Privacy policy

Valid from 25 May 2018

Table of contents

1. 1. Introduction

1. 1. What is personal data and what does processing personal data mean?

1. 1. To whom does this policy apply?

1. 1. What does this policy apply to?

1. 1. What does it mean to be a data controller?

1. 1. Operakällaren AB as data controller

1. 1. Why are we allowed to process personal data?

1. 1. What personal data do we collect?

1. 1. How long do we keep personal data?

1. 1. Our measures to protect your personal data

1. 1. When we share personal data

1. 1. Your rights

1. 1. Changes to this policy

1. 1. Contact us

1. Introduction

Thank you for choosing Operakällaren AB and an extra big thank you for taking the time to carefully read this Privacy Policy. We would like to start by briefly explaining why we have created this policy. Our fundamental goal is to clearly and legibly

 

• • explain the role of You and We in this context

• • explain how we use the information you share with us to deliver and continue to develop the best hotel experience in Sweden;

• • make sure you understand what information we collect and what we actually do with it;

• • show how we work to protect your rights and privacy.

Our goal is that, after reading this policy, you should feel confident that your personal privacy is respected and that your personal data is processed correctly. We therefore also work continuously to ensure that our processing of personal data is fully in accordance with current legislation, in particular the new General Data Protection Regulation (GDPR), which applies from May 25, 2018.

2. What is personal data and what does processing personal data mean?

2.1 Personal data is any information that can be linked directly, or indirectly together with other data, to a living natural person. A non-exhaustive list of examples of personal data includes

 

• • Name

• • Personal identification number

• • Credit card number

• • E-mail address

• • IP address

• • Pictures of

2.2 Processing of personal data includes any operation which is performed on personal data, whether or not by automated means. This means that the following actions, among others, are covered:

 

• • Collection

• • Registration

• • Usage

• • Compilation

• • Transfer of funds

• • Erasure

3. to whom does the policy apply?

This Privacy Policy applies primarily to individuals staying at our hotel whose personal data we process (the "Data Subject"). Different parts of this Privacy Policy may also be relevant to you depending on your relationship with Operakällaren AB. In summary, this policy applies to individuals who

 

• • are guests at our hotel

• • eat at our restaurant

• • organize meetings or events on our premises

• • visit our website or interact with us on social media

• • communicate with us in other ways, for example with our customer service

By accepting this Privacy Policy, you agree that Operakällaren AB processes your personal data in accordance with this Privacy Policy.

4. What does the policy apply to?

This Privacy Policy regulates how Operakällaren AB collects and processes personal data in order to deliver and continue to develop our Services.

5. What does it mean to be a Data Controller?

A controller is a natural or legal person or other body that determines the purposes and means of the processing of personal data. A business is a data controller in respect of personal data it holds on its own behalf about its employees, customers, suppliers and others.

6. Operakällaren AB as Data Controller

Operakällaren AB (reg. no. 556031-3974) is the data controller for the processing of your personal data within the framework of Operakällaren AB Services and is responsible for ensuring that such processing is carried out in accordance with applicable legislation.

7. Why are we allowed to process personal data? 7.1 In order to be allowed to process personal data, there must always be a support in the GDPR, a so-called legal basis. Such a legal basis includes

 

• • a consent from the Data Subject

• • the processing of personal data is necessary for the performance of a contract with the data subject, such as a contract for the use of the Services

• • to comply with a legal obligation, for example to retain data for accounting purposes

• • to make the assessment, after a balancing of interests, that Operakällaren AB's interest in processing personal data is greater than the data subject's interest in protecting it.

7.2 Operakällaren AB always processes your personal data in accordance with applicable legislation. Our primary basis for processing your personal data is that it is necessary to fulfill our agreement with you regarding the use of our services.

7.3 It may occur that the same personal data is processed both on the basis of the performance of a contract, specifically on the basis of consent or on the basis that the data is necessary to fulfill other legal obligations. This means that even if you withdraw your consent and the processing based on the consent ceases, the personal data may still remain with us for other purposes.

8. What personal data do we collect?

In this section of our policy, we want to give you some examples of how we handle personal data to ensure that we continuously deliver great experiences with a high level of service.

