PRIVAcy Policy (GDPR)

Last updated: May 24, 2018

We take our guests privacy very seriously and apply a strict policy. Our DPO (Data Protection Officer) is Ulf Persson who you will be able to contact via stay@winstruphostel.se.

Collection of personal data

We collect the following personal data;

  • name
  • address
  • phone-number
  • e-mail address
  • ID-number/passport number
  • credit card information

needed by us to be able to deliver the hostel stay in a safe and legal way for both us and the guest.

Personal data is collected via the reservation form at booking channels (e.g booking.com, Expedia) or at our homepage.

Cookies

Both our booking system and webpage provider use session cookies which are deleted when the session is terminated.

We collect usage information from our homepage and Facebook for analysis of user behaviour by Google Analytics, Facebook Pages and Facebook Ads Manager.

Storage of personal data

Data is stored in our cloud-based booking system. Sirvoy keeps all customer data confidential and will only disclose information about the customer to a third party if it is relevant to the service being provided through our agreement. GDPR compliant third-party services may be used for data processing.

Credit card details are stored with Stripe, our credit card payment service. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy. Credit card details are not available to Winstrup Hostel staff.

For reservations made via our booking channels (e.g booking.com, Expedia) personal data is stored in accordance with each channels privacy policy.

For non-Swedish citizens and in accordance with Border Police requirements, a signed document with personal data is stored in a locked location for three months.

Personal data in our booking system is kept for 18 months.

Usage of personal data

We use personal data to be able to deliver the hostel stay in a safe manner for both us and the guest and in line with Swedish legislation.

We will send guests, up to 7 days after departure, an offer for a discount at their next stay.

We will not use personal data from our booking system for marketing purposes.

We will not use personal data for profiling purposes.

We will never sell personal data we have received to a third party.

We actively communicate which personal data we store about the guest to the guest through our booking confirmation. Since credit card details is not available in the booking system it cannot be communicated or shared.

Consent

As we only use personal data for the purposes mentioned in the point above we assume the guest gives consent by a clear affirmative action (entering their own personal data by themselves and confirming the reservation by pressing a button in the system).

On the booking confirmation we also mention the upcoming offer of a discount and provide instructions on how to opt out from this offer.

Your right to your information

We will always provide you, free of charge, details about the personal information we have about you in our system.

We will correct, update or erase (after your visit has been completed) any information you require.

We will immediately inform you about any data breach or theft of data.