Skip to content

Please note! Artipelag is booked and closed to the public September 4 – 6.

Privacy policy

Artipelag AB
Box 115
134 23 Gustavsberg
Tel 08–570 130 00
Organization number 556691-1524

Introduction

Artipelag AB (“Artipelag,” “We”) uses personal data in its ongoing operations. This privacy policy explains which personal data we process, how and why they are processed, and how you can influence our processing.

Personal data is stored on our computers, servers, and in the external systems we use for communication, administration, booking, and accounting.

Personal data will not be used for purposes incompatible with the purposes for which they were initially collected.
This policy takes effect on May 25, 2018.

Definition of Personal Data and Personal Data Processing

Personal data is any type of information that, directly or in combination with other data, can be linked to a living individual. Examples of personal data include postal addresses, personal email addresses, and phone numbers.
Personal data processing includes actions such as modification, storage, deletion, and dissemination.

Data Controller

The data controller is Artipelag AB. For inquiries regarding the handling of personal data, please contact artipelag@artipelag.se.

Why Artipelag Handles Personal Data

We process personal data to fulfill our commitments to our visitors, and to improve our services, communication, and understanding of our visitors.

We justify our processing based on a legal basis.
This could be to fulfil your agreement as a ticket purchaser or when booking one of our restaurants, event venues, or meeting rooms.
The legal basis could also be your consent to receive information from us, such as newsletters.
We may also rely on a legitimate interest to contact you.

As a registered individual in our systems, you can always opt out of further processing of your data, provided we do not have a legal obligation to continue the processing.

Amount of Personal Data Processed by Artipelag

Artipelag strives not to collect and process more personal data than necessary. We also try to anonymize the collection and processing where possible.

How Artipelag’s Personal Data Is Used by Others

Artipelag uses subcontractors, so-called data processors, to handle, for example, table reservations and the sending of newsletters. We have agreements with these data processors to ensure that personal data is adequately protected and not shared further.

We will not sell your personal data to anyone.

Legal Grounds We Use and When We Use Them

Consent

Artipelag uses consent as a legal basis in cases where such consent is provided and registered. This applies, for example, to the distribution of our general newsletter.

Fulfilment of Agreement

When you purchase a ticket, service, or product at Artipelag, we must process personal data to fulfil our obligations.
We may need contact information to inform you about a concert you purchased a ticket for, dietary preferences for a table reservation, billing details when renting a venue, and payment card data when a purchase is made.
Fulfilment of the agreement is the basis we use when communicating with our Art.Pass holders.
Personal data may also be needed as documentation in the event of possible disputes.

Legal Obligation

We may have a legal obligation to retain personal data. This could be related to employment and accounting, among other things.

Legitimate Interest

This applies, among other things, to cookies that provide us with statistics on how visitors use our website and to what extent.
Legitimate interest is also used when we improve our operations, such as by sending customer surveys after events. You have the right to limit our use of this legal basis in our communications with you at any time.

Camera Surveillance

Artipelag conducts camera surveillance in our areas to ensure the safety of visitors, staff, and objects, as well as to manage parking fees. If a person can be identified through the video recording, the recording constitutes personal data. We strive to clearly inform our visitors about this camera surveillance, and the rights that registered individuals have under the General Data Protection Regulation (GDPR) and the Camera Surveillance Act.

Information About Camera Surveillance

  • Signage: At the entrances and exits of our areas and strategic locations and entrances, there are clear signs informing about ongoing camera surveillance.
  • Printed Information: For those who wish to access the information in a non-digital way, printed information is available at our reception and can be provided upon request.

Purpose and Legal Basis Behind Camera Surveillance

The purpose of Artipelag’s camera surveillance is primarily to administer and ensure payment for parking, as well as to prevent and deter vandalism and crime.

The camera surveillance is conducted based on legitimate interest according to Article 6.1.f of the GDPR. Artipelag has assessed that there is a legitimate interest in processing the data for the specified purposes and that the need for camera surveillance outweighs the intrusion into personal integrity that the surveillance may entail for those who are subject to it.

Retention Period for Camera Surveillance at Visitor Parking:

  • For Payment Made During the Visit: If payment is made during the visit, the data is stored for 90 day
  • For Non-Payment During the Visit: If payment is not made during the visit, the data is stored for 12 months.

Retention Period for General Camera Surveillance of Artipelag

  • 29 days

Rights Under the GDPR

We are obligated to inform you, upon request, whether we process personal data belonging to you. If we process your personal data, we shall provide you with a written notice of this, including what data we have, where it originates, what we use it for, and whether the data has been shared with data processors.
You also have the right to:

  • Withdraw previously given consent to the processing
  • Opt out of direct marketing
  • Have your data corrected if it is incorrect
  • Request deletion

Requests for a register extract should be sent to artipelag@artipelag.se. Your request will be processed within 30 days of receipt and done for free. If your request is deemed particularly complex, the time may be extended by 60 days. In extreme cases, we may charge a fee to accommodate your request or refuse to process it.

If you have complaints about our processing of personal data, you can contact the Swedish Data Protection Authority or another competent supervisory authority.

Where Personal Data Is Processed

Personal data is primarily processed within the EU/EEA area. However, data may be processed outside the EU/EEA, in which case we ensure that it is processed equally securely, for example, in accordance with the EU-US Privacy Shield agreement.

Retention Period for Personal Data

We retain personal data as long as Artipelag AB has a legal basis and the relationship is considered active. When personal data is considered redundant, it will be deleted.

Protection of Personal Data

Artipelag applies systems and procedures to prevent your personal data from being disseminated or handled inappropriately.