Privacy Policy

Your privacy is important to us. For this reason, we have developed this privacy policy (“Privacy Policy”) describing how we collect, use, share, transfer and store your information. Please read the Privacy Policy carefully to familiarise yourself with how we manage your privacy and contact us if you have any questions.

POP HOUSE SWEDEN AB, reg. no 559000-0484, Djurgårdsvägen 68, 115 21 Stockholm (”POP HOUSE”) and any company within the same group as POP HOUSE (the “Group” or ”we”) process Personal Data for users and customers using our services, staying in our hotel, visiting our events, buying our products etc. (the “Services“).

POP HOUSE is the controller in relation to the processing of Personal Data described in this Privacy Policy and thus responsible to ensure that your Personal Data is being processed in accordance with applicable data protection laws and this Privacy Policy. Other companies within the Group may act as processors or as controllers together with POP HOUSE for certain Personal Data.

“Personal Data” means all information relating directly or indirectly to a natural person alive today. We will process your information in accordance with the General Data Protection Regulation (GDPR) as well as national data protection laws.

Any changes to this Privacy Policy will be uploaded on this website.

Categories of Personal Data we may collect

We may ask you to provide us with your Personal Data when you use our Services. You do not have to provide us with any Personal Data, but if you choose not to, we may be unable to provide our Services to you.

We collect Personal Data, relevant to fulfil the purposes described in this Privacy Policy, that you provide to us. When you use our Services, we may collect different types of Personal Data, such as name, address, credit card information, phone number, e-mail address and IP address.

In addition to the data you provide to us, we may collect information from ticket suppliers and travel agencies through which you have booked your Service.

Purposes of processing

The Group may use your Personal Data for the following purposes:

to provide and administrate our Services,

to protect your interests,

to fulfil our legal obligations,

to contact you regarding your booking status or information connected to your booking,

to develop and analyse our business,

to communicate with you,

to send you newsletters, or

marketing purposes.

Legal basis for our processing of your Personal Data

 

We process Personal Data when the processing is necessary for compliance with a legal obligation, is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us, or when we have a legitimate interest  to carry out the processing when providing our Services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms), or when we have obtained your prior consent to the processing.

 

We have a legitimate interest in carrying out the processing for the purpose of contacting you, and to market our Services to you, subject always to compliance with applicable law (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).

Disclosure of Personal Data to third parties

We may disclose your Personal Data for legitimate business purposes (including providing Services to you) to: (i) authorities; (ii) companies within the Group; (iii) any person or entity that processes Personal Data on behalf of any Group company; (iv) business partners; and (v) any purchaser of our business.

If we engage a third-party processor to process your Personal Data, the processor will be subject to binding contractual obligations to: (i) only process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.

Transfer of Personal Data to a third country

We may need to transfer your Personal Data to third-parties, listed in the section above, located outside the EU/EEA, in connection with the purposes set out in this policy. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the EU/EEA. Where we transfer your Personal Data from the EU/EEA to recipients located outside the EU/EEA who are not in a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data, we do so on the basis of Standard Contractual Clauses adopted by European Commission or a Data Protection Authority for the purpose of transferring data outside the EU/EEA.

Data protection and retention

The Group has internal routines and takes appropriate technical and organisational measures to protect your Personal Data against, for instance, loss, manipulation or unauthorised access.

Personal Data is only processed for the minimum period necessary for the purpose set out in this policy, unless applicable law requires a longer retention period. If you unsubscribe from newsletters, your Personal Data will be erased immediately.

Your rights

Right not to provide Personal Data: You have the right not to provide your Personal Data to us (however, please note that we may be unable to provide you with the full benefit of our Services, if you do not provide us with your Personal Data).

Right to access: You have the right to request access to, or copies of, your Personal Data together with information regarding the nature, processing and disclosure of those Personal Data. Request for information shall be made in writing to the Group’s Data Protection Officer at the address given below and contain information of your name, postal address, phone number and email address (as used in communication with the Group). The information will be sent to your officially registered address within a month from the Data Protection Officer’s receipt of your request.

Right to rectification: We aim to ensure that your Personal Data are kept accurate and up-to-date and will erase or rectify it if we become aware of inaccuracies. You have the right to request rectification of any inaccuracies in your Personal Data.  You may also request information about to whom we have transferred your Personal Data. The Group is not responsible for problems arising from the Personal Data being old or incorrect if you have failed to inform us about the change.

Right to erasure: We are obligated to erase your Personal Data (i) if it is no longer required for the purpose it was collected, (ii) if the processing of the data is only based on consent and you withdraw it, or (iii) upon your request if the processing is made for direct marketing purposes.

Right to withdraw your consent: You may at any time withdraw your consent to further processing (not retroactively) of your Personal Data by contacting the Data Protection Officer at the address below, after which the Group will prevent such information from further processing. However, please note that withdrawal of consent does not affect such processing which is allowed without consent (for instance, processing necessary to provide the Services) and that we may be unable to provide you with the full benefit of our Services, if you do withdraw your consent.

Right to restriction of processing: You may in certain cases request that our processing of your Personal Data is restricted to certain limited purposes. You may do so, for instance, when you believe that the information is incorrect and you have requested rectification.

Right to data portability: We can help you transfer Personal Data you have submitted to us to a different service provider provided that the receiver of the Personal Data processes the data based on your consent or to fulfil an agreement with you. This right only applies to such Personal Data which you have provided to us.

Right to object: You may at any time object to your Personal Data being processed for direct marketing purposes.

Complaints to the Data Protection Authority: You have the right to lodge complaints with a Data Protection Authority regarding the processing of your Personal Data by us. In Sweden, the data protection authority is Datainspektionen.

Right to damages: If we have not processed your Personal Data in accordance with applicable data protection law, you may be entitled compensation.

Cookies

When you visit our website, we may send and store a cookie on your computer, tablet or mobile phone. This cookie enables the website or web server to collect and store specific but limited information from the browser about how you use it and improves your user experience. We may also collect information about your IP address, operating system, what search engine you use, for statistical and administrative purposes. The information we collect through your visit to our website is generally pseudonymised and cannot be connected to a specific person. Information about how the Group uses cookies, what they are used for and how to avoid them is stated in the Group’s Cookie Policy.

Questions about your privacy

If you have any questions about the Group’s Privacy Policy or data processing or would like to submit a complaint about any breach of legislation or rules about privacy, you may contact our Data Protection Officer at the address stated below.

Click here for more information about our terms and conditions.

Contact information Data Protection Officer

Name: Johann Schneider
Email: legal@pophouse.se