Privacy Notice

How we handle personal data — plainly, and only describing what actually happens.

Last updated: 12 July 2026

Who is responsible

Aurora Dreams AB (org.nr 559557-9318), Kiruna, Sweden, is the data controller for the processing described here. Contact us about anything in this notice:

What we collect, and when

1. When you send the contact form

The form on our contact page asks for your name, email address, an optional phone number, the tour you are interested in, a preferred date, party size and your message. If the form is submitted through our server fallback, your browser's technical identifier (user-agent string) is attached so we can troubleshoot delivery.

Purpose: to answer your enquiry and prepare any booking you ask about. Legal basis: taking steps at your request before entering into a contract (GDPR Art. 6(1)(b)), and our legitimate interest in handling follow-up correspondence (Art. 6(1)(f)).

Recipients: the form is delivered by FormSubmit.co (a form-relay service) to our business email inbox, which is hosted by Google Workspace.

2. When you contact us directly

If you email, call or message us on WhatsApp, we receive whatever you choose to send. WhatsApp (Meta) and your own phone/email providers process that communication under their own terms and privacy policies.

3. When you book a tour

Bookings are handled by Bókun (a booking platform in the Tripadvisor group), embedded on our tour pages. The booking form asks Bókun — not us — for your name, contact details and payment information. Card details go to Bókun's payment provider (shown at checkout) and never reach us. We receive the booking details we need to run your tour: names, party size, contact details, pickup information and anything you add in the booking notes.

Purpose: delivering the tour you booked, contacting you about pickup and weather, and meeting our legal obligations (e.g. Swedish bookkeeping law). Legal bases: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for accounting records.

4. When you browse the site

Cookies

Most pages on this site set no cookies. Our tour pages embed the Bókun booking widget, which sets one functional session cookie (named bokunSessionId_…) that is required for the booking and cart flow to work. Bókun's widget also loads Google Maps and sends operational telemetry to Bókun's own monitoring services. We use no advertising cookies and no cross-site tracking cookies.

International transfers

Some of the providers above (for example Google, Vercel, the payment provider and FormSubmit) may process data outside the EU/EEA, typically in the United States. Where that happens, transfers rely on lawful mechanisms such as an EU adequacy decision (including the EU–US Data Privacy Framework where the provider is certified) or EU standard contractual clauses in the provider's data-processing terms.

How long we keep data

Security

The site is served over HTTPS, access to our inbox and booking system is limited to the people who run the tours, and we share data only with the providers named above. No method of transmission or storage is completely secure, so we cannot promise absolute security — but we keep the amount of data we handle deliberately small.

Your rights

Under the GDPR you can ask us for:

Write to booking@auroradreams.se and we will respond within a month. You also have the right to complain to the Swedish data protection authority, IMY (Integritetsskyddsmyndigheten).

Changes to this notice

If we change how the site processes personal data — for example by adding an analytics tool — we will update this notice and its "last updated" date before the change takes effect.