the performance of the contract, your hotel stay, or the related hotel services, as well as the hotel's own marketing activities.

If you book a stay at a hotel of the Fletcher Hotel Exploitaties B.V. in Germany, your personal data will be processed by both Fletcher Hotels and Fletcher Hotels Duitsland. Both act as data controllers within the meaning of Article 4(7) GDPR. If you have any questions about the content of the privacy policy, you can contact Fletcher Guest Support at support@fletcher.nl. You can reach our data protection officer at dataprotection@fletcher.nl.

Fletcher Hotel Exploitaties B.V. processes various personal data for different purposes. Below is an explanation of which data is processed, for what purpose, on what legal basis, and the associated retention periods.

Visiting the website

Whenever you visit the Fletcher Hotel Exploitaties B.V. website, data about you is processed. This is necessary to technically provide you with a functional website and its content. Additionally, Fletcher Hotel Exploitaties B.V. uses this data to technically optimize the website and ensure the security of IT systems. In this context, Fletcher Hotel Exploitaties B.V. processes data automatically collected during your visit or provided by you through input and user behavior. This data includes in particular:

• Information about the type of browser you use, including its version and language and country settings.
• The operating system you use.
• Your internet provider.
• Your IP address.
• The date and time of your visit.
• Internet pages from which you accessed our website.
• Internet pages you visit through our website.

This data is also stored in the log files of Fletcher Hotel Exploitaties B.V.'s IT systems. The data is not stored alongside other data about you. IP addresses are automatically deleted after 24 hours, anonymizing your data after this period.

Legal basis

This processing is based on Fletcher Hotel Exploitaties B.V.'s legitimate interest in providing a functional, user-friendly, and secure website. Additionally, the data is processed to provide information needed for prosecution in the event of a cyberattack, pursue legal claims, compile statistics, and further develop and improve our hotels and services. The legal basis for this processing is Article 6, Paragraph 1, Sentence 1, Subsection f) of the GDPR.

Processing also takes place if we are legally required to do so under other statutory obligations (e.g., retention and documentation obligations under tax and commercial law). The legal basis for this is Article 6, Paragraph 1, Sentence 1, Subsection c) of the GDPR.

Access and transfer of data

In principle, only organizations responsible for maintaining our website have access to your data. Data is only transferred to the designated hosting provider, with whom we have a processing agreement under Article 28 of the GDPR.

Transfer to third countries

A transfer to third countries outside the European Economic Area is not foreseen unless otherwise stated in this privacy policy or our cookie policy.

Booking and stay data

When booking an overnight stay, a package, a table reservation, or one of our meeting rooms, you enter into an agreement with Fletcher Hotel Exploitaties B.V. for our hotels in the Netherlands or with Fletcher Hotels GmbH for our hotels in Germany. For this, we require your first and last name, address, phone number, email address, arrival and departure dates, payment details (e.g., credit card details), confirmation of your age of majority, and, if applicable, information about your Fletcher Friend membership or business account. For online bookings via our website, technical data related to your booking is also collected as described above.

We may also receive your booking and stay data from third parties through whom you completed the booking process, such as Booking.com and Vakantieveilingen. We may request additional data to deliver our services and/or meet legal requirements, e.g., your nationality, the number and nationality of your fellow travelers, the serial number of your identification document, your date of birth, or specific interests and preferences.

We process health data, information about your ethnic origin, political opinions, religious or philosophical beliefs, or other sensitive data only in accordance with Article 9, Paragraph 1 of the GDPR and only with your explicit consent, e.g., to offer special services (such as access for disabled persons or catering to specific dietary needs). Additionally, we may be legally obligated to verify your identity.

During your stay, data about you is also collected and processed (e.g., data related to your check-in, your access rights to hotel rooms and other areas of our hotels, extra paid services such as consumption in our bars and restaurants, telephone and internet services, or pay-TV services, as well as any inquiries or complaints). Legally, we may be required to collect additional data during check-in (e.g., your nationality, the number and nationality of your fellow travelers, the serial number of your identification document, or your citizen service number).

Use of data

Your booking and stay data are analyzed and used by us to create statistics for further development and improvement of our hotels and services for specific target groups, as well as to carry out marketing activities. If you have given consent to receive our newsletter, the data will also be used to personalize your newsletter.

