Airshoppen.com
Check out 4 for 3 on Beauty
Browse all Brands
Third banner with very long text that makes the banner very long too

Privacy Policy

Your Personal Data

Airshoppen Travel Retail A/S, CVR no. 41391421 (“Airshoppen”, “we”, “our”), respects the privacy of our customers and visitors to our website. The purpose of this policy is to clearly and transparently describe how we collect, display, transfer, and store your information so that you feel confident your personal data is securely stored. Airshoppen handles all personal data in accordance with the EU General Data Protection Regulation (GDPR).

When you provide personal data to us, or we collect it from you, the data will be processed in accordance with this privacy policy.

It is important to us that you feel safe and that we meet our customers’ expectations and our own high standards for integrity and data security. If you have any views on our data handling, IT security, or other questions regarding GDPR or personal data processing, we would love to hear from you using the contact details below. We are always open to improvements and greatly appreciate feedback from customers, employees, and other stakeholders.

Data Controller

This privacy policy applies to services and products offered by Airshoppen, which is also the data controller for the personal data covered by this policy. Personal data collected by Airshoppen is processed for the purposes stated below.

Airshoppen is part of the Nordic Leisure Travel Group (NLTG) together with Spies, Ving, Tjäreborg, and Sunclass Airlines. NLTG has decisive influence over Airshoppen, and therefore Airshoppen transfers personal data to NLTG for administrative and analytical purposes if you travel with Sunclass Airlines. If you travel with other tour operators or airlines, your personal data will not be shared with NLTG.

Contact Information

If you wish to contact us about this privacy policy or have other questions about how we handle your personal data, please email dpo@airshoppen.com.
You can also contact Nordic Leisure Travel Group’s Data Protection Officer via this form or by mail to:
NLTG, Data Protection Officer, Rålambsvägen 17, 105 20 Stockholm, Sweden.
Read more about your GDPR rights under section 8 below.

Collection of Personal Data

What is personal data?

Personal data is any information that can directly or indirectly be linked to a living individual. Examples include name, personal ID number, address, email address, and phone number. It also includes ticket numbers, encrypted data, and various types of electronic identifiers such as IP addresses if they can be linked to individuals.

How We Collect Personal Data, Purpose of Processing, and What We Collect

Airshoppen collects personal data in several ways, primarily directly from you.
When you order goods or services from our website, we collect personal data to process your order. This includes name, address, contact details, and payment information. We also collect travel details such as ticket number, destination, travel duration, and any additional services you choose during your trip.

We are aware that certain types of personal data are particularly sensitive, such as information about ethnic origin, religion, and health. We never collect such sensitive data.

We collect personal data when you contact us via email, phone, or other means. Primarily, we collect the data necessary to respond to your inquiry or handle your case. Depending on how you contact us, we may also collect contact details such as email address or phone number.

When you call our customer service, we record your call and store the recording for 200 days. This is to confirm what was said during the conversation and for internal training and development purposes. We therefore collect and store all personal data mentioned in the call. You have the right to request that your call not be recorded or that a recording be deleted. If you do not want the call recorded, inform the customer service representative when connected. They will then call you back without recording. Alternatively, you can email airshoppen@airshoppen.dk to request a callback without recording.

When you use one of our websites or other digital services, we collect information about your usage through cookies (see our cookie policy for details). Some of this information may be personal data, such as your IP address or ticket number. If you consent to cookies for statistical and/or marketing purposes, we also collect data on how you navigate the service, which pages you visit, searches you perform, and products you are interested in. If you provide data that allows us to identify you, we will link usage data with other information we have collected about you.

We may also receive your personal data from partners who collect information about you, including:

Handling and Storage of Personal Data

Fulfillment of an Agreement

Airshoppen processes your personal data in accordance with the law. Primarily, we process your data to fulfill an agreement you are party to and to manage your order, or based on legitimate interests such as marketing purposes. Administration also includes using your data for accounting, settlement, auditing, credit checks, or other payment verification. The same personal data may be processed both for fulfilling the agreement and due to consent or legal obligations.

To provide some of the services you have ordered, we use suppliers and partners. It may be necessary to share personal data with them to deliver the service.

In some cases, we share data with partners to help tailor our offers and marketing to you. We enter into data processing agreements to ensure these partners process data in accordance with applicable data protection laws.

We will store personal data as long as necessary for the purposes mentioned. We have internal deletion routines. If you want more information about when different data is deleted, please email dpo@airshoppen.com or use this form.

Customer Care and Complaints

We use your personal data to provide service if you contact us with questions, comments, or complaints. We use your name and ticket number to identify you. We may also use any other personal data we have collected about you to handle your inquiry, depending on what is relevant in each case

We have a shared Nordic customer service function within NLTG, and all personal data handled in our customer service system can be shared among companies in the group to ensure fast and efficient customer service and proper handling of inquiries. If you fly with airlines other than Sunclass Airlines, your data will not be shared with NLTG.

Marketing and Personalization

Customer data may be used by Airshoppen for marketing purposes related to your trip, and we communicate via mail, email, SMS, and other online digital marketing channels such as social media ads.

