PROCESSING OF PERSONAL DATA

We at ESS Hotel Group AB (”ESS”, “we”, ”our” and ”us”) care about your privacy and want you to feel safe when we process your personal data.

We provide this text with information on how and why we process your personal data. We also describe your rights, e.g. your right to complain to the relevant authority, your right to object to marketing and your option to withdraw your consent at any time. We also describe the lawful basis for processing and the storage period for which we keep your personal data.

In short: Your personal data – what do we do with them?

– If you visit our social media or in other ways interact with us before a booking, purchase or stay, we process your personal data to communicate and share your posts on social media

– If you visit any of our websites, we process your personal data to analyse how you use the website and show you relevant marketing

– If you make a booking/purchase or visit us, we process your personal data, e.g. to

o Administrate your booking/purchase and stay,

o Keep track of any allergies and similar information relevant for your stay,

o Communicate and offer customer service,

o Store information to provide you with the best possible experience when you visit us next time,

o Send relevant offers and information before, during and after your stay (newsletters/sms), and

o Send surveys during and after your stay by mail/sms

o Comply with legal requirements such as bookkeeping legislation

– If you are a Friend of ESS, we process your personal data, e.g. to

o Send offers to you as a member (newsletters/sms) based on information we have about you

o Enable you to take part of offers as a member,

o Administer your membership, and

o Simplify your booking, visit and/or purchase by storing information about your visits and preferences

– If you subscribe to our newsletters/sms, your personal data will be processed to send newsletters to you and analyse how our newsletters are used to improve and develop them

– If you participate in one of our contests, we process your personal data to enable you to take part in the contest

– If we have a complaint or claim, we process your personal data to handle the complaint or claim

Our detailed description of the personal data processing is divided into different sections, as shown above. By clicking on the links above you can read more about what specifically applies to you.

Below you can read more about:

ESS is responsible for processing of your personal data. 2

The personal data you need to provide to us 2

Detailed description on how we process your personal data. 3

Who can gain access to your personal data and why?. 14

Where are your personal data processed?. 15

What are your rights when we process your personal data?. 15

Balancing of interests assessments when processing personal data based on the lawful basis “legitimate interests” 16

ESS is responsible for processing of your personal data

ESS Hotel Group AB (Swedish registration number 556710-8047), is responsible for the processing of your personal data with the company you have concluded an agreement with or in other ways are in contact with. These companies are any of the following: Ystad Saltsjöbad (556466-2350), Villa Strandvägen (556964-3090), Falkenberg Strandbad & restaurang KÖKET (556827-8419), MJ’s (559055-4134), Hotel Pigalle (556843-3220), Hotel Bellora (556989-7779), The Steam Hotel & Restaurang Locavore (559009-9700), Hotell Fyri AS (922 018 472), ESS Home AB (559285-3450), Marienlyst Strandhotel A/S (1698 5104), Ellery Beach House AB (556947-5006) & Koncept Restauranger AB (556605-8003).

Should you have any questions regarding our processing of your personal data, or if you wish to exercise any of your rights under data protection legislation, please contact us via our e-mail address specifically designated for this purpose privacy@essgroup.se, or give us a call on +46 775-553 553. Our postal address is ESS Hotel Group AB, Vasagatan 54, 411 37 Gothenburg, Sweden. You are free to contact any of the companies jointly responsible for the processing of your personal data.

The personal data you need to provide to us

Of course, you are not required to provide your personal data to us. But if you want to make a booking/purchase or stay with us we need some of your personal data to administrate such booking, purchase and/or stay and to comply with legislation and official decisions.

When do you need to provide your personal data to us? You find a description of this in the charts below when the so called lawful basis is stated to be ”Performance of contract” or ”Legal obligation”. If you don’t provide such personal data to us, you will e.g. not be able to make a booking/purchase.

Detailed description on how we process your personal data

You can read more about your personal data in the charts below. We are legally required to provide some of the information to you. The text is therefore extensive and can be perceived as long and hard to understand. Don’t hesitate to contact us with any questions you have!

