Privacy Policy
How FlySE protects personal data for tailor-made travel.
FlySE Privacy Policy (Updated November 2025)
Issued in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.
1. Introduction and Our Commitment to Privacy
At FlySE, your privacy is of the utmost importance to us. We understand that when you provide personal data to plan your travel, you entrust us with sensitive information. We handle that responsibility with care and transparency.
This Privacy Policy explains how FlySE collects, processes, and protects personal data of customers, suppliers, and partners in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.
FlySE is the data controller for the processing of personal data for the purposes described herein.
If you have questions about this Privacy Policy or how we handle your data, please contact:
FlySE
Lärdomsgatan 9
417 56 Gothenburg, Sweden
info@FlySE.se
+46 (0) [insert number]
www.FlySE.se
2. What Is Personal Data?
“Personal data” means any information relating to an identified or identifiable living individual. This includes, for example, names, contact details, identification numbers, location data, online identifiers, or other information that can be linked to a person.
3. What Personal Data We Collect and Why
The type of personal data collected depends on your relationship with us — as a customer, partner, or supplier. We collect only the data necessary to fulfil our legal, contractual, and service obligations.
3.1 Customer Data
When you request a free quote or book a travel package with FlySE (with or without flights), we may collect:
- Identification and contact information: name, address, email, phone number, date of birth, nationality.
- Passport details and visa information (for bookings that include flights or where Sri Lankan authorities require it).
- Travel preferences: type of package, activities, accommodation, transportation, dietary needs, health-related information (e.g., allergies, accessibility requirements).
- Flight information:
- For packages with flights, we collect necessary passenger details for flight booking (names, passport number, special assistance, meal preferences, etc.).
- For packages without flights, customers must inform us of arrival and departure times in Sri Lanka so we can arrange transfers and services appropriately.
- Payment and billing details (bank or card information, invoice data).
- Communication history (emails, quotes, support messages, reviews).
We only collect special-category data (e.g., health details) when necessary to deliver requested services (e.g., wheelchair assistance, medical travel).
3.2 Supplier and Partner Data
For our DMCs, hotels, drivers, and other business partners, we collect:
- Contact details (names, position, phone, email, address).
- Contract information and payment/banking data.
- Communication and performance records.
4. How We Use Your Personal Data
FlySE processes personal data only when there is a lawful basis under GDPR (e.g., contract fulfilment, consent, legal requirement, or legitimate interest).
We use your data for:
- Booking administration: processing requests, preparing itineraries, issuing invoices, and confirming services.
- Travel coordination: sharing necessary details with hotels, guides, and DMCs to deliver your trip.
- Optional flight bookings: arranging flights when selected, including communication with airlines and ticketing systems.
- Customer communication: sending confirmations, itineraries, and travel updates.
- Customer service: responding to inquiries, complaints, and emergency assistance.
- Legal compliance: fulfilling accounting, consumer protection, and travel guarantee obligations.
- Marketing (with consent): sending newsletters, offers, or promotions.
We do not use your data for automated decision-making or profiling that produces legal effects.
5. Legal Basis for Processing
FlySE processes your personal data based on one or more of the following lawful grounds:
- Contract performance – to provide or arrange your booked travel services.
- Legal obligation – to comply with Swedish and EU laws (e.g., accounting, tax, travel guarantee).
- Legitimate interest – to improve services, manage customer relations, or ensure security.
- Consent – for optional communications or where sensitive information is provided voluntarily.
You may withdraw your consent at any time.
6. How We Share Personal Data
FlySE shares personal data only when necessary to deliver the agreed travel services or fulfil legal requirements.
We may share your data with:
- Local partners and DMCs in Sri Lanka (hotels, transport providers, tour guides, and activity operators).
- Airlines (only if you book a package including flights).
- Hotels and accommodation providers.
- Insurance companies (if you purchase travel or cancellation insurance).
- Payment processors and banks (for invoicing and secure transactions).
- IT and system service providers (website, booking software, communication tools).
- Authorities (e.g., for travel guarantees, customs, or legal requirements).
All partners are required to handle data in compliance with the GDPR or equivalent standards through data processing agreements.
7. International Transfers
Since your trip is to Sri Lanka, personal data may be transferred outside the EU/EEA.
When doing so, FlySE ensures adequate protection of your data by:
- Working only with trusted and contractually bound partners.
- Using the EU Commission's Standard Contractual Clauses where possible.
- Limiting data transfers strictly to what is necessary for delivering the booked services.
By booking a trip with FlySE, you acknowledge that travel-related data (e.g., names, passport numbers) may be shared with service providers in Sri Lanka for operational purposes.
8. Retention of Data
We store personal data only as long as necessary to fulfil the purposes for which it was collected or as required by law.
- Customer data: up to 36 months after travel completion.
- Unconfirmed quotes: 12 months after the proposal expires.
- Marketing communications (based on consent): up to 40 months after subscription or last contact.
- Supplier/partner data: 3 years after contract expiry.
- Legal/accounting records: stored in accordance with Swedish law (normally 7 years).
After expiry of retention periods, all data is securely deleted or anonymized.
9. Data Security
FlySE takes appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
Measures include encrypted storage, access controls, secure communication channels (SSL/HTTPS), and restricted employee access. If a data breach occurs that may affect your rights or freedoms, you will be notified in accordance with GDPR requirements.
If a data breach occurs that may affect your rights or freedoms, you will be notified in accordance with GDPR requirements.
10. Your Rights under GDPR
You have the following rights regarding your personal data:
- Access – request a copy of your personal data held by us.
- Rectification – request correction of inaccurate or incomplete data.
- Erasure ("Right to be forgotten") – request deletion of your data when no longer necessary.
- Restriction – request that processing be limited to storage only.
- Portability – receive your data in a machine-readable format.
- Objection – object to processing based on legitimate interests or direct marketing.
- Withdraw consent – at any time, for processing based on your consent.
To exercise your rights, contact info@FlySE.se.
Requests are processed in accordance with Swedish and EU data protection law.
If you believe your rights are violated, you may file a complaint with:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm
imy@imy.se
www.imy.se
11. Marketing Communications
We send marketing communications (newsletters, offers) only to customers who have given explicit consent or where there is an existing customer relationship.
You can unsubscribe at any time via the link in our emails or by contacting us directly.
We never sell or share your personal data with third parties for their own marketing purposes.
12. Data Concerning Minors
FlySE does not knowingly collect or process personal data from individuals under 18 years of age without parental consent.
13. Updates to This Policy
This Privacy Policy is reviewed and updated regularly to reflect changes in law, technology, or our business operations.
The latest version will always be available on www.FlySE.se.
Last updated: November 2025