Trying to think of any innocent explanations, is it possible the link was actually to a registration form, for setting up a username & password account with the hotel's booking service, with card details stored for future bookings?
Such systems often invite you to choose an agreed security question or sometimes a couple, such as mother's name, name of first pet, make of first car etc. They would be used if you ever needed a password reminder, to help convince them you are you you claim to be.
But asking for more than a couple of questions sounds very dodgy, possibly harvesting the answers provided to common questions as used by similar online systems...
And obviously, card pin number is a red flag - you should never have to disclose that to anybody. They may ask for the 3 digit security code printed on the card, but never the PIN itself.