Privacy Policy for Primefly Nordic AB

Last updated: March 24, 2025

1. Introduction

Primefly Nordic AB ("we", "us", "our") respects your privacy. This policy describes how we process your personal data in connection with our services as a travel agency and flight ticket seller. We comply with the EU General Data Protection Regulation (GDPR) and applicable Swedish law.

2. Data controller

Primefly Nordic AB, org. no. 559519-4753, is the data controller.

Contact:
Address: Boställets väg 6A, 439 62 Frillesås, Sweden
Email: David@primefly.se
Phone: +46 793 23 22 41
Data protection officer: David Walker

3. What data we collect

We process the following categories of data:

Identity and contact details: Name, date of birth, address, email, phone number.
Payment information: Card number, expiry date, CVV (encrypted in line with PCI DSS).
Travel details: Booking reference, travel plans, special meals, passport/visa information.
Technical data: IP address, device information, usage statistics (via cookies).
Communications: Customer service history, email and chat.

4. Legal basis and purposes

We process data on the following bases:

Contract: To perform bookings and payments (Art. 6(1)(b) GDPR).
Legal obligation: e.g. to retain invoices under the Swedish Bookkeeping Act (Art. 6(1)(c) GDPR).
Legitimate interest: To analyse web usage for service improvement (Art. 6(1)(f) GDPR).
Consent: For marketing by email/SMS (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

5. How we share your data

We only share data with:

Airlines, hotels and partners to complete your booking.
Payment gateways certified under PCI DSS.
Authorities when required by law.
Marketing partners only with your explicit consent.

International transfers are protected by EU standard contractual clauses or equivalent measures.

6. Retention periods

Booking data: Retained for 3 years after the end of the trip.
Invoices: Retained for 7 years under the Swedish Bookkeeping Act.
Contact details for marketing: Retained until you withdraw consent.

7. Your rights

You have the right to:

Request access to or correction of your data.
Request erasure ("right to be forgotten"), except where we must retain data by law.
Object to automated processing/profiling.
Lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

Send your request to the contact details above. We will respond within 30 days.

8. Security measures

Encryption (SSL/TLS) for payments.
Strict internal access controls.
PCI DSS compliance for payment data.

9. Cookies

We use necessary cookies for login, sessions and security, and optional analytics or marketing cookies only with consent. You can manage settings in the cookie banner or read the Cookie Policy.

10. Updates to this policy

We update this policy when the law or our services change. Important changes will be communicated by email or a banner on the website.

Back to home

Cookie	Provider	Purpose	Duration
`pfalert_session`	Primefly Alerts	Login session and account security.	Up to 14 days
`csrf_token`	Primefly Alerts	CSRF protection for forms and state-changing actions.	Session
`primefly_cookie_consent_v1`	Primefly Alerts	Stores your cookie preferences. This is not used for analytics.	Until changed or browser storage is cleared

Cookie	Provider	Purpose	Duration
`_ga`	Google Analytics 4	Anonymous usage analytics and session distinction.	Up to 2 years
`_ga_*`	Google Analytics 4	Measures page views and product performance after consent.	Up to 2 years

Cookie	Provider	Purpose	Duration
`_gcl_au`	Google Ads	Future conversion tracking and campaign measurement.	Up to 90 days
`_fbp`	Meta	Future remarketing and conversion measurement.	Up to 90 days