Privacy Policy - GDPR

This is our privacy policy that shows our personal data documentation for you who rent or rent out cabins through our cabin agency. All data is processed in accordance with current legislation in Sweden. If you have any questions or concerns about our privacy policy, you are welcome to contact us at: Contact


Explanations:

The term landlord is equivalent to those who rent out their cabin in Sweden through us.
The term tenant is equivalent to those who rent a cabin/Residence in Sweden through us.
The term registered person is equivalent to both the landlord and tenant.
The term Incoming is equivalent to the house rental/ cabin agency Incoming Center of Scandinavia AB.


Responsible party for the handling of personal data.

Incoming Center of Scandinavia AB
Sockenvägen 18
SE871 40, Härnösand
Contact: Contact
Org.nr: 556622-5479
Cabin agency: https://cabinsinsweden.com


1. What data is registered and why?

1.1 Register of customers/tenants.

Incoming never discloses the tenant’s personal information to third parties. The personal data of our tenants is only used by staff at Incoming to be able to administer bookings and perform the company’s accounting. This means that we use the information to send e-mails with confirmation, payment documents and road directions to the rented cabin, to the tenant as well as additional e-mails or telephone contact, for example answering any potential questions.

We convey the personal information of the tenant to the landlord they booked their cabin with.

The personal information we register regarding the tenant is:

  • Name
  • Address
  • Telephone number
  • E-mail
  • IP-address

Subscription

The tenant can at the time of booking choose to subscribe to our newsletter. The tenants name and e-mail will then be registered with Incomings mailing list.


1.2 Sensitive personal data

For extra security reasons, we intend to only receive sensitive personal data via postal letter. Sensitive information can, for example be a doctor’s note which the tenant sends us when using our security protection. Sensitive information is only verified manually and never registered in our register.


1.3 Legal processing of personal data

Registration of personal data is necessary to fulfill an agreement to rent or lease a dwelling in which the registered person is or intends to become a part of.

The processing of personal data is also necessary to fulfill a legal obligation. Incoming has, according to the Accounting Act, an obligation to save its accounting information in accordance with current accounting rules.


At the time of booking, the landlord can give consent to receive newsletters and offers.

1.4 Direct marketing

Incoming may use personal data to establish a customer relationship and send offers to the registered person according to the weighing of interest in the Personal Data Act. The registered person can easily request to be deleted from the register by telephone, e-mail or via a link in the newsletter. The mailing offers are made via the program Mailchimp, Incoming handles all administration of these mailings.


2. Removal and Deletion    

2.1 Removal of personal information

The personal data of the landlord is stored for as long as our cooperation remains. When the ad is removed other than temporarily, the personal data is deleted. The landlord is then also removed from our newsletter.

The tenants’ personal data is stored for up to a year after the customer relationship has ended. Personal information (name and e-mail) used in connection with subscription to newsletters are stored as long as the tenant is a subscriber. We delete this information when the tenant renounces the subscription.

The registered persons’ personal data is used and stored in accordance with current accounting rules. Thereafter the data is deleted and the documents are destroyed.


2.2 Sensitive personal data

When sensitive personal data is received via postal letter, then these documents are destroyed as soon as we have verified the data. If sensitive personal data is received via e-mail, then the e-mail conversation will be deleted as soon as the correspondence is over.


2.3 Backup 

As a technical security measure, we perform ongoing backups of our computer systems and this is saved for one year on our backup server. This means that your personal information is included and stored in an encrypted file for up to one year after we delete your personal data. The backup file is sent encrypted.


2.4 Mail contact

E-mail correspondence is saved for one year. E-mails can be saved for an additional period of time if they contain necessary information, such as what the next year’s rental looks like or if they contain information we have to look at in the event of a complaint.


2.5 Statistics and analysis

We de-identify data we use for statistics and information, for an example when we look at how many bookings a landscape has received in a certain period, no personal data is included in the report.


3. The registered person’s bill of rights

3.1 The right to request information

The registered person has the right to request the personal data we have registered and in which way the personal data has been processed. The information provided to the registered person is free of charge and easily accessible according to routine. This information is for security reasons, only sent to the registered persons e-mail address or postal address.


3.2 Right to request removal of data

The registered person has the right to have his personal data removed from the system as long as this does not affect the abilities of implementing existing agreements or contravenes with laws and regulations.


3.3 Right to edit 

The registered person has the right to have incorrect information corrected.


3.4 Right to complain

The registered person has the right to file a complaint about the processing of personal data to a supervisory authority.


4. Security

4.1 Personnel and computers

Incoming is constantly working to take all the appropriate technical and organizational measures required to protect your personal data and ensure that the processing of data takes place in accordance with applicable data protection legislation. Incoming are using, among other things, hidden wireless networks with encryption and firewall protection. The computers are equipped with antivirus software, firewall, continuously updated software and password protection.


4.2 E-mail traffic

 All E-mail traffic from Incomings personnel and data systems are encrypted. 


4.3 Servers

Incomings internal and external servers are protected by a firewall. Access is password protected and all traffic is encrypted.


4.4 Security on site

Computers, servers and documents are stored under supervision or is locked up and under camera surveillance on Incomings premises.


4.5 Routine in the event of a data breach

In the event of a data breach, Incoming will report the incident to the data inspection board within 72 hours. If there is a risk, for example, of identity theft, fraud or the like, the incident is then also reported to the registered person affected of the incident.


5. Storage of personal data

5.1 Storage of personal data within EU/EES

Personal data occurs on internal servers and computers in the form of lists, documents, images and similar files used for daily work at Incoming, such as the administration of bookings and advertisements. Our backup is stored on our internal server. Personal data for accounting is also stored in binders at the company’s premises.

Our booking system and mail server are available by agreement on our dedicated server at the company Ideo Sp. z o.o.


5.2 Storage of personal data outside of EU/EES

Our offers and newsletters are sent out with the help of Mailchimp from the supplier The Rocket Science Group LLC d/b/a Mailchimp. The company’s servers are located in EU/EES and the USA but are certified under the Privacy Shield agreement which guarantees that the European level of data privacy is taken into account: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG  

We work with the cloud service Google Drive where we send and share files internally, our mail management is via Gmail. The services are provided by Google LLC. The company’s servers are located in EU/EES and the USA but are certified under the Privacy Shield agreement that the European level of data privacy is taken into account: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI


Other pages:

How we use Cookies when you looking for cabins
Rental Conditions when renting a cabin in Sweden