Privacy Policy, Africa by Horse

This privacy policy explains how Africa by Horse AB processes your personal data. We only collect the information necessary to provide our services, fulfill our agreements, and comply with legal requirements. Your privacy is important to us. Our goal with this policy is to clearly and transparently explain how we collect, use, transfer, and store your personal data so that you can feel confident your information is handled securely.

All processing of personal data takes place in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish law. This policy applies to our entire business – both for visitors to our website and for those who contact us, submit an inquiry, or book a trip.

If you have questions, comments, or complaints about how we process personal data or how we work with data security, you are always welcome to contact us using the details below. We strive to handle your information responsibly and with care.

Data Controller
Africa by Horse AB (org. no. 559540-1182) is the data controller for the processing of your personal data.

Address: Strandgatan 1A, 633 43 Eskilstuna, Sweden
Email: africabyhorse@gmail.com
Phone: +46 73-746 40 65

What is personal data?
Personal data means any information that directly or indirectly can be linked to a living individual. This includes, for example, names, personal ID numbers, addresses, email addresses, and phone numbers. It also includes booking numbers or electronic identifiers, such as IP addresses, if they can be connected to you as an individual.

How do we collect personal data?
We primarily collect personal data directly from you when you use our services, for example when you:
• visit our website (cookies and similar technologies),
• fill out a contact form,
• subscribe to our newsletter,
• or make a booking.

We may also receive information about you from another person in your travel party if that person provides details about you in connection with a booking. We then assume that the person has your consent to provide such information.

What personal data do we collect?
Depending on the situation, we may collect different types of information:

• Website and cookies: technical data (e.g. IP address, device information, cookies, and usage behavior).
• Contact forms: name, email address, phone number, and any other details you choose to provide.
• Newsletter: name and email address.
• Bookings: name, address, email address, phone number, personal ID number, passport number, date of birth, weight, insurance details, allergies, relevant health conditions, and other information necessary to complete the trip.
• Children’s information: we process children’s data only when necessary to complete a trip involving the child. These details are generally collected from the child’s guardian or travel companion.

Sensitive data
In some cases, you may choose to provide sensitive data, such as information about allergies, health, or special requests related to a trip. We process such information only when absolutely necessary to fulfill your agreement or wishes, and only if you have chosen to provide it.

Why we process your personal data
We process your personal data only when there is a lawful basis under GDPR. In practice, this means:

• To fulfill a contract
When you book a trip, we use your information to manage the booking, such as issuing travel documents, arranging safaris, hotels, or transfers, and communicating with our partners. Data may also need to be shared with local operators outside the EU if required to complete the trip.
• To meet legal obligations
We process your data when required by law, for example under accounting rules or travel guarantee regulations.
• Based on consent
We use cookies and similar technologies for analytics and marketing only if you have given your consent. Consent is also required for sending newsletters or marketing emails.
• Based on legitimate interest
In some cases, we may use your contact details to respond to questions or provide service in connection with a booking or inquiry. We always balance our interests against your rights to ensure that your privacy is respected.

How we use your personal data
• Trip administration: managing bookings, payments, travel information, and communication with partners in Sweden and abroad.
• Customer service: responding to questions, handling complaints, and providing support.
• Marketing: sending newsletters and inspiration, if you have opted in.
• Development: anonymized analysis of web traffic and usage behavior to improve our website and services.
• Legal obligations: accounting, travel guarantee, and duties towards public authorities.

Storage time
We keep your personal data only as long as necessary for the purpose. Booking information is stored as long as required by law, e.g. seven years for accounting. Contact details from inquiries are stored while the matter is ongoing. Newsletter data is stored until you withdraw your consent. Cookies are stored as specified in our cookie policy.

Sharing of personal data
We share personal data with third parties only when necessary to provide our services or meet legal requirements.

IT and system providers
We use external providers for website, email, and other IT services. These act as processors and only handle data according to our instructions. Examples include Framer (website publishing), Google (analytics and email), and our accounting system Spiris.

Partners and suppliers
To deliver trips, we share necessary personal data with our partners, such as the safari operator you book with, lodges, transfer companies, and other local providers. They only receive the information needed to deliver the service you have booked.

Transfer to third countries
As our trips are mainly arranged in countries outside the EU/EEA (e.g. South Africa, Botswana, and Tanzania), certain personal data needs to be shared with partners in these countries, such as safari operators, lodges, and local transport companies, when necessary to carry out your booking.

When personal data is transferred to a third country, this is always done in accordance with applicable regulations:
• If the European Commission has decided that the country ensures an adequate level of protection (“adequacy decision”), that legal basis will apply.
• In other cases, the European Commission’s Standard Contractual Clauses (SCCs) or other appropriate safeguards under Article 46 GDPR are used. These clauses are contracts that ensure the recipient in the third country is obliged to handle the data in accordance with EU data protection rules.
• Where necessary, we may complement this with additional technical, organizational, or contractual safeguards (“supplementary measures”), such as encryption, limiting the scope of data shared, and internal routines for monitoring the recipient’s handling.

In certain situations, the transfer may be based on your explicit consent under Article 49 GDPR. This applies particularly when data must be provided to a partner in a country without an adequacy decision and where other safeguards cannot be applied. In connection with booking, we therefore ask you to confirm that you consent to your personal data being transferred to the partners necessary to deliver your trip. You have the right to contact us if you would like a copy of the safeguards used for transfers to third countries.

Authorities and legal requirements
In some cases, we may be required to share personal data with authorities, such as the Swedish Tax Agency or other public bodies.

Your rights
According to GDPR you have several rights concerning how your personal data is processed:

Right of access: you have the right to know what data we process about you and why.
Right to rectification: you may request corrections to inaccurate or incomplete data.
Right to erasure: you may request deletion of your personal data when it is no longer necessary, or when processing is based on consent and you withdraw it.
Right to restriction: you may request that your data is only used for certain purposes.
Right to object: you may object to processing based on legitimate interest, such as direct marketing.
Right to data portability: you may request the data you provided to us in a structured format, if processing is based on consent or contract.

Consent
When processing is based on consent, such as newsletters or cookies, you may withdraw your consent at any time. Withdrawal does not affect processing that has already occurred. Please note that the same data may be processed on multiple legal grounds (contract, law, legitimate interest). If you withdraw consent, data may still need to be stored for other purposes.

If you do not wish to provide data
Certain personal data is necessary for us to be able to complete a booking or provide our services. If you choose not to provide this data, we will not be able to deliver the requested trip or service. You can always contact us to exercise your rights. We will respond as soon as possible, and no later than 30 days.

Cookies
We use cookies to improve your experience, gather information for marketing, and develop our website. In some cases, personal data may be processed via cookies on africabyhorse.se. This processing is governed by both this privacy policy and our cookie policy.

Security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. Only authorized individuals have access to the data, and it is used solely for the purposes stated in this policy.

Changes to this policy
We may update this privacy policy if our practices change or if required by law. The latest version will always be available on our website.

Contact details
If you have questions, comments, or wish to exercise your rights under GDPR, please contact us:

Africa by Horse AB
Org. no.: 559549-1182
Address: Strandgatan 1A, 633 43 Eskilstuna, Sweden
Email: africabyhorse@gmail.com
Phone: +46 73-746 40 65If you believe that we are processing your personal data incorrectly, you also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).