8.1 When you book a room at our hotel

When you book a room at our hotel, whether the booking is made at the hotel reception, by phone, by email or at https://www.operakallaren.se, we handle the following information that you provide to us:

 

• • Your name and contact details (phone number, email)

• • Credit card number and other payment information

• • Your name and contact details (phone number, email)

• • Your name and contact details (phone number, email)

• • Your name and contact details (phone number, email)

• • Information about your question, comment or concern

8.1.1 We process your personal data in order to

 

• • Identify yourself in connection with your booking and stay at Operakällaren AB

• • Charge you for the services and products you have bought from us

• • Contact you with information related to your stay, for example by email and text message

• • Produce statistics and carry out analysis in order to improve our Services, goods and offers

• • Provide, maintain, test, improve and develop our Services and the technical platform used to provide them

• • Ensure the security of our Services, to detect or prevent various types of illegal use or use that otherwise violates our Terms of Use

• • Inform you about personalized and customized offers, promotions and benefits from us and our partners, for example via email and SMS

• • Identify yourself in connection with your reservation and dining experience at our restaurants

• • Charge you for the services and products you have bought from us

• • Contact you with information related to your stay, for example by email and text message

• • Produce statistics and carry out analysis in order to improve our Services, goods and offers

• • Provide, maintain, test, improve and develop our Services and the technical platform used to provide them

• • Ensure the security of our Services, to detect or prevent various types of illegal use or use that otherwise violates our Terms of Use

• • Inform you about personalized and customized offers, promotions and benefits from us and our partners, for example via email and SMS

• • Identify yourself in connection with your booking and your experience at our hotel

• • Charge you for the services and products you have bought from us

• • Contact you with information regarding your booking, e.g. via e-mail and SMS

• • Produce statistics and carry out analysis in order to improve our Services, goods and offers

• • Provide, maintain, test, improve and develop our Services and the technical platform used to provide them

• • Ensure the security of our Services, to detect or prevent various types of illegal use or use that otherwise violates our Terms of Use

• • Inform you about personalized and customized offers, promotions and benefits from us and our partners, for example via email and SMS

• • Answering your questions and dealing with your case, for example by resolving errors and handling complaints

• • Improve our Services and the information we communicate through our different channels

8.1.2 Legal basis for processing:

We process your personal data on the basis of performance of contract when we fulfill our obligations to you as a hotel guest (e.g. when we administer services linked to your hotel room and when we provide relevant offers) and on the basis of a balance of interests when we have a legitimate interest in using information about your stay and purchases to produce statistics and to develop, improve and ensure the security of our Services.

8.1.3 Storage time:

We keep your personal data during your hotel stay and for up to 3 months afterwards. To ensure traceability, we keep records of our communications with you for 12 months. Your hotel history is kept for up to 2 years for our legitimate interest to analyze trends over time.

8.2 When you book a table in our restaurants

When you book a table to eat at our restaurants, whether the booking is made in the restaurant, by phone, by email or at https://www.operakallaren.se, we handle the following information that you provide to us:

8.2.1 We process your personal data in order to

8.2.2 Legal basis for processing:

We process your personal data on the basis of performance of contract when we fulfill our obligations to you as a restaurant guest (e.g. when we administer the service linked to your table reservation and when we provide relevant offers) and on the basis of a balance of interests when we have a legitimate interest in using information about your stay and purchases to produce statistics and to develop, improve and ensure the security of our Services.

8.2.3 Storage time:

We keep your personal data for up to 3 months after your restaurant visit. To ensure traceability, we keep records of our communications with you for up to 12 months. Your visit history is kept for up to 2 years for our legitimate interest to analyze trends over time.

8.3 When you book our meeting and event venues

When you book one of our lovely meeting or event venues, whether the booking is made at the hotel reception, by phone, by email or at https://www.operakallaren.se, we handle the following information that you provide to us:

8.3.1 We process your personal data in order to

8.3.2 Legal basis for processing:

We process your personal data on the basis of performance of contract when we fulfill our obligations to you as a visitor (e.g. when we administer services linked to your meeting or event booking and when we provide relevant offers) and on the basis of a balance of interests when we have a legitimate interest in using information about your stay and purchases to produce statistics and to develop, improve and ensure the security of our Services.

8.3.3 Storage time:

We keep your personal data for up to 3 months after your visit. To ensure traceability, we keep data about our communications with you for 12 months. Your visit history is kept for up to 2 years for our legitimate interest to analyze trends over time.

8.4 When you communicate with us

You can choose to communicate with us in a number of ways, including through our social media accounts or with our customer service team by phone or email.

When you make a booking and communicate with us, we process the following data that you provide to us:

8.4.1 We process your personal data in order to

8.4.2 Legal basis for processing:

We process your personal data on the basis of our and your legitimate interest in handling the case (balance of interests)

8.4.3 Storage time:

To ensure traceability, we keep data on our communications with you for 12 months.

8.5 When you use our Wi-Fi or visit our website

When you connect to our Wi-Fi, we are the controller of the processing that takes place to connect you to the Internet, but not of the further processing or of the content of your communication via Wi-Fi. When you connect to our Wi-Fi, we process

 

• • Your IP address and MAC address

When you visit our website, we process:

 

• • Data on how you integrate with and use our website, for example when booking a hotel room

• • Information about your visits to our website, through so-called cookies. For more information on how we use cookies, see https://www.operakallaren.se/c...

