Privacy Policy
Your privacy is important to us.
Your privacy is important to us. We have therefore drawn up this privacy policy, (“Privacy Policy“) which describes how we collect, use, share, transfer and store your information. Read the Privacy Policy to familiarise yourself with how we handle your privacy and contact us if you have any questions.
Cirkus Venues AB, org. no. 559036-8485, Djurgårdsvägen 68, 115 21 Stockholm (“Cirkus Venues”) and companies that are at all times part of the same group as Cirkus Venues (“the Group” or “we”) process personal data for users and customers who use our services, stay at our hotel, attend our events and buy our goods etc. (“Services“).
Cirkus Venues is the personal data controller for the processing of personal data, and thus responsible for ensuring the processing of your personal data takes place in accordance with the principles set out in law and this Privacy Policy. Other companies within the Group may act as a personal data processor or the personal data controller for certain personal data either alone or together with Cirkus Venues.
“Personal data” refers to all information that can be directly or indirectly linked to a natural person living today. We care about the protection of your personal data and process your data in accordance with the General Data Protection Regulation (GDPR) and national data protection legislation, which exists to protect the privacy of individuals.
Some pages on the Group’s websites contain links to third party websites. These websites have their own privacy policies and the Group is not responsible for their activities, including but not limited to their information practices. Users who submit information to or through these third-party websites should review the privacy policies of the websites before providing any personal information to them.
Changes to this Privacy Policy are announced by publishing an updated Privacy Policy on this website and we therefore recommend that you read these regularly.
Categories of Personal Data we may collect
We may ask you to provide personal information when you use our Services. The Group and its affiliates may mutually share the information and use it in accordance with this Privacy Policy. You do not have to provide the personal information we request, but if you choose not to do so, we may, in certain cases, not be able to provide you with our services.
We only collect the personal information that you yourself provide to us and which is relevant for the purpose described in the special terms for each Service and this Privacy Policy. When you use our services, we may collect various types of information, e.g. name, address, credit card details, telephone number, e-mail address and IP address.
In addition to the information you provide to us, we may collect information from ticket providers, travel agencies or other operators through which you have booked your service.
Purposes of processing
The Group may use your personal information for the following purposes:
- to perform and administer the services,
- to safeguard your interests,
- for accounting and invoicing,
- to contact you regarding your booking status or information related to your booking,
- to develop and analyse the business,
- to communicate with you and offer the Group’s services to you,
- to send you newsletters,
- to disclose information to partners whose events you attended, or
- to market the Group’s services.
Legal basis for our processing of your Personal Data
We process the information on the basis of our legitimate interest as an actor in the provision of our Services and in order to be able to fulfil the legal obligations incumbent on us.
The information processed for the purpose of developing and analysing the business and for communicating with you is processed on the basis of our legitimate interest in developing the business and communicating with our contacts.
The processing that involves disclosure of your information to partners is based on your consent, which you can revoke at any time, see the section “Your rights” below.
Recipients given access to the personal data
Personal data may be transferred between companies within the Group and to partners in order that it may be processed in relation to the purposes set out in this Privacy Policy. The group uses subcontractors for, for example, its computer operations and personal data may therefore be transferred to these subcontractors. Our subcontractors process your personal data only on behalf of the Group, in accordance with our instructions, and only after they have signed a personal data processing agreement in accordance with applicable law, in order for us to ensure a high level of protection for your personal data. The Group may disclose personal information to third parties if the Group is obliged to disclose such information on the basis of law or decision by a public authority.
Transfer of personal data to third countries
The group may transfer data to partners and subcontractors outside the EU/EEA. To ensure a high level of protection of your personal data in such situations and compliance with EU/EEA rules, the Group company in question enters into a personal data processing agreement with such parties. Personal data processing agreements of this nature regulate these parties’ processing of personal data and, where applicable, the transfer of personal data in accordance with current EU/EEA rules on the protection of personal data. Such an agreement contains conditions that are required by the European Commission and that meet the requirements set by applicable law to protect the transferred personal data.
Protection and erasure of personal data
The Group has internal routines for IT and information security and takes appropriate technical and organisational measures to protect your personal data against, for example, loss, tampering or unauthorised access.
We process your personal data for the time that the processing is necessary to fulfil the purposes for which the data was collected and/or we have a legal obligation to retain the personal data. If you unsubscribe from newsletters or similar, the information will be deleted immediately.
Your rights
Right to be informed: You have the right to receive information free of charge about our processing of your personal data. Requests for extracted data must be made in writing to the Group’s data protection officer at the address shown below and must be personally signed by you and contain information about your name, postal address, telephone number and e-mail address (used in communication with the Group). The extracted data will be sent to your population registration address within one month of the application being received by the data protection officer.
Right to rectification: We endeavour to ensure that the personal data that we process about you is correct and relevant for the purpose for which the processing takes place. You have the right to contact the Group’s data protection officer to ask us to rectify incorrect information about you that is processed by us. You can also request information concerning to whom we have disclosed your personal information. The Group is not responsible for problems that arise as a result of personal information being old or incorrect if you have failed to inform us of the change. Each company within the Group will, at your request or when the company discovers it, rectify or delete incorrect or incomplete information.
Right to erasure: We have an obligation to erase your personal data if (i) they are no longer needed for the purpose(s) for which they were collected, (ii) the processing of them is based solely on your consent and you revoke it, or (iii) the processing takes place for direct marketing.
Please note that you can revoke your consent to further processing of your personal data at any time (although not retroactively) by contacting the data protection officer at the address below, whereupon the Group will prevent the continued processing of said information.
You are reminded, however, that revocation of consent does not affect processing that may be undertaken without consent (e.g. the processing that takes place to be able to provide the services) but may lead to the services not working as intended or that the Group can no longer provide the services.
Right to restrict processing: In some cases, you may request that our processing of your personal data be restricted to certain limited purposes. You may do this, for example, when you believe the information is incorrect and have requested correction.
Right to data portability: We can help you transfer personal information that you have provided to us to another service provider. A prerequisite is that the recipient of the information processes it on the basis of your consent or to fulfil an agreement with you. This right only applies in relation to such personal information that you yourself have provided to us.
Right to object: You have the right to object to the processing of your personal data for marketing purposes at any time.
Complaints to the Swedish Authority for Privacy Protection: If you believe that we are processing information about you in violation of the GDPR, you can lodge a complaint with the supervisory authority where you live or work. In Sweden, the Swedish Authority for Privacy Protection is the supervisory authority.
Right to damages: If you have suffered damage as a result of our processing your personal data in violation of the GDPR, you may be entitled to damages.
Cookies
When you visit our website, we may send and store a cookie on your computer, tablet or mobile phone. This cookie enables the website or web server to collect and store specific, but limited, information from your browser about how you use it and to improve your user experience. We may also collect information about your IP address, operating system, and which search engine you use for statistical and administrative purposes. The information we collect through your visit to our website is generally anonymous and cannot be traced to a specific person. Information about how the Group uses cookies, what they are used for and how you can avoid them can be found in the Group’s Cookie Policy in force at any given time. Read our Cookie Policy.
Transfer
If we sell, reorganize or otherwise transfer all or part of our business, your personal data may be transferred at the same time.
Questions concerning privacy
If you have questions or concerns about the Group’s Privacy Policy or data processing, or would like
to make a complaint about a possible violation of laws and rules on privacy, you can contact our data
protection officer at the address below.
Contact information, Data protection officer
Name: Johann Schneider
Email: dpo[at]cirkusvenues.se
Postal address: To: Johann Schneider, Cirkus Venues AB, Djurgårdsvägen 68, 115 21
Stockholm