Privacy Policy

Privacy Policy

At Selma Spa, we process your personal data in various contexts, such as when you order services from us, stay at our hotels, use the services we provide, and in other circumstances. In our privacy policy, you will find information about how we handle personal data. Below, you will also find contact details if you have any questions or if you wish to request access to information.

We process your personal data in accordance with the applicable Swedish Data Protection Regulation, hereinafter referred to as GDPR.

1. Data Controller for Your Personal Data

Our company Selma Spa+ AB, organization number: 556588-3336, Sundsbergsvägen 3, Sunne, phone +46 166 00, email: info@selmaspa.se, is responsible for the processing of personal data in our systems for booking, billing, and hotel operations. We are also responsible for processing personal data in our marketing and email communications to our customers and other contacts.

2. Processing of Personal Data in Connection with Booking of Overnight Stays and Visits

In connection with the bookings you make yourself or those made on your behalf, we process personal data necessary to fulfill the agreement regarding booking and purchasing services. This includes information that you provide to us directly or through a travel agency or agent. For example, we process information regarding your identity, contact details, and payment information. In some cases, we store your passport number. Additionally, we process other information you may have provided that is relevant to your stay with us, such as information about allergies or special requests regarding your visit. We record all purchases and orders you make with us, such as spa treatments, restaurant visits, and room service, so that we can deliver these services and so that you can pay for them.

We process this data for as long as it is necessary to fulfill the booking agreement with you and additionally for as long as applicable laws and regulations require us to do so.

We use keycards for logging into our hotels. This is done to prevent and solve crimes, as well as for security reasons, including fire safety. We store login records for 21 days.

3. Processing of Personal Data for Marketing Purposes

When you subscribe to our newsletter, we store and use your email address to send news and offers from us.

We also use your email address or phone number to send news and offers in accordance with the rules for existing customer relationships. Our basis for this is the Marketing Act.

We may contact you via social media with your consent or in accordance with existing customer relationships. To use social media as a communication channel, we need to share your email address or phone number with the social media platform. Our basis for this is consent or legitimate interests.

You can withdraw your consent at any time. You can also opt out of receiving marketing communications in accordance with existing customer relationships. You can do this by sending an email to info@selmaspa.se.

4. Processing of Personal Data for Development, Troubleshooting, and Security

We process data, including personal data, to troubleshoot and correct errors, improve our services and the technology we use, and analyze user behavior. Additionally, we process personal data to verify your identity, including verifying your identity when using our digital services.

We anonymize data and generate statistics as far as possible, but we also need to process personal data for development, troubleshooting, statistical, or security purposes.

5. Processing of Personal Data for Other Purposes

If you contact our customer service or otherwise reach out to us with inquiries, we process the personal data you provide to the extent necessary to respond to and log your inquiry. The basis for this is legitimate interests or the fulfillment of an agreement with you or responding to your inquiries.

In addition to the processing described in our privacy policy or based on your consent, we may in certain cases be required to process personal data when applicable regulations, including the Data Protection Regulation and GDPR, valid governmental orders, or court rulings require or allow us to do so.

6. Disclosure of Personal Data and Statutory Processing

We do not disclose your personal data to third parties without your consent, or unless applicable laws, including the Data Protection Regulation and GDPR, valid governmental orders, or court rulings allow or require us to do so.

To avoid misunderstandings, we clarify that our data processing for internal purposes is not considered disclosure.

7. Your Rights

As a physical person, you have several rights under the Data Protection Regulation.

You have the right to request information, rectification, and deletion of personal data we process about you. You also have the right to request restrictions on processing, object to processing, and request data portability.

To exercise your rights, you can visit the following page: https://www.strawberry.se/generelle-betingelser/allmanna-villkor/begaran-om-information/ . We will respond to your request as soon as possible, and no later than within 30 days.

We will ask you to confirm your identity or provide additional information before we allow you to exercise your rights with us. We do this to ensure that we only disclose your personal data to you – and not to someone pretending to be you.

8. Data Protection Officer

We have our own Data Protection Officer at Strawberry. The Data Protection Officer handles all of our companies and all personal data we process in the countries where we operate.

The Data Protection Officer is our contact point for the Swedish Data Protection Authority (Datainspektionen).

The Officer provides Strawberry, our data processors, and our employees with advice and guidance on the processing of personal data and the rules governing it. The Officer works to ensure that we comply with personal data regulations and our internal guidelines.

Our Officer can also assist you in exercising your rights with us or help answer questions about your personal data with us.

You can contact our Data Protection Officer at privacy@strawberry.no.

If you believe that our processing of personal data does not comply with what is described here, or that we are otherwise violating the Personal Data Act, you can file a complaint with the Data Protection Authority or the supervisory authority in the country where you stay at a hotel. You can find information on how to contact the Swedish Data Protection Authority at their website www.datainspektionen.se.

9. Cookies

We use cookies to improve the user experience on our websites.

A cookie is a small text file saved on your device (e.g., your smartphone, computer, tablet). Cookies help identify which pages are visited on our website. The information saved with cookies may include how you use the website, which browser you use, and which web pages you have visited.

A permanent cookie remains on your device for a predetermined period. A session cookie is temporarily stored in your device's memory while you are on our websites. Session cookies are deleted when the browser is closed. We use both permanent cookies and session cookies. Strawberry may also use third-party cookies.

If you do not want our websites to save cookies on your device, you can disable cookies in your browser. If you disable cookies, the functionality of our websites will decrease.

10. Personalized Stay with Us

At Selma Spa, we want to offer our customers the absolute best hotel experience tailored to each guest's preferences and purchase history.

Based on legitimate interests, we wish to use information we have received from you regarding your room preferences (e.g., "window facing the sea," "quiet room preferred") and information about your purchases with us ("sparkling water" instead of "still water") to offer you a personalized stay.

This information is collected based on the purchases you make with us and the requests you have communicated to our staff.

Additionally, we sometimes collect information about you from open sources, such as the internet and social media, limited to information relevant to offering you a personalized stay with us. The basis for this is legitimate interests.

This information is not shared with anyone else.

You can object to our use of your data for personalizing your stay. You can do this by sending an email to info@selmaspa.se.

11. Changes to the Privacy Policy or Processing

We continuously work on developing and improving our services for our customers. This may change how we process personal data. The information we provide in this privacy policy will therefore be updated and changed from time to time. We will also update the privacy policy in accordance with new regulations or if required by government practices.