Privacy Policy (GDPR)

We take our guests privacy very seriously and apply a strict policy. Our DPO (Data Protection Officer) is Ulf Persson who you will be able to contact via

Collection of personal data

We collect the following personal data;

  • name
  • address
  • phone-number
  • e-mail address
  • ID-number/passport number
  • credit card information

needed by us to be able to deliver the hostel stay in a safe and legal way for both us and the guest.

Personal data is collected via the reservation form at booking channels (e.g, Expedia) or at our homepage.


A cookie is a small datafile that is saved on your computer, tablet or mobile phone. They are necessary for the website to function. For example, cookies remember if you have previously visited the page, if you are logged in and what languages you want displayed on the website. How long cookies are saved on your device can vary. The time when they are scheduled to expire is calculated from the last date you visited the website. When cookies expire, they are automatically deleted.

There are two types of cookies:

  • First-party cookies are created by the site you visit. The site is shown in the address bar.
  • Third-party cookies are created by other sites. These sites own some of the content, like ads or images, that you see on the webpage you visit.

You can always reject and delete cookies on your computer, tablet or phone by changing your browser settings. Where these settings can be found depends on the type of browser you are using. If you do change the settings, please be aware that there may be some functions and services that you cannot use since they rely on the website being able to remember the choices you have made. If you are using several different browsers, you must delete the cookies in all of them.

Both our booking system and webpage provider use session cookies which are deleted when the session is terminated.

We collect usage information from our homepage and Facebook for analysis of user behaviour by Google Analytics, Google Adwords, Google Search Console, Facebook Pages and Facebook Ads Manager.

We use cookies for marketing purposes by using Google Analytics and Google Adwords. The following Google Analytics Advertising Features are turned on:

  • Remarketing with Google Analytics
  • Google Display Network Impression Reporting
  • Google Analytics Demographics and Interest Reporting
  • Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

Video surveillance

Video from our reception, lounge and kitchen areas is stored with our security or camera provider for 30 days. Images are only available to operators by request from us, and only the DPO have access internally. Video is collected to deter from theft, unruly behaviour and identify guests (when called for) not following booking conditions and House Rules.

Storage of personal data

Data is stored in our cloud-based booking system. Sirvoy keeps all customer data confidential and will only disclose information about the customer to a third party if it is relevant to the service being provided through our agreement. GDPR compliant third-party services may be used for data processing.

Credit card details are stored with Stripe, our credit card payment service. You can learn more about Stripe and read its privacy policy at Credit card details are not available to Winstrup Minihotel & Hostel staff.

For reservations made via our booking channels (e.g, Expedia) personal data is stored in accordance with each channels privacy policy.

For non-Swedish citizens and in accordance with Border Police requirements, a signed document with personal data is stored in a locked location for three months.

Personal data in our booking system is kept for 18 months. Data used for invoicing purpose is stored in our bookkeeping files according to current legislation, currently seven years.

Usage of personal data

We use personal data to be able to deliver the hostel stay in a safe manner for both us and the guest and in line with Swedish legislation.

We will send guests, up to 7 days after departure, an offer for a discount at their next stay.

We will not use personal data from our booking system for marketing purposes.

We will not use personal data for profiling purposes.

We will never sell personal data we have received to a third party.

Since credit card details is not available in the booking system it cannot be communicated or shared.


As we only use personal data for the purposes mentioned in the point above we assume the guest gives consent by a clear affirmative action (entering their own personal data by themselves and confirming the reservation by pressing a button in the system).

Your right to your information

We will always provide you, free of charge, details about the personal information we have about you in our system.

We will correct, update or erase (after your visit has been completed) any information you require.

We will immediately inform you about any data breach or theft of data.