Privacy Policy

Last updated: 15 January 2026

Introduction

Hynvora AS ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our travel services. This policy applies to all personal data we process about you.

Data Controller Information

The data controller responsible for your personal data is:

Hynvora AS
Kongens Nytorv 127
6756 Esbjerg, Denmark
Registration Number: CVR52487525
Email: [email protected]
Phone: +45 39132507

Data Collection

We collect and process the following types of personal data about you:

  • Contact Information: Name, email address, phone number, postal address
  • Travel Preferences: Destination preferences, travel dates, accommodation requirements, dietary restrictions
  • Booking Information: Travel itineraries, payment details, passport information (when required)
  • Communication Data: Records of correspondence, enquiries, and feedback
  • Website Usage Data: IP address, browser type, pages visited, time spent on site
  • Marketing Preferences: Your consent preferences for marketing communications

How We Use Your Information

We use your personal data for the following purposes, based on legitimate legal grounds:

  • Service Provision: To provide travel booking services, create itineraries, and manage your bookings
  • Customer Support: To respond to enquiries, provide customer service, and resolve any issues
  • Payment Processing: To process payments and prevent fraud (with your consent)
  • Legal Compliance: To comply with legal obligations and regulatory requirements
  • Marketing: To send promotional materials and travel offers (with your consent)
  • Website Improvement: To analyse website usage and improve our services

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please see our Cookie Policy.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfil our travel services contract with you
  • Legitimate Interest: For customer service, fraud prevention, and business operations
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Third Parties

We may share your personal data with the following categories of third parties:

  • Travel Suppliers: Hotels, airlines, tour operators, and other service providers
  • Payment Processors: Secure payment processing services
  • Technology Providers: Website hosting, email services, and customer relationship management systems
  • Legal Authorities: When required by law or to protect our legal rights

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Generally, we retain booking information for seven years for accounting and legal compliance purposes. Marketing consent data is retained until you withdraw consent. Website usage data is typically retained for two years.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of processing in specific situations
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing that requires your consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption of sensitive data, secure data transmission, regular security assessments, and staff training on data protection.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Privacy Team
Email: [email protected]
Phone: +45 39132507
Address: Kongens Nytorv 127, 6756 Esbjerg, Denmark

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local data protection authority.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page.

Governing Law

This Privacy Policy is governed by Danish law and the General Data Protection Regulation (GDPR). Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the Danish courts.