Data Privacy Policy

1. General

1.1 This policy concerning privacy and marketing (”Privacy policy”) describes how Hestraviken AB, org. no. 556262-5565, Box 117, 335 03 Hestra, e-mail: info@hestraviken.se (”Hestraviken”, ” we”) collects, uses, distributes, and stores your personal data.

1.2 The Privacy Policy includes the processing of personal data that are collected through the use of our website.

1.3 You should always feel safe when submitting personal data to us. We want to demonstrate with this Pricay Policy how we ensure that your personal data is processed in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.

2. Data Controller

2.1 Hestraviken is the data controller responsible for our processing of your personal data and for ensuring that such processing is carried out in accordance with applicable legislation.

2.2 Data Processors
The website is produced by the bureu Tankbar (www.tankbar.com) who hosts the website on their servers in Sweden. Your data could also be processed by the following data processors, depending on how you use our website:

  • AK Techotel AB – Bookings
  • Benchmarking Alliance – Bookings
  • Intercom R&D Unlimited Company – Chat
  • Loopon – Guest Surveys
  • Multinet – News Letters
  • Nets Holding A/S – Online Payments
  • PwC Sverige AB – Bookings
  • Stripe – Gift Card Purchases
  • Via Systems A/S – Bookings
  • Visittravelcom Technology Group – Bookings via Countryside Hotels or Svenska Möten

The data processors do not own the right to process personal data for other purposes than ensuring the service assigned to them by the Data Controller.

3. When do we Process Your Personal Data?

For you to be able to visit our website, we need to collect and process your personal data. We will process your data:

3.1 if you use one of the contact forms on the website.

3.2 if you sign up for our newsletter.

3.3 if you send a booking request to us.

4. What Personal Data do we Process?

4.1 For Visitors on our Website
The personal data that Hestraviken process and collects from you as a visitor on our webairw are:

  • IP-address and information about your usage of hestraviken.se

4.2 For Users of Contact Forms
The personal data that Hestraviken process and collects from you as a user of our contact forms are:

  • Name of company or organisation
  • Name of contact person
  • Address
  • Post address
  • E-mail
  • Telephone number
  • Arrival date and time
  • Departure date and time
  • Number of participants
  • Number of hotel rooms
  • Desired products
  • Special requests

4.3 For You who Want to Sign Up for our Newsletter
The personal data that Hestraviken collects and process when you sign up for our newsletter is:

  • E-mail

4.4 For Gift Card Buyers on our Website
The personal data that Hestraviken collects and process when you buy a gift card are:

  • E-mail
  • Gift card number
  • Gift card value
  • Type of gift card/ product name
  • Delivery mode
  • Type of Transaction
  • Type of payment
  • Purchase and expiration date
  • Used/check-in date

4.5 For You who Make a Room Booking on our Website

  • Name of company or organisation
  • Name of contact person
  • Address
  • Post address
  • E-mail
  • Telephone number
  • Arrival date and time
  • Departure date and time
  • Number of guests
  • Number of hotel rooms
  • Desired products
  • Special requests

5. Why do we process your personal data?

5.1 For Visitors on our Website
Hestraviken processes your personal data for different reasons. For you who visit our website, we process your personal data to:

  • Understand how you as a visitor uses the website.

5.2 For Users of Contact Forms
For you who fill in a contact form on our website, Hestraviken process your personal data to:

  • Fulfil our obligation to you as a customer, as well as providing support.
  • Enable customer care and support, as for example responding to questions and correct false information.
  • Provide information and direct marketing via mail, e-mail, SMS/MMS and telephone regarding Hestraviken’s products and services.
  • Manage the customer relationship and provide our services.
  • Comply with applicable legislation, for example, accounting laws.

5.3 For You who Want to Sign Up for our Newsletter
For you who sign up for our newsletter, Hestraviken process your personal data to:

  • Fulfil our obligations to you as a customer.
  • Provide information and direct marketing via e-mail.
  • Manage the customer relationship and provide our services.
  • Enable personal invitations via e-mail

5.4 For Gift card Buyers on our Website
For you who buy a gift card on our website, Hestraviken process your personal data to:

  • Fulfil our obligation to you as a customer, as well as providing support.
  • Enable customer care and support, as for example responding to questions and correct false information.
  • Manage the customer relationship and provide our services.
  • Comply with applicable legislation, for example, accounting laws.

