Your personal data
Reseproducenten AB ("RP", "we", "us") knows how important privacy is for our customers and website visitors, and our goal with this policy is to describe to you in a clear and transparent way how we collect, use, display, transfer and store your information so that you feel confident that your personal data is safe. RP performs all handling of personal data in accordance with the Personal Data Act (PuL) and the EU's upcoming privacy legislation GDPR.
Responsibility for personal data
RP is the data controller for the processing of personal data on this and other websites operated by RP.
Contact details
You can contact us at privatresor@reseproducenten.com or by ordinary letter sent to
Reseproducenten AB, Nygatan 43, 931 31 Skellefteå.
Collection of personal data
What personal data is
Personal data is any information that can be directly or indirectly attributed to a living natural person. This includes, for example, name, social security number, address, email address and telephone number. It also includes, for example, booking numbers and encrypted data and different types of electronic identities, such as
IP numbers, if they can be linked to natural persons.
How we collect personal data and what data we collect
RP collects personal data in several ways, but primarily directly from you.
Data collected in connection with booking and travel
When you book a trip with RP, we collect personal data from you in order to fulfill your order. This includes the name, date of birth, age and gender of all travelers on the booking, and the address and contact details of the main traveler. In connection with the booking, we also collect payment details for the main traveler.If the booking includes children, we collect the same data as above regarding the child.
When you travel with us, we also collect information about your trip. In addition to the above-mentioned data, this includes, for example, the booking number, destination, duration of the trip and what other services you chose to use during the trip.
Data collected during personal contact
We collect personal data from you when you contact us, for example by phone, email or other means. In the first instance, we collect the personal data needed to answer your question or handle your case. This includes your name and booking number. Depending on how you choose to contact us, we may also collect contact details such as email address or telephone number.
In the case of personal contact, we also collect any other personal data that you choose to provide to us. This may include information about allergies, health conditions or other information about you or other people on your trip or booking.
Data collected when you subscribe to our newsletter
If you choose to subscribe to the RP newsletter, we collect your name and email address in order to send the newsletter. If you choose to opt-out, we also collect information about your postal code and country of residence.
Data collected when using our digital services
When you use our website, we collect information about your use of the service. Some of this information may be personal data, such as your IP number. We also collect data on how you navigate the service, what searches you make and what travel products you are interested in.
Data collected from someone other than you
When booking and contacting us in various matters, a person may provide personal data about one or more other people in a travel party. We assume that the person providing the information has the consent of all travelers to provide this personal data. If you have not made a booking yourself but someone else has made a booking that includes you, we collect personal data about you from that person. The same applies if someone else has been in contact with us on your behalf.
In order to keep your personal data updated and correct, we supplement and update your personal data by obtaining it from private and public registers. This applies, for example, to address information.
Processing and storage of personal data
RP's legal basis for processing your personal data.
RP processes your personal data lawfully. The same personal data may be processed both on the basis of performance of the travel contract, specifically on the basis of consent or on the basis that the data is necessary to fulfill other legal obligations. This means that even if you withdraw your consent and the processing based on the consent ceases, the personal data may still remain with us for other purposes.
Essentially, we process your data to fulfill a contract to which you are a party, such as the travel conditions.
Administration of your trip
In order to deliver the travel services you have ordered from us, we use your personal data in various ways. The data is used to issue tickets and travel documents, to make hotel reservations and to carry out the payment of the services you have ordered. If you have ordered additional services, such as a hotel, rental car, excursion package or similar, the data is used in the same way to deliver these services.
Administration of your trip also includes the use of your data for accounting, settlement and auditing, credit or other payment card verification, immigration and customs control.
Customer care
We use your personal data to provide you with service if you contact us with questions, comments or complaints. We use your name and booking number to identify you and your trip. We use your contact details, such as e-mail address and telephone number, to contact you in connection with questions and issues. We may also use all the other personal data we have collected about you to deal with your query or issue, depending on what is relevant in the individual case. This information is stored for 365 days, or according to the Accounting Act (7 years), when applicable.
Sending out information
When you have booked a trip with us, we use your personal data to send you a booking confirmation, important information about your upcoming trip and offers related to the trip. Such mailings are sent to the e-mail address provided in connection with the booking.
