top of page

privacy policy

Privacy Policy
Welcome to Bromander's Sheep and Recreation Farm and our website at At Bromander's Sheep and Recreation Farm, we take the protection of your Personal Data very seriously.

This Privacy Policy explains which Personal Data we collect from you via our website, what we use it for, when we delete it and how your data is protected. In addition, we will inform you of the respective legal basis that allows us to process your data. Finally, we will also tell you about your rights in connection with the processing of your data. 

What is Personal Data?
Personal Data is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data exists if no personal reference to the user can be made.

What is Processing?
"Processing" means and covers virtually any handling of data.

What law applies?
We will only use your Personal Data in accordance with the applicable data protection laws, in particular the Swedish Data Protection Act (dataskyddsförordning) (“DPA”) and the EU's General Data Protection Regulation (“GDPR”), and of course only as described in this Privacy Policy.

Who is responsible for data processing?
The responsible party within the meaning of the DPA and the GDPR is Bromander's Sheep and Recreation Farm of Ringaby 427, 71892 Frövi, Sweden (“Bromander's Sheep and Recreation Farm”, “we”, “us”, or “our”). 

If you have any question about our data protection practices, please feel free to contact us using, or call 070-9600516 or write to us at the above address.

Data collection 
All Personal Data that we obtain from you will only be processed for the purposes described in more detail below. In particular, we collect Personal Data only if:

* you have given your consent;
* the data is necessary for the fulfillment of a contract / pre-contractual measures;
* the data is necessary for the fulfillment of a legal obligation; or
* the data is necessary to protect the legitimate interests of our company and business.

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with the Ministry of Finance and others for up to 8 years. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Data transfers
In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.

1. Internal
If necessary, we transfer your Personal Data within Bromander's Sheep and Recreation Farm. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorized employees who need access to the data due to their job, e.g., to fulfill your order or to contact you in case of queries.

2. External bodies
Personal Data is transferred to our service providers in the following instances:

* in the context of fulfilling your orders, shipping and delivery,
* to use marketing services and to advertise our products online,
* to communicate with you,
* to provide our website and shop, and 
* to state authorities and institutions as far as this is required or necessary.

We usually do not transfer Personal Data to countries outside Sweden or the EEA. However, if we do, we ensure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.

Security of your data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.

Your Rights and Privileges 
1. Privacy rights 
Under the DPA and GDPR, you can exercise the following rights:

* The right to access;
* The right to rectification;
* The right to erasure;
* The right to restrict processing;
* The right to object to processing;
* The right to data portability;

2. Updating your information
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.

3. Withdrawing your consent 
You can withdraw consents you have given at any time by contacting us. 

4. Access Request 
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

5. Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The Integritetsskyddsmyndigheten (IMY), which is the relevant authority in Sweden. The IMY is located at  Box 8114, SE-104 20 Stockholm, Sweden and their website can be found at We would, however, appreciate the chance to deal with your concerns before you approach the IMY or any other supervisory authority.

Processing of your Personal Data
1. Log files
As mentioned above, we want to provide you with an optimal user experience in our online shop and with our advertisements, which is tailored to your individual needs. To this end, we work together with various service providers and technology providers and use cookies and tracking methods. The following data is collected anonymously for the purpose of demand-oriented design and optimization of our website:

   * Information on the device used (e.g., operating system, browser, screen resolution, language set.
   * Information on pages viewed during the website visit (e.g., category or product detail pages)
   * Information within the ordering process (e.g., order number, delivery and payment method, shipping and/or billing address)
   * Information on access data (e.g., entry via email newsletters, other websites or online advertising measures).

The scope of the stored and processed data is limited purely to the performance of statistical evaluations. Your IP address is made unrecognizable immediately after receipt, which means that it is not possible to assign usage profiles to IP addresses.

The collection of the data is necessary from a technical point of view in order to continuously optimize the functions as well as the presentation of our website on different devices, operating systems and browsers and to be able to make our offer more interesting for you as a user and is therefore based on the legitimate interest. 

2. Cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies: i) Essential Cookies. Essential cookies are cookies to provide a correct and user-friendly website; and ii) Non-essential Cookies. Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies). 

