Your personal data is collected, processed and stored in line with the EU GDPR rules, safely and securely.

If you have any questions about our processing of your personal data, beyond the information below, please don’t hesitate to contact us.

What constitutes personal data?

Any information relatable directly or indirectly to a living person is considered personal data. For example photos, name, ID card numbers and IP-addresses.

Collection of personal data

We collect personal data in the following ways:

• when you send us information in the form of a booking or booking request
• when you provide information to one of our cooperation partners (e.g. a property rental site) and they pass on the information to us.
• from third parties, for example if we need to request creditworthiness information from a bank before signing a deal.

When you buy a product or service from us, we may need to temporarily process and store the following personal data received from you:

• Your name and possibly the names of any accompanying guests namn; your contact details.
• Your personal number for certain bookings or rental agreements.
• Information about your booking, e.g. arrival and departure dates, prices, type of product purchased.
• Payment information.

We may process these data for the following purposes:

• To identify you as a customer, for example for complementing booking information or in case of possible reimbursement claims.
• To receive and manage payments.
• To detect and prevent potential fraud in connection to payments.
• To contact you in case of changes or additional information concerning your booking.
• For the rental statistics

There are many different ways of communicating with us: per social media, via the web forms, per phone or e-mail. When you contact us, we process the data you share with us:

• Name, contact details,
• Information concerning your input, your question or your request.

We may process these data for the following purposes:

• To be able to answer your questions and deal with the matter at hand, for example manage a reservation or purchase.
• To provide you with requested information, services or products.
• To improve our services and our communication.

In addition to the above, we may also process your data for legal requirement purposes, notably our book keeping / tax declarations or on the request of authorities.

Storage of personal data

We store your personal data only for as long as needed to meet the data processing purposes, or for as long as we are required to by law. We regularly delete personal data when no longer needed.

Any personal data we collect for a booking is stored no more than 12 months, except personal data connected to information required for book keeping and accounts. These must be stored for seven (7) years in line with the Swedish Accounting Act.

We will never sell your personal data to a third party. We may however pass on your personal data to certain third parties if required by law or by the authorities.

If your personal data would, in such a case, be shared with a recipient who is also an independent data controller, e.g. a public authority or a bank, the GDPR policy of this recipient applies for their continued data processing and storage.

Protection of personal data

We comply with the GDPR and the applicable guidelines for data protection. This means we have put a number of measures to ensure your data is protected, e.g. encryption, password protection and best practice data processing routines.

Your rights

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725. If you want to exercise any of these rights, please contact us (contact information below).

You have the right:

• to access your personal data and to rectify them in case your personal data are inaccurate or incomplete.
• to, under certain conditions, erase your personal data, to restrict the processing of your personal data, to object to the processing and the right to data portability.
• to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a), on grounds relating to your particular situation.
• to withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

If you want to know more about data protection laws in the EU and about your rights, you can find more detailed information in the EU database Eur-Lex.

If you consider our personal data processing not to be in line with the GDPR, please contact us immediately. You can also contact the Swedish Integrity Protection Authority.

Contact details

Sanna Lindahl and Thomas Marquart are data controllers for the processing of personal data for Bestbo Gård. If you want further information about our GDPR policy, contact us by e-mail: info@bestbo.se.

For registry extracts or data corrections, contact us per written and signed request to:

Bestbo Gård, Norrskedika gruvor 209, SE-75493 Östhammar

GDPR information updates

This information page was last updated in June 2022 and may be subject to further updates. Updated version will be published as a new version of this text on our website.