Handling of personal data

Safe and secure handling of your personal data

We protect your privacy and want to inform you about how we handle and protect your personal data in accordance with the GDPR, which entered into force on May 25, 2018. We have taken technical and organizational measures to protect your personal data from unauthorized access and illegal use. We limit access to your personal data to only those employees and partners who need access to it in order to perform their duties.

GDPR exists to protect you as a customer and your rights regarding the handling and dissemination of your personal data.

GDPR is a regulation common to the EU/EEA:

  • GDPR stands for General Data Protection Regulation and is an EU regulation that replaces the old Data Protection Directive from 1995
  • GDPR means increased requirements for control and documentation for all businesses that process personal data
  • The purpose of the new rules is to strengthen the rights of individuals when it comes to personal integrity

There are 7 basic principles within the GDPR:

  • You may only process personal data if you meet the requirements of the law
  • Personal data may only be collected for a stated purpose
  • You may only collect the data that is necessary to fulfill the purpose
  • If you have personal data, you must keep it correct and up-to-date
  • When the purpose has been achieved, the data must be deleted
  • Personal data must be stored securely so that it is not changed or stolen
  • You must be able to prove that you meet these requirements

GDPR and our bookings

We accept bookings in different ways, for example via our website, e-mail, telephone and from partners. When it comes to bookings from third parties, these companies own the information and we get access to as much information as we need to manage the bookings. Ofelas acts according to the Accounting Act in Sweden and saves the business documents for the number of years that the law requires. By booking an activity, accommodation or agreement, you have consented to the data being registered.

GDPR and our partners

In order to provide certain services, we may use external service providers, e.g. Stripe, which is our partner for payment services. To the extent that such external service providers need access to personal data, we ensure that their access is limited to the provision of the service in question. All external service providers must of course also comply with all applicable data protection regulations. However, Ofelas is not legally responsible for external service providers complying with the GDPR. This responsibility lies with the third party companies themselves. To obtain more information from the third-party companies, we recommend that you contact them directly.

If we are asked by you to book activities with another partner company, we assume that you accept that we give out as little of your personal information as possible in order to make the booking.

What data do we handle?

For your security, we limit the data to those that are necessary: telephone number and e-mail to be able to communicate relevant questions and booking activities. We will send you a booking confirmation. For invoicing, we also need an email address.

We need to save some of your personal data so that we can conduct our business in a correct and business-like manner:

  • To offer and provide our various services
  • When administering your bookings and ordering our services
  • Create a guest profile to be able to send you offers via SMS or email
  • When you want to book other activities such as reindeer sledding with one of our partner companies
  • When booking accommodation and activities, we may need to collect credit card numbers or bank account information, to process payment and to confirm your booking

It is important to distinguish between ordinary and sensitive personal data. Sensitive information is, for example, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information about health. Ofelas does not need to obtain consent from you as a guest if you book accommodation or activities as a customer agreement is entered into when a booking is made. We will never collect data on sensitive information, however, there are free fields when booking or via guest surveys that can come to us. This information comes to us if you, as a guest, only choose to fill it in, otherwise it is nothing that we request or store. We urge you as a guest not to enter notes of a sensitive nature in our systems. As a guest, you always have the right to receive a copy of all information stored about you.

Receiving e-mails regarding news, offers and guest surveys is voluntary. You are asked to consent to the storage of personal data when subscribing. Guest surveys are voluntary and you can choose to answer completely anonymously.

We never use guests’ personal information for our own marketing without the guest’s express consent. As a guest with us, you can always contact us to have your personal information removed from all our systems. Non-personal information about bookings, sales and activities is not included as this is considered trade secrets. Immediately after the end of the activity or check-out, you as a guest can request that we delete the personal information saved for this booking.

GDPR and our website

Ofelas follows a standard procedure for using log files. These files log visitors when they visit websites. This is part of being able to analyze trends, administer the website and collect demographic information. The log files are not linked to any personally identifiable information.

Cookies are used to optimize the user’s experience by adapting the content of our website based on the visitor’s type of browser and/or other information.

How do we store and protect your personal data?

We save bookings that come to us in a digital database. If you wish to have them removed earlier, please contact us at info@ofelas.se and we will fix it.

To protect personal data, we have implemented technical and organizational measures. We ensure that personal data is stored in encrypted server to prevent unauthorized access. We have access controls to limit access to personal data. Only authorized personnel who have a legitimate need to access the data can do so.

When we hire other suppliers, we always request that they work according to the GDPR.

Responsible for personal data

At Ofelas, Kerstin Nilsson has overall responsibility for personal data. If you want to get in touch regarding personal data or report a matter regarding this, you contact us at info@ofelas.se. We aim to process your inquiries and questions as soon as possible within the framework of current legislation. Our aim is to contact you within 72 hours.

Thanks!

Thank you for choosing us for your activities and accommodation needs. We look forward to providing you with a memorable and safe experience.