Privacy policy | Miramis

Privacy Policy

Your privacy is important to us. Therefore, we have prepared this privacy policy (the “Privacy Policy”) which describes how we collect, use, share, transfer and store your information. Please read the Privacy Policy to familiarise yourself with how we handle your privacy and contact us if you have any questions.

Miramis Hospitality AB, corporate ID no. 559423-7280, Malmskillnadsgatan 13, 111 57 Stockholm (“Miramis Hospitality”) and companies which from time to time are part of the same group as Miramis Hospitality (the “Group” or “we”) process Personal Data for users and customers who use our services, stay at our hotel, attend our events, purchase our goods, etc. (the “Services”).

Miramis Hospitality is the controller for the processing of Personal Data and is therefore responsible for ensuring that the processing of your Personal Data is carried out in accordance with the principles set out in law and in this Privacy Policy. Other companies within the Group may act as processors or be controllers for certain Personal Data either alone or together with Miramis Hospitality.

“Personal Data” means all information that can be directly or indirectly linked to a living natural person. We are committed to protecting your Personal Data and process your data in accordance with the General Data Protection Regulation (GDPR) and national data protection legislation, which exist to protect the privacy of individuals.

Certain pages on the Group’s websites contain links to third-party websites. These websites have their own privacy policies and the Group is not responsible for their operations, including but not limited to their information practices. Users who submit information to or through these third-party websites should review the privacy policies of those websites before any Personal Data is provided to them.

Changes to this Privacy Policy will be notified by an updated Privacy Policy being published on this website and we therefore recommend that you regularly review it.

What personal data we collect

We may ask you to provide Personal Data when you use our Services. The Group and its partners may share the information with each other and use it in accordance with this Privacy Policy. You are not required to provide the Personal Data we request, but if you choose not to do so, we may in many cases be unable to provide you with our Services.

We only collect Personal Data that is relevant to the purpose described in the specific terms and conditions for each Service and this Privacy Policy, and which you yourself provide to us. When you use our Services, we may collect different types of information, e.g. details regarding name, address, credit card details, telephone number, email address and IP address.

In addition to the data you provide to us, we may obtain data from ticket suppliers, travel agencies or other parties through whom you have booked your Service.

How we use your personal data

The Group may use your Personal Data to:
• perform and administer the Services,
• safeguard your interests,
• for accounting and invoicing purposes,
• contact you regarding the status of your booking or information relating to your booking,
• develop and analyse the business,
• communicate with you and offer the Group’s Services to you,
• send newsletters to you,
• disclose information to partners whose events you have attended, or
• market the Group’s Services.

Legal basis for our processing of your personal data

We process the data on the basis of our legitimate interest as an operator in providing our Services and in order to be able to fulfil the legal obligations that apply to us.

The data that is processed for the purpose of developing and analysing the business and for communicating with you is processed on the basis of our legitimate interest in developing the business and communicating with our contacts.

The processing which involves us disclosing your data to partners is based on your consent, which you can withdraw at any time, see the section “Your rights” below.

Recipients who access the personal data

Personal Data may be transferred between companies within the Group and to partners to be processed for the purposes set out in this Privacy Policy. The Group uses subcontractors for e.g. IT operations and Personal Data may therefore be transferred to these subcontractors. Our subcontractors process your Personal Data only on behalf of the Group, in accordance with our instructions and only after having signed a data processing agreement in accordance with applicable law, so that we can ensure a high level of protection for your Personal Data. The Group may disclose Personal Data to third parties if the Group is obliged to disclose such data pursuant to law or a decision by a public authority.

Transfer of personal data to third countries

The Group may transfer data to partners and subcontractors outside the EU/EEA. To ensure a high level of protection for your Personal Data in such situations and compliance with EU/EEA rules, the relevant company in the Group enters into data processing agreements with such parties. Such data processing agreements govern these parties’ processing of the Personal Data and, where applicable, the transfer of Personal Data in accordance with the applicable EU/EEA rules on the protection of Personal Data. The agreements contain terms required by the EU Commission and which meet the requirements imposed by applicable law in order to protect the transferred Personal Data.

