SkiStar's privacy policy (VERSION 2022:01)

Your trust is important to us at SkiStar ("SkiStar", "we", "us"). Our goal with this policy is to describe to you in a clear and transparent manner how we collect, use, display, transmit and store your information so that you can feel confident that your personal data is stored safely and not misused.

We continuously evaluate the risks associated with the processing of personal data that takes place and put the necessary security measures in place to reduce the risks. We train all our staff continuously on data protection matters.

In this policy, we describe how and why SkiStar processes personal data when you interact with us, for example at skistar.com, skistarshop.comor within our customer club "MySkiStar". Booking terms, conditions of purchase and MySkiStar membership can be found here.

SkiStar processes all personal data in accordance with EU data protection legislation, the General Data Protection Regulation (GDPR). SkiStar AB, Reg. no. 556093–6949 is responsible for the processing of personal data we collect from you. SkiStar Norway AS, Reg. No. 977 107 520 MVA, is part of the SkiStar Group and processes your data when you visit one of our Norwegian destinations. SkiStar AB and SkiStar AS therefore share responsibility for some of the personal data we collect about you when you visit a Norwegian destination, but SkiStar AB has overall responsibility for the entire group's activities and exercises dominant influence over group companies. SkiStar AB is your main contact for questions and to exercise your rights. This policy is applied by all companies within the SkiStar Group.

This policy is specifically aimed at private individuals who are, or want to become, our customer. If you are also a member of MySkiStar, see separate section5. When information in this privacy policy differs from what applies to MySkiStar members in accordance with section 5, the provisions of section 5 shall apply. If you are a supplier or partner, you can find information on how we process your personal datahere.

1. What personal data we collect

Personal data means all kinds of information that can be directly or indirectly attributed to a living, natural person. This includes their name, national ID number, address, email address and telephone number. It may also include the likes of booking numbers and IP addresses where these can be linked to individuals.

1.1 Information collected directly from you

Data collected when making a booking

When you book a trip/activity or buy a product from SkiStar (collectively "booking"), we collect personal data from you to complete your booking. If your booking includes children, we also collect data for the children in question, provided this is necessary to fulfil the booking or to deliver good customer service. Examples of data that SkiStar collects from you include:

  • Photographs of you.
  • Identity details, such as your name, national ID number and date of birth.
  • Purchase details, such as what you bought, when and where you bought it, how you paid and credit and/or other payment information.
  • Personal/contact details, such as name, customer/member number, telephone number, address and email address.
  • Skier´s details, such as height, weight, shoe size and experience

Data collected via personal contact

When you contact us, we collect the personal data necessary to be able to answer your questions, identify your booking or deal with the matter, such as your name, contact details or information about your booking. This may also involve more specific information in connection with a claim, such as a medical certificate.

Information collected via My Pages

If you register a user account on skistar.com (My Pages), we collect your email address to create your login. You can then manage your data via My Page.

You can also choose to upload a profile picture on My Page.

Information collected when you subscribe to our newsletter

If you subscribe to our newsletter, we collect your name and email address to send you marketing material. If you choose to provide it, we also collect data about your postal code and country of residence to provide as relevant content as possible.

Data collected when using our digital services

When you use any of our websites, our apps or any other digital service from us, we collect data about your use of the service in question. Some of this data may be personal data, for example your IP address if it can be linked to individuals. We also collect information about how you navigate in the relevant service, what searches you make and which products you are interested in. If you are logged into My Pages or provide information that enables us to identify you, we connect the information about your usage patterns with other information we have collected about you. For more information about the type of data collected in connection with the use of our digital services, see our cookie policy.

1.2 Information collected from someone other than yourself

Information from others in your party

When booking and when in contact with us in relation to various matters, a person may provide personal data about one or more other guests in a travelling group. We assume that the person providing this information has permission to provide that information to complete the booking. The person booking for others should therefore make sure that these people understand how their personal data may be used by us.

Data from agents and digital partners

When you book a trip with SkiStar via an agent, travel agent or website (digital partner), jointly referred to as "agents" with whom we cooperate for marketing our trips, you provide personal data to the agent. This personal data is the responsibility of and is processed by the agent in question. The agent transfers the information necessary for us to complete your booking in accordance with our agreement with the agent.

2. Why we use your personal data

SkiStar's legal basis for processing your personal information

SkiStar processes your personal data in accordance with the law. The same personal data can be processed for different purposes and therefore on different legal grounds, such as making a booking, based on balancing of interests, on the basis of a specific consent from you or that the data is necessary to comply with legal obligations. This means that, even if you revoke your consent and processing based on consent ceases, it may still be necessary to save your personal data for other purposes where the personal data is still needed. Primarily, we process your data for the performance of a contract to which you are party, such as a booking.

Administration of your booking

To be able to fulfil your booking and deliver what you have ordered from us (i.e. fulfil our contract), we use your personal data in various ways. For example:

  • Issuing booking confirmations and other travel documents,
  • Booking accommodation,
  • Sending important information in connection with your booking,
  • Preparing your rented equipment, and
  • Making payment for what you have ordered.