5.5 For You who Make a Room Booking on our Website
For you who make a reservation our website, Hestraviken process your personal data to:

  • Fulfil our obligation to you as a customer, as well as providing support.
  • Enable customer care and support, as for example responding to questions and correct false information.
  • Provide information and direct marketing via mail, e-mail, SMS/MMS and telephone regarding Hestraviken’s products and services.
  • Manage the customer relationship and provide our services.
  • Comply with applicable legislation, for example, accounting laws.

6. The Legal Basis for our Processing of Your Personal Data

6.1 Hestraviken processes your personal data based on several legal bases. These are described in this section.

6.2 We process your personal data to fulfil our contractual obligation to you as a customer. On this basis, we process information about you as a customer, about your behaviour on our website, about your interactions with Hestraviken and about your interest in our services.

6.3 Part of the data processing that we perform is based on a so-called legitimate interest. This applies to, for example, the processing that we do to send out newsletters to you about our services, as well as to make a limited segmentation of customers (based on statistics from our newsletters). Hestraviken does not process sensitive personal data based on legitimate interest and does not perform data subject profiling based on legitimate interest.

6.4 In some cases, Hestraviken may have a legal obligation to process your personal data. This could, for example, include processing of personal data to comply with accounting laws.

7. Summary of Our Data Processing

PurposeLawful BasisCategories of Personal Data Storage Time
For you to be able to visit our website.To fulfil our obligations to you as a customer.IP-address and information about your usage of hestraviken.seAs long as it takes to fulfil the purpose for which the data was collected. The data is stored no longer than 26 months.
For you to be able to fill out forms on our website.To fulfil our obligations to you as a customer.
  • Name of company or organisation
  • Name of contact person
  • Address
  • Post address
  • E-mail
  • Telephone number
  • Arrival date and time
  • Departure date and time
  • Number of guests
  • Number of hotel rooms
  • Desired products
  • Special requests
As long as it takes to fulfil the purpose for which the data was collected. The data is stored for no longer than 24 months after your last interaction with Hestraviken if a consent has not been given for us to store your data longer.

 

8. Profiling

8.1 Hestraviken may process your personal data using profiling if you are a customer. If you are a customer, information about how you use our webpage and which of our newsletters that you have interacted with may be analysed, to provide letters that we think fits you.

8.2 You can, whenever you like, object to the use of your personal data through profiling. You can do this by calling us or by contacting inf0@hestraviken.se. When Hestraviken have received your notification, we will stop processing your personal data for this purpose.

9. How Long do we Store Your Personal Data?

9.1 YYour personal information will only be stored as long as there is a need to save them to fulfil the purpose for which the data was collected in accordance with this Privacy Policy. Hestraviken may save the data for longer if it is necessary to comply with legal requirements or to monitor the legal interests of Hestraviken, for example, if there is a legal process going on.

9.2 Hestraviken will store information about customers no longer than 24 months after the customer’s last interaction with Hestraviken if a consent has not been given for us to store your data longer.

10. To whom do we Distribute Your Personal Data?

10.1 We will not sell nor share your personal data to third parties without your permission.

11. Changes to the Privacy Policy

11.1 Hestraviken has the right at any time to change the Privacy Policy. Hestraviken will promptly notify you of changes to the Privacy Policy.

12. Protection of Your Personal Data

12.1 You should always feel safe when you submit your personal data to us. Hestraviken has, therefore, taken the security measures necessary to protect your personal data from improper access, change and deletion. For example, all information about customers and users is stored in a database that is protected by permission management and a firewall.

13. Your Rights

13.1 Hestraviken is responsible for processing your personal data in accordance with applicable legislation.

13.2 Hestraviken will, at your request or on our own initiative, correct, disassociate, delete or complete information that is found to be incorrect, incomplete or misleading.

