Who is responsible
Aurora Dreams AB (org.nr 559557-9318), Kiruna, Sweden, is the data controller for the processing described here. Contact us about anything in this notice:
- Email: booking@auroradreams.se
- Phone/WhatsApp: +46 760 22 33 28
What we collect, and when
1. When you send the contact form
The form on our contact page asks for your name, email address, an optional phone number, the tour you are interested in, a preferred date, party size and your message. If the form is submitted through our server fallback, your browser's technical identifier (user-agent string) is attached so we can troubleshoot delivery.
Purpose: to answer your enquiry and prepare any booking you ask about. Legal basis: taking steps at your request before entering into a contract (GDPR Art. 6(1)(b)), and our legitimate interest in handling follow-up correspondence (Art. 6(1)(f)).
Recipients: the form is delivered by FormSubmit.co (a form-relay service) to our business email inbox, which is hosted by Google Workspace.
2. When you contact us directly
If you email, call or message us on WhatsApp, we receive whatever you choose to send. WhatsApp (Meta) and your own phone/email providers process that communication under their own terms and privacy policies.
3. When you book a tour
Bookings are handled by Bókun (a booking platform in the Tripadvisor group), embedded on our tour pages. The booking form asks Bókun — not us — for your name, contact details and payment information. Card details go to Bókun's payment provider (shown at checkout) and never reach us. We receive the booking details we need to run your tour: names, party size, contact details, pickup information and anything you add in the booking notes.
Purpose: delivering the tour you booked, contacting you about pickup and weather, and meeting our legal obligations (e.g. Swedish bookkeeping law). Legal bases: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for accounting records.
4. When you browse the site
- Hosting: the site runs on Vercel, whose infrastructure processes standard web-server data (such as your IP address) to deliver pages and protect against abuse.
- Analytics: we use Vercel Web Analytics and Speed Insights — aggregated, cookieless page metrics. They do not build visitor profiles.
- Live weather data: our weather page and aurora banner fetch public data in your browser directly from NOAA (US space-weather service) and Open-Meteo. Those requests carry the same technical information as any web request (including your IP address); we send them nothing about you.
- Local storage: we store your language choice and whether you dismissed the aurora banner in your browser's local storage. This stays on your device and is not transmitted to us.
Cookies
Most pages on this site set no cookies. Our tour pages embed the Bókun booking widget,
which sets one functional session cookie (named bokunSessionId_…) that is required for the
booking and cart flow to work. Bókun's widget also loads Google Maps and sends operational telemetry to
Bókun's own monitoring services. We use no advertising cookies and no cross-site tracking cookies.
International transfers
Some of the providers above (for example Google, Vercel, the payment provider and FormSubmit) may process data outside the EU/EEA, typically in the United States. Where that happens, transfers rely on lawful mechanisms such as an EU adequacy decision (including the EU–US Data Privacy Framework where the provider is certified) or EU standard contractual clauses in the provider's data-processing terms.
How long we keep data
- Enquiries that don't lead to a booking: kept as email correspondence for as long as needed to handle the conversation, then deleted during periodic inbox clean-ups.
- Bookings: booking and payment records are kept for as long as Swedish bookkeeping law requires (currently seven years).
- Server logs and analytics: retained by our hosting/analytics providers for their standard short retention periods.
Security
The site is served over HTTPS, access to our inbox and booking system is limited to the people who run the tours, and we share data only with the providers named above. No method of transmission or storage is completely secure, so we cannot promise absolute security — but we keep the amount of data we handle deliberately small.
Your rights
Under the GDPR you can ask us for:
- Access to the personal data we hold about you;
- Correction of inaccurate data;
- Deletion ("right to be forgotten"), where no legal duty requires us to keep it;
- Restriction of processing;
- Objection to processing based on legitimate interest;
- Data portability for data you provided under a contract.
Write to booking@auroradreams.se and we will respond within a month. You also have the right to complain to the Swedish data protection authority, IMY (Integritetsskyddsmyndigheten).
Changes to this notice
If we change how the site processes personal data — for example by adding an analytics tool — we will update this notice and its "last updated" date before the change takes effect.