PRIVACY POLICY – Nordic Travel Style
Last updated: 29 May 2025
1. Who We Are
We are Nordic Travel Style.
For this website, we are the data controller under the EU General Data Protection Regulation (“GDPR”).
Contact us any time at: pkedzior@nordic-travel.style
2. The Data We Collect
| Category | What it is | Typical Source |
|---|---|---|
| Identity | name, company, job title | contact form, email |
| Contact | email, phone, postal address | you |
| Technical | IP address, device + browser info, pages visited, time spent | cookies, server logs |
| Marketing | newsletter opens, clicks, preferences | email tools |
We do not ask for sensitive data (race, health, religion, etc.). If you send it anyway, that’s on you; we’ll delete it.
3. Why We Use It & Legal Bases
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries & running events | Art 6 (1)(b) GDPR – contract |
| Sending news you asked for | Art 6 (1)(a) GDPR – consent |
| Basic analytics, site security, cookie remember-me | Art 6 (1)(f) GDPR – legitimate interest |
| Complying with Danish bookkeeping & tax law | Art 6 (1)(c) GDPR – legal obligation |
4. Cookies & Tracking
We run plain-vanilla first-party cookies plus Google Analytics 4 in cookieless mode.
No creepy third-party ad pixels. Your browser’s “Do Not Track” flag is honoured.
A cookie banner pops up the first time; change settings anytime via the “Cookie Settings” link in the footer.
5. Who Gets Access
-
Hosting: SiteGround (EU datacentres)
-
Email & productivity: Microsoft 365 (EU tenant)
-
Analytics: Google Analytics 4 (pseudonymised IPs)
-
Newsletter: Brevo (formerly Sendinblue, EU)
All processors are under GDPR-compliant data-processing agreements.
We don’t sell data. Ever.
6. How Long We Keep It
| Data Set | Retention |
|---|---|
| Contact form submissions | 24 months after last reply |
| Client/project files & invoices | 5 years (Danish tax law) |
| Newsletter list | until you unsubscribe |
| Analytics logs | 14 months, then aggregated |
7. Your Rights
-
Access – know what we hold
-
Rectification – fix mistakes
-
Erasure – “right to be forgotten”
-
Restriction – pause processing
-
Portability – get your data in CSV
-
Objection – opt out of legit-interest uses
-
Withdraw consent – newsletters, cookies
Just email: pkedzior@nordic-travel.style
We answer within 30 days.
8. Security
-
TLS 1.3 on all pages
-
Hardened server config
-
MFA for admin logins
-
Quarterly pen-tests
If we ever suffer a breach that affects you, we’ll tell you ASAP and file with Datatilsynet within 72 hours.
9. International Transfers
By default, your data stays in the EEA.
If a non-EEA processor is ever needed, we’ll use EU Standard Contractual Clauses and extra safeguards.
10. Changes
When we tweak this notice, the “Last updated” date moves.
-
Major changes → banner notification
-
Minor wording tweaks → silent update
11. Contact
Nordic Travel Style
📧 pkedzior@nordic-travel.style
Plain-speak summary:
We take only what we need, keep it safe, bin it when we’re done, and never flog it to advertisers. If that ever changes, you’ll hear it from us first.