Valid from 2018-05-25

Winterviken Festvåning – Café – Konferens AB – VAT number – SE 556616107001, Vinterviksvägen 60, 117 65 Stockholm, is responsible for processing personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies from May 25, 2018 and its main purpose is to strengthen privacy rights and to secure increased safety in processing personal information.

Personal data and personal data processing

We process personal data for customers, guests, staff and suppliers.
Our purpose of processing personal data is primarily to fulfill our commitments
to customers/guests/staff in response to our assignments with same.
The legal basis for the treatment is mutual agreements and contracts.

We also have personal data agreements with partners that handle personal data for which we are responsible. Our information is obtained primarily from the customer/guest/staff itself and in some cases also from public bodies such as government authorities and credit reporting companies.

The information we process mainly concerns contact details, billing and debit details, social security numbers and VAT- numbers, as well as other information relevant or necessary for the performance of our mission to customers, guests and staff. In cases where we store data for statistical purposes, they will be anonymized via Google Analytics.

Periods of retention

We only intend to store personal data that are relevant for the implementation of our commitment and will delete the data when they are no longer needed for the operation and in accordance with the General Data Protection Regulation- GDPR.

In cases where we consider it useful for both customers/guests and us as a supplier to save the submitted information, we will request written approval to do so.
If approval is not given, the data will be deleted.


In order to keep the personal data we process safe, we have taken several security measures: We have implemented security practices, technical and organizational measures to protect your personal data.

In addition, we have appropriate firewalls and antivirus software to protect and prevent unauthorized access to our network. Access to the spaces where the personal data is stored is limited and it is required for employees to be identified for access.

Your rights

You are entitled to know which of your personal information we handle and for what purposes. This is done by requesting a so-called registry extract.

We are (upon request) obliged to provide a notice of all personal data relating to you.

You may request an amendment to your personal information should the information be incorrect.

You are entitled to request any previously submitted personal data in a structured and machine-readable format.

You also have the right to demand that we delete your personal information from all systems (“Right to be forgotten”).

Contact person for questions regarding our policy is Erika Michael