The below charts describe in detail why we process your personal data, which personal data we process, in which case you need to provide the personal data to us and the lawful basis for the processing. The lawful basis is the basis for processing your personal data according to the GDPR. You will also find information about how long we process your personal data.

If you visit our social media or in other ways interact with us before a booking/purchase/stay

If you are in contact with us before you make a booking/purchase or visit us, e.g. send us a message at our social media or send us an e-mail, we will process your personal data as we describe in the charts below. We process the personal data which you yourself provide to us and information from your social media account (if you use such account to communicate).

When contacting us through a social media platform, we suggest you also familiarise yourself with the privacy information of that platform.

To communicate before you make a booking/purchase or visit us
What processing we perform What personal data we process Our lawful basis for the processing

– Communicate, e.g. via e-mail, phone, chat or our websites

– Communicate via social media, e.g. if you make a comment on our site or our wall

– Answer your questions and give you the best service

– Information you provide to us (e.g. name and contact information)

If you visit our social media sites (e.g. our Instagram) we also process:

– Information from your profile on the social media in question (user name and any picture you have chosen for your account)

– Other information regarding the matter for which you contact us

Legitimate interest

The personal data will be processed based on our legitimate interest to communicate with you who have contacted us.

Storage period: We will delete your personal data regularly.

· Communication with us via our websites, phone, chat or in e-mails will be stored for a period of one year after the matter have been resolved, in order for us to give you the best service.

· Your comments and communication with us on social media can be deleted by you at any time. We will remove posts or comments which are in breach of the rules of the platform or in conflict with legislation as soon as possible.

To share your posts on social media
What processing we perform What personal data we process Our lawful basis for the processing
– Share posts you have uploaded on social media, if you want us to do so

– Information from your profile (user name and the picture you have chosen for your account)

– Other information in the post you have shared

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

Storage period: Your posts will be shared on our social media until we delete the post or you yourself ask us to remove it.

If you visit any of our websites

We analyse how our website is used and show you relevant marketing on other sites you visit based on such analysis. This means your personal data is processed when you visit any of our websites. To protect your privacy, we have taken measures to avoid identifying you when you visit any of our websites. For instance, we only store an encrypted version of your IP-address to reduce the risk of being able to identify you.

When you visit our website we will gather your personal data from your device and from the companies we cooperate with (see below). Such companies will also use previous information they have about you to show you interesting offers.

When you use our website we will gather personal data by using cookies. How we do this is described in our text about cookies which you find here.

To analyse how our websites are used
What processing we perform What personal data we process Our lawful basis for the processing

– Analyse how you use our website to improve our website and services. To do this we use the analytic service from Google Analytics

The analytic service means that we place a random ID on your device to distinguish your device from other visitors and to acknowledge patterns in how our websites are used. We will however not know who you are

The personal data we gather will be used e.g. to optimize functions and to adapt the websites to suit our visitors

– An encrypted version of your IP- address which we at ESS can’t connect to you as an individual

– Information about your device/browser (which area in the country you use our website from and which screen resolution you have)

– Information about your activities on the website

– Other information Google have about you, e.g. information about from which site you found us

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

You can prevent Google Analytics to use your personal data by downloading and install this this browser add on.

Storage period: We will store your personal data for a period of one year after your visit to our website.

Google will continue to store your personal data for their own purposes and Google will inform you separately about such storing.

To show you and your friends relevant marketing from us
What processing we perform What personal data we process Our lawful basis for the processing

– Market our services by showing you offers we believe you are interested in.

We show you such marketing on Google (including YouTube), Snapchat, Facebook (including Instagram), Pinterest and/or LinkedIn. You see marketing based on information that these companies have about you beforehand (so called profiling*)

– Share information about you with Google (including YouTube), Snapchat, Facebook (including Instagram), Pinterest and/or LinkedIn so these marketing services will have information about which type of visitors are interested in us

– An encrypted version of your IP- address which we at ESS can’t connect to you as an individual

– E-mail address

Thereafter you will see search results and ads based on:

– An analyse of how you use our website

– Information that the marketing services we use have about you since before, e.g. information about from which site you found us

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

Here you can make choices about the marketing you see from Google and here on Facebook under the heading ad settings you can choose which marketing you want to see on Facebook.