If you have opted to receive emails with inspiration and offers from us, we use your personal data to send the email and tailor its content specifically to you. This includes your email address, travel information, basic data, possible purchase history, usage patterns, and preferences. Using this data, we can provide offers we believe are most relevant and beneficial to you.

On our websites, we use information about our users for personalization. This means we use the data we have collected about you and your use of our services to influence how the website content appears when you visit. For example, we may save and display information about previous searches, language settings, and show ads and offers we believe match your preferences.

We also share information with partners to help us tailor personalized offers and marketing on both our own and external channels such as social media and web platforms. We enter agreements to ensure that our partners process personal data securely and appropriately in compliance with applicable data protection laws.

You can opt out of profiling and marketing at any time by using this form, emailing dpo@airshoppen.com, or contacting NLTG Group Data Protection Officer at dpo@nltg.com, Rålambsvägen 17, 105 20 Stockholm, Sweden.

Airshoppen’s Technical and Organizational Measures for Secure Processing

We continuously implement measures to comply with the principles of “privacy by design and by default.” We regularly assess risks in personal data processing and take necessary precautions to minimize them.

We have strict routines and access restrictions to prevent unauthorized access to our information systems and continuously train our employees on data protection. If you have direct questions about how we work with GDPR, you can email dpo@airshoppen.com.

Disclosure and Transfer of Personal Data

We share personal data with suppliers and partners, such as systems handling orders and marketing aspects.

Within Nordic Leisure Travel Group (NLTG), several functions are shared, including many IT functions. If you fly with Sunclass Airlines, we may disclose your personal data to any group company for business purposes (including storing your data in central/shared systems for administration and marketing purposes). Our group includes subsidiaries, our parent company, and its subsidiaries. Data sharing is based on our legitimate interest in ensuring correct and consistent application of our terms and compliance with applicable laws. We assess that this legitimate interest outweighs the intrusion into customer privacy and that customers’ fundamental rights and freedoms are not compromised.

Strict user rights are implemented in our systems, ensuring only a limited group of employees have access to personal data. Extra sensitive cases are protected by granting access only to a very small group of employees.

NLTG also accesses personal data for customer data analysis. Use of such data for statistical and analytical purposes occurs only at an aggregated, non-individualized level. If necessary, we may also share other personal data within the group.

Microsoft

We use Microsoft Office products and system services for internal work. This means your personal data will be processed by Microsoft as our data processor. Data is stored by Microsoft in a cloud service within the EU. In the event of a major IT incident, Microsoft may transfer data to a third country (outside the EU/EEA). Such transfer occurs only to protect data.

Partners and IT Providers

We use a wide range of IT services and systems in our business. Some store and manage personal data. We respect your privacy and data security in all handling. Some systems are installed locally and accessible only to our staff, with no transfer to third parties. Other systems are cloud-based or installed by providers, meaning we share data with them. In these cases, the provider acts as our data processor and handles data on our behalf and according to our instructions.

Internal IT Systems

Internally, we manage personal data in our ordering and sales systems, customer service system, and a system for data management and improvement. These systems are designed to deliver the services you ordered and handle inquiries and customer care related to those services. These systems can process all personal data we collect.

Web Analytics Companies

We use external providers for personalization and analysis of user behavior, feedback, and development work on our websites and other digital channels. These companies act as data processors on our behalf. The personal data involved is primarily data collected via cookies and handled anonymously or pseudonymously at an aggregated level.

Payment Solutions

We use external providers to handle payments. These providers have access to personal data such as names, addresses, and payment details. This processing is necessary to deliver the services you ordered.

Contact Services

We use external providers to send communications before, during, and after a trip. These providers have access to personal data such as phone numbers, emails, and booking numbers.

We also use external providers to manage certain contact forms on our websites, such as the form for processing personal data, and to collect feedback about our websites. These providers access the personal data you provide in the respective forms.

Your Rights

Processing of personal data that is necessary for us to fulfill an agreement with you, to comply with a legal obligation, or that is necessary for our legitimate interest is permitted without consent. If we need to collect and process your personal data for another purpose, however, your consent is required.

Once you have given consent, you can withdraw it at any time by contacting us using the contact details provided above under the section “Contact Information” or by using our form. If you withdraw your consent, we will delete the personal data and stop the processing covered by your consent.

It may happen that the same personal data is processed both based on consent and because the data is necessary for other reasons or due to other regulations. This means that even if you withdraw your consent and the processing based on consent stops, the personal data may still be retained by us for other purposes.

You have the right to receive information about what data we process about you. You have the right to request that your data be deleted, supplemented, or corrected. You also have the right to request that the processing of your personal data be limited to specific purposes and, for example, not used for direct marketing or profiling.

Contact us here to exercise your GDPR rights. Your request will be handled by NLTG’s legal department at the head office in Stockholm. You will receive a response as soon as possible and no later than within 30 days.

Cookies

On Airshoppen.com, we use cookies to improve your experience, collect information for our marketing, including analysis of usage patterns and personalization, and to develop the websites. The information is stored anonymously. For the processing of personal data handled through cookies, our cookie policy applies in addition to our privacy policy.

If You Wish to Complain

Anyone who believes that our company violates the Data Protection Act/GDPR or other privacy laws can contact the Danish Data Protection Agency. Read more on the Data Protection Agency’s website.