We send information about deviations, such as timetable changes and rebookings. Such information may be sent by e-mail, letter, SMS or by telephone call, depending on the nature of the deviation and the contact details we have for you.
We send payment reminders by email and SMS.
Marketing and personalization
Customer information may be used for marketing purposes by RP in connection with specific trips within RP's operations to contact you by post, email and SMS.
If you have signed up for our newsletter, we use your personal data to send the newsletter to you and to customize the content of the newsletter to you. This includes your email address and information about your travel history, usage patterns and preferences. By using this information, we can provide you with the offers that we think you will be most interested in and benefit from.
We also use personalization in our communications via social media and online advertising on websites other than Reseproducenten.com.
In some cases, we share data with our partners to help us customize our offers and marketing to you. We enter into agreements to ensure that such partners process data in accordance with applicable personal data legislation.
For analysis of user patterns and personalization, we use cookies. You can read our cookie policy on the website.
Development of services and services
We use the data we collect about our customers to develop and improve our products and services. This applies partly to our digital services, where we analyze user behavior to develop how we present information, offers and design functions. It also applies to the development of our products according to customers' wishes and behavior and, for example, to correct deficiencies or increase security.
For the most part, we use anonymous or anonymized data at an aggregate level to perform this type of analysis. However, we may also use personal data that we have collected if it is relevant.
Legal requirements
Finally, your personal data may also be processed to enable us to fulfill obligations under laws and regulations, such as security and accounting.
Storage times
RP follows good practice in the travel industry. We keep your personal data for as long as necessary for the purpose of the processing.
We save all the personal data we collect in our customer database. In the customer database, personal data and travel history are saved for two (2) years unless you have consented to us saving your data for longer. If you specifically agree, we will keep your personal data for up to 10 years.
If you make a complaint within 2 years of your last trip, we will keep all your data for 10 years.
If you subscribe to our newsletter, your contact details will be stored for as long as you choose to continue receiving the newsletter.
The same personal data can be stored in several different places for different purposes. This may mean that data that has been deleted from one system because it is no longer necessary may remain in another system where it is stored with the support of consent or for another purpose where the personal data is still needed.
RP's technical and organizational measures for the secure processing of your personal data.
We take ongoing measures to comply with the principles of 'data protection by design and by default'. We continuously evaluate the risks of the personal data processing that takes place and take the necessary security measures to reduce the risks.
We continuously train our staff on data protection issues. If you have direct questions about how we work with the General Data Protection Regulation (GDPR) - please contact privatresor@reseproducenten.com.
Disclosure of personal data
Microsoft
We use Microsoft office products and system services for our internal work. This means that your personal data will be processed by Microsoft, which has been engaged by us as a data processor. The personal data is stored by Microsoft in a cloud service within the EU. In the event of a major IT incident, the personal data may be transferred by Microsoft to a third country (i.e. a country outside the EU/ESS). This transfer is only for the purpose of protecting the data.
Contractual partners and IT suppliers
We use a number of different IT services and systems in our operations, some of which store and process personal data. We are concerned about your privacy and the security of your data in all such processing. Some systems are installed on our premises and only our staff have access to the data. In these cases, there is no transfer to third parties. However, some systems are cloud solutions or installed at the provider and involve us transferring personal data to the provider. In these cases, the provider is our data processor and handles the data on our behalf and according to our instructions.
Internal IT systems
Internally, we process personal data in our customer register and in our booking systems.
These systems are used to deliver the services you have ordered from us and to handle questions and customer care in connection with the performance of these services. All the personal data we collect may be processed in these systems.
Payment solutions and gift cards
We use external providers to handle payments and gift cards. These providers have access to personal data such as names, addresses and payment information. This processing is necessary for us to deliver the services you have ordered from us.
Contact services
We use external providers to provide information via SMS before and during a trip. These providers have access to personal data in the form of telephone numbers.
Suppliers of travel-related services
To provide some of the services you have ordered from us, we use subcontractors and contractual partners. It is often necessary for us to disclose personal data to them in order to provide the service.