Your booking and stay data are used within Fletcher Hotel Exploitaties B.V. for service calls. In these service calls, we ask about your experience at Fletcher Hotel Exploitaties B.V. and, if desired, offer you an attractive deal for similar products or services. If you use the opt-out option when making your reservation or booking, your data will not be used for this purpose.

Additionally, we may provide your personal data to Hotelbon B.V. when you give consent to be contacted by phone by Hotelbon B.V. with attractive offers. Hotelbon B.V. is a sister company of Fletcher Hotel Exploitaties B.V. In these service calls, we ask about your experience at Fletcher Hotel Exploitaties B.V. and, if desired, offer you an attractive deal.

Legal basis

The processing of the above-mentioned data is necessary for the performance of the contract. The legal basis for this is Article 6(1)(b) of the GDPR. Without, for example, your contact details, payment information, and information about your requested coverage, we cannot fulfill the contract with you.

Additionally, the processing is based on our legitimate interest in providing our customers with high-quality services, implementing marketing measures (based on your preferences through the offered opt-out option and your right to object) (including processing of data for research and statistical purposes), managing the contractual relationship properly, and, if necessary, proving and enforcing our legal claims. The legal basis for this is Article 6(1)(f) of the GDPR.

Processing also takes place if we are legally or statutorily required (for example, due to retention and documentation obligations under tax, commercial, or reporting legislation). The legal basis in this case is Article 6(1)(c) of the GDPR.

For sharing personal data with Hotelbon B.V., the processing is solely based on consent. The legal basis for this is Article 6(1)(a) of the GDPR. You can always choose not to give consent or withdraw your consent, after which your data will no longer be processed for this purpose.

Retention period

We only retain your booking and stay data for as long as necessary for the stated processing purposes. Data required to fulfill our obligations to you is typically deleted automatically after your stay. However, data may be stored longer if we need it to obtain evidence in accordance with applicable statutes of limitations (for example, to prove the services we provided), in the case of (potential) legal disputes, and/or to comply with legal or statutory retention obligations (such as tax, commercial, and reporting legislation). If you consent to the use of your data for service calls by Fletcher Hotel Exploitaties B.V., we will retain your data for these purposes for a period of up to 3 years from the end of your stay at one of our hotels.

Email and other contact options

You can contact Fletcher Hotel Exploitaties B.V. companies via the options provided on the website (especially email and phone). In such cases, Fletcher Hotel Exploitaties B.V. processes the information you voluntarily provide (e.g., your name, email address, phone number, and/or specific request) to handle your inquiry. Except for the hosting provider, your data is only shared with third parties if necessary to process your inquiry.

Legal basis for processing

The legal basis for processing is Article 6(1)(a) of the GDPR, if consent has been given. If the contact is related to entering into a contract, the legal basis may also arise from Article 6(1)(b) of the GDPR. Without, for example, your contact details, payment information, and information about your requested coverage, we cannot fulfill the contract with you. Additionally, the processing is based on the legitimate interest of Fletcher Hotel Exploitaties B.V. to efficiently and satisfactorily handle your inquiry. Processing may also be based on our legitimate interest in providing our customers with high-quality services, implementing marketing measures (including processing data for research and statistical purposes), managing the contractual relationship properly, and, if necessary, proving and enforcing our legal claims. The legal basis for this is Article 6(1)(f) of the GDPR.

Retention period

Fletcher Hotel Exploitaties B.V. retains the above data only as long as necessary for the purpose for which it is processed. We delete your data once the conversation with you has ended. This is generally assumed to be the case when the matter in question is definitively resolved.

However, data is stored longer if we need to retain it in accordance with applicable statutes of limitation to obtain evidence (e.g., to prove the services we have provided), in the event of (impending) legal disputes, and/or if we are legally required to retain the data longer (e.g., due to retention and documentation obligations under tax, commercial, and reporting law). In such cases, the legal basis for processing may also be Article 6, Paragraph 1, Sentence 1, Subsection c) of the GDPR.

Video surveillance

Where necessary, some hotels use video surveillance to protect persons and property. The video recordings give us insight into the activities of individuals. At certain hotels, parking lots and/or garages are equipped with barriers that register your license plate when entering and exiting the parking area. The registration of your license plate is used solely for parking applications.

Legal basis

The processing is based on our legitimate interest in preventing crimes such as assault, harassment, theft, burglary, arson, drug trafficking, robbery, and vandalism in our hotels, in proving and enforcing our legal claims if necessary, and/or in facilitating the use of our parking lots or garages. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Subsection f) of the GDPR.

