Gravel biking on Gotland

Privacy Policy

NOMADO

Active Adventure Management — Sweden & the Nordics


Privacy Policy

Effective from 1 March 2026

1. INTRODUCTION

Republic of Nomado AB ("Nomado," "we," "us," or "our") is committed to protecting the personal data of everyone we interact with — travel advisors, tour operators, their clients, and visitors to our website. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have under the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection law.

Republic of Nomado AB is the data controller for the personal data described in this policy.

Registered office: Kolmården, Sweden Email: hello@nomado.se Phone: +46 72-157 23 22


2. HOW WE COLLECT PERSONAL DATA

We obtain personal data through the following channels:

Directly from you: when you contact us by email, phone, or through our website; when you submit an enquiry or request a proposal; or when you enter into a business agreement with us.

From our business partners: when a travel advisor or tour operator provides us with their client's details in order for us to design, coordinate, or deliver a trip on their behalf.

From third parties: when a travel guest's details are shared with us by the booking advisor or operator, including emergency contact information for safety purposes.

Through our website: when you browse our site, certain technical data may be collected automatically through cookies and similar technologies (see Section 8 below).


3. WHAT PERSONAL DATA WE COLLECT

The categories of personal data we may collect depend on the nature of your interaction with us:

If you are a travel advisor or business partner: name, company name, job title, email address, phone number, business address, and any information exchanged during the course of our working relationship.

If you are a travel guest (end client): name, preferred name, email address, phone number, date of birth, postal address, nationality, passport details, travel dates, itinerary preferences, flight and transfer information, travel insurance details, and any other information provided to us by your travel advisor for the purpose of planning and delivering your trip.

Sensitive personal data we may collect about travel guests: health conditions or medical information relevant to travel safety, dietary requirements and food allergies, physical fitness levels relevant to activity planning, and information necessary for travel waivers. You are never obligated to provide sensitive personal data, but doing so helps us ensure a safe and well-managed experience.

If you are designated as an emergency contact: name, relationship to the traveller, and phone number.

Website visitors: IP address, browser type, device information, pages visited, and referring URLs. This data is collected through cookies and similar technologies.


4. WHY WE COLLECT AND PROCESS PERSONAL DATA

We process personal data for the following purposes and on the following legal bases under GDPR:

To deliver our services (contractual necessity): designing, coordinating, and managing travel itineraries; booking accommodations, guides, transport, and other services on behalf of our business partners and their clients; providing on-the-ground support during trips.

To manage our business relationships (contractual necessity and legitimate interest): communicating with travel advisors and operators regarding proposals, bookings, and ongoing projects; processing invoices and payments; maintaining records necessary for our business operations.

To ensure traveller safety (legitimate interest and vital interests): contacting emergency contacts in the event of an incident; sharing relevant health or medical information with guides, accommodation providers, or emergency services when necessary to protect the safety of a travel guest.

To comply with legal obligations (legal obligation): meeting tax, accounting, and regulatory requirements under Swedish and EU law; responding to lawful requests from government authorities.

To improve our services (legitimate interest): analysing website usage to improve functionality and user experience; gathering feedback to refine our service offerings.

To send business communications (legitimate interest or consent): providing travel advisors and operators with updates about our services, destinations, and capabilities. You may opt out of these communications at any time by contacting us at hello@nomado.se.


5. WHO WE SHARE PERSONAL DATA WITH

We do not sell personal data to third parties. We may share personal data with the following categories of recipients when necessary to fulfil our obligations:

Local service providers and suppliers — including accommodation providers, certified guides, transport operators, equipment rental providers, and restaurant partners — to the extent necessary to deliver the travel services arranged through us.

Travel advisors and tour operators — where we are acting as the ground partner on their behalf, we share relevant trip information with the advisor or operator who engaged our services.

Insurance providers — when required in connection with travel insurance claims or incident reporting.

Professional advisors — including legal counsel, accountants, and auditors, where necessary for the operation of our business.

Public authorities — where required by law or in response to a lawful request from a regulatory or government body.