Travel agencies and cooperation partners
When you book a trip with RP via another travel agency that we cooperate with for the marketing of our trips, you may provide personal data to that travel agency. For example, Norrtelje Resebyrå, Big Travel and Nex Resebyrå in Piteå. These personal data are responsible for and managed by each actor in accordance with their personal data policy.
When a booking is made through a cooperating travel agency, we send certain personal data to the respective operator to confirm that the booking has been made.
When you book through a cooperating travel agency, you provide your personal data to the travel agency and consent to the travel agency processing it in its operations. The travel agency can therefore identify you e.g. by your booking number. We are not responsible for the processing by these travel agents of the personal data you have provided directly to them.
Hotel services
We use hotels in our destinations both for longer periods and for individual bookings at the request of customers. The hotels have access to the personal data needed to make a booking. This includes, where applicable, the name, date of birth, age and gender of all travelers on the booking, and the address and contact details of the main traveler.
Airline companies
Airlines have access to the personal data of the passengers who will travel with their airlines. This includes the name, sometimes date of birth, sometimes age and gender of all passengers on the booking, and the address and contact details of the main passenger. The transfer of passenger data takes place either via the Amadeus computer systems or directly to the airline with passenger lists, known as pax lists.
Handling agents
Depending on which airline is used for the journey and which airport the journey departs from, different handling agents are hired to perform services related to the journey at the airport. These may include, for example, check-in and baggage handling. In connection with the performance of these services, the handling agent may have access to certain personal data necessary to perform the service.
Other services
If you book other travel-related services through us, such as excursions or activities, the personal data needed to deliver the ordered service may, where appropriate, be transferred to the service provider. This may include information such as the name, date of birth, age and gender of all travelers on the booking, and the address and contact details of the main traveler.
Extradition to third countries
As we arrange trips all over the world, some of our partners (e.g. hotels and airlines) are located outside the EU/EEA area. This means that personal data may be transferred to partners in these countries for the same purposes as described above. Regardless of which country RP transfers your personal data to, RP has an obligation to ensure a good level of protection for your personal data. Which RP obviously does.
Your rights
Necessary processing of personal data and processing based on consent
Personal data processing that is necessary for us to perform a contract with you or to comply with a legal obligation is permitted without consent. However, in order for us to collect and process your personal data for any other purpose, your consent to the processing is required. You give consent to the processing of your personal data when you use our services on Reseproducenten.com, when you contact our travel advisors or a partner.
Withdrawal of consent
You can choose to withdraw your consent at any time by contacting us at the contact details above. If you withdraw your consent, we will delete the personal data and cease the processing covered by the consent.
The same personal data may be processed both on the basis of consent and on the basis that the data is necessary or on the basis of other rules. This means that even if you withdraw your consent and the processing based on the consent ceases, the personal data may still remain with us for other purposes.
Right to be informed of the personal data we have stored about you
If you wish to obtain information about the data we have registered about you, you can make a written request at the above address. The extract from the register is provided on request and is free of charge once a year.
How do I request an extract from the register?
You write and request a register extract from the RP. NOTE! You must submit your request in writing as it must include your signature. You cannot simply send an email.
Mark the letter "Personal data extract - to the Travel Producer's data controller".
The legal basis for this right to register extracts can be found in Section 26 of the Personal Data Act.
This is how you can write:
Personal data extract - to the travel producer's personal data controller.
I hereby apply for information under Section 26 of the Personal Data Act.
...........................................................................
(Place and date)
..........................................................................
(Signature)
.........................................................................
(Clarification of name, social security number and address).
(email/phone number)
...............................................................................
Right to control your personal data
You have the right to request the deletion, completion or rectification of your data. You also have the right to request that the processing of your personal data is limited to certain purposes, such as not being used for direct marketing or profiling.
cookies
On Reseproducenten.com and our other websites we use cookies to improve your experience, to collect information for our marketing and to develop the websites. The information is stored anonymously. Some personal data may be handled by cookies on Reseproducenten.com. For this handling, in addition to our personal data policy, our cookie policy also applies, which you can find under "Important information" at the bottom of our website.
If you want to complain
Anyone who believes that a company is violating the GDPR or other privacy legislation can contact the Swedish Data Protection Authority. Read more on the Data Protection Authority's website.