Privacy Policy

1. General

Biz Apartment Gärdet AB, Biz Apartment Solna AB, Biz Apartment Hammarby Sjöstad AB och Biz Apartmnet Bromma AB samlar in data i olika former för attkunna fullfölja vårt åtagande gentemot dig som gäst och anställd. Insamlingen av data sker enligt de krav som ställs i GDPR-förordningen (General Data Protection Regulation).
Vi är noga med att alltid se till så att personuppgifter lagras på ett säkertsätt och vi har interna rutiner och tekniska skyddsåtgärder som gör att ingenkan ta del av uppgifter om det inte finns tillräckliga skäl för det.
Vi vill att gäster och anställda ska känna sig trygga i att deras personuppgifter hanteras på rätt sätt.

Vi delar aldrig ut personuppgifter utanför EU och deuppgifter som delas ut är till myndigheter på grund av rättsliga krav ellertill leverantörer för att fullfölja våra åtaganden gentemot gäster och anställda.

This privacy policy (“Integritetspolicyn”) describes how Biz Apartment AB, org. no. 556825-4220 with address Sandhamnsgatan 67, 115 28 Stockholm and other companies that are part of the Biz Group process your personal data (“Biz”, “we”, “our” and “us”). Biz Apartment AB is the data controller with regard to the processing of personal data carried out by companies within the group.

We protect your privacy and take data protection issues very seriously. The Privacy Policy therefore describes, among other things, what categories of personal data we process, for what purposes we process them and what legal basis we support the processing on. We also explain who may have access to and process the data, the principles of thinning, which third parties we may share the personal data with, where the personal data is processed and your rights as a data subject in the form of the right to information, rectification and erasure, etc.

We may need to update or change the Privacy Policy from time to time. If this happens, we will inform you in an appropriate manner and ask you to take note of the changes made. The latest version of the Privacy Policy can always be found on our website.

We hope that this Privacy Policy answers your questions regarding our processing and protection of your personal data. If you have any further questions or concerns, you are always welcome to contact us at the address above or by emailing us at micaela.krook@bizapartment.se.

2. How do we process your personal data?

How we collect your data

We collect your information directly from you when you make reservations with us and when you otherwise use our hotel services (the “Services”). We may also collect your personal data from our partners (e.g. travel agents or booking companies) if you make bookings with us through such third parties or from the company you represent.

What data we collect

We collect and process the following personal data:

• name, address and other contact details, including e-mail address and telephone number, as well as copies of identity documents;
• information about your booking and special requests that you provide to us;
• payment information, such as payment method and account or credit card details;
• personal preferences, e.g. if you want to receive marketing from us; and
• IP address if you book through our website.
• Purposes of processing, legal basis and storage period

Your data will not be used in a way that is incompatible with the purposes for which the data was collected. We process your data for the purposes and in accordance with the provisions set out in paragraphs 2.3.1 to 2.3.5 below.

Manage bookings and provide our Services

We use your personal data to manage your booking and to provide our services. We therefore use your data to ensure your identity and create, administer, follow up, charge for and communicate with you about your booking. Furthermore, we use your personal data to be able to provide our hotel services and to handle, for example, breakfast orders and other requests. We also take a copy of your identity document when you check into our hotels which we save up to one month after your stay. The legal basis for this processing of personal data is that it is necessary for us to fulfil the contract with you regarding your booking. You must provide your personal data in order for us to create and manage your booking.

If we do not have a permanent business relationship with you in accordance with clause 2.3.2, we will store your personal data for this purpose for about 1 year

Manage our business relationships

We also process personal data for the purposes set out in clause 2.3.1 in order to provide our Services to the company you represent and to tailor future bookings to previous preferences. If the company you represent has an agreement with us and has designated you as a contact person, we also use your personal data to be able to communicate with your company about our contractual relationship or our Services. We may also process your personal data in order to be able to contact you and maintain and develop contact with you or your company. The legal basis for this processing of personal data is that it is necessary for our legitimate interest in providing our Services to our customers and maintaining a business relationship with you or your company.

We store your personal data for this purpose as long as the company you represent has a valid contract with us or until the company specifies another contact person. If your company does not have a contract with us, we will store your personal data for as long as we deem it necessary to maintain the business relationship with your company.

Marketing

We use your personal data for direct marketing purposes, including communications regarding our Services and information about important events with us. Direct marketing refers to all types of outreach marketing measures, such as mailings by mail, e-mail and text messages. You have the right to object free of charge to the use of your data for such purposes and every marketing communication from us contains an opt-out option. The legal basis for this processing of personal data is your consent.

We store your personal data for this purpose for as long as you subscribe to our marketing mailings or until you unsubscribe from such mailings.

Fulfilling legal obligations

We may also process your data to enable us to fulfil our legal obligations under law, judgments or government decisions. This may apply, among other things, to requirements regarding accounting, product liability and money laundering legislation. The legal basis for this processing of personal data is that it is necessary for us to fulfil our legal obligations.

How we share your data

Your data may be shared with companies within the Biz Group. If Biz shares your personal data within the Group, we will ensure that your data will continue to be processed only in accordance with this Privacy Policy. Biz does not share your data with any third party except in the manner described below.

Our suppliers: We may use third parties to handle one or more aspects of our business, including the processing or handling of personal data. We may share personal data with these third parties in order for them to perform services on our behalf, such as providing our booking system, handling payments, sending out marketing communications and assisting us with IT services. When we use providers under this paragraph, we establish personal data processing agreements and take other appropriate steps to ensure that your personal data is processed in a manner consistent with this Privacy Policy.

