When you use one of our digital services we collect information about your usage. Some of this information may be personal data. This privacy notice sets out how we collect, store and process this personal data.
What personal data is
Personal data is any information that can be directly or indirectly used to identify a living person. It can be data such as name, address, national ID number, email address and phone number. It is also information like booking number, encrypted data and electronic identities, like an IP number, if they can be traced back to an identifiable living person.
Data that is collected when you use MySunwing
Whenever you use one of our websites, apps or another of our digital services we collect information about your usage of the service. We collect information about how you navigate the service, your searches and which of our products you show an interest in.
When you make a booking through MySunwing we collect the information we need to be able to organize the activity. This is the name, room number and email address of the participant. If relevant we also collect the name of any child who is to participate in the activity as well the child’s age, spoken language, any allergies, and the name, phone number, email address, room number and location of the child’s guardian/responsible adult during the activity.
If you log onto MySunwing using your My page account and log in information, MySunwing will automatically download your name, email address, age, nationality, phone number and password from your My Page account and store them in a local database. The data is stored for 20 days and then anonymized in such a way that it cannot be used to identify anyone individually.
How we use the data
The information we collect when you make a booking through MySunwing is used for administration of the activities. This means the information is used to make lists of participants, collect payment, and contacting you on matters relating to your booked activity should the need arise.
We use the information we collect about our customers to develop and improve our products and services. For our digital products we use usage pattern information to determine how and what information, offers and promotions we show on our websites and what functions we develop and provide. We also use customer information to develop our holiday products to suit customer preferences and behavior, and to e.g. address problems or improve customer safety.
We mainly use anonymous or anonymized data on an aggregated level to analyze user behaviours. We may use personal data for these purposes if it is relevant.
Terms of storage
We store your personal data only as long as is needed to fulfil the purposes of the data collection and processing.
Information collected when you make a booking through MySunwing is stored for three (3) weeks. At that point the data is anonymized. We store anonymous user data to analyze and develop our product offering.
Who can access your personal data
Activities booked through MySunwing take place at the destination. This means that your personal data may be processed outside the EU/EEA. The data may also be processed by resort staff at the destination not employed directly by us. The data is only processed in our systems and at our express direction.
We use a number of IT services and IT systems in our business. Some of these systems process personal data. We take your integrity and the security of your personal data seriously during all such processing. Some systems are locally installed and only accessible by our staff. In these cases, no personal data is transferred to any third party. Some systems are cloud solutions or installed at a provider’s premises and require transferring personal data to a third party. In all such cases the provider is our data processor, acting on our behalf and in accordance with our instructions.
Internally we process personal data in our customer management system, our booking- and sales systems, our customer service system and in a system for data processing and optimization. These systems are required to provide you with the services you have requested from us and to provide customer care and support in conjunction with those services. Any personal data we collect may be processed in any or all of these systems.
We use external providers for profiling and user behavior analysis on our websites and for handling user feedback. These providers process personal data under a data processing agreement on our behalf. The data being processed is for the most part information collected by cookies which is processed on an anonymous and aggregated basis.
You have the right to control over collection and processing of your personal data
Personal data processing which is necessary to fulfil a contract or legal obligation is permitted without consent. To collect and process personal data for other purposes we require your consent. You consent to our collection and processing of your personal data when you use our services on one of our websites, in our app or when you interact with our sales staff or a travel agency. You can withdraw your consent at any time should you so wish by contacting us using the contact information below.
You have the right to demand that personal data about you is erased, amended or corrected. You also have the right to object to processing of your personal data for specific purposes, such as direct marketing or profiling.
It is possible that the same information is being processed for multiple purposes, some of which require consent and some of which do not. This means that even if you do withdraw your consent and the consent based processing is stopped, the information may still be retained and processed by us for other purposes that do not require your consent.
If you want to know what personal data we hold about you, you can apply for a record of your personal data using the contact information listed below. Such a record is provided on request free of charge once per year. NOTE! You have to sign your request by hand and send it in the post, an email request is not sufficient. Mark your letter “personal data request – for the Ving DPO”.
Ving is the data controller for personal data collected and processed on this website. Ving Sweden is part of the Nordic Travel Leisure Group AB (NTLG). Ving and NTLG are joint data controllers for this personal data collection and processing. However, Ving is your point of contact for any issues or requests.
Personal data collected by Ving will be processed by NTLG for the same purposes.
You can contact us at firstname.lastname@example.org or through regular post at Ving, 105 20 Stockholm, Sweden.
Full integrity policy
You can read more about our data processing and your rights in [our integrity policy].