Privacy policy (GDPR)

We take our guest privacy very seriously and apply a very stric policy. Our DPO (Data Protection Officer) is Klas Wimmerstedt

Collection and storage of personal data
We only collect personal data needed for lawful reasons in order for us to be able to deliver the hotel stay in a safe and legal way for both us and the guest.

As we only use personal data for the purposes mentioned in the point above we assume the guest gives consent by a clear affirmative action (entering their own personal data by themselves and confirming the reservation by pressing a button in the system).

For the reason above we never accept reservations by walk-in or by phone. We require all reservations to be made either directly in our reservation system on our website or through third-party booking channels (e.g. booking.com or Expedia).

We collect the following personal data: name, address, phone-number, e-mail address, ID-number/passport number and credit card data.

We never collect personal data for accompanying children under 16.

 The only place we store personal data is in our booking system, which is PCI compliant and uses https.
Our software supplier, Sirvoy, is contractually obliged not to disclose any of our data to third parties without us specifically asking for it.

We only store personal data until three months after check-out of the guest in line with Swedish legislation. Three months after check-out the personal data is deleted.

Any incident related to data breach or theft of data is immediately reported Privacy Commission.
 
Usage of personal data
We only use personal data to be able to deliver the hotel stay in a safe way for both us and the guest and in line with Swedish legislation
We will never use personal data for marketing purposes
We will never use personal data for profiling purposes
We will never sell or use personal data that we have received to a third party
 
Guest data access requests
If a guest asks for their personal data, we will immediately provide it free of charge
We actively communicate which personal data we store about the guest to the guest both through the booking confirmation and in the arrival information. The only exception to this rule is credit card information which we only send encrypted and only upon specific request.