If license plate data is processed for barriers, processing may also occur for contract performance. The legal basis for this is Article 6, Paragraph 1, Subsection b) of the GDPR.

Retention period

Video recordings are generally retained for a maximum of seven days and then deleted, unless a longer retention period is necessary to investigate and prosecute crimes in individual cases. In such cases, the recordings may also be shared with law enforcement authorities.

The data is also retained longer if necessary to obtain evidence in accordance with applicable statutes of limitation (e.g., to prove the services we have provided), in the event of (impending) legal disputes, and/or in accordance with other legal or statutory retention obligations. In such cases, the legal basis for processing may also be Article 6, Paragraph 1, Sentence 1, Subsection c) of the GDPR.

Fletcher Friend account

You can create a Fletcher Friend account during booking. This makes it easier to make reservations and obtain information during a subsequent visit, as we do not need to request your basic data again. Additionally, you can optionally consent to receiving newsletters in which we inform you about our offers; our comments on the newsletter apply in this case. You can also easily view your booking history.

To create an account, we request your name, residence, phone number, and email address. This personal data is stored in our database. Additionally, we link your respective booking and stay data to your Fletcher Friend account.

You can cancel your account at any time.

Use of data

The above data is also analyzed to improve our hotels and services, adapt them to the needs of our customers, and implement marketing measures.

Legal basis

The processing is carried out to fulfill the agreement you entered into with us for participation in Fletcher Friend. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Subsection b) of the GDPR. Additionally, the processing is carried out based on our legitimate interest in providing our customers with high-quality services and a user-friendly booking experience, implementing marketing measures (including processing data for research and statistical purposes), managing the contractual relationship effectively, and, if necessary, proving and enforcing our legal claims. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Subsection f) of the GDPR.

Retention period

We retain the above data only as long as necessary to fulfill the purpose of processing. Your data is generally deleted once you have canceled your Fletcher Friend membership.

However, data is stored longer if we need to retain it in accordance with applicable statutes of limitation to obtain evidence (e.g., to prove the services we have provided), in the event of (impending) legal disputes, and/or in accordance with other legal or statutory retention obligations (e.g., under tax, commercial, and reporting law). In such cases, the legal basis for processing may also be Article 6, Paragraph 1, Sentence 1, Subsection c) of the GDPR.

Business account

With a business account, you can book on account, benefit from cancellation conditions as stipulated in the contract, and enjoy pricing agreements as contractually guaranteed. To create an account, we request your name, residence, the name, trade register number, and VAT number of the company, as well as your business phone number and email address. This data is stored in our database. You can cancel your business account at any time.

Furthermore, the above-mentioned conditions for the Fletcher Friend account apply accordingly.

Cookies and other tracking technologies

Our website also uses cookies and other tracking technologies. More information on the use of these technologies can be found in our cookie policy.

Alert list

We consider it important to prevent harassment and crime in our hotels and restaurants. Therefore, we maintain lists (warning and contact lists) with the names and addresses of individuals to whom we deny access to our hotels and restaurants for serious reasons or for whom we impose special conditions on reservations (e.g., limited payment options).

In exceptional cases, we reserve the right to deny a guest access to our hotels and/or services or to impose special conditions (e.g., prepayment) on the offered payment methods. This may occur in cases of fraud, harassment of our guests and/or employees, violations of house rules, theft, property damage, physical injury, insults, racist and/or sexist remarks, or other inappropriate behavior.

Fletcher Hotel Exploitaties B.V. applies a strict and careful policy regarding data processing and data security for the warning and contact list.

Legal basis

The processing is based on our legitimate interest in ensuring proper business management in our hotels and preventing abuse and fraudulent activities. The legal basis for this is Article 6, Paragraph 1, Sentence 1, Subsection f) of the GDPR.

Retention period

We retain the above data only as long as necessary for the purpose of processing. Therefore, we delete entries from our warning list once we lift the respective access restrictions. This is generally the case after three years at the latest.

In cases of particularly serious reasons and/or repeated violations of our house rules, we reserve the right to store the data indefinitely. In such cases, we regularly assess (at least every five years) whether the access restriction and the associated data storage are still necessary.