As set out in Sweden`s Marketing Act (“MA”) and Electronic Communications Act (“ECA”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.

3. Cookie consent
Our website uses the cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest.

4. Hosting
We use the store system of the service provider LTD, for the purpose of hosting and displaying the website on our behalf. All data collected on our website is processed on LTD's servers on our behalf. The basis for processing is our legitimate interest.

5. Content Management System
We use the Content Management System (CMS) of LTD to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us is transferred to Wix. This represents a legitimate interest.

6. Provision of the eCommerce System
We also use the eCommerce system of Wix. All data collected in our shop is processed on Wix`s global servers. The legal basis for the data processing is our legitimate interest in providing our shop.

7. Content Delivery Network 
We also use the Content Delivery Network (CDN) of Wix to distribute our online content. Our CDN is a network of regionally distributed servers operated by our technical service providers that are interconnected via the Internet. When you visit our website, your device's browser transmits information to these service providers, which is collected in corresponding server log files. The server log files are usually anonymized and then transmitted without personal reference. The server log files include in particular i) information on the browser and operating system used, ii) the previously visited pages (so-called referral URL), iii) the IP address of the device used, iv) the name of the Internet provider, and v) the date, time of all page views including the amount of data transferred. The legal basis for the processing is our legitimate interest.

8. Contact options
We process and store the Personal Data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. If you contact us, we will process the data you provide to respond to you and answer your questions and requests. In doing so, the principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely need from you in order to contact you. These are usually your first and last name, your email address, the topic selection and the message field itself. In addition, your IP address is processed out of technical necessity and for legal protection. For the Chat, we use Ascend by Wix. We have no influence on the processing of data by Wix and no possibility to influence it. The legal basis for processing is our legitimate interest, the provision or initiation of a contractual service and your consent.

9. Shopping with us
We process your first name, last name, e-mail, address for the delivery of your order (email address for digital delivery of your gift card), billing address, and the data related to your contract with us data to handle the contractual relationship between you and us.Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. 

10. Account Registration
It is also possible for you to register for an account. For this purpose, you can choose a password together with your email address, both of which will enable you to log in more easily without having to enter your data again when you make a future purchase or access our other content such as the blog or forum. We will hold your data as long as you have your account with us. The legal basis for processing is the provision or initiation of a contractual service and your consent.

11. Payment Data
If you make a purchase your payment will be processed via our payment service provider Stripe or Klarna. Payment data will solely be processed through Stripe or Klarna and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

12. Provision of contractual services 
We process the Personal Data involved in your use of our services in order to be able to provide our contractual services including but not limited to our Spa treatments or Massages or when you book a cottage or house. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations.

13. Forum and Blog
Forum users can register on our website by providing personal and non-personal data (Username, E-mail address). The data is entered by the user in an input mask and transmitted to us and stored. In addition, the user's IP address and the date and time of registration are stored. Your data will be deleted after processing has been completed unless there is a legal basis for the processing of the data, and a further legal basis is the provision of a contract.

When users leave comments or other contributions in our forum or blog, their IP addresses are stored for 7 days on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. 

Within the forum or blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data are publicly viewable. You have choices about the information on your comment. You don’t have to provide additional information on your comment; however, information helps you to get more from our Services. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the storage is our legitimate interest.

14. Marketing 
Insofar as you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out. 

15. Economic analyses and market research
For business reasons, we analyze the data we have on business transactions, contracts, enquiries,browsing behavior etc., whereby the group of persons concerned may include contractual partners, interested parties, and users of our services.

The analyses are carried out for the purpose of business evaluations and market research. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

Social Media
1. General
We are present on social media on the basis of our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The Personal Data collected when contacting us is to handle your request and the bases are both your consent and our legitimate interest.

2. When you visit our profiles and interact with us and others
When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). 

Which Personal Data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account.  Please take care not to transmit or share sensitive data or confidential information (e.g., application documents, bank or payment data) via social media platforms; we recommend that you use a more secure means of transmission (e.g. e-mail). 

Validity and questions
This Privacy Policy was last updated on Sunday, 17th of September 2023, and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary. If you have any question about our data protection practices, please feel free to contact us using, or call 070-9600516 or write to us at the above address.

bottom of page