Who is responsible for your personal data?
Astrid Lindgrens Värld AB (org. reg. no. 556303–3033) is the data controller of the personal data you give us. If you have any questions about how we handle your personal data you are always welcome to contact us via email at firstname.lastname@example.org.
What personal data do we collect about you and for what purpose?
We can collect different kinds of personal data about you including when you visit our web pages, subscribe to our newsletter, take part in competitions or events, book accommodation or buy products from one of our web shops.
Examples of personal data we collect about you on these occasions:
Contact details, such as address, email and telephone number
Personal identification number
User data (for example which web pages you visit/have visited and where on the web pages you click/have clicked)
Correspondence with us (for example personal data that you give when you contact us.
Our purposes and information regarding handling personal data are shown below.
Data collected to handle customer service matters
We collect personal data from you when you contact us, for example via email, telephone or digital channels, including social media. In the first instance, we collect the personal data required to answer your question or deal with you case.
Categories of personal data handled on these occasions: name, personal identification number, contact details (e.g. address, email and telephone number), booking number, your correspondence, details of the time of purchase, place of purchase, any errors/complaints, health details (e.g. allergies and state of health of which you inform us).
Legal grounds: Balancing the interests. Handling is based on our legitimate interest in meeting our and your legitimate interest in dealing with customer service matters.
Data collected to deal with orders/purchases
When you book accommodation at Astrid Lindgren’s World, buy a product from one of our web shops or book one of our services, e.g. guided tours or courses, we collect personal data from you to complete your order, e.g. handling booking changes and cancellations, sending out booking confirmations and communication about the booking.
Categories of personal data handled on these occasions: name, personal identification number, contact details (e.g. address, email and telephone number), payment history, payment information, credit information from credit agencies, purchase information (e.g. which product has been ordered and if the product is to be delivered to another address).
When booking accommodation, a person may enter details about one or more persons in a group travelling together. We assume that the person providing the data has the consent of all the travellers to provide these personal data. If the booking includes children, we collect information about the children’s ages based on price categories.
Legal basis: Agreement. The handling is done based on us being able to complete our undertakings according to the purchase agreement.
Data collected to create and administer My Pages
When you buy an annual season ticket from us, you can choose to create a user identity so you can see your purchase history and extend the annual season ticket that you register. The user identity includes the personal data that you entered when you made your purchase and that are collected during your personal log in. My Pages.
Data collected to complete and handle participation in competitions and/or events
We collect personal data about participants required for communication before and after participation in a competition or event. Categories of personal data handled on these occasions: name, contact details (e.g. address, email and telephone number), details provided with the competition entry, information given in assessments of events.
Legal basis: Legal obligation. The handling is done based on us being able to meet our and your legitimate interests in dealing with your participation in competitions and/or events.
Information collected to complete the company’s legal obligations
We handle personal data in order to fulfil the company’s legal obligations according to legal requirements, court decisions or decisions by authorities, e.g. the Book-keeping Act or the rules on product responsibility and product safety. Categories of personal data handled on these occasions: name, personal identification number, contact details (e.g. address, email and telephone number), payment history, payment information, your correspondence, details on time of purchase, place of purchase, any errors/complaints.
Legal basis: Statutory obligation. Handling based on what is legally required.
Data collected when using digital services
When you use one of our websites, our app or some other digital service from us, we collect the data on your use of the service. We also collect information via targeted guest/customer surveys. We do this to create a basis for evaluating, developing and improving our services, products and systems. Categories of personal data handled on these occasions: age, gender, place of residence, correspondence and feedback on your visit, our products and services, purchasing and user-generated data (e.g. clicking and visiting history), technical data concerning devices used (e.g. IP address), information on how you have interacted with us, i.e. how you have used the service.
Legal basis: Legitimate interest. The handling is done based on meeting our and our visitors’/customers’ legitimate interest to evaluate, develop and improve our range, services, products and systems.
Data collected for marketing
We handle your personal data so we can send out, for example, our newsletter and offers or information about our courses, events and seminars, etc. Categories of personal data processed on these occasions: name, age, gender, contact details (e.g. address, email and telephone number).
