From May 25, 2018, it is the new data protection regulation, GDPR, that determines how personal data may be processed. The new rules replace the Personal Data Act, PuL, and place higher demands on procedures and processes for safe handling.

Personal data is information that can be linked to natural persons, such as employees and customers.

The FIVE MAIN CHANGES in the Data Protection Regulation are:
Strengthened rights for the individual, for example as regards the requirement for information and the right to delete personal data

• Requirements to report personal data incidents
• Requirements for a treatment register
• Higher requirements for the form of consent
• Introduction of penalty fees

THE BIGGEST DIFFERENCE AGAINST PUL is that the new regulations require more order and clarity in the handling of personal data. While the basics for when you get to process personal data for the most part are the same.

Personal data is usually collected directly from you or generated in connection with your use of our services and offers. Sometimes additional information is required to keep the information current or to verify that the information we collected is accurate.

We protect the protection of your individual rights and your personal data

The personal data we collect can be divided into the following categories:

• Identification and contact information: name, title, telephone number and addresses
• Financial information: type of agreement, transaction information
• Special categories of personal data: eg participation in activities, special diet
• How we can use your personal information and on what legal basis.
• We use your personal information to fulfill obligations under our business agreement, offers, information and other services.

There are times when we ask for your consent to process your personal information. The consent will contain information about the special treatment. If you have given consent to the processing of your personal data, you can always withdraw the consent by sending an email to caroline@sigtunastadshotell.se.

Keeping your personal information safe and secure is a key part of how we do business. We have taken appropriate technical, organizational and administrative security measures to protect the information we hold against loss, misuse and unauthorized access, clearance, alteration and destruction.

As a registered person, you have the following rights regarding the personal data we hold about you:

• You have the right to access the personal data we hold about you.
• If the personal data is incorrect or incomplete, you have the right to request correction of the data, with the limitations stipulated by law or other statute.
• You have the right to request that your personal data will be deleted if you withdraw your consent to the processing and there is no other legal basis for the processing. In this case, personal data may be erased completely or anonymized. Anonymization is a process in which personal characteristics are removed or replaced so that the data that results are no longer personally identifiable.

Send an email to caroline@sigtunastadshotell.se to request one of the above.

How long we process your personal data
We store your information as long as it is needed for the purposes it was collected and processed for or as long as required by laws and other regulations.
We are constantly trying to improve and develop our services, products and websites and therefore the content of this data protection policy may change over time. If you have any questions, please contact us via email to caroline@sigtunastadshotell.se.