Private Policy GDPR


We take our guests privacy very seriously and apply a strict policy. Our DPO (Data Protection Officer) is Nilla Tjälldén who you will be able to contact via

Collection of personal data

We collect the following personal data;

  • name
  • address
  • phone-number
  • e-mail address
  • ID-number/passport number
  • credit card information

needed by us to be able to deliver the hostel stay in a safe and legal way for both us and the guest.

Personal data is collected via the reservation form at booking channels (e.g, Expedia) or at our homepage.


Both our booking system and webpage provider use session cookies which are deleted when the session is terminated.

We collect usage information from our homepage and Facebook for analysis of user behaviour by Google Analytics, Facebook Pages and Facebook Ads Manager.

Video surveillance

Video from our reception, lounge and kitchen areas is stored with our security or camera provider for 30 days. Images are only available to operators by request from us, and only the DPO have access internally. Video is collected to deter from theft, unruly behaviour and identify guests (when called for) not following booking conditions and House Rules.

Storage of personal data

Data is stored in our cloud-based booking system. Sirvoy keeps all customer data confidential and will only disclose information about the customer to a third party if it is relevant to the service being provided through our agreement. GDPR compliant third-party services may be used for data processing.

Credit card details are stored with Stripe, our credit card payment service. You can learn more about Stripe and read its privacy policy at Credit card details are not available to Winstrup Hostel staff.

For reservations made via our booking channels (e.g, Expedia) personal data is stored in accordance with each channels privacy policy.

For non-Swedish citizens and in accordance with Border Police requirements, a signed document with personal data is stored in a locked location for three months.

Personal data in our booking system is kept for 18 months.

Usage of personal data

We use personal data to be able to deliver the hostel stay in a safe manner for both us and the guest and in line with Swedish legislation.

We will send guests, up to 7 days after departure, an offer for a discount at their next stay.

We will not use personal data from our booking system for marketing purposes.

We will not use personal data for profiling purposes.

We will never sell personal data we have received to a third party.

We actively communicate which personal data we store about the guest to the guest through our booking confirmation. Since credit card details is not available in the booking system it cannot be communicated or shared.


As we only use personal data for the purposes mentioned in the point above we assume the guest gives consent by a clear affirmative action (entering their own personal data by themselves and confirming the reservation by pressing a button in the system).

On the booking confirmation we also mention the upcoming offer of a discount and provide instructions on how to opt out from this offer.

Your right to your information

We will always provide you, free of charge, details about the personal information we have about you in our system.

We will correct, update or erase (after your visit has been completed) any information you require.

We will immediately inform you about any data breach or theft of data.