Your personal data
Reseproducenten AB ("RP", "we", "us") knows how important privacy is to our customers and website visitors, and our goal with this policy is to clearly and transparently describe to you how we collect, use, display, transfer, and store your information so that you can feel confident that your personal data is in safe hands. RP handles all personal data in accordance with the Swedish Personal Data Act (PuL) and the EU's upcoming privacy legislation, GDPR.
Personal data controller
RP is the personal data controller for the processing of personal data on this and other websites operated by RP.
Contact details
You can contact us at privatresor@reseproducenten.com or by regular mail sent to
Reseproducenten AB, Nygatan 43, 931 31 Skellefteå.
Collection of personal data
What is personal data
Personal datais any information that can be directly or indirectly attributed to a living individual. This includes, for example, names, personal identification numbers, addresses, email addresses, and telephone numbers. It also includes, for example, booking numbers and encrypted data, as well as various types of electronic identities, such as
IP numbers, if they can be linked to individuals.
How we collect personal data and what data we collect
RP collects personal data in several ways, but primarily directly from you.
Information collected in connection with booking and travel
When you book a trip with RP, we collect personal information from you in order to fulfill your order. This includes the name, date of birth, age, and gender of all travelers on the booking, as well as the address and contact information of the main traveler. In connection with the booking, we also collect payment details for the main traveler. If the booking includes children, we collect the same information as above regarding the child.
When you travel with us, we also collect information about your trip. In addition to the information mentioned above, this includes, for example, booking number, destination, length of trip, and any other services you chose to use during the trip.
Information collected during personal contact
We collect personal data from you when you contact us, for example by telephone, email, or other means. We primarily collect the personal data necessary to answer your question or handle your case. This includes your name and booking number. Depending on how you choose to contact us, we may also collect contact details such as your email address or telephone number.
During personal contact, we also collect other personal data that you choose to provide to us. This may include information about allergies, health conditions, or other information about you or other people on your trip or booking.
Information collected when you subscribe to our newsletter
If you choose to subscribe to RP's newsletter, we collect your name and email address in order to send you the newsletter. If you choose to provide it, we also collect information about your postal code and country of residence.
Information collected when using our digital services
When you use our website, we collect information about your use of the service. Some of this information may be personal data, such as your IP address. We also collect information about how you navigate the service, what searches you perform, and what travel products you are interested in.
Information collected from someone other than you
When booking and contacting us in various matters, a person may provide personal data about one or more other people in a travel group. We assume that the person providing the information has the consent of all travelers to provide this personal data. If you have not made a booking yourself, but someone else has made a booking that includes you, we will collect personal data about you from that person. The same applies if someone else has been in contact with us on your behalf.
In order to keep your personal data up to date and accurate, we supplement and update your personal data by obtaining it from private and public registers. This applies, for example, to address details.
Handling and storage of personal data
RP's legal basis for processing your personal data.
RP processes your personal data lawfully. The same personal data may be processed on the basis of the performance of the travel contract, specifically on the basis of consent, or on the basis that the data is necessary to fulfill other legal obligations. This means that even if you withdraw your consent and the processing based on consent ceases, the personal data may still remain with us for other purposes.
We mainly process your data to fulfill an agreement to which you are a party, such as the travel terms and conditions.
In orderto provide the travel services you have ordered from us, we use your personal data in various ways. The data is used to issue tickets and travel documents, to make hotel reservations, and to pay for the services you have ordered. If you have ordered additional services, such as hotels, car rentals, excursion packages, or similar, the data is used in a similar way to deliver these services.
The administration of your trip also includes the use of your data for accounting, settlement, and auditing, credit or other payment card verifications, immigration, and customs control.
Customer service
We use your personal data to provide you with service if you contact us with questions, comments, or complaints, for example. We use your name and booking number to identify you and your trip. We use your contact details, such as your email address and phone number, to contact you in connection with questions and matters. We may also use all other personal data we have collected about you to handle your question or matter, depending on what is relevant in each individual case. This information is stored for 365 days, or in accordance with the Accounting Act (7 years), where applicable.
Sending out info
Once you've booked a trip with us, we'll use your personal info to send you a booking confirmation, important info about your upcoming trip, and offers related to your trip. We'll send these to the email address you gave us when you booked.