Storage period: You will see marketing from us for a period of one year after your visit to our website.

Google (including YouTube), Snapchat, Facebook (including Instagram), Pinterest and/or LinkedIn will continue to process your personal data as independently responsible. Information on how long they store your personal data is found in their respective information texts.

* Profiling: We use so called profiling to be able to show you offers that are relevant to you and to provide you with customized marketing. We use profiling because without it, you would instead see offers and information which you are probably not interested in. You have the right to object to profiling as described below under the section explaining your rights.

If you book a stay, make a purchase or visit us

When you make a booking, purchase a gift card or similar and/or stay with us we will process your personal data as described below. Such personal data is collected directly from you, for example when you make a booking. Klarna may also use personal data which Klarna have since before and will provide you separate information about this.

If you do not book your stay or make your purchase on your own, we will receive your personal data from the one making your booking/purchase. This can be the case e.g. if your family member books a hotel room for the both of you, if your employer books your stay or if a travel company manages your booking. The same will apply if you receive a gift card.

To administrate and enable your booking/purchase/stay
What processing we perform What personal data we process Our lawful basis for the processing

If you make a booking/purchase:

– Receive and administer your booking/purchase, including to identify you

– Provide you with the payment solution Klarna offers

– Send booking and/or order confirmation

– Store your information for future bookings (if you ask us to do so)

– Name

– E-mail address

– Phone number

– Address

– The information you state in our contact (e.g. questions you ask, booking number and other information you provide when communicating with us)

Performance of contract

The processing is necessary for us to be able to administrate your booking/purchase.

Before during and after a stay/purchase:

– Administrate your stay/purchase, e.g. communicate before, during and after your stay/purchase and answer any questions you have

– Deliver your purchase, when applicable

– If you have a gift certificate we remind you before the expiry date

– Name

– Address

– The information you state in our contact (e.g. questions you ask, booking number and other information you provide when communicating with us)

– When someone else is making your booking we also store information about the person who made your booking

– If you rent skiing equipment from us we also process information about your shoe size

Performance of contract

The processing is necessary for us to be able to administrate your stay/purchase, including to provide customer service.

Legitimate interest

When someone else provide us with your personal data (e.g. your employer or your friend buying you a gift card) the personal data will be processed based on our legitimate interest to administer your stay/purchase. You are of course free to contact us if you do not wish us to do so.

Storage period: We will store the personal data during the booking and/or purchase process and thereafter for a period of two years after the visit in question as described here below. Some information is stored for bookkeeping purposes for a longer period. In case of a claim, dispute or similar we need to store some of your personal data for a longer period according to what is stated here below.

Your payment information will be stored for a longer period to comply with bookkeeping legislation.

In addition to the above, your personal data will as well be processed by Klarna to manage your payment. Klarna is controller of such processing of your personal data and will give you separate information regarding Klarna’s use of personal data.
To keep track of relevant information for your visit
What processing we perform What personal data we process Our lawful basis for the processing

– Receive and handle information relevant for your visit

– Make sure we treat you according to your needs

– Information regarding your personal preferences that you choose to provide us with before your visit. By processing such information we can prepare for making you visit better. In some cases you may choose to provide us with health information and we mention this separate since health data is more sensitive data under GDPR

Performance of contract

The processing is necessary for us to be able to administrate your stay.

Consent

Any sensitive information (e.g. health information) will be stored based on your consent. You can withdraw such consent at any time.

Storage period: The personal data will be stored for two years after your stay as described here below.

We end the storing of any sensitive information as soon as possible after your visit and stop processing such personal data immediately if you withdraw your consent.

To provide relevant information on My Page
What processing we perform What personal data we process Our lawful basis for the processing
– Provide you the possibility to use My Page before and during your stay. This means you can get relevant information regarding your stay as well as add additional services

– Information regarding your booking

– Name

– Information regarding which services you wish to use

– Phone number, to provide you with a link to My Page

Performance of contract

The processing is necessary for us to be able to provide My Page to you who choose to use the service.

