Data Protection

1. Introduction and overview

We have drawn up this privacy policy to explain to you, in accordance with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (Dataskyddslagen), what personal data we process as the data controller and what rights you have.

2. Contact details of the data controller

If you have any questions regarding data protection, please contact:

Data controller:

C&D Northern Homes AB

Represented by Daniel Schmidt and Carola Schmidt

Adress: Majringen 44, 942 95 Vidsel, Sweden

Email: info@nordschweden-ferienhaus.de

3. Your rights as a data subject

You have the right at any time to access, rectify, erase, restrict the processing of, and data portability of your data, as well as the right to object to the processing of your data. Simply contact us using the details provided above.

4. Data processors and services used

In order to provide our services (holiday home booking and activities), we use external partners. We have entered into data processing agreements (DPAs) with them in accordance with Article 28 of the GDPR.

A. Website hosting and forms (Webador)

Our website is operated via the Webador service (JouwWeb B.V., Torenallee 20, 5617 BC Eindhoven, Netherlands).

  • Purpose: To provide our online presence and contact forms for general enquiries.

  • Legal basis: Article 6(1)(b) GDPR (performance of a contract/pre-contractual measures) and Article 6(1)(f) GDPR (legitimate interest in a functional website).

B. Booking system (Smoobu)

For direct bookings of our holiday homes, we use the tool provided by Smoobu GmbH (Wriezener Str. 12, 13359 Berlin, Germany).

  • Purpose: Processing the booking process, checking availability and managing reservations.
  • Legal basis: Article 6(1)(b) GDPR (performance of a contract).
  • Important: In our case, no payments are processed via Smoobu. Only your booking and contact details are recorded.

C. In-person payments (Zettle by PayPal)

For payments you make directly in person in northern Sweden (e.g. for activities), we use the Zettle service (operated by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

  • Purpose: To enable card-based payments on-site.
  • Legal basis: Article 6(1)(b) of the GDPR (performance of a contract).
  • Data: Zettle processes your payment data (credit/debit card details) independently as part of the payment processing. We only receive confirmation of the payment.

D. Web analytics and advertising (Google)

We use Google Analytics and Google Ads conversion tracking (Google Ireland Limited, Dublin, Ireland).

  • Purpose: To measure the reach and optimise our advertisements.
  • Legal basis: Article 6(1)(a) of the GDPR (consent via cookie banner).
  • Transfer to third countries: Data may be transferred to the USA. Google is certified under the EU-US Data Privacy Framework.

5. Communication and Booking

When you contact us via the Webador forms, by email or by telephone, we process your data in order to deal with your enquiry.

  • Data categories: Name, email address, telephone number, content of the message, travel dates.
  • Deletion: We will delete your data as soon as it is no longer required to fulfil the purpose and there are no longer any legal retention obligations (e.g. 10 years for booking documents under Swedish/German law).

6. Cookies

We use essential cookies for the operation of the website (via Webador) and analytics cookies (Google) only with your explicit consent. You can adjust your settings at any time via our cookie banner.