What is personal data and what is the processing of personal data?
Personal data is any information that can be directly or indirectly attributed to a natural person who is alive. For example. images and sound recordings processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (e.g. IP numbers) are personal data if they can be linked to natural persons.
Processing of personal data is everything that happens to personal data. Any action taken with personal data constitutes processing, regardless of whether it is carried out by automated means or not.
Examples of common processing operations are collection, recording, organisation, structuring, storage, processing, transmission and erasure.
Who is responsible for the personal data we collect?
WG Hotelldrift AB, org. no 556054-6045, Färna Herrgård 1 739 70 Skinnskatteberg,
is the controller of the company’s processing of personal data.
How is your personal data protected?
We have put in place specific security procedures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage).
What personal data do we collect and for what purpose?
We collect your name, address, email address, telephone number and any information you choose to share with us. We need these in order to complete your booking of hotel rooms, overnight packages & day packages.
For restaurant visits, spa treatments and the purchase of gift cards, we collect names, phone numbers and email details.
How long do we keep your personal data?
We save the collected personal data, as well as the data you choose to share with us until the booking with us is completed and 26 months after the end of your stay/payment.
This is in order to follow up the handling of the booking/payment that may occur afterwards.
Your data will then be anonymised unless you choose to keep your data with us.
Email conversations made in the context of a treatment are kept for 12 months after the booking has been made in order to manage any follow-up to the booking. They are then deleted from our system.
Who may we share your personal data with?
When necessary to provide the best possible service and for marketing purposes, we share your data with a data processor. An assistant may be a service bureau that processes personal data on behalf of a limited company or a public authority. The processor may only process the personal data in accordance with the instructions and guidelines provided by the controller.
Subcontractors offering payment solutions (card redemption companies, banks and other payment service providers)
IT services (companies that manage the necessary operation, technical support and maintenance of
our IT solutions)
Subcontractors who handle guest surveys, newsletters and collection of data for marketing purposes via our website.
We may also share your personal data with certain companies that are independent data controllers. The fact that the company is an independent controller means that we do not control how the information provided to the company is processed.
The independent controllers with whom we share your personal data are:
Government authorities (police, tax authorities or other authorities) if we are required to do so by law or on suspicion of a crime.
Collection agencies in case of problems with payments.
Your rights as a data subject:
Right of access (register extract) You can always obtain information about how we process your personal data and what data we have in our systems. The information is provided in the form of a register extract after we have ensured that the data is provided to the right person.
Right to erasure (where possible)
You can request erasure of personal data we process about you if:
the data are no longer necessary for the purposes for which they were collected or processed.
You object to processing for direct marketing purposes.
The personal data is processed unlawfully.
Right to object to certain types of processing (newsletters, direct mail, etc.)
You have the possibility to object to the processing of your personal data for direct marketing purposes.
The objection also covers the analysis of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing activities (e.g. by post, e-mail and SMS).
What are cookies and how do we use them?
Cookies are a small text file consisting of letters and numbers sent from our web server
and saved on your browser or device.
1) Session cookies (a temporary cookie that expires when you close your browser or device).
2) Persistent cookies (cookies that remain on your computer until you delete them or they expire).
3) First-party cookies (cookies set by the website you visit).
4) Third-party cookies (cookies set by a third-party website.)
We use these primarily for analysis purposes, e.g. Google Analytics.)
5) Similar technologies (technologies that store information in your browser or on your device
in a manner similar to cookies).
The cookies we use normally improve the services we offer.