Privacy Notice (GDPR)

Last updated: 2 December 2025

This Privacy Notice explains how ISBJORN SAILING AB (trading as 59º North Sailing) (“we”, “us”, “our”) collects and uses personal data when you visit our website, enquire about or book a trip, and participate in our sailing voyages.

1) Controller (who is responsible for your data)

ISBJORN SAILING AB
Frosthult Gästre 32
74972 Fjärdhundra
Sweden

Contact: holdfast@59-north.com

2) Personal data we collect

Depending on your interaction with us, we may collect:

A) Contact and booking data

  • Name, email address, phone number, nationality, date of birth
  • Trip details, preferences, and correspondence with us

B) Passport / identity data (for customs clearance and permits)

  • Passport number, issuing country, expiry date, nationality, and other details required by authorities/agents for entry, customs clearance, and permits

C) Health and safety data (special category)

  • Health-related information relevant to emergency response at sea, such as allergies (and severity), medications, relevant conditions, mobility/assistance needs, and emergency contact details

D) Website usage data (cookies/analytics)

  • IP address and approximate location, device/browser information, pages viewed, and how you interact with our site (see Cookies section)

3) Why we use your data and our legal bases

A) Enquiries, bookings, and delivering your trip
Purpose: customer service, trip planning, berth allocation, itinerary communications, and operational logistics.
Legal basis: performance of a contract or steps at your request before entering a contract (GDPR Art. 6(1)(b)).

B) Customs clearance, permits, and entry requirements
Purpose: to provide required passenger details to relevant authorities/agents in countries we visit.
Legal basis: performance of a contract (Art. 6(1)(b)) and/or legal obligation where applicable (Art. 6(1)(c)).

C) Safety and emergency preparedness onboard (health data)
Purpose: to prepare for and respond to medical or safety emergencies at sea and to make reasonable safety arrangements.
Legal basis: your explicit consent for processing health data (GDPR Art. 9(2)(a)). In an emergency, we may also process data where necessary to protect vital interests.

D) Operating and improving our business
Purpose: internal administration, service improvements, recordkeeping, and limited analytics.
Legal basis: legitimate interests (Art. 6(1)(f)), balanced against your rights.

E) Marketing newsletter
Purpose: to send occasional newsletters and trip announcements.
Legal basis: consent or legitimate interests depending on how you signed up and what local rules apply. You can opt out at any time using the unsubscribe link or by contacting us.

4) Medical information onboard (paper copies)

For safety, we may print emergency-relevant medical information for a trip and store it onboard the vessel for use in an emergency. Access is restricted to the skipper and designated officers. It is retained only as long as necessary for the trip and a short post-trip period for incident follow-up, then securely destroyed (e.g., shredded).

5) Who we share your data with

We may share personal data with:

  • Authorities and agents (e.g., customs, immigration, port/permit agents) when required for entry, clearance, or permits
  • Service providers that help us operate our business (for example, online forms, databases/CRM, email delivery, and analytics). These providers act as processors under contract.
  • Emergency services or medical providers if necessary for your safety

We do not sell personal data.

6) International operations and transfers

We are established in Sweden and operate globally, including through a related company registered in the USA. Some service providers and recipients (including authorities) may be located outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, we use appropriate safeguards when required (such as Standard Contractual Clauses and supplementary measures) and limit sharing to what is necessary.

7) How long we keep your data (retention)

We keep personal data only as long as needed for the purposes described above, including legal/operational requirements. In general:

  • Booking and trip administration: kept for the duration of the customer relationship and for a period afterwards for accounting, legal, and operational purposes.
  • Passport/permit data: kept only as long as needed for trip clearance/permits and any applicable legal requirements, then deleted.
  • Medical/safety data: kept for the trip and a short post-trip period for safety follow-up, then deleted/shredded.
  • Newsletter subscriptions: kept until you unsubscribe.

(You can request more detail about specific retention periods by contacting us.)

8) Security

We use appropriate technical and organisational measures to protect personal data, including access controls, role-based permissions, and secure handling procedures for sensitive information (including printed documents carried onboard).

9) Your rights

Subject to applicable law, you may have rights to:

  • access your personal data
  • correct inaccurate data
  • request deletion in certain circumstances
  • request restriction or object to certain processing
  • request data portability
  • withdraw consent at any time where we rely on consent (including for health data)

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.

10) Cookies (including Google Analytics)

We use cookies and similar technologies to operate our site. We may also use Google Analytics to understand how visitors use our website (for example, which pages are visited most often and how people navigate the site). Google Analytics may set cookies and collect usage data such as IP address, device/browser information, and interactions with pages.

If you prefer, you can control cookies through your browser settings and, where applicable, our cookie banner/preferences tool. If we implement a cookie consent banner, we will use it to obtain consent where required for analytics cookies.

11) Changes to this notice

We may update this notice from time to time. The “Last updated” date shows when it was most recently revised.