Consent

If you choose to provide any sensitive information at My Page (e.g. health information) such information will be stored based on your consent. You can withdraw such consent at any time.

Storage period: The personal data will be stored for two years after your stay as described here below.

We will delete any sensitive information as soon as possible after your visit and stop processing such personal data immediately if you withdraw your consent.

To provide you with the best possible customer experience

What processing we perform What personal data we process Our lawful basis for the processing
– Store relevant information from your booking/stay to be able to provide you with the best possible experience the next time you visit us – Information you provide during your booking/stay

Legitimate interest

Our legitimate interest to provide you with the best possible customer experience when you return. You are of course free to contact us if you do not wish us to do so.

Storage period: We store your personal data for two years after your stay.
To send newsletters/sms
What processing we perform What personal data we process Our lawful basis for the processing

– Send newsletters/sms containing offers and information. You receive our newsletters/sms before, during and after your booking/purchase and/or stay

After a stay you receive information from ESS Home about how to buy interior design found at the location

We only send you newsletters/sms if you not previously have objected to receiving them

– Name

– E-mail address

– Phone number

Legitimate interest

Our legitimate interest to process your personal data to market ourselves towards you who have made a booking/purchase and/or visited us.

– Improve and develop our newsletters by analysing how you open them and what you click on in the newsletters

Do you want to read more about this type of analyse? You find a more detailed description of this in our information about cookies.

– Information about how you open our newsletters and what you click on

– IP-address

– E-mail address

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

Storage period: You will receive newsletters/sms for a year after your booking/purchase or stay. Unless you choose to unsubscribe or object to receiving them beforehand. If you object to receiving marketing from us, we keep track of this in our “unsubscribe-list” to avoid sending you any further marketing material.
To improve our services by concluding surveys after your stay
What processing we perform What personal data we process Our lawful basis for the processing
– Send requests for you to participate in surveys after your visit

– Name

– E-mail address

– Reservation number

– IP-address

Legitimate interest

The personal data will be processed based on our legitimate interest to improve our services by sending you surveys regarding your visit.

If you participate in our surveys, we will:

– Administrate any answers you leave in our surveys

– Compile statistics from the answers you have provided in our surveys

– Answers you leave in our surveys

Legitimate interest

The personal data will be processed based on our legitimate interest to improve our services by handling and compiling statistics of any answers you leave in our surveys.

We always wish to provide the best possible experience and service. In case your contact or stay have been dissatisfactory we will follow up and gather information on how we can improve.

Storage period: We will send a request for you to participate in our surveys sometime during a period of three weeks after your visit. We will stop sending requests for you to participate in surveys if you object to receiving such e-mails.

We will store the answers you leave in our surveys. Please note that we will anonymise your personal data the latest one year after you have concluded the survey.

To comply with bookkeeping and accounting legislation

What processing we perform What personal data we process Our lawful basis for the processing
– Store information in bookkeeping and accounting

– Name

– History regarding payments made

– Other information that constitutes accounting records

Legal obligation

The processing is necessary to comply with legal obligations to which we are subject, i.e. bookkeeping and accounting legislation.

Storage period: We will store any document constituting bookkeeping material and personal data included therein for seven to eight years according to bookkeeping and accounting legislation. The regulation means that we store bookkeeping material until and including the seventh year after the end of the calendar year for the fiscal year to which the personal data relates.

If you are a Friend of ESS

When you are a member of Friends of ESS we will process some personal data about you as described below. We collect your personal data directly from you when you create your membership. If you use your national identification number to autofill your information we will gather such information from a third party service.

To provide your membership to you
What processing we perform What personal data we process Our lawful basis for the processing

– Administrate your membership, e.g. store your contact details

– Communicate with you regarding your membership, e.g. send updated information about the terms for membership and send you any updates to this privacy policy

– Name

– Home address

– E-mail address

– Phone number (membership number)

– Birthdate

Performance of contract

The processing is necessary for us to fulfil the contract concerning your membership in Friends of ESS.