Potential business successors — in the event of a sale, merger, or restructuring of our business, personal data may be transferred to the acquiring entity, subject to the same protections described in this policy.

Some of our service providers may be located outside Sweden or the European Economic Area (EEA). Where this is the case, we take appropriate steps to ensure that your data receives an adequate level of protection in accordance with GDPR, including reliance on European Commission adequacy decisions or standard contractual clauses.


6. HOW WE PROTECT PERSONAL DATA

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include secure storage of digital records, controlled access to personal data on a need-to-know basis, and clear internal guidelines for data handling.

While we take reasonable precautions, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to taking all practical steps to safeguard the data entrusted to us.


7. HOW LONG WE RETAIN PERSONAL DATA

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

Business partner data is retained for the duration of our working relationship and for a reasonable period thereafter to manage any outstanding obligations or follow-up.

Travel guest data is retained for the duration of the trip and for a period necessary to resolve any post-trip matters, process insurance claims, or meet legal record-keeping requirements under Swedish law (typically up to seven years for financial records, in accordance with the Swedish Bookkeeping Act).

Website analytics data is retained in anonymised or aggregated form and is not linked to identifiable individuals beyond the period necessary for analysis.

When personal data is no longer needed, it is securely deleted or anonymised.

If you would like specific information about retention periods that apply to your data, please contact us at hello@nomado.se.


8. COOKIES AND TRACKING TECHNOLOGIES

Our website may use cookies — small text files stored on your device — and similar technologies to improve site functionality, analyse usage patterns, and provide a better browsing experience.

You may manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website.

We do not use cookies for targeted advertising. Any analytics cookies used are for the sole purpose of understanding how visitors interact with our site so that we can improve it.


9. A NOTE ABOUT CHILDREN

Our services are directed at travel advisors, tour operators, and adult travellers. We do not knowingly collect personal data from children (individuals under the age of 18) without the involvement and consent of a parent or legal guardian.

Where a travel advisor provides us with information about minors who will be participating in a trip, we process this data solely for the purpose of ensuring their safety and delivering the booked services. This data is treated with additional care and is not used for any other purpose.


10. YOUR RIGHTS UNDER GDPR

As a data subject, you have the following rights regarding your personal data:

Right of access — you may request confirmation of whether we process your personal data and, if so, request a copy of that data.

Right to rectification — you may request that we correct any inaccurate or incomplete personal data we hold about you.

Right to erasure — you may request that we delete your personal data where there is no compelling reason for us to continue processing it, subject to legal retention obligations.

Right to restriction — you may request that we temporarily or permanently restrict the processing of your personal data in certain circumstances.

Right to data portability — where processing is based on your consent or a contract, and is carried out by automated means, you may request that we provide your data in a structured, commonly used, and machine-readable format.

Right to object — you may object to the processing of your personal data where we rely on legitimate interests as the legal basis, and we will consider your objection.

Right to withdraw consent — where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at hello@nomado.se. We will respond to your request without undue delay and in any event within 30 days. We may request additional information to verify your identity before acting on a request.

If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se, or with the supervisory authority in the EU member state where you reside or work.


11. INTERNATIONAL DATA TRANSFERS

Nomado is based in Sweden and primarily operates within the EEA. Where personal data is transferred to a country outside the EEA — for example, when coordinating with a service provider in a non-EEA jurisdiction — we ensure that appropriate safeguards are in place in accordance with GDPR, such as standard contractual clauses approved by the European Commission or reliance on an adequacy decision.


12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any significant changes will be communicated through our website. We encourage you to review this policy periodically.

Where this Privacy Policy forms part of a contractual agreement with you, we will notify you of material changes by email or other appropriate means.


13. CONTACT US

If you have any questions about this Privacy Policy, about the personal data we hold about you, or if you wish to exercise any of your rights, please contact us:

Registered office: Kolmården, Sweden Email: hello@nomado.se Phone: +46 72-157 23 22












© Republic of Nomado AB. All rights reserved.