Privacy Policy

We process data you provide when making a booking, checking in, contacting us, or subscribing to our newsletter:

• Name and contact details (email address, phone number, postal address)
• Reservation information (dates, room category, number of guests, special requests)
• Check-in information (expected arrival time, access code requests)
• Payment information (processed by our payment provider – we do not store card details)
• Communication history (emails and messages sent to us)
• Anonymised technical statistics from website visits (such as page views and response times) – no information is linked to you as an individual

As Järnvägshotellet is fully unmanned, check-in and guest communication are handled digitally. The details you provide at booking are used to generate and deliver your personal door code and room code.

• Fulfilling your reservation – we process your data to confirm your booking, send access codes, and enable your stay. Legal basis: performance of a contract.
• Customer service and communication – we handle enquiries and matters during and after your stay. Legal basis: legitimate interest.
• Security and access control – code logs are retained to a limited extent to enable tracing of unauthorised access to the property. Legal basis: legitimate interest.
• Accounting and legal obligations – records required for accounting and tax purposes under applicable law. Legal basis: legal obligation.
• Direct marketing to existing customers – we may send you offers and news if you have previously stayed with us. Legal basis: legitimate interest. You may opt out at any time via the unsubscribe link in any communication or by contacting us directly.

We share your data only to the extent necessary to fulfil the purposes described above:

• Booking platform – processes reservation data as a data processor on our behalf.
• Payment provider – payments are handled by a PCI DSS-certified provider. We store no card details.
• Email provider – used to send booking confirmations and access codes.
• Authorities – data is disclosed where we are legally required to do so.

We never sell your personal data to third parties.

• Reservation data – retained for seven (7) years in accordance with accounting legislation.
• Communications data – deleted no later than three (3) years after last contact.
• Code logs – deleted no later than 90 days after check-out.
• Marketing preferences – retained until you withdraw consent or unsubscribe.

Under the General Data Protection Regulation (GDPR) you have the right to:

• Access – obtain a copy of the personal data we hold about you.
• Rectification – have inaccurate or incomplete data corrected.
• Erasure – request deletion where this does not conflict with legal obligations.
• Restriction – request that we limit processing in certain circumstances permitted by law.
• Objection – object to processing based on legitimate interest.
• Portability – receive your data in a structured, machine-readable format.
• Complaint – lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

Send your request to info@jarnvagshotellet.com. We respond within 30 days.

We collect anonymised technical statistics about how the website is used, such as page views, load times, and error rates. The data is aggregated and cannot be linked to you as an individual visitor. We do not use cookies and place no tracking content in your browser.

We may update this policy from time to time. For significant changes we will notify you by email or via a prominent notice on the website. The date of the most recent update is shown at the bottom of this page.