– Enable you to securely identify yourself as a member

If you choose to sign up using your national identification number:

– Enable you to autofill your personal data when you sign up as a member, i.e. provide a faster way to sign up as a member

– Provide your national identification number to the service provider which gives us information to conclude your membership

– Phone number

– National identification number (if you choose to provide it when signing up and will be encrypted)

Performance of contract

The processing is necessary for us to fulfil the contract concerning your membership in Friends of ESS.

Legitimate interest

Your national identification number is processed based on our legitimate interest to provide a faster way to sign up as a member.

You are free to choose if you want to provide your national identification number to us.

Storage period: We process your personal data and send you e-mails/sms for as long as you are a Friend of ESS. If you have been passive for three years we will check if you want to continue being a Friend of ESS and end the membership if you wish us to do so.

We stop sending these types of e-mails/sms if your membership ends or if you object to receiving such marketing. In such case we will continue to store your personal data to comply with marketing legislation as stated below.

Any national identification number will be encrypted after you have signed up as a member.

To simplify your bookings, purchases and/or visits
What processing we perform What personal data we process Our lawful basis for the processing

– To enable you to view information about your present and previous bookings, purchases and stays

– Store information about your preferences, to provide a Friends of ESS-experience when you visit us

– Information about bookings and previous visits

– Information regarding your preferences

Performance of contract

The processing is necessary for us to fulfil the contract concerning your membership in Friends of ESS, i.e. simplify your bookings, purchases and visits as a membership benefit.

Storage period: We process your personal data for as long as you are a Friend of ESS.
To send relevant offers to you as a member
What processing we perform What personal data we process Our lawful basis for the processing

– Send newsletters/sms containing offers and information relevant to you based on information we have about your previous bookings/purchases/stays (so called profiling*)

After a stay you receive information from ESS Home about how to buy interior design found at the location

We only send you newsletters/sms if you not previously have objected to receiving them

– Name

– E-mail address

– Phone number

– Information from your previous bookings, purchases and/or stays

– Information about the hotels you want to receive information and updates about

Performance of contract

The processing is necessary for us to fulfil the contract concerning your membership in Friends of ESS.

You will receive information which we believe you are interested in based on the information we have about you. We clearly inform about this when you choose to become a member.

– Improve and develop our newsletters by analysing how you open them and what you click on in the newsletters

Do you want to read more about this type of analyse? You find a more detailed description of this in our information about cookies.

– Information about how you open our newsletters and what you click on

– IP-address

– E-mail address

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

If you sign up using your national identification number:

– Gather information about your gender and birthday to customize the offers, invitations and news you receive from us

– Use information about your birthday to be able to celebrate it

– National identification number, which gives us information about your gender and birthday

Legitimate interest

Our legitimate interest to process your birth date to be able to celebrate your birthday by sending offers and/or gifts on that day as well as to customize marketing based on your gender.

You are free to choose if you want to provide your national identification number to us.

Storage period: You can choose to unsubscribe to newsletters/sms at any time, you find more information here below. If you object to receiving marketing from us, we keep track of this in our “unsubscribe-list” to avoid sending you any further marketing material.

Any national identification number will be encrypted after you have signed up as a member, but information about your gender and birthday is stored for as long as you are a Friend of ESS.

* Profiling: We use so called profiling to be able to show you offers that are relevant to you and to provide you with customized marketing. We use profiling because without it, you would instead receive offers and information which you probably not are interested in. You have the right to object to profiling as described below under the section explaining your rights.

If you subscribe to our newsletters/sms

The chart below describe how we process your personal data if you subscribe to our newsletters/sms. We gather your personal data directly from you and provide some personal data ourselves by analysing how you use our newsletters.

To send newsletters/sms
What processing we perform What personal data we process Our lawful basis for the processing
– Send information about news, marketing, offers, discounts and invitations (“newsletters” and “sms”) to you who have chosen to subscribe to our newsletters

– E-mail address

– Phone number

Legitimate interest

Our legitimate interest to send the newsletters you have stated that you wish to receive.

– Improve and develop our newsletters by analysing how you open them and what you click on in the newsletters

Do you want to read more about this type of analyse? You find a more detailed description of this in our information about cookies.

