Privacy policy

Rozana Travel AB is the data controller for personal data processed via this website and our booking flow. Our registered address is on the Contact page.

Questions about how your data is handled can be sent to info@rozanatravel.se.

Booking enquiries and confirmed bookings: full name, email, phone number, number of travellers, preferred travel dates, optional message text, and (for confirmed bookings) the package booked.

Contact form submissions: full name, email, message text.

Newsletter subscriptions (if you opt in): email address only.

Server logs: IP address, browser/device type, pages visited. We do not use third-party analytics or advertising trackers.

Performance of a contract (Article 6(1)(b) GDPR) for booking-related data — to plan, confirm, and deliver your trip.

Legitimate interest (Article 6(1)(f)) for general contact form messages and minimal server logging — to respond to enquiries and keep the site secure and operational.

Consent (Article 6(1)(a)) for the newsletter — you can withdraw consent at any time.

Supabase (database hosting, EU region) — stores booking and contact-form rows. Acts as a processor under a Data Processing Agreement.

Resend (transactional email) — sends booking confirmation and admin-notification emails.

Vercel (web hosting) — serves the site and handles request logs.

Local operators in destination countries — minimum necessary information (your name, travel dates, party size) once your trip is confirmed.

We do not sell or rent your personal data, and we never will.

Where our processors operate outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses (or an equivalent legal mechanism) to ensure your data remains protected to GDPR standards.

Booking records: seven years from completion of the trip, in line with Swedish accounting law.

Contact form messages: 24 months unless they relate to an active or upcoming trip.

Newsletter subscriptions: until you unsubscribe.

Server logs: 30 days, then anonymised or deleted.

You have the right to access the personal data we hold about you, to ask us to correct it, to ask us to delete it (the "right to erasure"), to restrict or object to processing, and to data portability. To exercise any of these, write to info@rozanatravel.se. We respond within one month.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY — Integritetsskyddsmyndigheten) at imy.se.

We use only strictly necessary cookies for session handling (your selected locale, auth session for admins). We do not set advertising or analytics cookies.

Material changes to this policy will be announced on the site at least 30 days in advance. The "Last updated" date at the top of this page reflects the latest revision.