Privacy Policy

Information for those who have visited, purchased, or taken part in experiences or activities run by Astrid Lindgren’s Vimmerby Aktiebolag (Astrid Lindgrens Värld, Astrid Lindgrens Näs, Astrid Lindgrens Vimmerby konferens och möten). Your privacy is important to us and we always want to be open about how we process your personal data so that you feel safe when you provide it to us. In this privacy policy you will find information about how Astrid Lindgrens Vimmerby Aktiebolag (‘we’) processes your personal data.

Who is responsible for your personal data? Astrid Lindgrens Vimmerby Aktiebolag (org. reg. no. 556303–3033) is the data controller for the personal data that you provide to us. If you have any questions about how we process your personal data, you are always welcome to contact us by email dataskydd@astridlindgrensvarld.se

What personal data do we collect about you and for what purpose?
We may collect different types of personal data about you when you visit our websites, sign up for our newsletters, take part in competitions and events or book accommodation. Examples of personal data that we collect about you on these occasions are:

Name
Contact details, such as your address, email address and phone number
Personal identification number
Payment details
User data (such as which web pages you visit/have visited and where on the web pages you click/have clicked)
IP address
Correspondence with us (e.g. personal data that you provide when contacting us)

Below are the different purposes for which we process your personal data and information regarding our processing for these purposes. Data collected for the purposes of handling customer service enquiries.
We collect personal data from you when you contact us, for example by email, phone or digital channels, including social media. We primarily collect the personal data needed to answer your question or handle your case. Categories of personal data that are processed on these occasions: name, personal identification number, contact details (e.g. address, email and phone number), booking number, your correspondence, information about the time of purchase, place of purchase, any errors/complaints, health data (e.g. allergies and health conditions you provide yourself). Legal basis: Legitimate interest. Processing is based on our legitimate interest in being able to handle customer service issues.

Data collected for the purposes of handling orders/purchases.
When you book accommodation at Astrid Lindgren’s World, buy entrance tickets or book any of our services, e.g. guided tours and courses, we collect personal data from you to fulfil your order, e.g. to handle changes and cancellations, send out booking confirmations and communicate with you about your booking. Categories of personal data processed on these occasions: name, personal identification number, contact details (e.g. address, email and phone number), payment history, payment information, credit information from credit rating agencies, purchase information (e.g. which product has been ordered or whether the product is to be delivered to another address). When booking accommodation, a person may provide personal data about one or more other people in the visiting party. We assume that the person providing the information has the consent of all visitors to provide this personal data. If the booking includes children, we collect information about the child’s age based on price categories. Legal basis: Contract. The processing takes place so that we can fulfil our obligations under the purchase agreement.

Data collected for the purposes of creating and administering My Pages
When you buy annual passes from us, you can choose to create a user ID to see your purchase history and renew the annual passes you register. The user ID includes personal data you provided to us at the time of your purchase and is collected under your personal login, My Pages.

Data collected for the purposes of conducting and managing participation in competitions and/or events:
We collect the personal data of participants required for communication before and after participation in a competition or event. Categories of personal data processed on these occasions: name, contact details (e.g. address, email and phone number), data provided in competition entries, data provided in event evaluations. Legal basis: Legal obligation. The processing is based on the fulfilment of the legitimate interest in managing your participation in competitions and/or events.

Data collected for the purposes of fulfilling the company’s legal obligations:
We process personal data to be able to fulfil our legal obligations under the law, court rulings or government rulings, such as the Accounting Act or rules on product liability and product safety. Categories of personal data processed on these occasions: name, personal identification number, contact details (e.g. address, email address and phone number), payment history, payment information, your correspondence, information about the time of purchase, place of purchase, any errors/complaints. Legal basis: Legal obligation. The processing is based on legal requirements.

Data collected in connection with the use of digital services
When you use one of our websites or any other digital service we provide, we collect data about your use of the service. We also collect data via targeted guest/customer surveys. We do this to provide a basis for evaluating, developing and improving our services, products and systems. Categories of personal data processed on these occasions: age, gender, place of residence, correspondence and feedback regarding your visit, our services and products, purchase and user-generated data (e.g. click and visit history), technical data regarding devices used (e.g. IP address), information about how you have interacted with us, i.e. how you have used the service. Legal basis: Legitimate interest. The processing is based on legitimate interest in evaluating, developing and improving our offerings, services, products and systems.

Data collected for marketing purposes
We process your personal data to send out, e.g., our newsletters and offers or information about our courses, events and seminars, etc. Categories of personal data processed on these occasions: name, age, gender, contact details (e.g. address, email and phone number). Legal basis: Legitimate interest. Processing is based on our legitimate interest in being able to send direct marketing about our offering. If you subscribe to our newsletter, we process your personal data based on your prior consent. You have the right to withdraw your consent at any time by emailing dataskydd@astridlindgrensvarld.se. You can also always unsubscribe from our mailings on our respective websites.