We send information about deviations, such as timetable changes and rebookings. Such information may be sent by email, letter, text message, or provided by telephone, depending on the nature of the deviation and the contact details we have for you.
We send payment reminders by email and text message.
Marketing and personalization
Customer information may be used in marketing contexts by RP in connection with specific trips within RP's operations to contact you by mail, email, and SMS.
If you have subscribed to our newsletter, we use your personal data to send you the newsletter and to tailor the content of the newsletter to you. This includes your email address and information about your travel history, user patterns, and preferences. By using this information, we can provide you with offers that we believe will be of most interest and benefit to you.
We also use personalization in our communication via social media and web advertising on websites other than Reseproducenten.com.
In some cases, we share information with our partners so that they can help us tailor our offers and marketing to you. We enter into agreements to ensure that such partners process data in accordance with applicable personal data legislation.
We use cookies to analyze user patterns and personalization. You can read our cookie policy onour website.
Development of services
We use the information we collect about our customers to develop and improve our products and services. This applies to our digital services, where we analyze user behavior to develop how we present information, offers, and design features. It also applies to the development of our products based on customer preferences and behavior and to, for example, remedy deficiencies or increase security.
We mainly use anonymous or anonymized data at an aggregated level to perform this type of analysis. However, we may also use personal data that we have collected if it is relevant.
Finally, your personal data may also be processed in order for us to comply with obligations under laws and regulations, for example regarding security and accounting.
Storage periods
RP follows good practice in the travel industry. We store your personal data for as long as is necessary for the purpose of the processing.
We store all the personal data we collect in our customer database. Personal data and travel history are stored in the customer database for two (2) years unless you have consented to us storing your data for longer. If you specifically consent to this, we will store your personal data for up to 10 years.
If you make a complaint within two years of your last trip, we will store all your data for ten years.
If you subscribe to our newsletter, your contact details will be stored for as long as you choose to continue receiving the newsletter.
The same personal data may be stored in several different places for different purposes. This may mean that data that has been deleted from one system because it is no longer necessary may remain in another system where it is stored with consent or for another purpose where the personal data is still needed.
RP's technical and organizational measures for the secure processing of your personal data.
We take ongoing measures to comply with the principles of "built-in data protection and data protection by default." We continuously evaluate the risks associated with the processing of personal data and take the necessary security measures to reduce these risks.
We continuously train our staff in data protection issues. If you have any direct questions about how we work with the General Data Protection Regulation (GDPR), please contact privatresor@reseproducenten.com.
Disclosure of personal data
Microsoft
We use Microsoft Office products and system services for our internal work. This means that your personal data will be processed by Microsoft, which we have engaged as a data processor. Personal data is stored by Microsoft in a cloud service within the EU. In the event of a major IT incident, personal data may be transferred by Microsoft to a third country (i.e., a country outside the EU/EEA). This transfer is only done for the purpose of protecting the data.
Contract partners and IT suppliers
We use a number of different IT services and IT systems in our business. Some of these store and process personal data. We are committed to protecting your privacy and the security of your data in all such processing. Some systems are installed locally at our premises and only our staff have access to the data. In these cases, no transfer to third parties takes place. However, some systems are cloud solutions or installed at the supplier's premises, which means that we transfer personal data to the supplier. In these cases, the supplier is our personal data processor and handles the data on our behalf and according to our instructions.
Internal IT systems
Internally, we process personal data in our customer register and in our booking systems.
These systems are used to deliver the services you have ordered from us and to handle questions and customer care in connection with the performance of these services. All the personal data we collect may be processed in these systems.
Payment solutions and gift cards
We use external providers to handle payments and gift cards. These providers have access to personal data in the form of names, addresses, and payment information. This processing is necessary for us to be able to deliver the services you have ordered from us.
Contact services
We use external providers to provide information via SMS before and during a trip. These providers have access to personal data in the form of telephone numbers.
Providers of travel-related services
In order to provide some of the services you have ordered from us, we use subcontractors and contractual partners. It is often necessary for us to provide personal data to these parties in order for the service to be performed.
