1. Data controller
Company: Rozanatravel AB
Reg. no: 559583-7559
Postal address: Stora torget, 291 29 Kristianstad, Sweden
Email: info@rozanatravel.se
Phone: +46 70 009 09 08
Customer support hours: Mon–Fri 09:00–17:00 (CET)
Website: www.rozanatravel.se
2. What personal data we process
We may process the following data about you:
A) Data you provide when booking or contacting us
- Name, email, phone number
- Booking details: destination, travel dates, hotel preferences, transfer details, special requests
- Traveller details (depending on the supplier's requirements): full name as per passport/ID, date of birth, nationality, gender (if the supplier requires it), passport details (if required for the booking)
- Communication: email, chat, support cases, complaints
- Payment-related information handled by our payment provider (we do not store full card details ourselves)
B) Data we collect automatically
- IP address, device information, browser type, operating system, logs
- Usage data (e.g. pages visited, clicks, time on page)
- Cookies and similar technologies (see our Cookie Policy)
C) Special categories of data
If you choose to provide sensitive data (e.g. health information for special assistance or dietary needs for medical reasons), we process it only where it is necessary and lawful, normally with your explicit consent.
3. Why we process personal data (purposes)
We process personal data in order to:
- Carry out and administer bookings of flights, hotels, transfers and package tours
- Send booking confirmations, changes and important travel information
- Handle payments and prevent fraud
- Provide customer service before, during and after the trip
- Fulfil our obligations as a package travel organiser under the Package Travel Act (2018:1217), including the travel guarantee with Kammarkollegiet
- Improve the website and the user experience (statistics and analytics)
- Comply with legal requirements (e.g. the Bookkeeping Act, consumer protection legislation)
- Handle disputes, claims and legal interests
4. Legal basis
We process personal data on the basis of:
- Contract: to be able to deliver booked travel services and fulfil package travel agreements.
- Legal obligation: e.g. bookkeeping requirements, requirements under the Travel Guarantee Act and consumer protection legislation.
- Legitimate interest: e.g. security, fraud prevention, improvement of the service and the handling of disputes. We weigh this against your interests in each individual case.
- Consent: e.g. for non-essential cookies and for any special categories of data. You can withdraw consent at any time.
5. If you do not provide data
Some data is necessary for us to be able to book a trip (e.g. the traveller's name as per passport and contact details). If data is missing, we cannot complete the booking or fulfil the agreement.
6. Who we share data with (recipients)
We may share personal data with:
- Travel suppliers: airlines, hotels, transfer and transport companies, local organisers and their booking systems (GDS, hotel PMS, etc.).
- Payment providers: the payment solutions used at checkout (e.g. Stripe, Klarna, Swish).
- IT and system suppliers: hosting, email, customer support systems, analytics tools (data processors that process data on our behalf under data processing agreements).
- Authorities: when we are required to by law, e.g. the Swedish Tax Agency, the Swedish Consumer Agency or Kammarkollegiet.
- Insurance companies and legal advisers: in the event of disputes, damages claims or insurance matters, where necessary.
We do not sell your personal data.
7. Transfers outside the EU/EEA
Certain travel suppliers (e.g. hotels and airlines) and IT services may process personal data outside the EU/EEA, for example in connection with booking trips to third countries. When such a transfer takes place, we use appropriate safeguards under the GDPR, such as the European Commission's Standard Contractual Clauses (SCC) or equivalent, and, where necessary, supplementary technical and organisational measures.
8. How long we keep data (retention period)
- Booking and customer service data: normally 24 months after the trip ends, in order to handle complaints and any disputes.
- Accounting records: 7 years under the Bookkeeping Act.
- Travel guarantee and package travel records: for as long as necessary under the Travel Guarantee Act and the Package Travel Act.
- Marketing: until you unsubscribe or withdraw consent (where processing is based on consent).
- Cookies: as stated in our Cookie Policy.
9. Your rights
Under the GDPR you have the right to:
- request access to your data (a register extract)
- have inaccurate data corrected
- have data erased (in certain cases)
- request restriction of the processing
- object to processing based on legitimate interest
- obtain data portability where applicable
- withdraw consent where processing is based on consent
You also have the right to lodge a complaint with the supervisory authority, the Swedish Authority for Privacy Protection (IMY), www.imy.se.
Contact us at info@rozanatravel.se if you wish to exercise your rights.
10. Security
We use appropriate technical and organisational measures to protect personal data, e.g. access controls, encryption in transit (TLS/SSL), authorisation management and incident-handling procedures. In the event of a personal data breach, we report it to IMY in accordance with the GDPR where required and inform you when the breach poses a high risk to your rights.
11. Marketing
At present we do not send newsletters or marketing by email. If we begin to do so in the future, it will be done either with your consent or on another permitted legal basis, and you will always be able to unsubscribe easily.
12. Changes
We may update this privacy policy. The version published on our website at any given time is the one that applies. In the event of material changes, we will inform you in an appropriate way, e.g. via the website or by email.