– Information about how you open our newsletters and what you click on

– IP-address

– E-mail address

Consent

The personal data will be processed based on your consent. You can withdraw such consent at any time.

Storage period: You can choose to unsubscribe or object to receiving newsletters/sms and marketing at any time. If you object to receiving marketing from us, we keep track of this in our “unsubscribe-list” to avoid sending you any further marketing material.

If you object to receiving marketing from us

We will store information about you who have chosen to object to receiving marketing from us – see the below chart for information about this. We have received the personal data we store from you yourself.

To comply with marketing legislation
What processing we perform What personal data we process Our lawful basis for the processing
– If you have stated that you do not wish to receive marketing from us we will store such information in a “unsubscribe-list” to make sure we do not send any marketing to you

– Name

– E-mail address

– Phone number

Legal obligation

The processing is necessary to comply with legal obligations to which we are subject, i.e. marketing law which require us to not send marketing material to individuals who have objected to receiving such marketing.

We cannot make sure you will not receive marketing from us without processing your personal data for this purpose and you are therefore required to provide your personal data to us.

Storage period: You will be listed in our “unsubscribe-list” until further notice.

If you participate in one of our contests

If you participate in one of our contests we process the personal data we collect from your participation. If you participate in a contest on our social media we also gather your personal data from your social media account.

To enable you to participate in our contest
What processing we perform What personal data we process Our lawful basis for the processing

– Administer your participation in our contest

If you participate in a contest on our social media you will share your participation e.g. in a post or in a comment (according to the terms for the specific contest)

– Make sure that the contest entries comply with the contest rules

– Contact information you use when participating in the contest, e.g. your username on Facebook or Instagram

– Entry submission and other information you state when participating

– Information relevant to qualify as a participant in the contest, e.g. information about your age

Legitimate interest

Our legitimate interest to process your personal data to enable you to participate in the contest.

Storage period: Your entry will be reviewed by us during the time the contest is ongoing. If you win the contest we will store and market information about your win.

If you participate in a contest on social media your submission will be stored until you yourself remove it, e.g. by deleting your post or comment.

If you make a complaint or we have a discussion regarding your booking/purchase or stay

We do everything we can to please our customers and as a result rarely receive complaints, but should you want to make a complaint regarding one of our services or discuss your booking/purchase or stay with us, we will process your personal data as described below. We will collect your personal data from you yourself or provide the information ourselves.

Note that the ongoing claim or right may mean that we cannot delete all your personal data after your request.

To handle any complaints or claims
What processing we perform What personal data we process Our lawful basis for the processing
– Handle any complaints or claims

– Name

– Contact details you have chosen to use, e.g. e-mail address and/or phone number

– Information from our communication with you in relation to the claim, e.g. information about the relevant booking or information about your stay

Legal obligation

The processing is necessary to act according to legal obligations to which we are subject.

In these cases, you need to provide your personal data to us since we otherwise will not be able to comply with your consumer rights.

Legitimate interest

We also have a legitimate interest to process your personal data to defend ourselves against a possible complaint or claim.

Storage period: We will store your personal data from the time the complaint or claim was initiated and for the duration of such complaint or claim.

Who can gain access to your personal data and why?

Your personal data is initially collected and processed by us and we do not sell your personal data. This means that your personal data will be handled by our employees, but only personnel who need such access to conduct their work.

To conduct our business, we need to work with suppliers and partners which therefore will process your personal data. We are responsible for any sharing of your personal data to such suppliers or partners and to make sure your personal data is safe when shared with third parties as set out below.