Travel agencies and partners
When you book a trip with RP through another travel agency that we work with to market our trips, you may provide personal data to that travel agency yourself. Examples include Norrtelje Resebyrå, Big Travel, and Nex Resebyrå in Piteå. This personal data is the responsibility of and handled by the respective operator in accordance with their personal data policy.
When a booking is made through a partner travel agency, we send certain personal data to the respective operator to confirm that the booking has been made.
When you book through a partner travel agency, you provide your personal data to the travel agency and consent to the travel agency processing this data in its operations. The travel agency can therefore identify you, for example, using your booking number. We are not responsible for these travel agencies' handling of the personal data you have provided directly to them.
We use hotelsat our destinations both for longer periods and for individual bookings at the request of customers. The hotels have access to the personal data needed to make a booking. Where applicable, this includes the name, date of birth, age, and gender of all travelers on the booking, as well as the address and contact details of the main traveler.
Airlineshave access to personal data about passengers traveling with their respective airlines. This includes the names, sometimes dates of birth , sometimes ages and genders of all passengers on the booking, and the address and contact details of the main passenger. Passenger data is transferred either via the Amadeus computer system or directly to the airline in the form of passenger lists, known as pax lists.
Depending on which airline is used for the trip and which airport the trip departs from, different handling agents are engaged to perform services related to the trip at the airport. This may include, for example, check-in and baggage handling. In connection with the performance of these services, the handling agent may have access to certain personal data that is necessary to perform the service.
Other
If you book other travel-related services through us, such as excursions or activities, the personal data necessary to deliver the ordered service may, where applicable, be transferred to the party providing the service. This may include, for example, the names, dates of birth, ages, and genders of all travelers on the booking, as well as the address and contact details of the main traveler.
Transfer to third countries
As we arrange trips all over the world, some of our partners (e.g. hotels and airlines) are located outside the EU/EEA area. This means that personal data may be transferred to partners in these countries for the same purposes as described above. Regardless of which country RP transfers your personal data to, RP has an obligation to ensure that your personal data is adequately protected. Which RP naturally does.
Your rights
Necessary processing of personal data and processing based on consent
Personal data processing that is necessary for us to fulfill an agreement with you or to fulfill a legal obligation is permitted without consent. However, in order for us to collect and process your personal data for any other purpose, you must consent to the processing. You consent to the processing of your personal data when you use our services at Reseproducenten.com, when you contact our travel advisors, or when you contact one of our partners.
Withdrawal of consent
You may withdraw your consent at any time by contacting us using the contact details above. If you withdraw your consent, we will delete the personal data and cease the processing covered by the consent.
It may be the case that the same personal data is processed both on the basis of consent and on the basis that the data is necessary or on the basis of other rules. This means that even if you withdraw your consent and the processing based on consent ceases, the personal data may still remain with us for other purposes.
Right to obtain information about the personal data we have stored about you
If you would like information about the data we have registered about you, you can submit a written request to the above address. The register extract is provided on request and is free of charge once a year.
How do I request a register extract?
You write and request a register extract from RP. NOTE! You must submit your request in writing as it must contain your signature. You cannot simply send an email.
Mark the letter "Personal data extract – to Reseproducenten's data controller".
The legal basis for this right to obtain a register extract can be found in Section 26 of the Personal Data Act.
You can write as follows:
Personal data extract – to the Travel Producer's data controller
I hereby request information in accordance with Section 26 of the Personal Data Act.
…………………………………………………………………
(Place and date)
………………………………………………………………..
(Signature)
……………………………………………………………….
(Name clarification, personal identification number, and address.)
(e-mail/phone number)
…………………………………………………………………….
Right to control your personal data
You have the right to request that your data be deleted, supplemented, or corrected. You also have the right to request that the processing of your personal data be limited to certain purposes and, for example, not be used for direct marketing or profiling.
Cookies
At Reseproducenten.com and our other websites, we use cookies to improve your experience, to collect information for our marketing, and to develop our websites. The information is stored anonymously. Certain personal data may be processed by cookies on Reseproducenten.com. In addition to our personal data policy, our cookie policy, which you can find under "Important information" at the bottom of our website, also applies to this processing.
If you wish to file a complaint
Anyone who believes that a company is violating the GDPR or other privacy legislation can contact the Swedish Data Protection Authority. Read more on the Swedish Data Protection Authority's website.