Privacy policy for Eriksberg Vilt & Natur AB
Last updated: April 24, 2026
If you have any questions about this privacy policy, how we process your personal data or would like to exercise any of your rights, please contact us:
Eriksberg Vilt & Natur AB
Guöviksvägen 353
374 96 Trensum
Email gdpr@eriksberg.se
1. Data Controller
Eriksberg Vilt & Natur AB, company no. 556724-1459, Guöviksvägen 353, 374 96 Trensum, is the data controller for the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (GDPR). This policy is provided to fulfill the information obligation according to Articles 13 and 14 of the GDPR.
2. About this policy
This privacy policy describes how Eriksberg Vilt & Natur AB processes personal data about you when you:
Personal data means any information relating to an identified or identifiable natural person pursuant to Article 4(1) GDPR. The processing of personal data shall be lawful, fair and transparent in accordance with Article 5(1)(a) GDPR.
3. What personal data we process and why
3.1 Customers and guests
When you book or use our services, such as hotels, restaurants, conferences, hunting, safaris or other experiences, we process personal data to be able to manage your booking, provide the service, charge payment, provide service and handle complaints and other customer matters.
We can then process data such as:
The legal basis for the processing is primarily Article 6(1)(b) GDPR, i.e. the processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. If we need to store certain data to comply with legal requirements, for example under the Accounting Act, the processing is based on Article 6(1)(c) GDPR.
Accounting documents, such as invoices and receipts, are saved in accordance with Chapter 7, Section 2 of the Accounting Act (1999:1078), i.e. for seven years.
3.2 Foreign hotel guests
For foreign hotel guests, special requirements apply according to Chapter 6, Section 13 of the Foreigners Ordinance (2006:97). We may therefore need to collect and document the information required by law in connection with check-in, such as name, date of birth, home address, arrival and departure date, information about identification document and signature. The legal basis for this processing is Article 6.1 c GDPR, i.e. legal obligation. Registration cards must be kept for three months from the date of registration.
3.3 Suppliers and partners
If you are a contact person for a supplier, partner or other business contact, we process personal data to be able to administer our business relationship, order goods or services, manage deliveries, invoices and ongoing contact.
We can then process data such as:
The processing is normally based on Article 6(1)(b) GDPR when it is necessary for the performance of a contract, or on Article 6(1)(f) GDPR when it is necessary for our legitimate interest in administering and maintaining business relationships. Processing based on Article 6(1)(f) GDPR requires that it is necessary for a legitimate interest and that the interests, rights and freedoms of the data subject do not outweigh our interest in the processing.
Agreements, invoices, receipts and other accounting-related documentation are saved in accordance with Chapter 7, Section 2 of the Accounting Act.
3.4 Job search
When you apply for a job with us, we process the personal data you provide in your application, such as name, contact details, CV, personal letter, information about education, work experience and references. In some cases, we may also process personal data provided by references that you have provided yourself in the recruitment process.
The processing is carried out in order to manage the recruitment process and assess your application. The legal basis is primarily Article 6.1 b GDPR, when the processing is necessary to take steps prior to entering into an employment contract, and in some parts Article 6.1 f GDPR, when we have a legitimate interest in administering and documenting the recruitment. If we want to save your application for future recruitments, this should be done with the support of consent according to Article 6.1 a GDPR.
If sensitive personal data is involved, such as health data, the main rule in Article 9.1 GDPR is that such processing is prohibited, unless an exception in Article 9.2 GDPR applies. We therefore strive not to process more data than is necessary for the recruitment.
Personal data about job applicants is saved during the ongoing recruitment process and thereafter for as long as necessary to complete the process and handle any legal claims. If we want to save application documents longer for future recruitment, this must be done with the support of consent.
3.5 Employees
If you are employed by us, we process personal data to fulfill the employment contract and our obligations as an employer. This may include, for example, name, social security number, address, telephone number, contact information for relatives, salary information, account information and other information needed for personnel administration.
The legal basis is primarily Article 6(1)(b) GDPR and Article 6(1)(c) GDPR. If the processing of sensitive personal data is required under employment law, for example health data in the event of sick leave or rehabilitation, the processing may in some cases be permitted under Article 9(2)(b) GDPR.
We save personal data about employees for as long as it is needed for employment and thereafter for as long as we are required or permitted to do so by law, collective agreements, statutes of limitations, or to establish, assert, or defend legal claims.
3.6 Newsletters and marketing
If you sign up for our newsletter or other marketing, we normally process your name and email address to be able to send you information, news and offers from Eriksberg.
Marketing via electronic mail to natural persons is regulated in Section 19 of the Marketing Act (2008:486). The main rule is that electronic marketing may only be sent if the recipient has consented to it in advance. The legal basis according to GDPR is then Article 6(1)(a). You have the right to withdraw your consent at any time according to Article 7(3) GDPR.