We will share your personal data with the following recipients:

  • If you interact with us or visit our social media accounts, the social media platform that you use will process personal data about you as a user.
  • When you use any of our websites and consent to us doing so, we will also share your personal data with:
  • We will share your personal data with our IT suppliers who will process these on our behalf and on our instructions to ensure good and secure IT operations. We only share your personal data with our IT suppliers if it is necessary for them to fulfil their obligations towards us according to the contract that we have with them. If you only use our social media platforms or visit any of our websites, we will not share your personal data with our IT suppliers.
  • When you make a booking/purchase Klarna will process your personal data to carry out payment. Klarna act as controller in relation to all such processing and will inform you separately about how Klarna process your personal data. If you choose to pay by invoice, your personal data may be shared with a company assessing your financial situation.
  • If you make a purchase that we deliver to you (e.g. a gift card), the company that transport your purchase will process your personal data to make the transport.
  • The company which provides a service to faster fill in your information when you become a member by using your national identification number will get access to your national identification number and provides us with other information about you.
  • If you receive our newsletters/sms we will share your personal data with the company which helps us send newsletters/sms.
  • To handle your booking, purchase, stay and/or membership in the most efficient way we share your personal data within the company group.

If you have any questions regarding how we share your personal data or want to know more about who we share your personal data with, please feel free to contact us.

Where are your personal data processed?

If you use any of our websites and have consented to us using Google, Snapchat, Facebook, Pinterest and LinkedIn there is however a risk that your personal data is considered transferred outside of the EU/EEA. These parties may transfer your personal data to the United States since they are located there. We have anonymised your personal data as far as possible to avoid your personal data being transferred outside the EU/EEA.

Google, Snapchat, Facebook, Pinterest and LinkedIn rely on Standard Contractual Clauses for the transfer of personal data outside of EU/EEA. Standard Contractual Clauses are one effort to provide a safe transfer of your personal data.

If you want to know more about who we share your personal data with, please feel free to contact us. Our contact information can be found at the beginning of this privacy policy.

What are your rights when we process your personal data?

You have certain rights that you can exercise to affect how we process your personal data. You can read about what those rights are below.

If you want to know more about your rights or if you want to exercise any of your rights, please contact us and we will help you. Our contact information can be found at the beginning of this privacy policy.

Right to lodge a complaint with a supervisory authority

You always have the right to lodge a complaint with a supervisory authority. You may do this in the EU/EEA member state where you live, work or where an infringement of applicable data protection laws is alleged to have occurred. The supervisory authority in Sweden is the Swedish Data Protection Authority (Integritetsskyddsmyndigheten).

Right to withdraw your consent and object to processing

You have a right to withdraw any consent you have given us, partly or completely.

You always have a right to object to our processing of your personal data when the processing is performed for marketing and profiling purposes, such as sending newsletters/sms and customising marketing. You can read more about profiling in the charts above.

You also have a right to object to our processing of your personal data when the processing is based on the lawful basis “legitimate interest”. In some instances, we may continue to process your personal data based on our legitimate interest even if you have objected to our processing (e.g. when we need to store your personal data). This can be the case if we can show compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms in us not processing your personal data or if the purpose of the processing is to establish, exercise or defend against a legal claim.

Right to information and access

You have the right to obtain confirmation as to whether we are processing personal data about you or not. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about how we process your personal data.

Right to rectification

You have a right to correct any inaccurate personal data concerning you that we may be processing and to ask us to have incomplete personal data completed.

Right to erasure (“the right to be forgotten”) and restriction of processing

Under certain circumstances, you have a right to request that we delete your personal data. This is the case for example when the personal data is no longer necessary for the purposes for which they were collected or otherwise processed or if you have withdrawn your consent the processing was based on and there is no other lawful basis for processing.

Under certain circumstances, you also have a right to request that we restrict our processing of your personal data. That is the case for example when the accuracy of the personal data is contested by you, or the processing is unlawful, and you do not want us to delete your personal data but instead you request that we restrict our use of them.

Right to data portability

Under certain circumstances, you have a right to receive your personal data from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another company (“data portability”). This applies to personal data that you have provided to us in a structured, commonly used and machine-readable format, if our processing of your personal data is carried out by automated means and the lawful basis for our processing is based on the performance of a contract or consent.

Balancing of interests assessments when processing personal data based on the lawful basis “legitimate interests”

As we state above, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest for the processing outweighs your interests or rights which require the protection of your personal data.

If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact information can be found at the beginning of this privacy policy.

This privacy policy was adopted by ESS Hotel Group AB on 15 April 2021.
For previous version please klick here!