Recipients of personal data

Within the Fletcher Hotel Exploitaties B.V. access to your personal data is only granted to departments that need it to perform their respective tasks. For this purpose, third parties (especially service providers and agents engaged by us) may also have access to your data. We always select these recipients carefully and ensure that the data is treated confidentially, particularly through technical and organizational measures. Where legally required, we have entered into data processing agreements with the service providers and agents we engage, which comply with the requirements of Article 28 of the GDPR, and we provide instructions on handling personal data.

If your data is transferred to recipients in third countries outside the EU/EEA, this is only done based on an adequacy decision by the EU Commission (Article 45, Paragraph 1 of the GDPR) or under appropriate safeguards in accordance with Article 46 of the GDPR (e.g., EU standard data protection clauses or binding corporate rules). However, a transfer to recipients in third countries outside the EU/EEA is not foreseen unless otherwise stated in this privacy policy or our cookie policy.

Your data is transferred to third parties in the following cases:

Agreement and third parties

Your personal data may be made available to third parties if necessary to fulfill our contractual obligations to you. This includes, for example, processing your reservation. If necessary for booking payments, we engage a third party to process online payments.

Additionally, it may be necessary to transfer your data to fulfill an individual request from you (e.g., to engage a required transport service provider, caterer, etc.). The legal basis for transferring data in this context is Article 6, Paragraph 1, Sentence 1, Subsection b) of the GDPR.

With your consent

If necessary, we transfer your data to third parties when you have voluntarily and informedly provided consent. In such cases, the legal basis for the transfer is Article 6, Paragraph 1, Sentence 1, Subsection a) of the GDPR.

Partnerships

We make personal data available to our processors so they can process it on our behalf. This is based on a processing agreement under Article 28 of the GDPR, our documented instructions, and in accordance with our data protection guidelines and other adequate technical and organizational measures. Our partners include, among others, our IT service providers (e.g., our hosting provider) and the provider of our CRM system.

Legal obligation

If legally required, we will make your personal data available. For example, the police may request personal data from us as part of an investigation. Additionally, tax authorities may request personal data necessary for tax collection under Article 47 of the General Tax Act (AWR). Municipalities may also request data to verify tourist taxes.

No automated decision-making

We do not use automated decision-making processes, including profiling.

We share your personal data with third parties only in accordance with the General Data Protection Regulation (GDPR) and solely in the following cases:

Performance of a Contract

We share data with third parties involved in providing our services. For example:

• Payment service providers such as iDeal and credit card companies for processing payments.
• Suppliers of booking systems used to manage your reservation.
• External service providers for delivering additional services, such as breakfast delivery or reservations at affiliated restaurants.

For External Processing

We collaborate with carefully selected and reliable partners who process personal data on behalf of Fletcher Hotels. These parties act solely under the instructions of Fletcher Hotel Exploitaties B.V. and are contractually bound to processing agreements that comply with the GDPR. Examples of such parties include:

• IT service providers responsible for hosting, maintenance, or securing our systems.
• Email providers for sending our newsletters and reservation confirmations.
• Analytics and marketing agencies that help us develop personalized offers.

Legal Obligation

Fletcher Hotel Exploitaties B.V. may be required to share personal data with government authorities or other parties when legally mandated. For example:

• When law enforcement or another investigative authority requests data in connection with a criminal investigation.
• When we must provide data to the Tax Authorities, such as for fiscal obligations.

Transfer Outside the European Economic Area (EEA)

If your data is transferred to parties outside the EEA, we ensure this only occurs to countries with an adequate level of protection or based on appropriate safeguards, such as standard contractual clauses issued by the European Commission.

We retain your personal data only as long as necessary, summarized below:

For more details, see the specifics:

1. Booking Data: 7 years

We store data such as reservations, invoices, and payment information for 7 years, required by the fiscal retention obligation prescribed by Dutch tax authorities. After this period, your data will be securely deleted or anonymized.

2. Camera Footage: up to 7 days

Camera footage is stored solely for security purposes. The standard retention period is up to 7 days unless an incident occurs requiring further investigation. In such cases, the footage may be retained longer until the investigation is complete or legal requirements dictate otherwise.

3. Marketing Data: until consent withdrawal

Your data, such as your email address and preferences, are stored as long as you consent to receiving our marketing communications. You can withdraw your consent at any time via the unsubscribe link in our emails or by contacting privacy@fletcher.nl. After withdrawal, your data will be deleted or anonymized within a reasonable period.