Sale or transfer: Biz may transfer or disclose your personal data to a buyer or potential buyer upon sale, transfer or other transfer of all or part of our business or assets. In the event of such transfer, we will take reasonable steps to ensure that the receiving party processes your information in a manner consistent with this Privacy Policy.

Biz may also share your personal data with, for example, the police, tax authorities or other authorities when we are required to do so by law.

3. How we protect your data

We take appropriate safeguards and maintain security standards to protect your personal data against unauthorized access, unauthorized disclosure and misuse. Your personal data is stored on files that are accessible only to our employees, our agents and our service providers who need the data for the performance of their services. We use technical tools such as firewalls and passwords and we ensure that our employees are trained on the importance of maintaining security and confidentiality in relation to the personal data we process.

4th. Where we process your personal data

We aim to always process your personal data within the EU/EEA where all our own IT systems are located. However, it may happen that your personal data is shared with suppliers to us, so-called data processors, who either themselves or through subcontractors are established or store information in a country outside the EU/EEA. In such a case, we will take all reasonable legal, organisational and technical measures necessary to ensure that the level of protection of that processing corresponds to that in the EU/EEA. This will be done either if the European Commission has decided that the country in question ensures an adequate level of protection or through the use of appropriate safeguards such as standard contractual clauses or accepted codes of conduct in our agreements with such processors.

You can find out more about which third countries the European Commission has assessed ensure an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection_sv.

5. Your rights

This section describes your rights as a data subject. You can always exercise these rights by contacting us as described above.

The right of access

If you would like to receive information about what personal data we process about you, you can request access to the data. The information will then be provided in the form of a register extract indicating which personal data we process, for what purposes we process it, where the data has been collected from, which third parties the data has been transferred to and how long the data will be stored.

The right to rectification

You have the right to have incorrect information about you corrected without delay. You also have the right to complete incomplete information.

The right to erasure

You have the right to have your personal data erased by us in certain circumstances, if the personal data is no longer necessary to fulfil the purposes for which it was collected or processed, if you have objected to the processing of personal data and we do not have a legitimate interest that outweighs your interest, if the personal data has been processed in an unlawful manner or if the personal data must be deleted in order to comply with a legal obligation. However, in some cases we have the right to object to the erasure of your personal data and we will inform you if this applies.

The right to restriction of processing

You have the right to require us to restrict the processing of your personal data in certain cases if you dispute the accuracy of the personal data during the time it takes for us to verify the accuracy of the data, if the processing is unlawful and you object to the erasure of the data and instead request a restriction, if we no longer need the personal data but you need it in order to establish, assert or defend legal claims or if you have objected a processing based on our legitimate interest during the period we check if our interest outweighs your interests.

The right to object

You have the right to object to the processing of your personal data on the basis of our legitimate interest. If this happens, in order to continue processing, we must be able to demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms.

The right to data portability

If we process your personal data on the basis of a contract with you or your consent, you have the right to receive the personal data that you have provided to us and relating to you in a commonly used electronic format where this is technically possible and this can be done by automated means. You have the right, where applicable, to transfer such data to another controller (data portability).

The right to lodge a complaint

In Sweden, the Swedish Data Protection Authority is the authority responsible for monitoring the application of legislation among companies that process personal data. If you believe that we are processing your personal data incorrectly, you can, in addition to contacting us, file a complaint with the Data Inspectorate.

6. kameraövervakning

Biz Apartment Gärdet, Solna, Hammarby Sjöstad och Bromma är utrustade med ett system för kameraövervakning. Syftet med denna övervakning är att förstärka skyddet samt för bevisinsamling vid eventuella brottsligahandlingar som utförs i lokalen. Systemet registrerar bilder som visar personer som vistas i lokalen. Detta räknas som personuppgifter. Systemet är placerat på en NVR/Kameraserver och mjukvaran är lösenordskyddad. Rättslig grund förlagring: Berättigat intresse. Biz Apartment Hammarby Sjöstad AB har haft historik av bedrägeri och oredlighet, hot mot säkerheten, prostitution och tillgreppsbrott i lokalerna därav berättigat intresse. Vi har placerat ut tydlig skyltning som talar om att kameraövervakningförekommer samt hur man som registrerad kan nå personuppgiftsansvarige. Bilderna lagras i 30 dagar och äldst data raderas automatiskt.

Rättigheter för dig som har personuppgifter hos oss

Du som registrerad hos oss har flera rättigheter som du bör känna till.
Du har rätt att en gång per år begära ut ett registerutdrag kostnadsfritt.
Du har rätt till att få dina personuppgifter korrigerade om de skulle varafelaktiga, ofullständiga eller missvisande och du har rätt att begränsa behandlingen av personuppgifter tills de blir ändrade.
Du har rätt att bli glömd, men radering av personuppgifter kan inte ske om det krävs för att fullfölja ett avtal eller om annan svensk/europeisk lag, domstols- eller myndighetsbeslut säger annat, samt om det har lagligt stöd avberättigat intresse. Du har heller inte möjlighet att åberopa rätten att bli glömd i det fall det handlar om ett kamerasystem då omfattningen i ett sådant arbete skulle bli orimlig, detta faller under de undantag som finns föreskrivna. Om du inte håller med om det berättigade intresset eller tyckeratt det är felaktigt så har du rätt att invända mot behandlingen av dina personuppgifter. Du har också rätt att när som helst dra in ett samtycke, lämna klagomål ombehandlingen till Datainspektionen eller invända mot direktmarknadsföring.

‍