Privacy policy
1.Introduction – Who is Sky and why is data collected?
Sky Hotel Apartments is a privately owned company founded in 2009. We offer hotel apartments in Linköping and Stockholm, with contemporary interiors, their own kitchens and everything required for short and long stays. In Linköping we also offer Town Apartments – fully-furnished apartments for guests who want to make themselves at home, as well as Sky Meetings – a conference facility located on levels 18 and 19 of Tornet, a high-rise with magnificent views across Linköping and its surroundings.
Our vision is that our guests will feel at home while they are out travelling. To implement our business model and to manage enquiries and bookings, we have to collect different types of information (including personal data) about our guests and, when applicable, about the people who manage the contact with us on our guests’ behalf. We work actively to do this as correctly as possible. We have created a structure and internal procedures that enable our guests and their representatives to feel confident that we process their data correctly.
In this privacy policy we give you information about how we process your personal data in relation to you visiting our webpages, contacting us, booking a room at our hotel and/or staying with us.
We work continually with privacy matters, and consequently we can update this privacy policy. The latest version can be read on this page.
If you have any questions or comments, you are always welcome to contact us. For our contact details, see point 6 below.
2. Who is responsible for your personal data?
Skyotel AB, 556757-3216 (“Sky Hotel Apartments”, “we” and “us”) is personal data controller for the personal data about you that we process, in accordance with this privacy policy.
3. Which personal data is collected, and how is this done?
The personal data we process about you is data that you have provided us or our partners (e.g. booking.com), namely your name, address, email, telephone number and any information on the organization you represent (“guest profile”), invoicing and/or credit card details, as well as special requests relating to the booking. These special requests can include sensitive information such as health-related information. When you or someone else who manages the booking on your behalf supplies such data to us, we process it, supported by your consent, in order to administer and provide the service you have ordered.
If you do not book your stay yourself, we will get your guest profile (or parts of it) as above from the person who books your stay. In this case we might also process that person’s name, phone number, email and workplace address (“contact person’s profile”), as well as this person’s invoicing and/or credit card details (if any).
We also collect information from your use of various services when you use our website and/or other services or digital services that are supplied by us. Further, we collect data about how you navigate our website and other digital services, which searches you do, and which products you are interested in. Additional information on this and our use of cookies is presented in our cookie policy.
4. Why does Sky Hotel Apartments process your personal data?
We process your personal data for the purposes and with the support of the legal bases provided below.
Handling of enquiries, bookings and your stay – if you do not book your stay yourself | ||
For this purpose … | we process this personal data … | on this legal basis |
In order to manage the enquiry, order and administration of the booking that was made for you. | Contact person profile and any invoicing and/or credit card details. | Execution of the agreement for your stay, e.g. so that we can provide you with a room, and manage payments. |
Guest profile, invoicing and/or credit card details, and any special requests related to the booking. | Our legitimate interest in being able to administer the booking that has been made for you. Any sensitive personal data (re e.g. health, disabilities, allergies etc.) are processed with your consent. | |
To facilitate future bookings. | Guest and contact person profile, invoicing and/or credit card details, and any special requests related to the booking. | Our legitimate interest in being able to administer any future bookings. |
Handling of enquiries, bookings and your stay – if you book your stay yourself | ||
For this purpose … | we process this personal data … | on this legal basis |
In order to manage the order and administration of your booking, including communication with you before, during and after your stay. | Guest profile, invoicing and/or credit card details, and any special requests related to the booking. | Execution of the agreement for your stay, e.g. so that we can provide you with a room and any other agreed services, and manage your payment. Any sensitive personal data (re e.g. health, disabilities, allergies etc.) are processed with your consent. |
In order to manage questions, matters and other communication, e.g. if you forget anything at your accommodation. | Guest profile and information on your stay with us. | Our legitimate interest in being able to communicate with you and answer your questions, as well as with the aim of securing our legal responsibilities and rights. |
In order to facilitate future bookings | Guest profile and information on your stay with us. | Our legitimate interest in being able to administer any future bookings. |
Marketing, communication and improvement of our services | ||
For this purpose … | we process this personal data … | on this legal basis |
In order to be able to send marketing via email, text message, post or social media to you who has made a booking with us. | Guest or contact person profile | Our legitimate interest in being able to market our business to people who have stayed at the hotel or have made bookings with us for other people. |
In order to be able to send newsletters and offers to people who have registered for Sky Network. | Guest or contact person profile | Your consent or in order to execute the agreement on your membership in Sky Network. |
Communicate in our social media channels, e.g. om you comment on our page or posts, and in order to store information from our chat, for future reference when relevant. | Information from your profile (user name and the photo you selected for your account) and other information you supply. | Our legitimate interest in being able to communicate with you in our social media channels. |
In order that you can get as relevant information as possible about what we offer, and in order that we can develop our products and services online. | Guest or contact person profile, IP address, log-in details, payment details collected via cookies or other tracking tool. | Our legitimate interest in being able to market our business to people who have stayed at the hotel or have made bookings with us for other people, as well as your consent, acquired in accordance with our cookie policy. |
Legal claims and obligations | ||
For this purpose … | we process this personal data … | on this legal basis |
In order to manage any complaints or other claims. | Guest profile and information that is relevant to the claim (e.g. information on the booking/stay in question). | Our legal obligations as per applicable legislation, as well as our legitimate interest in being able to defend ourselves against claims. |
In order to execute our obligations in accordance with legislation, the decisions of courts and government agencies (Bookkeeping Act, Act concerning right of retention for claims against hotel guests, Schengen legislation etc.). | Guest profile and when applicable information on travel documentation, payment history, transactions and other materials that constitute accounting materials. | Our legal obligations. |
5. Transfer of your personal data
In certain cases we use personal data processers (e.g. banks, IT providers and IT consultants) to manage payments and bookings, data storage and provision of other IT services, and so that we can conduct our business efficiently. In such situations we transmit personal data to be processed by the personal data processer in accordance with an agreement with us and with our instructions regarding such processing.
