← Back to home

Privacy Policy

Last updated: February 2026

1. Data Controller

Sámi Guide (org.nr. pending), Tromsø, Norway, is the data controller for the personal data collected through this website. Contact: booking@samiguide.no

2. What We Collect

When you submit a booking request, we collect:

  • Contact info: Name, email, phone (optional), nationality (optional)
  • Booking details: Preferred date, number of guests, occasion (optional), message (optional)
  • Health data (sensitive): Allergies or dietary requirements, only if you choose to provide them

3. Legal Basis

  • Contact and booking data: Legitimate interest (GDPR Art. 6(1)(f)) — we need to process your name, email, date, and guest count to handle your booking request. Without this data we cannot respond to or fulfil your enquiry. You can object to this processing at any time (see section 8).
  • Allergy/health data: Explicit consent (GDPR Art. 9(2)(a)) — you provide separate, informed consent when entering allergy information. You may withdraw this consent at any time by contacting us, without affecting the lawfulness of processing before withdrawal.

4. How We Use Your Data

  • To respond to your booking request via email
  • To prepare your experience (including dietary accommodations)
  • To send a confirmation email after you submit

We do not use your data for marketing, profiling, or automated decision-making.

5. Data Storage & Retention

Your booking data is transmitted via email (Resend, processed in the EU/US). We do not store your data in any database.

  • Booking emails: Retained for up to 12 months after your experience date, then permanently deleted.
  • Allergy/health data: Deleted within 30 days after your experience date.
  • Cancelled bookings: All data deleted within 30 days of cancellation.

6. Data Sharing & International Transfers

We share your data only with:

  • Resend (email delivery, US) — to send confirmation and notification emails
  • Vercel (hosting, US) — processes the form submission (no persistent storage)

Both Resend and Vercel are US-based. Transfers to the US are covered by the EU–US Data Privacy Framework (DPF), under which both providers are certified. This ensures an adequate level of data protection as recognised by the European Commission (adequacy decision of 10 July 2023).

We do not sell or share your data with any other third parties.

7. Analytics

We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and is fully GDPR-compliant. No consent banner is required.

8. Your Rights

Under GDPR, you have the right to:

  • Access — obtain a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest (Art. 6(1)(f))
  • Withdraw consent — withdraw consent for allergy data at any time, without affecting lawfulness of prior processing
  • Complaint — lodge a complaint with Datatilsynet (Norwegian Data Protection Authority) at datatilsynet.no

To exercise any of these rights, email us at booking@samiguide.no. We will respond within 30 days.

9. Contact

For any questions about this privacy policy or your data, contact us at booking@samiguide.no.