13.3 You have the right to request

a. Access to your personal data. This means that you are entitled to request a registry outline of the processing we conduct regarding your personal data. You are also entitled to receive a copy of the personal data being processed. You are entitled to once a calendar year, by a written and signed application, receive a register extract of which personal data are registered about you, the purpose of the treatment and to which recipients the information has been provided or are to be disclosed. You also have the right to receive information about from where the data has been retrieved if personal data have not been collected from you, the existence of automated decision making (including profiling) and the predicted period during which the data will be stored or the criteria used to determine this period. You also have the right to obtain information about your other rights listed in this paragraph in the registry extract.

b. Correction of your personal data. We will at your request, as soon as possible, correct false or incomplete information that we process about you.

c. Deletion of your personal data. This means that you are entitled to request that your personal data should be removed if they are no longer necessary for the purpose for which they were collected. We will then end the processing done for purposes other than complying with the legislation. However, there may be legal requirements that prevent us from immediately deleting your personal data, for example, accounting and taxation laws.

d. Limitation of processing. This means that your personal information is marked so that they can only be processed for certain delimited purposes. For example, you may request a limitation when you consider your information to be incorrect and you have requested a correction under item 12.3 b). While the accuracy of the data is investigated, its processing will be limited.

13.4 Hestraviken will notify each recipient to which personal data have been disclosed in accordance with paragraph 10 above, with regards to any corrections or deletion of data, as well as limitation of processing of data.

13.5 You are entitled to object to personal data processing performed on the basis of a legitimate interest. If you object to such processing, we will only continue processing if there are legitimate reasons for processing that weigh heavier than your interests.

13.6 If you do not want us to process your personal data for direct marketing, you are always entitled to object to such processing by sending an email to info@hestraviken.se. Once we have received your objection, we will cease processing your personal data for such marketing purposes.

13.7 You are entitled to lodge any complaints regarding the processing of your personal data to Datainspektionen (the Swedish Data Governance Authority).

14. Cookies

14.1 This site uses cookies. Cookies are small text files stored on your computer and used to track what you do on the site. There are two types of cookies: permanent cookies and session cookies.

14.1.1 Permanent Cookies
A permanent cookie remains on the visitor’s computer for a certain amount of time. On this site, these are used to improve the site by gaining statistics on how a visitor uses the site, for example, which articles are read the most and how users move in the navigation.

14.1.2 Session Cookies
A session cookie is stored temporarily in the computer’s memory while a visitor is on a web page. Session cookies will disappear when you close your browser. On this site, session cookies are used to handle information that you provide when using this website’s services.

14.2 If you do not accept cookies, you can turn off cookies in your browser’s security settings. You can also set up the browser so that you get a query every time the site tries to place a cookie on your computer. Through the browser, previously stored cookies can also be deleted, see the browser’s help pages for more information.

14.3 The National Post and Telecom Agency (Post- och Telestyrelsen) is the supervisory authority in the area. Please read more about cookies on their website.

15. Analytic tools for web statistics

15.1 This site uses Google Analytics as a tool to get an idea of how visitors use the site. The Analytic tool uses cookies and the information generated by these through your use of the site (including your IP address) will be forwarded to and stored by Google on servers in the United States. This information is used to evaluate visitor statistics, such as improving content, navigation and structure. Google may also transfer this information to third parties if required by law or in cases where a third party treats the information on behalf of Google. Google will not match IP addresses with other data held by Google.

Google Analytics uses three cookies:
_ga is used to distinguish users and expire after 2 years.
_gid is used to distinguish users and expires after 24 hours.
_gat is used to link the web page with our Google Analytics account and expires after 90 days.

15.2 If you do not want your visits on this site to appear in the statistics in Google Analytics, there is an add-on that you can install in your web browser. The add-on can be downloaded from the Google website. You can also deny the use of cookies (see above) by selecting certain settings in the browser.

16. Production

16.1 This website is produced by the web bureau Tankbar (www.tankbar.com)

17. Contact Information

17.1 Please do not hesitate to contact us if you have any questions about this Privacy Policy, about the processing of your personal information or about requesting a registry extract. Our contact information can be found below.