We also transmit certain personal data to certain companies which are independent personal data controllers, which means that they decide why and how (purpose and means) your personal data is processed. Such a transmission is done e.g. to companies that offer independent payment solutions in order to administer your payment to us. The payment service providers are independent personal data controllers for the processing of your payments, and they inform you separately regarding how they process your personal data.
The following companies may receive your personal data, in their capacity as personal data processors/independent personal data controllers:
Newbook – personuppgiftsbiträde personal data processor
Microsoft AB – personuppgiftsbiträde personal data processor
Mailchimp – personuppgiftsbiträde personal data processor
If you use our social media channels (e.g. Facebook and Instagram), these will also process your personal data in accordance with their own privacy policy.
Sky Hotel Apartments does not currently transmit personal data to outside the EU/EES area. If such transmission and processing were to occur in the future, it will only occur in a manner that secures adequate protection and otherwise fulfils all legal requirements for such processing.
6. For how long do we save personal data?
At Sky Hotel Apartments we process personal data in order to give you the best service possible. We save personal data for as long as required in order to meet the objective for which we process them. We have procedures that ensure that we do not save unnecessary personal data, and we minimize the storage time as much as possible.
Information from the form for expression of interest is not stored, and your emails are deleted in our system as soon as your enquiry has been addressed.
In order to manage your booking and stay, your personal data is stored from the time the booking is made until at least the departure date. After that you will receive marketing mail-outs for 11 months from the time of your stay, or from the time you made a booking for someone else. Guest and contact person details are anonymized automatically if they have not been used for 11 months.
Your comments on our website and chats with us on our social media channels remain until you remove the comment or chat. However in social media channels that we moderate, your comments or chat posts (or similar messages) can be deleted in accordance with our procedures, or in any case once per year, without previous communication with you. Personal data that we collect via cookies or other tracking tools are saved for up to 13 months from your first visit to our website.
According to Schengen legislation, we must save information on our guests’ identity for three months. Regarding personal data about your payment, the personal data in our accounting system is stored for seven years from the year that the accounting material concerns.
In the event of a claim from you, personal data about you that we process is stored from the time when your claim is submitted and for as long as the claim is being addressed.
3. Security for your personal data
We have taken particular security measures to protect personal data against unlawful and unauthorized access. Only employed staff with the required authorization have access to personal data for processing. Most storage areas have authority limitations where access is limited to specific users among our staff.
4. Your rights
Right to access to your personal data
If you want access to your personal data processing, you have the right to receive confirmation of whether we process your personal data. If we process your personal data, you also have the right to receive information on how we process it, and to get a copy of your personal data (“register extract”).
Right to recall your consent and to object to processing
You have the right to recall all or part of the consent you have given us for the processing of your personal data.
You have also the right to object to our processing when we process your personal data with the support of a balancing of interests. Read more about what balancing of interests involves above. In certain cases we will continue to process your personal data, even if you have objected to this processing. If we do this, it is when we can provide legitimate reasons for the processing which weigh more heavily than your interests, rights and freedoms, or if it is to execute an agreement that is in force, or the execution or defence of legal claims or duties.
Your personal details will not be processed for direct marketing if you decline such processing.
Right to correction
You have the right to having any incorrect personal data corrected, and to have incomplete personal data adjusted.
Right to erasure (the right to be forgotten) and limitation of processing
You can ask us to delete your personal data and we will delete it under certain conditions, e.g. when it is no longer required for the purposes for which it was collected or processed, or if you recall your consent on which the processing is based and there is no other legal basis for the processing.
You also have the right to, under certain conditions, e.g. if you dispute the correctness of your personal data or if the processing is unlawful and you object to the personal data being deleted, have the processing of your personal data limited.
Right to data portability
You have the right to receive from us your personal data in a structured, commonly used and machine-readable format. You also have the right to have your personal data transmitted to another personal data controller, when this is technically feasible (“data portability”).
The right to data portability applies to personal data which you have provided us in a structured, commonly used and machine-readable format, if the processing is based on your consent or on an agreement and the processing is automatic.
Right to object
The Swedish Data Protection Authority is responsible for monitoring the data protection legislation. You can always submit a complaint to:
The Swedish Data Protection Authority
Box 8114
104 20 Stockholm
Tel.: +46 (0)8 657 6100
9. Contact
For further questions about how we process your personal data, you are welcome to contact us.
10. Recruitment-related personal data
When you participate in a recruitment process with us, we process personal data such as name, contact details, information on education and professional experience, and other details (grades, references, photograph etc.) which you may provide us in your curriculum vitae or otherwise. We may also receive this data from an external recruitment firm.
We process this personal data in order to administer, organize and complete recruitment processes based on our legitimate interest in recruiting suitable staff.
If we decide not to employ you right now
If we continue with another candidate in the recruitment process, we will no longer use your personal data with the purpose of managing this particular recruitment process.
However, with your consent we may retain your personal data with the aim of inviting you to participate in future recruitment processes. For this purpose, we will process your personal data for two years from the date on which you submitted your application, or until you revoke your consent.
In order to defend ourselves against claims (e.g. as per anti-discrimination legislation or similar) we may, however, in a balance of interest, save your personal data for up to two years from the completion of the recruitment process.
If we decide to employ you
If we decide to employ you, we retain necessary personal data for the entirety of your employment, and during the time that is required by law. During the employment period your personal data will be processed in accordance with applicable privacy policy for employees, and in accordance with our staff handbook and corresponding documents.