8.5.1 We process your personal data in order to

 

• • Providing our digital services

• • Provide you with support when you experience different types of technical problems

• • Maintaining, testing and improving our digital services

• • Detect and prevent security attacks, such as virus attacks

8.5.2 Legal basis for processing:

We process your personal data on the basis of performance of contract when we provide Wi-Fi and on the basis of legitimate interests to maintain, test and improve our digital services.

8.5.3 Storage time:

We keep your personal data for 3 months after you have used our digital channels and for 6 months after you have connected to our Wi-Fi.

9. How long do we keep personal data?

Your personal data is only saved for the period for which there is a need to save it in order to fulfill the purposes for which the data was collected in accordance with this Privacy Policy. Operakällaren AB may save the data for longer if it is necessary to comply with legal requirements or to safeguard Operakällaren AB's legal interests, e.g. if there is a legal process.

10. Our measures to protect your personal data

10.1 We at Operakällaren AB have ensured that we have taken appropriate technical and organizational measures to protect your personal data against, among other things, loss, misuse and unauthorized access.

10.2 In order to technically ensure that personal data is processed in a secure and confidential manner, we use digital networks that are intrusion-protected using, for example, encryption, firewalls and password protection. In the event that a breach occurs, Operakällaren AB has created good procedures for identification, damage minimization and reporting. Finally, Operakällaren AB has also developed a well-functioning method to fulfill the rights of the data subject, including the right to be forgotten.

10.3 To ensure a good level of knowledge regarding the processing of personal data, ongoing training in GDPR is organized, both for Operakällaren AB employees and the consultants who are hired from time to time to perform assignments for the company.

11. When do we share personal data?

11.1 Operakällaren AB will not sell, disclose or disseminate personal data to third parties, except as stated in this Privacy Policy. Within the framework of the Services, personal data may be disclosed to, for example, subcontractors and partners, if necessary for the performance and provision of the company's services. In cases where we choose to share personal data, we enter into a so-called data processing agreement to ensure that the recipient of the personal data processes this data in accordance with applicable legislation and that the recipient has taken the necessary technical and organizational measures in accordance with the GDPR to satisfactorily protect the rights and freedoms of the data subject.

11.2 Furthermore, we may disclose personal data if we are required to do so by applicable law, court order or if such disclosure is otherwise necessary to assist in a legal investigation.

12. your rights

12.1 Operakällaren AB is responsible for ensuring that your personal data is processed in accordance with applicable legislation.

12.2 Operakällaren AB will, at your request or on its own initiative, correct, de-identify, delete or supplement information that is found to be incorrect, incomplete or misleading.

12.3 You have the right to request access to your personal data. This means that you have the right to request an extract from the register of the processing we carry out on your personal data. You also have the right to receive a copy of the personal data being processed. Once a calendar year, you have the right, by means of a written and signed application, to receive a free extract from the register of what personal data is registered about you, the purposes of the processing and to which recipients the data has been or will be disclosed. You also have the right to obtain from the extract from the register information on the envisaged period for which the data will be stored or the criteria used to determine this period.

12.4 You have the right to rectification of your personal data. We will, at your request, rectify as soon as possible any incorrect or incomplete data we process about you.

12.5 You have the right to erasure of your personal data. This means that you have the right to request that your personal data be deleted if it is no longer necessary for the purpose for which it was collected. However, we may not be required by law to delete your personal data immediately, for example due to applicable accounting and tax legislation.

12.6 You have the right to object to personal data processing carried out on the basis of a balancing of interests. If you object to such processing, we will only continue the processing if there are legitimate grounds for the processing that outweigh your interests.

12.7 If you do not want us to process your personal data for direct marketing purposes, you always have the right to object to such processing by either unsubscribing directly in each specific email, or by sending an email to gdpr@operakallaren.se. Once we have received your objection, we will cease to process the personal data for such marketing purposes. If you are not satisfied with how we handle your personal data, you also have the opportunity to report our processing of your personal data to the Data Inspectorate. However, for smooth and efficient handling, we recommend that you contact us in the first instance so that we can help you with any questions and concerns.

13. changes to this policy

Operakällaren AB reserves the right to revise this Privacy Policy from time to time. The date of the most recent amendment is set out at the end of the Privacy Policy. If we make any changes to the Privacy Policy, we will publish these changes on the website. You are therefore advised to read this Privacy Policy regularly to be aware of any changes. If we change the Privacy Policy in a way that is materially different from what was stated when your consent was collected, we will notify you of these changes and, if necessary, ask you to re-consent to Operakällaren AB personal data processing.

14. contact

Operakällaren AB (reg. no. 556031-3974) is the data controller for the processing of your personal data. If you want further information about how your personal data is processed, please contact us by sending a written, hand-signed request to

Operakällaren AB
Karl XII:s torg, Box 1690
103 22 Stockholm

In the letter, please provide your name, address, e-mail address, telephone number and social security number in addition to your case. Please also enclose a copy of your identity document. A reply will be sent to your last registered address.