Legal basis: Legitimate interest. Handling is based on our legitimate interest of being able to send direct marketing on what we have to offer. If you subscribe to our newsletter, we handle your personal data based on your prior consent. You have the right at any time to withdraw your consent by emailing us at email@example.com. You can also always unsubscribe from our respective homepages.
With whom may we share your personal data?
Personal data processors. If it is necessary for us to be able to offer our services, we will share your personal data with companies that are so-called personal data processors for us. A personal data processor is a company that processes information on our behalf and according to our instructions. We have personal data processors that help us with:
Transport (logistics companies and forwarding agents)
Payment solutions (card-cashing companies, banks and other payment service suppliers)
Marketing (print and distribution, social media, media agencies and advertising agencies)
IT services (companies that handle required operations, technical support and maintenance of our IT solutions)
When your personal data are shared with personal data processors, they are only shared for purposes that are consistent with those for which we have collected information (e.g. to be able to meet our undertakings according to the purchase agreement). We check all personal data processors to ensure that they can provide sufficient guarantees regarding safety and confidentiality of personal data. We have written agreements with all personal data processors through which they guarantee the safety of the personal data that are handled and undertake to comply with our security requirements and limitations as well as requirements for the international transfer of personal data.
Companies that are independent data controllers
We also share your personal data with some companies that are independent data controllers. When a company is an independent data controller, we do not control how the information submitted to the company is processed.
Independent data controllers that we share your personal data with:
Government authorities (the police, tax authority and other authorities) if we are obligated to do so according to the law or in the event of a suspected crime.
Companies that supply general goods transport (logistics companies and forwarding agents)
Companies that offer payment solutions (card-cashing companies, banks and other payment service suppliers)
We do not store your personal data for longer than necessary for the respective purpose. The data may also be saved for the time required by the applicable law, for example for seven years to meet the requirements of the Book-keeping Act. In other cases, we regularly review our personal data handling. For example, we can delete your data if you have not been in contact with us for a long time. You are welcome to contact us for information on the specific storage periods for the respective purposes.
You have the right to obtain information about the personal data handling we conduct here.
You have a right once a year to request an extract from the register to see which personal data we have about you.
You have the right to request correction if anything is incorrectly registered with us.
You have the right to be deleted under these conditions:
The data are no longer needed for the purpose for which they were collected.
If the data are saved with your consent and you withdraw your consent.
If the handling is based on balancing the interests and there are no legitimate reasons that are more important than your interest.
If the personal data have been handled illegally.
If you object to handling for direct marketing purposes.
The right to be deleted does not apply if we are obliged by law (e.g. the Book-keeping Act) to retain the data.
You have the right to data portability (the right to have your personal data moved) provided that the legal grounds are consent or agreement and the data you can obtain are personal data concerning you, that you have provided yourself or that have been generated by your actions/activities.
You have the right to demand that handling be restricted but not to have your request met if it is a requirement of the goods/service working.
You have the right to object to personal data handling; we will then stop handling the data while the matter is being investigated.
You have the right to lodge complaints to a supervisory authority about data handling that has been carried out by us.
You can deselect Webtraffic’s cookies by turning off advertising cookies at: http://www.webtraffic.se/optout
If you do not want to allow cookies to be used, you can turn off cookies in your web browser. Read more about how to do this in the help section for your web browser.
How are your personal data protected?
We use IT systems to protect confidentiality, privacy and access to personal data. We have taken special safety measures to protect your personal data against unlawful or unauthorised handling (such as unlawful access, loss, destruction or damage). Only persons who actually need to handle your personal data for our stated purposes have access to them.
Complaints and supervisory authority
If you believe that we have handled your personal data incorrectly you have the right to lodge a complaint with the Swedish Data Protection Authority, which is the supervisory authority for personal data processing.
For more information about personal data handling or if you have any questions, you are welcome to contact us by email at firstname.lastname@example.org or via our telephone exchange on +46 (0)492–79 800