Protection and erasure of personal data

The Group has internal procedures for IT and information security and takes appropriate technical and organisational measures to protect your Personal Data against e.g. loss, manipulation or unauthorised access.

We process your Personal Data for the period of time that the processing is necessary to fulfil the purposes for which the data was collected and/or we have a legal obligation to retain the Personal Data. If you unsubscribe from newsletters or similar, the data will be deleted immediately.

Your rights

Right of access: You have the right to obtain, free of charge, information about our processing of your Personal Data. Requests for extracts must be made in writing to the Group’s Data Protection Officer at the address set out below and must be personally signed by you and contain your name, postal address, telephone number, email address (used in communication with the Group). The extract will be sent to your registered address within one month from the date the application was received by the Data Protection Officer.

Right to rectification: We strive to ensure that the Personal Data we process about you is correct and relevant for the purpose for which the processing is carried out. You have the right to contact the Group’s Data Protection Officer to ask us to rectify incorrect data about you that we process. You may also request information about to whom we have disclosed your Personal Data. The Group is not responsible for problems that arise as a result of Personal Data being outdated or incorrect if you have failed to inform us of the change. Each company within the Group will, at your request or when the company discovers it, correct or delete incorrect or incomplete information.

Right to erasure: We are obliged to erase your Personal Data (i) if it is no longer needed for the purpose(s) for which it was collected, (ii) if its processing is based solely on your consent and you withdraw that consent, or (iii) if the processing is carried out for direct marketing.

Please note that you can at any time withdraw your consent to further (non-retroactive) processing of your Personal Data by contacting the Data Protection Officer at the address below, whereupon the Group will prevent such information from continuing to be processed.

However, please note that withdrawal of consent does not affect processing that may be carried out without consent (e.g. the processing that is carried out in order to be able to provide the Services) but may result in the Services not functioning as intended or the Group no longer being able to provide the Services.

Right to restriction of processing: In certain cases, you may request that our processing of your Personal Data be restricted to certain limited purposes. You can do this, for example, when you consider the data to be incorrect and have requested rectification.

Right to data portability: We can help you transfer Personal Data that you have provided to us to another provider of services. A precondition is that the recipient processes the data on the basis of your consent or in order to fulfil an agreement with you. The right applies only in relation to such Personal Data that you yourself have provided to us.

Right to object: You have the right at any time to object to the processing of your Personal Data for marketing purposes.

Complaints to the Swedish Data Protection Authority: If you consider that we process data about you in breach of the General Data Protection Regulation, you may submit a complaint to a supervisory authority where you live or work. In Sweden, the supervisory authority is the Swedish Data Protection Authority (Datainspektionen).

Right to compensation: If you have suffered damage as a result of us having processed your Personal Data in breach of the General Data Protection Regulation, you may be entitled to compensation.

Cookies

When you visit our website, we may send and store a cookie on your computer, tablet or mobile phone. This cookie enables the website or web server to collect and store specific, but limited, information from the browser about how you use it and improves your user experience. We may also collect information about your IP address, operating system, and which search engine you use for statistical and administrative purposes. The information we obtain through your visit to our website is generally anonymised and cannot be traced to a specific person. Information on how the Group uses cookies, what they are used for and how you can avoid them is set out in the Group’s applicable cookie policy from time to time.

Transfer

If we sell, reorganise or otherwise transfer all or parts of our business, your Personal Data may be transferred at the same time.

Questions about privacy

If you have questions or concerns regarding the Group’s Privacy Policy or data processing or would like to submit a complaint about a possible breach of privacy laws and regulations, you can contact our Data Protection Officer at the address below.

Contact details – Data Protection Officer
Name: Rasmus Söderlund
Email: dpo@miramis.com
Postal address: Attn: Rasmus Söderlund, Miramis Hospitality AB, Malmskillnadsgatan 13, 111 57 Stockholm