You can unsubscribe from our mailings at any time by using the unsubscribe link in the mailing or contacting us at gdpr@eriksberg.se.
4. When you use our website
When you visit our website, we may process information such as your IP address, cookie ID, technical information about your device and information about how the website is used. If such information constitutes personal data, it is processed in accordance with the General Data Protection Regulation (GDPR).
4.1 Cookies
When you visit our website, we use cookies and similar technologies to make the website work, to improve the user experience, to analyze traffic and, where applicable, for marketing purposes.
A cookie is a small text file that is stored on your device when you visit a website. Some cookies are necessary for the website to function properly. Others are used, for example, for statistics, analysis or to customize content and marketing.
The use of cookies and similar technologies is regulated in Chapter 9, Section 28 of the Electronic Communications Act (2022:482). Necessary cookies are used for the website to function and do not require consent. Cookies for statistics, analysis and marketing are only used if you have been informed about the purpose of the processing and have given your consent.
You can change or withdraw your consent at any time via the cookie settings on the website. You can also block cookies in some cases via the settings in your browser. Please note that some functions of the website may then not work as intended.
If cookies involve the processing of personal data, such as IP address or online identifiers, the processing takes place in accordance with the GDPR.
5. Camera surveillance
In certain locations within the Eriksberg area, camera surveillance is used to create security for staff and guests, prevent and investigate incidents, protect fenced areas, and reduce the risk of unauthorized entry or animals escaping.
The legal basis for camera surveillance is Article 6(1)(f) GDPR, i.e. legitimate interest. Such processing requires that our interest in the surveillance outweighs the interests, rights and freedoms of the data subject. The Swedish Data Protection Authority (IMY) also states that information about camera surveillance must be provided in an understandable and easily accessible manner, including through clear signage, and that the information must include, among other things, the purpose, legal basis, recipient, storage period and contact details.
Recorded material is normally retained for 10 days, unless it needs to be retained longer to investigate an incident, satisfy a legal claim, or comply with a legal obligation.
Recipients of data from camera surveillance are only authorized persons within Eriksberg's operations, and where applicable, authorities when disclosure is required by law or is necessary in connection with an investigation.
6. Sharing of personal data
We do not sell your personal information.
We may share personal data with suppliers who process data on our behalf, such as suppliers of IT operations, booking systems, payment solutions, support, marketing tools and other administrative services. When an external party processes personal data on our behalf, that party is a data processor. In this case, there must be a data processor agreement in accordance with Article 28 GDPR. A data processor may only process personal data on instructions from the data controller.
We may also disclose personal data to authorities when we are obliged to do so by law, judgment or official decision. The legal basis for such disclosure is Article 6(1)(c) GDPR, i.e. that the processing is necessary for compliance with a legal obligation.
7. Transfer of personal data outside the EU/EEA
We strive to process personal data within the EU/EEA. If personal data is nevertheless transferred to recipients outside the EU/EEA, this will only happen when there is a legal basis for the transfer according to Chapter V of the GDPR, for example an adequacy decision according to Article 45 of the GDPR or appropriate safeguards according to Article 46 of the GDPR, such as the EU Commission's standard contractual clauses.
8. How long we store personal data
We do not store personal data for longer than is necessary for the purposes for which the data are processed, unless we are required to store them longer by law or in order to establish, exercise or defend legal claims. This follows from the principle of storage minimization in Article 5(1)(e) of the GDPR.
The storage period varies depending on the type of personal data and the context in which it is processed. Where the storage period cannot be specified precisely in advance, it is determined based on the purpose of the processing, our legal obligation to retain the data and the need to be able to handle legal claims. This is in line with Article 13(2)(a) GDPR, which requires the data subject to be informed of the storage period or the criteria for determining it.
Certain retention periods are directly governed by law. Accounting documents, such as invoices and receipts, are retained for seven years according to Chapter 7, Section 2 of the Accounting Act (1999:1078). Registration cards for foreign hotel guests are retained for three months according to Chapter 6, Section 13 of the Aliens Ordinance (2006:97).
10. Your rights
According to GDPR, you have the right to:
These rights follow from Chapter III of the GDPR. The right to object always applies to processing for direct marketing purposes. The right to erasure is not absolute and may be limited if, for example, the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
If you wish to exercise any of your rights, you can contact us at gdpr@eriksberg.se.
11. Complaints
If you believe that our processing of your personal data violates applicable data protection regulations, you have the right to file a complaint with IMY, which is the supervisory authority in Sweden under the GDPR.
12. Changes to the policy
We may update this Privacy Policy from time to time. The most recent version is always posted on our website. The date of the last update is indicated at the top of the policy.