Who may we share your personal data with?
Data Processors . In cases when it is necessary for the provision of our services, we share your personal data with companies that are so-called data processors for us. A data processor is a company that processes information on our behalf and according to our instructions. We have data processors who help us with:

Transport (logistics companies and freight forwarders).
Payment solutions (card issuers, banks and other payment service providers).
Marketing (print and distribution, social media, media agencies or advertising agencies).
IT services (companies that handle essential operations, technical support and maintenance of our IT solutions).

When your personal data is shared with data processors, it is only for purposes consistent with those for which we have collected the information (e.g. to fulfil our obligations under the purchase agreement). We review all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors whereby they guarantee the security of the personal data being processed and undertake to comply with our security requirements and restrictions and requirements regarding the international transfer of personal data.

Companies that are independent data controllers. .
We also share your personal data with certain companies that are independent data controllers. When a company is an independent data controller it means that we do not control how the information provided to the company is processed. Independent data controllers with whom we share your personal data are:

State authorities (the police, tax authorities or other authorities) if we are required to do so by law or in the case of suspicion of a crime.
Companies that manage the public transport of goods (logistics companies and freight forwarders)
Companies that provide payment solutions (card issuers, banks and other payment service providers).

When your personal data is shared with a company that is an independent data controller, that company’s privacy policy and personal data management apply.

Storage
We do not save your personal data longer than is necessary for the respective purpose. The data may also be saved for the time required by applicable law, for example for 7 years to fulfil the requirements of the Accounting Act. In other cases, we will regularly review our personal data management. For example, we may delete your data if you have not been in contact with us for a long time. You are welcome to contact us for information about the specific storage periods for the respective purposes.

Your rights

You have the right to receive information about the personal data processing we undertake.
You have the right to request a register extract once a year to see what data we are processing that is specific to you.
You have the right to request correction if we have inaccurate data stored about you.
You have the right to have your data deleted under these conditions:
- The data is no longer required for the purposes it was collected.
- The data was collected based on your consent and you withdraw your consent.
- The processing is based on balance of interests and there are no legitimate grounds that outweigh your interest.
- The personal data has been processed unlawfully.
- You object to the processing of the data for direct marketing purposes.
- The right to deletion does not apply if we are required by law (e.g. the Accounting Act) to keep the data.
You have the right to data portability (the right to have your personal data moved) provided that it is on the legal basis of your consent or a legal contract and that the personal data pertains to you, was provided by you or was generated by your actions/activities.
You have the right to request a restriction of processing, however the request may not be fulfilled if the processing is required for the functioning of the product/service.
You have the right to object to specific personal data processing, in which case we will cease processing while the matter is investigated.
You have the right to lodge a complaint to a supervisory authority over the data processing activities we conduct.

How we use cookies and how you can control their use
Cookies are small text files consisting of letters and numbers that are sent from our web server and stored on your browser or device. Our websites use cookies to provide you as a user with access to personalised settings for the next time you visit using the same browser. We also record general visitor statistics; no statistics are traced to specific users. Sometimes we also use cookies to target ads to visitors. Third-party vendors, Google and Webtraffic, use cookies to show ads based on your visit to this and other websites. You can opt out of Webtraffic’s cookies by disabling advertising cookies at: http://www.webtraffic.se/optout If you do not want to allow the use of cookies, you can disable cookies in your browser. Read more about how to do this in your browser’s help section. Please note that we only use cookies to make things easier for you. If you choose to delete the storage of cookies in your browser, we cannot guarantee that we will be able to provide the level of service we strive for.

How is your personal data protected?
We use IT systems to protect the confidentiality, integrity and availability of personal data. We have implemented specific security measures to protect your personal data against unlawful and unauthorised processing (such as unauthorised access, loss, destruction or damage). Only those persons who actually need to process your personal data in order to fulfil our stated purposes have access to it.

Complaints and supervisory authority
If you believe that we have processed your personal data improperly, you have the right to lodge a complaint with the Swedish Data Protection Authority, which is the supervisory authority for personal data processing.

Contact us
For further information on personal data processing or if you have any questions, please contact us by email dataskydd@astridlindgrensvarld.se or via our telephone switchboard at +46 (0)492–79 800.

Changes to this Privacy Policy
We may make changes to our privacy policy. The latest version of the privacy policy is published on this page. In case of updates that are of crucial importance for our processing of personal data, you will be informed via our website and/or by email.

The privacy policy was last updated on 07/05/2018.

Plan your visit

Discover the park

Accommodation

More

Privacy Policy