Privacy Policy

Privacy Policy – De Pijp Boutique Hotel

De Pijp Boutique Hotel places great importance on the protection of your personal data. In this Privacy Policy, we aim to provide clear and transparent information on how we handle personal data.

For convenience, references below to “the hotel” are references to De Pijp Boutique Hotel, and references to “the website” are references to all websites, applications, and digital platforms that are part of the company.

We make every effort to ensure your privacy and therefore handle personal data with care. The hotel complies with all applicable laws and regulations, including the General Data Protection Regulation (GDPR). This means that, in any case, we:

  • Process your personal data in accordance with the purpose for which it was provided; these purposes and the types of personal data are described in this Privacy Policy;
  • Limit the processing of your personal data to only those data that are minimally necessary for the purposes for which they are processed;
  • Ask for your explicit consent when required for processing your personal data;
  • Have taken appropriate technical and organizational measures to ensure the security of your personal data;
  • Do not pass on personal data to other parties unless necessary for the execution of the purposes for which they were provided;
  • Are aware of your rights regarding your personal data, want to point them out to you, and respect them.

As the hotel, we are responsible for processing your personal data. If, after reading our Privacy Policy, or more generally, you have questions or wish to contact us, you can do so via the contact details at the bottom of this document.

 

Processing of Supplier Personal Data

Personal data of suppliers are processed by the hotel for the following purpose(s):

  • Administrative purposes;
  • Communication regarding assignments and/or invitations;
  • Executing or issuing assignments.

The legal basis for this personal data is:

  • The agreed-upon assignment.

The hotel may request the following personal data:

  • First name;
  • Middle name;
  • Last name;
  • (Business) phone number;
  • (Business) email address.

These data will be stored during the term of the agreement and thereafter only in the financial administration for a maximum of 7 years.

 

Processing of Newsletter Subscriber Personal Data

Personal data of newsletter subscribers are processed for the following purpose:

  • Providing information via newsletters.

The legal basis for this is:

  • The newsletter registration form (consent).

Data may include:

  • First name;
  • Middle name;
  • Last name;
  • Email address.

Data will be stored for the duration of the subscription.

 

Processing of Personal Data of Prospects, Stakeholder/Lobby Contacts, and Interested Parties

These data are processed for:

  • Providing information through newsletters and/or targeted communications.

Legal basis:

  • Oral consent, business card provision, and/or LinkedIn connection.

Possible data:

  • First name;
  • Middle name;
  • Last name;
  • Phone number;
  • Email address.

Stored for the duration one is considered a prospect or stakeholder.

 

Processing of Guest Personal Data

Personal data of guests are processed for:

  • Administrative purposes;
  • Communication related to bookings and/or offers;
  • Execution of the guest agreement.

Legal basis:

  • The agreed-upon booking or guest service.

Data may include:

  • First name;
  • Middle name;
  • Last name;
  • (Business) phone number;
  • (Business) email address;
  • Credit card details (name, number, expiry);
  • Gender;
  • Room preferences and composition.

Stored for the duration of the agreement and thereafter in the financial administration for a maximum of 7 years.

 

Processing of Passport or ID Data

For the purpose of guest registration and legal compliance with local regulations, De Pijp Boutique Hotel may request to view or process a copy of your identity document (such as a passport or national ID card). The following principles apply:

  • Only the information necessary for identification and registration is processed (e.g., full name, nationality, document type, and expiry date).
  • The citizen service number (BSN), MRZ code, and document number are masked or redacted where not required.
  • If a scan or copy is made, it is securely stored in our property management system (PMS) with access limited to authorized staff only.
  • All ID data is processed based on legal obligation and/or legitimate interest, and is deleted no later than 30 days after check-out, unless longer retention is required by law.
  • You may object to the processing of your ID copy by contacting our reception or emailing [your contact email].

 

Disclosure to Third Parties

The data you provide to us may be disclosed to third parties if necessary for the execution of the purposes described above. We use third parties for:

  • Providing the internet environment;
  • Handling (financial) administration;
  • Sending newsletters and invitations.

We do not provide personal data to parties with whom we have not concluded a processing agreement. With all processors, we make the necessary arrangements to ensure the protection of your personal data.

Additionally, we do not share your data with other parties unless legally required (e.g., police requests) or if you have given written permission to do so.

We transfer personal data outside the EU where applicable, including to the United States, in connection with the use of platforms such as PMS software, email marketing systems, or hosting providers. In such cases:

  • We ensure that the recipient is certified under the EU-U.S. Data Privacy Framework (if applicable), or
  • We enter into EU Standard Contractual Clauses with the recipient, or
  • We implement other appropriate safeguards as required by the GDPR.

You will be informed when such international transfers occur, and your rights remain fully protected.

 

Minors

We only process personal data of individuals under 16 with written consent of a parent or legal guardian.

 

Retention Period

We do not retain personal data longer than necessary for the purposes stated or as required by law.

Security

We have taken technical and organizational measures to protect your data, such as:

  • Confidentiality agreements with staff;
  • Password policies on all systems;
  • Pseudonymization and encryption where needed;
  • Regular back-ups;
  • Regular testing of security measures;
  • Employee training on data protection;
  • Secure server environments and access control.

 

Your Rights

You have the right to access, rectify, or delete your personal data. You may object to (part of) the processing, request data portability, or withdraw consent at any time.

Identification may be required for such requests. Please contact us via the details below.

 

Complaints

If you have a complaint, please contact us directly. If we cannot resolve your concern, you have the right to file a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).

 

Cookies

Our website uses cookies. A separate cookie policy is available on our website with more information and your options to manage cookie preferences.

 

Contact Information

De Pijp Boutique Hotel
Sarphatipark 106
1073 EC Amsterdam
The Netherlands
Chamber of Commerce: 33169041
Email: info@depijpboutiquehotel.nl

Latest updated: July 19th, 2025