4. Alert List: 1 year after the last incident

Fletcher Hotel Exploitaties B.V. maintains an internal Alert List for safety or legal reasons, such as incidents involving non-payment, severe disturbances, or criminal activities. Data on this list is retained for up to 1 year after the last recorded incident, unless a longer retention period is required by legal obligations or legal proceedings.

As a data subject, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR). We value your privacy and will handle your requests carefully and within the legal time frame.

Right of Access

If you notice that your personal data is incorrect or incomplete, you have the right to have it corrected or supplemented. For example:

• Updating an incorrect address.
• Updating contact details.
• Correcting erroneous birth dates.

Right to Erasure ("Right to be Forgotten")

You can request us to delete your personal data, for instance, in the following situations:

• The data is no longer necessary for the purposes for which it was collected.
• You withdraw your consent, and there is no other legal basis for processing.
• You object to processing, and there are no overriding legitimate grounds for further processing.

Right to Restrict Processing

You have the right to temporarily restrict the processing of your data, for instance, in the following cases:

• When you contest the accuracy of your data (during the verification period).
• When the processing is unlawful, but you prefer restriction over deletion.
• When we no longer need the data, but you require it for a legal claim.

During a restriction, your data will not be actively processed, except with your consent or as part of legal obligations.

Right to Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request the data to be transferred directly to another party, if technically possible. This right applies only to data that:

• You have provided to us.
• Is processed based on your consent or the execution of a contract.

Right to Object

You have the right to object to the processing of your personal data, for example:

• When we process your data based on a legitimate interest.
• When we use your data for direct marketing purposes, such as sending newsletters or offers.

If you object to marketing, we will no longer use your data for that purpose. If you object by phone to the use of your data for marketing, this applies only to the service calls. To exercise your right to object to direct marketing via email, we kindly ask you to use the unsubscribe option provided in our newsletters.

Right to File a Complaint

If you believe we are not complying with privacy legislation, you have the right to file a complaint with a supervisory authority, such as the Dutch Data Protection Authority.

How to Exercise Your Rights?

You can exercise your rights by sending an email to privacy@fletcher.nl. To verify your identity, we may ask for additional information, such as a copy of your ID (where sensitive data like your citizen service number and photo can be masked).

We strive to respond to your request within 30 days. If this is not possible due to the complexity of the request or the number of requests received, we will inform you within this period about the extension of the time frame by up to 30 months.

Fletcher Hotel Exploitaties B.V. takes the utmost care in the content and functionality of this website. Despite these efforts, we cannot guarantee that the website will always function flawlessly or that its content is entirely accurate. Fletcher Hotel Exploitaties B.V. is not liable for technical issues, temporary unavailability of the website, or any damages resulting from this, unless directly related to our legal obligations under the GDPR or other applicable regulations.

We strive to process your personal data carefully and in accordance with privacy laws. However, if you are not satisfied with how we handle your personal data or believe we have not adequately addressed a request or complaint, you have the right to file a complaint with the supervisory authority.

In the Netherlands, the Autoriteit Persoonsgegevens (AP) is responsible for overseeing compliance with the General Data Protection Regulation (GDPR). You can contact the AP if you believe Fletcher Hotel Exploitaties B.V. does not respect your data protection rights, for example:

• If we have not properly handled your requests regarding access, rectification, or deletion of data.
• If you suspect that we are processing your personal data unlawfully or carelessly.
• If you believe we do not meet the legal requirements of the GDPR.

For more information about filing a complaint and the procedure followed by the Autoriteit Persoonsgegevens, please visit their official website: www.autoriteitpersoonsgegevens.nl.

On the website, you will find:

• A digital complaint form to easily submit your complaint.
• Explanations of how the Autoriteit Persoonsgegevens will handle your complaint.
• General information about your rights under the GDPR.

Fletcher Hotel Exploitaties B.V. reserves the right to amend or update this privacy statement at any time. We advise you to regularly review our privacy statement to stay informed about any changes.

When do we update this privacy statement?

We may revise this statement in the following circumstances:

• When changes in our services or processes impact the processing of personal data.
• When new legal or regulatory requirements necessitate it.
• Due to technological changes or improvements affecting personal data processing.

How do we inform you about changes?

• The most current version of the privacy statement is always available on our website.
• In case of substantial changes significantly affecting your privacy rights, we will actively inform you via email, a notice on our website, or during your next interaction with us.

Last updated: January 23, 2025