Funäsdalen Berg & Hotell AB (“FB&H”, “we” or “us”) is the data controller for the personal data that we process within the framework of our business (“Services”).
This personal data policy (“Personal Data Policy”) aims to ensure that you feel secure knowing that, as the data controller, we handle your information in accordance with the applicable personal data legislation. You are not obliged to provide us with personal data, but without it, we cannot supply the Services, as we need the Personal Data for the purposes specified below in order to provide the Services. For some of our Services, special terms and conditions may apply which you must approve before use. If you provide us with the Personal Data of other individuals, you are responsible for FB&H processing the Personal Data in accordance with this Personal Data Policy.
We will notify you if we make changes to this Personal Data Policy. The method of notification will vary depending on which of our Services you use and when. The new terms and conditions will be published on our website (www.funasdalenberghotell.se) (“the Website”).
You are welcome to contact us with any questions. You can find our contact information under section 16 “Contact information”.
2. Processed personal data
Personal data refers to all kinds of information which can either directly or indirectly be attributable to a natural, living person (“Personal Data”).
In order for us to fulfil and administer the services, we must collect personal data. We collect and process primarily name, address, email address, phone number, reservation information (to send relevant offers based on previous purchases) and IP address (when making a reservation via the website). We also collect other information, such as requests and other needs as well as, in some cases, sensitive personal data about your health (for example, if you book an accessible room) that you share with us voluntarily.
When you use our website, some technical information may be collected automatically, for example the web address from which you visit the website, information about network and device performance, web browser, language and information about identification and operating system.
3. Sensitive personal data
Sensitive personal data are data about race or ethnicity, political views, religious or philosophical beliefs or union membership, as well as personal data pertaining to health or sexuality (below “Sensitive Personal Data”). Data about health could include pregnancy and doctor’s visits, for example.
Depending on which Service we are supplying and which Personal Data you choose to share with us, we may process Sensitive Personal Data within the framework of the Services.
4. What do we use personal data for?
We will process the Personal Data we collect primarily for the following purposes:
(i) To be able to communicate with you.
(ii) To perform, provide and administer the Services.
(iii) To develop the Services.
(iv) To handle your reservations.
(v) To respond, assist, follow up or handle customer service cases in order to investigate complaints.
(vi) To optimize your experience of the Services.
(vii) For accounting and invoicing purposes.
(viii) For legal obligations (to comply with the law, court judgements or government agency decisions).
(ix) As otherwise stated in the Personal Data Policy.
Personal Data may also be used for business and methodology development, marketing analysis, statistics, risk management and for sending newsletters. Personal Data processed for the purpose of developing and analyzing the business, as well as for sending newsletters, are processed based on the grounds of our legitimate interest in developing the business and communicating with our contacts.
Personal Data are saved for a period of 24 months from the day the Service is completed, or for a longer period of time if necessary to fulfil the purposes of our processing. Personal Data processed in order to develop, analyze and market FB&H’s operation are saved for a period of two years after the last contact. If you unsubscribe from the newsletter or similar, your personal data will be erased immediately.
If we cannot process your Personal Data, we also cannot supply the Services. Your privacy is very important to us and we will process the Personal Data which we collect and which you share with us with the greatest caution and in accordance with best practice, the Personal Data Policy, and applicable laws and regulations.
When the law requires us to obtain your consent, we will do so before processing takes place.
Without your permission, we will not give your Personal Data to anyone in any way other than what follows from the Personal Data Policy.
5. Newsletter and other forms of direct marketing
If you use our Services, we may process your Personal Data for the purposes of sending you a newsletter with relevant information and offers about our Services or selected partners’ goods and services in different channels, such as via letter, email or through our digital channels, as long as a customer relationship exists between you and us. We may also send you customer surveys to give you the opportunity to influence our product and service offering. Our processing to send you direct marketing and customer surveys is thus based on our legitimate interest.
If you no longer want to receive the newsletter or other direct marketing from us, you can easily object to continued processing for these purposes by contacting us (see contact information under section 16 “Contact information”) or you can unsubscribe directly in the mailing. If you object to continued processing, your Personal Data will be erased or anonymized (as long as this Personal Data is not processed for other purposes) and you will no longer receive direct marketing from us.