What data we process depends on what you have ordered.

When booking by phone, the conversation is recorded based on SkiStar's legitimate interest in ensuring what SkiStar and the customer have agreed on.

To provide customer service

When you contact us by phone, chat or email with questions, comments or complaints, etc. we record your call and save your chat or email and use your personal data to provide you with service. We do so to be able to fulfil our contract with you and on the basis of our legitimate interest in providing you with good service.

Marketing and personalisation

We would love to send you relevant offers and news about our products and services. We therefore use your data, such as information about your previous purchases, browsing habits and search settings, as a basis to personalise our communication and to contact you by post, email or phone on the basis of our legitimate interest in marketing our products and services. In this way, we can customise our marketing to make it more relevant to you. We may also send you information about products and services from our partners that we believe may be of interest to you.

If you do not wish to receive marketing material from us, you may decline it at any time via the settings on My Page or in any way specified in your marketing communications.

For special events, photographs may be used for marketing purposes, based on our legitimate interest. You will always be informed in advance and have the right to object to being photographed directly on site or in accordance with section 6 below.

Development of services and customer service, as well as training

When you contact us by phone for customer service matters, we record your conversation and thus process your personal data on the basis of our legitimate interest in using the conversation as a basis for internal training and development work.

We use the data we collect about our customers to develop and improve our products, digital services and marketing communications on the basis of our legitimate interest, where we analyse user behaviour to develop how we present information, offers and design features. In terms of digital communication, we also use the data to improve our opportunities for efficient communication and reaching a relevant target audience.

We also use the data we collect about our customers to send out surveys in connection with our products and services. We do so on the basis of our legitimate interest in developing and improving our products, services and guest experiences, as well as using results to form the basis of internal training and development cooperation. The questionnaire is anonymous and only processes personal data as long as the respondent chooses to enter personal data in the free text field.

Legal requirements

Finally, your personal data may also be processed to satisfy obligations under laws and regulations, for example regarding security and reporting.

3. How long we store your data

We never save data longer than we need to and only use your personal data for the purposes set out in this policy. After this time, we will safely remove your personal data. The same personal data may be stored in several different places for different purposes. This means that we may delete data from one system when it is no longer needed there, while the same data may continue to be stored in a different system where its purpose is still valid for that specific system. If data is needed after this period for analytical, historical or other legitimate commercial purposes, we will take appropriate steps to anonymise the data so that it no longer constitutes personal data.

3.1 Information collected from you

Data collected when making a booking

The personal data we collect via a booking is stored in our customer database for five years. If you interact with us within five years, data about previous bookings/products will be saved for another five years. Personal data is stored as a basis for market and customer analyses, for statistical purposes and to provide you with better booking offers and better customer service. Personal data is also stored to enable us to comply with the legal requirements with respect to the supervision in place for package tours and to ensure that there is documentation of booking in the event of a complaint. In the event of complaints, some data may be saved for ten years in order for us to be able to defend ourselves against legal claims.

By law, we are required to record and retain certain information that constitutes accounting information. We therefore have to store this information for roughly seven years.

Data collected via personal contact

When you call us or chat/mail with our customer services, we will save your conversation with you for 90 days.

Information collected via My Page

The data from My Page will be stored in our customer database for five years.

Information collected when you subscribe to our newsletter

If you have registered to receive our newsletter, we will retain the data necessary to administer this until or unless you unsubscribe from the newsletter or notify us that you no longer wish to receive it. You may unsubscribe from receiving the newsletter at any time via My Pages or as specified in the mailing list.

3.2 Information collected from someone other than yourself

Information collected from others in your party

See the section "Data collected when making a booking".

Data collected from agents and digital partners

See the section "Data collected when making a booking".

4. To whom we provide personal data

To be able to fulfil the booking you have made with us and to carry out our business, we may need to share your personal data with our sub-suppliers and partners. We only share personal data with them to the extent necessary for them to be able to provide their services to you and us, and they only have access to the personal data that is necessary.

Sub-suppliers

To meet the objectives of our processing of your personal data, we share your personal data with companies that provide services to SkiStar, for example to manage the dispatch and delivery of your goods. These companies may only process your personal data in accordance with our explicit instructions and must not use your data for their own purposes. They are also required by law and contracts to protect your personal data.

Providers of travel-related services

To meet the objectives of our processing of your personal data, we share your personal data with companies that provide services directly to you on behalf of SkiStar, such as ski schools and agents such as hotels.

Such providers have access to the personal data necessary to complete the booking. These providers are independently responsible for processing personal data in accordance with their own data protection policy.

