The purpose of this policy is to comply with the requirements of the General Data Protection Regulation (GDPR) and to provide information about the processing of personal data for which EasyFlat Living AB (“EasyFlat”) is data controller. The purpose is to give information to our data subjects regarding our processing and to inform you as a data subject about how you can defend your rights.
EasyFlat is the Data Controller when processing personal data regarding which we decide the purposes and means for. For example, we process personal data to create bookings for our customers, to communicate important information to our customers and to communicate relevant direct marketing. We Also process data about our current and previous employees.
If you as a data subject at EasyFlat wants to exercise your rights or have questions regarding our processing of your personal data you are welcome to contact email@example.com.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier of that natural person.
Processing of personal data includes everything that is done with the data. Every action taken with the data constitutes a processing, no matter if it is done automatically or not. Example of common processing activities is collection, recording, organizing, structuring, storing, using, limiting, erasing or destroying.
Processing of Personal Data
We process personal data mainly for booking purposes as well as the selling process leading up to a booking, the information process that comes after a booking and the payment process that is included in the booking.
We also process personal data for marketing purposes, to reach a target audience that has a demand for accommodation. Our goal is that the recipients of our marketing message has a genuine interest in our offer. Our processing of your personal data is based on a commercial interest to market and book our properties.
We also process personal data for employment purposes as well as the recruitment process that leads up to an employment.
When the processing of personal data is based on a legitime interest it requires an assessment whether the interest of the data processor is overridden by the interest of the data subjects right to protection of his or her personal data.
Processing of personal data for selling or for marketing purposes is generally allowed based on a legitime interest. This requires that the personal data is limited to what is necessary for the sale or marketing to take place. The personal data which is considered necessary is name, address, e-mail and phone number.
Collecting personal data
We use different methods to collect personal data. For example, we might ask you when and where you need accommodation on a form on our website and at the same time ask you to fill out your name and contact information. We will later use that information to contact you and send you information about accommodation that we believe is relevant for you.
According to best practice a company is required to establish their own blocking register to avoid communicating direct marketing to individuals whom has opposed themselves towards direct marketing activities. Since it’s also in EasyFlats own interest to not try to sell or market to individuals who are not interested in our offer we maintain a blocking register to avoid that. When you contact us with a request to be placed on our blocking register we end all attempts to sell to you and any direct marketing activities that are directed towards you. We document your phone number and e-mail in our blocking register to be able to accommodate you request.
When we use phone numbers for direct marketing purposes we either collect your consent for this or when we don’t have your consent we conduct a check against the NIX-register. When we conduct a check against NIX we remove the numbers that are registered in accordance with best practice.
To ensure that you are not younger than the age limit that we are applying. The processing is based on a legitimate interest of not processing personal data related to individuals under 18 years of age.
When sending direct marketing via e-mail to you, the law requires that the sender, prior to the activity, collected a consent from you. You always have the right to withdraw this consent.
Categories of Personal Data
We collect the following data about you as a customer or potential customer:
- First name
- Phone number
- Postal Address
We collect the following data about you as an employee or potential employee:
- First name
- Personal identification number
- Phone number
- Postal Address
- Bank account information
We do not process sensitive personal data about our customers or potential customers. If sensitive data despite this should come to us, we will immediately destroy this data.
We do not process any data regarding children. To ensure this, you must state your date of birth in our communication channels when asked for it.
You can choose for your computer to warn you every time a cookie is sent, or you can choose to turn off all cookies, this is done in your website settings. Since the format of websites can vary, check your websites help desk to learn the right way of changing your cookie settings.
If you turn of the cookie function, there is a risk that some functions that make websites more efficient don’t work in a correct way. This shall what so ever not affect your website experience at our website.
We group the personal data that we collect about customers or potential customers in categories like age, geography and industry to be able to send relevant marketing to the right person.
Our ambition is to process your personal data within the EU/EEA and all our processing is as of today performed within the EU/EES.
Regardless in which country your personal data is processed we take all reasonable legal, technical and organizational actions to ensure that the protection is the same as within the EU/EES. If we process personal data outside the EU/EES we make sure that the same protection as within the EU/EES is guaranteed, either by a decision from the EU-commission that the country ensure an adequate level of protection or by ensuring that the processor or controller has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
Who we share our data with
Sometimes we share personal data with our partners, when it is necessary to perform a booking. We can also share your data with our subcontractors for maintenance and development of our systems and for data storage.
Where we collect your personal data
We collect your personal data from following sources
Forms on our website or on one of our social media platforms.
Official authorities like Arbetsmiljöverket, or from subcontractors that collects the data from official register.
From you as an employee or from a recruiting firm
We collect personal data for booking, marketing and employment purposes. The personal data can be stored for different time frames depending on, for instance, the length of the booking or the type of marketing campaign. We only save the data for as long as it is relevant. We update the data regularly to ensure that we are compliment with the GDPR demands on accuracy.
As a data subject you have several rights. If you as a data subject at EasyFlat want to exercise your rights or have questions regarding EasyFlats processing of your personal data you are welcome to contact us at firstname.lastname@example.org
Right of access
You have the right to obtain confirmation from EasyFlat regarding whether personal data concerning you are being processed and, in that case, access the personal data.
Right to rectification
If you consider that the personal data, regarding you, are inaccurate or incomplete you can demand rectification regarding that data.
Right to object
When EasyFlat process your personal data based on a legitimate interest you have the right at any point to object against that processing. EasyFlat shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
EasyFlat can no longer process your personal data if you object to processing for the purpose of marketing.
Right to restriction
In some cases, for example if you have made an objection to a processing activity, you have the right to demand a restriction of the processing. By demanding restriction, you have the ability to stop EasyFlat from using your data, at least during a certain time period, except from EasyFlats right to defend a legal claim. You can also stop EasyFlat from erasing your data if you need them to claim damages.
Right to erasure ”Right to be forgotten”
In some cases you can get your personal data deleted. For example:
- When the processing is based on your consent and you withdraw this consent.
- When the purpose of processing is direct marketing and you oppose processing for this purpose.
- When you oppose a processing that is based on an interest and there are no overriding legitimate grounds for the processing.
Right to data portability
In some cases when EasyFlat is processing personal data based on your consent you have the right to receive your personal data to use elsewhere for example transfer the data to another data controller.
Right to complaint to supervisory authority
You have the right to lodge a complaint to a supervisory authority. Datainspektionen is the Swedish authority that exercise supervision over how we as a company is compliant to current legislation.
EasyFlat AB, reg. nr. 556984-0464
Västmannagatan 66, 113 25 Stockholm, Sweden