6. Information to other parties
Beyond what is stated in the Personal Data Policy, we will not share the Personal Data you provide to us with any third party.
We will not share the Personal Data you provide to us with any third party other than when (i) it is specifically agreed between us and you, (ii) when necessary for supplying the Services (for example, if you use a travel agency for a reservation), (iii) it is necessary due to a legal obligation, government agency decision or court ruling or (iv) if we hire external service providers to carry out tasks/services on our behalf. These service providers may process Personal Data and sometimes require limited access to the Personal Data that we have collected. We will always endeavor to limit such access to Personal Data and only share information that is reasonably necessary for the service providers to be able to do their work or provide their services. We will also require these providers to (i) protect your Personal Data in accordance with the Personal Data Policy and (ii) to not use or disclose your Personal Data for any purposes other than providing us with the agreed service.
The Personal Data will not be given to a third party for marketing purposes without your written consent.
7. Transfers to a third country
We will not transfer the Personal Data to a third country (i.e. a country outside of the EU/EEA) without your written consent.
You have the right to request information free of charge from FB&H about the use of personal data pertaining to you. Upon your request or on our own initiative, we will correct or erase incorrect personal data or limit the processing of such personal data. Further, you have the right to request that your personal data not be processed for direct marketing purposes. You also have the right to receive your Personal Data in a machine-readable format or, if technically possible, to have the data transferred to a third party as instructed by you. If you are dissatisfied with our processing, you may submit a complaint to a supervisory authority, which in Sweden is the Swedish Data Protection Authority (www.datainspektionen.se). You may also contact the supervisory authority in the country in which you live or work.
On our website you may encounter links to other websites run by other companies. The Personal Data Policy does not apply to these websites. You should therefore read the personal data policies of these websites before giving out personal data.
We may collect information using technology such as cookies, beacons and local storage (for example on your web browser or device). In the Personal Data Policy, we use the term “Cookies” for all technology, including data and text, which we store in your web browser or device.
A cookie is a small text file that is stored on your computer, phone or other device when you visit a website. Cookies can help us, for example, to recognize you the next time you visit the website, and also enable us to offer a more secure and more reliable website.
Most web browsers allow you to decide how cookies are managed. You can set your web browser to decline to accept cookies, or to remove certain cookies. If you choose to block cookies, parts of the service’s functionality may be impaired or disappear.
We take all suitable technological and organizational security measures required to protect Personal Data from improper access, change or destruction. However, there is always a risk when giving out Personal Data via digital channels, as it is not possible to completely protect technological systems from intrusion.
12. Personal data incidents
In the event of a security incident pertaining to Personal Data, for example a data breach or inadvertent loss of personal data, we must document the incident and report it to the Swedish Data Protection Authority within 72 hours. We may also need to inform you, for example if there is a risk of ID theft or fraud.
13. Invalid provision
If a competent court finds any provision in the Personal Data Policy to be invalid, this will only lead to a reasonable adjustment of the relevant provision. Other provisions will remain in full force and effect.
14. Applicable law
The Personal Data Policy may be governed by and interpreted in accordance with Swedish law, without application of conflict-of-law rules.
Disputes or requirements arising pertaining to or in conjunction with the Personal Data Policy, or in the event of a breach, termination or invalidity of these terms and conditions shall ultimately be determined by Swedish court.
15. Swedish Data Protection Authority
For more information regarding the applicable legislation, our responsibility for processing personal data and your rights, please visit http://www.datainspektionen.se/dataskyddsreformen/ (in Swedish).
Questions about the processing of personal data etc. may also be asked directly to the Swedish Data Protection Authority at firstname.lastname@example.org or +46 (0)8-657 61 00.
16. Contact information
If you have any questions about the Personal Data Policy or any other questions about our processing, you are welcome to contact us at:
Funäsdalen Berg & Hotell AB,
corp. reg. no. 994700–9438
SE-840 95 Funäsdalen, SWEDEN
Policy adopted by FB&H’s board of directors on 7 June 2019