IT suppliers

We use a number of different IT services and IT systems in our business. Personal data is stored and handled in some of these. We care about your privacy and the security of your data during any such handling. Some systems are installed locally with us and it is only our staff who have access to the data. In these cases, there is no transfer to third parties. Some systems, however, are cloud solutions or installed by the provider, which means that we transfer personal data to the provider. In such cases, the provider is our data processor and handles the data on our behalf and under our instructions.

Web analytics companies and social media companies

We use external providers for personalisation and analysis of user behaviour on our websites and for user feedback. The data is primarily collected via cookies and is handled at an anonymous and aggregated level. We may also use social media companies, such as Facebook, for our marketing communications.

Within SkiStar

Our Privacy Policy applies to all group companies and subsidiaries of SkiStar, which means that SkiStar AB has the same access to personal data as the specific destination or department you were in contact with locally, but with the restriction that an individual employee can only see such information as is relevant for carrying out his/her working duties.

Authority

If we are required or permitted by law, we may share personal data with the state and authorities to the extent necessary.

5. Especially for members of MySkiStar

You can find our full membership conditions here.

MySkiStar members enter into an agreement with SkiStar in which it is necessary for SkiStar to use personal data as well as other information the members provide (e.g. name, email, national ID number, username, information about the account, purchase information, information and statistics regarding the members skiing etc.), to fulfil SkiStar’s commitments to the member and administrate the parties' contractual relationship. This includes sending important information related to the contractual relationship, such as administrative notifications. If you do not provide us with your personal data to us, you cannot become a member of MySkiStar.

As per paragraph 6 of the terms and conditions, MySkiStar members have the right to receive relevant and personalised communications about our products and services, including personalised offers, through our various channels. This may also involve creating top lists, tips on training, etc. that we share with members. We process your personal data for these purposes to be able to fulfil our contract with you.

Your personal data may also be processed at an overall level for general market and customer analyses and statistics. We may, for example, produce statistics about sales, goods dispatched or offers taken advantage of. We do so on the basis of our legitimate interest in carrying out general analyses for increased customer understanding and in assessing, improving and developing our services and products. We do not conduct analysis or follow-up of individual members for these purposes.

If you as a member do not want your personal data to be processed for direct marketing purposes, you can submit a written request to SkiStar using the contact details below or unsubscribe directly from our direct marketing mailing list. You can also unsubscribe from receiving our newsletter via "My Page" at any time.

6. Your rights

Right to information about the personal data we have stored about you

In addition to the online access you have to personal data related to My Page or your booking, you also have a right to a copy of the personal data that we hold about you and information on how we process it.

Right to control your personal data

You have the right to request that data about you be deleted, supplemented or corrected. You also have the right to request that the processing of your personal data is limited in certain circumstances, for example while we rectify it.

In case of automated processing based on your consent or contracts where personal data is collected directly from you, you have a right to data portability, which means that you have the right to request your personal data in a structured, generally used and machine-readable format.

For processing performed on the basis of a legitimate interest, you always have the right to object, in accordance with the data protection regulation. We will then perform a balancing of interests based on your specific situation to assess whether it is still legitimate to process your personal data for the specified purposes. However, if processing was performed for direct marketing, we will stop if no prior balancing of interests has been performed.

You are welcome to contact us at any time at www.skistar.com in order to exercise any of your rights. Your email must include your name and contact details so that we can identify you. If we are unable to identify you, we will come back and ask you for more information to handle your request.

You can also request deletion of your personal data via our SkiStar app (however, if we still have a legitimate reason to store the data by law or agreement, your request may be denied).

Withdrawal of consent

You can choose to withdraw your consent at any time by contacting us via the contact details given below. If you withdraw your consent, we will anonymise the personal data we hold about you, and discontinue any processing on the basis of that consent. You can also do so easily via the settings on My Page.

The same personal data can be processed on the basis of your consent and on the basis that it is necessary or under other regulations. This means that, even if you revoke your consent and such processing as is based on that consent ceases, it may still be necessary for us to retain your personal data for other purposes.

7. Cookies

On skistar.com and skistarshop.com, we use cookies to improve your experience, to gather information for marketing purposes and to develop our web pages. We are not able to identify you as a visitor to our websites using this information, but because an IP address is regarded as a personal data, we will let you know about such processing. For such handling of data, our cookie policy applies in addition to this privacy policy.

8. Changes to this privacy policy

We may change this privacy policy from time to time and all changes take effect automatically thirty (30) days after they have been published on skistar.com. In the event of a change being particularly relevant or substantial, you will be notified accordingly. If we make changes to the privacy policy that are considered necessary to comply with obligations under laws, government advice or decisions, the new privacy policy may apply immediately after it has been published on skistar.com.

9. Contact

If you have any questions regarding the processing of your personal data, you are welcome to contact us using the contact details below. If you are not satisfied with the response you have received, you have the right to submit a complaint to the Swedish Privacy Authority. Read more on the Swedish Privacy Authority's website.

personuppgifter@skistar.com

or send a letter to

SkiStar AB

Att: Customer support

Fjällvägen 25

780 91 Sälen