PRIVACY POLICY

Effective date: 1 November 2019

At Bredbyns Gästgiveri we respect your right to privacy. This Privacy Policy sets out how we collect and otherwise process personal data when:

  • You interact with our website, www.bredbynsgastgiveri.se.

  • You use the services and facilities provided by Bredbyns Gastgiveri.

  • We collect personal data via other means or for other purposes.

1. PRINCIPLES OF DATA PROCESSING

We are committed to upholding the 6 principles of the EU’s General Data Protection Regulation (“GDPR”):

  1. Lawfulness, fairness and transparency – obey the law, process data in a way that is reasonably expected, and be open about policies and practices.

  2. Purpose limitation – process data only for the specific reason it was collected for.

  3. Data minimisation – process only what data is needed.

  4. Accuracy – ensure data processed is adequate and accurate.

  5. Storage limitation – retain data only for as long as it is needed.

  6. Integrity and confidentiality – process data securely.

2. CONTACT

For the purposes of this Privacy Policy, Bredbyns Gästgiveri (“we”, “us”, “our”, “the guesthouse”), is the data controller of your personal data and any queries can be emailed to info@bredbynsgastgiveri.se.

3. COLLECTION OF DATA

We collect personal data about you when:

  • You visit our website.

  • You contact us via our website contact form.

  • You contact us via email, telephone or other means.

  • You use the guesthouse’s services and facilities.

  • You subscribe to our newsletter.

  • You have given permission to a third party to share information with us they hold about you.

Types of data that may be collected include:

  • Name.

  • Date of birth and/or age.

  • Address.

  • Email address.

  • Telephone number.

  • Payment information.

  • Sales and/or booking history.

  • Special information, for example allergy information.

  • Details of your communications with us through our contact form, email, telephone and other means.

The exact type of data collected may depend on the nature or method of your interaction with us, or on the purpose for which we collect it. Furthermore, you may provide additional or unprompted information about yourself in your communications with us.

Data may also be gathered by the use of cookies in your web browser, including information such as your IP address, your device and browser type, and what pages you visit and for how long. Our website is hosted by Squarespace, who integrate the use of cookies within their services to us. You can read Squarespace’s privacy policy on their website www.squarespace.com. Learn more about how we use cookies and similar technologies in our Cookie Policy.

4. OUR PURPOSE FOR PROCESSING YOUR PERSONAL DATA

Personal data may be collected or otherwise processed for the following purposes:

  • To provide our services and facilities
    When you use our services and facilities, we require certain information in order to provide those services and facilities to you. For example, to book a hotel room or restaurant table, to communicate with you and to issue invoices or take payment.

  • To respond to queries or comments
    We require certain information in order to contact you and to enable us to address your comment or query effectively.

  • To send our newsletter
    When you subscribe to our newsletter, we ask you to enter your e-mail address. Contact info@bredbynsgastgiveri.se to end the subscription.

  • To improve our products and services
    We use relevant data in order to improve our products and services. Such information may include sales history, feedback received, issue resolution details, and more.

  • Fraud prevention / IT security
    In some cases, data may be processed in order to ensure such things as the prevention of fraud and the security of IT systems.

5. OUR LEGAL BASES FOR PROCESSING

Data we process is done so under one of the following GDPR legal bases:

  • Performance of contract
    In order to provide you with our services and facilities there is certain information we require. Failure to collect such information may result in us being unable to provide you with the services and facilities.

  • Legal obligation
    We may need to process personal data as part of our procedures for complying with legal requirements relating to our business activities.

  • Consent
    In certain situations, we will request your consent to process your personal data. For example, in relation to our marketing activities.

  • Legitimate interests
    We collect and process data for our legitimate interests only when that information is necessary and it does not affect your rights or freedoms. For example, for fraud prevention and IT security.

6. DATA RETENTION

We retain data only for as long as it is necessary under the purpose and base for which it was processed.

Data processed in relation to performance of contract is held until the contract is fulfilled. Data processed in relation to our legal obligations is retained for as long as those obligations must be met, which may be a number of years.

When you provide consent to process certain information, we retain that data until you either withdraw your consent or the purpose for which consent was given no longer exists.

7. DATA SHARING

We only share your data with trusted third parties that have been engaged by us to provide services in relation to our business activities. In general, the third-party providers used by us will only collect, use and disclose your data to the extent necessary to allow them to perform the services they provide to us. Such third-party providers have their own privacy policies.

Third-party providers we may use include but are not limited to:

  • Website hosting providers

  • Web analytics providers

  • Email service providers

  • Payment processors

8. INTERNATIONAL TRANSFERS

Personal data is only permitted to be transferred outside of the EU when circumstances are necessary and lawful. For example, some of our third-party service providers are global businesses and personal data may be stored and processed in any country in which they have operations.

We only transfer your personal data to trusted third-party providers which have adequate data protection safeguards in place for international transfers, such as those who have committed to the EU-U.S. Privacy Shield.

9. YOUR RIGHTS

Under GDPR you have a number of rights. Individual rights may be affected by the legal base under which your data is processed:

  • The right to be informed
    We will provide information about the processing of your data when it is collected or when you otherwise request information.

  • The right of access
    You have the right to know what data we hold about you.

  • The right to rectification
    You have the right to have any inaccurate data corrected.

  • The right to be forgotten
    You have the right to have your data deleted, subject to certain exceptions. For example, we may be required to retain data in order to meet our legal obligations.

  • The right to restrict processing
    Under certain circumstances, you may have the right to limit the way in which we use your data.

  • The right to data portability
    Under certain circumstances, you may have the right to move, copy or transfer your data from one IT environment to another.

  • The right to object
    You have the right to object to us processing your data. However, this right is affected if the lawful base applied is performance of contract or legal obligation.

  • Rights related to automated decision-making
    Bredbyns Gästgiveri does not make use of any automated-decision making processes.

10. EXERCISING YOUR RIGHTS

If you wish to exercise any of the rights described above or are dissatisfied with the way we have used your data, please email info@bredbynsgastgiveri.se. Please note, we may keep a record of your communications to help us deal with any matters you raise.

11. CHANGES TO OUR PRIVACY POLICY

We will update this Privacy Policy from time to time when necessary to reflect feedback, changes in our data protection policy or legal changes. When we post changes to this Policy, we will revise the “Effective date” at the top of the Privacy Policy. If there are material changes to this Policy we will describe the changes.