Skip to content

Privacy Policy

Direct North

Last Updated: December 15, 2025

This Privacy Policy describes how Svedlander AB (doing business as “Direct North”) collects, uses, and protects your personal data when you visit our website or book a tour with us.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (Law with supplementary provisions to the EU General Data Protection Regulation).

1. Data Controller

The company responsible for your personal data is:

Svedlander AB (trading as Direct North) Email: mail@directnorthtravel.com Website: www.directnorthtravel.com

2. What Data We Collect & Why

We process different types of data depending on how you interact with us.

A. When you visit our website

  • Analytics: We use Plausible Analytics to understand website trends. Plausible is a privacy-first tool that does not use cookies and does not store personal data. It does not track you across devices or other websites. All data is aggregated and anonymized.
  • Cookies: We use Complianz to manage cookie consent. We strictly limit cookies to those necessary for the site to function (functional cookies).

B. When you book a tour

We collect the following information to process your booking and ensure your safety:

  • Identity & Contact Data: Name, email address, phone number, and country of residence.
  • Transactional Data: Details about payments and services purchased.
  • Health & Dietary Data: Information regarding allergies or dietary restrictions.
    • Legal Basis: Explicit Consent. We only process this data because you have actively provided it to us to ensure your safety and comfort (e.g., for fika or meals).
  • Group Data: If you book on behalf of others, we collect their names and dietary needs.
    • Note: If you provide data for other individuals, you confirm that you have obtained their permission to share their personal data with us.

C. Legal Obligations

  • Accounting: Under the Swedish Accounting Act (Bokföringslagen), we are required by law to store all order history (receipts/invoices) for 7 years.

3. How We Share Your Data

We do not sell your data. We only share it with trusted partners necessary to deliver our services:

  1. Payment Providers: Payments are processed by Mollie. We do not store your full credit card details on our servers; they are handled securely by Mollie under their own strict privacy standards.
  2. Service Partners: We may share your name and dietary requirements with local partners (e.g., hotels, transport companies, or freelance guides) strictly to deliver the tour you booked.
  3. IT & Hosting: Our website is hosted by TransIP and our website emails are also send through TransIP servers. We also use Google workspace for emails and storage of documents. All providers are vetted for GDPR compliance.

4. International Transfers

We strive to keep your data within the EU/EEA. If we must transfer data outside the EU (e.g., to a technical service provider), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

5. Photography during Tours

During our tours, guides may take photos for promotional use (social media, website).

  • General shots: We rely on Legitimate Interest for atmospheric shots where individuals are not the main focus.
  • Close-ups: If we wish to use a close-up photo of you for marketing, we will ask for your verbal or written permission on the spot. You always have the right to ask us not to take your photo.

6. Data Retention

  • Booking Inquiries: Retained for 12 months in case of follow-up questions.
  • Completed Orders: Retained for 7 years (per Swedish Accounting Act).
  • Health Data (Allergies): Deleted 30 days after your tour has been completed, as it is no longer needed.

7. Your Rights

Under the GDPR, you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct wrong information.
  • Erasure: Ask us to delete your data (unless we must keep it for accounting laws).
  • Complaint: Lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) if you believe we have mishandled your data.

8. Contact

To exercise any of these rights, please contact us at privacy@svedlander.se