Last updated: April 22, 2025

In Short: This section introduces our commitment to protecting your privacy and outlines how this policy applies to your use of our website and services.

Introduction: Nord Skies (“we,” “us,” or “our”) is a U.S.-based travel company committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website nordskies.com (the “Site”) and related services (collectively, the “Services”). It also outlines your privacy rights under applicable laws, including the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) (as amended by the CPRA) in California. We strive to be transparent and easy to understand, so if you have any questions about this Policy, please contact us using the information in the Contact Us section below.

By using our Site and Services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with our practices, please discontinue use of our Services. We may provide additional notices highlighting certain uses of your personal information, and you may have the ability to opt in or out of those uses as described in this Policy.

Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.  

TABLE OF CONTENTS 

1. INFORMATION WE COLLECT
2. HOW WE USE YOUR INFORMATION
3. LEGAL BASES FOR PROCESSING (GDPR – European Economic Area)
4. DATA STORAGE, INTERNATIONAL TRANSFERS AND RETENTION
5. SHARING YOUR INFORMATION WITH THIRD PARTIES
6. YOUR PRIVACY RIGHTS
7. YOUR CHOICES AND OPT-OUT OPTIONS
8. COOKIE POLICY
9. CONTACT US ABOUT THIS POLICY
10. UPDATING THE POLICY

1. INFORMATION WE COLLECT 

In Short: Learn what types of personal data we collect, how we collect it, and from where.
We collect personal information through direct input (like booking forms), automated tracking (cookies and analytics), and third-party sources (e.g., payment processors). This includes names, emails, date of birth, gender, payment info, travel preferences, IP addresses, and more.

We collect personal information that you provide to us directly, information automatically collected from your use of our Site (including through cookies and similar technologies), and information from third parties (such as payment processors). The types of personal data we collect include:

• Information You Provide Directly: When you use our Services (for example, when booking travel, creating an account, or contacting us), you may provide us with:
  • Contact Details: Your name and email address (for account registration, bookings, or newsletters). We may also collect your phone number and mailing address if needed for booking confirmations or travel arrangements.
  • Account Credentials: If you create an account, we collect a username and password (passwords are stored in an encrypted form).
  • Identity and Demographic Information: We collect data such as your date of birth and gender when you provide them (for example, to personalize your experience or when required for travel bookings). Date of birth may be needed to ensure you meet age requirements for certain travel services or for identification purposes.
  • Payment Information: When making a purchase or booking, you provide payment details. However, we do not store full credit card numbers or payment account credentials on our servers. Payments are processed securely by third-party providers (like Stripe or PayPal), which collect your payment card number, expiration date, and security code directly via their payment forms. We only receive limited information from these providers (such as a confirmation that payment was completed, your billing name, and the last four digits of your card). See Third-Party Sharing below for more on Stripe and PayPal.
  • Travel Details: If our Services involve planning or booking travel, you may provide information such as travel preferences, trip dates, destination details, passport or ID information, or any special requests related to a booking. We only ask for information that is necessary to arrange your travel and comply with legal requirements (for example, some countries require gender and date of birth for flight bookings).
  • Communications: The content of any communications you send to us (for example, through a contact form, email, or chat). This may include requests for support or information, and any feedback you provide.

• Information We Collect Automatically: When you visit our Site or use the Services, we automatically collect certain data about your device and usage of the Site. This information helps us understand how our Services are being used and to improve them. Such data may include:
  • Technical Identifiers: Your Internet Protocol (IP) address, browser type, device type (e.g., mobile or desktop), operating system, device identifiers, and device model. We use IP addresses to infer general location (country or city level) to deliver relevant content and to detect and prevent fraud.
  • Usage Data: Details about how you navigate and interact with our Site, such as pages or travel listings viewed, what links are clicked, the date and time of access, the referring URL (the page you came from), and errors or performance data. This may also include analytics data collected via cookies and similar technologies (see our Cookie Policy below for more information). For instance, we use Google Analytics to gather aggregated usage statistics (e.g., page visits, time spent on pages) to understand user engagement.
  • Cookies & Similar Technologies: Our Site uses cookies and similar tracking technologies (such as web beacons or pixels) to remember your preferences and to collect analytics information. These technologies may collect information about your browsing behavior and device. Please see the Cookie Policy section of this document for detailed information on how we use cookies and how you can control them.

• Information from Third Parties: We may receive personal information about you from third parties in certain circumstances:
  • Payment Processors: When you make a payment, the payment details are handled by Stripe or PayPal. They may provide us with limited information to confirm the transaction (such as a transaction ID or payment status). Stripe also collects identifying information about the devices that connect to its services to help detect and prevent fraud. (You can learn more in Stripe’s Privacy Policy on their website.)
  • Service Providers and Partners: If you interact with our partners or book certaintravel services through us, we might receive information from those third parties. For example, if you book a tour or flight that is fulfilled by a partner company, that partner might share details with us (such as your reservation confirmation or ticket number) to ensure we can assist you and maintain your booking records. We may also receive updated contact information from delivery services or address verification tools, if we need to ship any physical tickets or materials to you.
  • Social Media or Single Sign-On: If we offer a feature that allows you to register or log in via a third-party platform (such as signing in with Google or Facebook), we would receive the personal information you authorize that platform to share with us (for example, your name and email from a Facebook login). Note: As of the date above, our Site does not use social logins, but we mention this for completeness in case such features are added in the future.

We will indicate where the provision of personal data is mandatory or optional. If you choose not to provide certain information (such as necessary booking details or payment information), you may not be able to use some parts of our Services (for example, we cannot process a travel booking without payment information).

2. HOW WE USE YOUR INFORMATION

In Short: Understand how your information is used to deliver services, personalize your experience, ensure security, and comply with the law. We use your data to complete bookings, process payments securely, send trip communications, improve services, and meet legal obligations. With consent, we may also send marketing or promotional messages.

We use the personal information we collect for the following purposes, all in accordance with applicable law:

• To Provide and Operate our Services: We process your information to carry out our obligations to you. This includes using personal data to create and manage user accounts, facilitate travel bookings, reservations, and orders, and provide the services or products you have requested. For example, we will use your provided details to reserve hotel rooms or tours, issue travel tickets, or arrange itineraries in your name.
• Payment Processing and Order Fulfillment: We use your payment and contact details to process transactions for travel bookings or purchases you make on our Site. This involves sharing necessary details with payment processors (Stripe or PayPal) to charge your credit card or payment account and confirm payment. We also use your information to send you booking confirmations, receipts, invoices, or travel documents.
• Communication: We use contact information (email address, phone number) to communicate with you about your account or transactions. This includes sending booking confirmations, updates or changes to your itinerary, and responding to inquiries or customer support requests. We may also send you service-related announcements when necessary (such as updates about this Privacy Policy or security notices).
• Personalization: We may use personal attributes (such as your preferences, past travel history with us, or demographic info like your stated gender or age) to personalize the Services. For example, we might tailor the content we show you, such as featuring travel packages relevant to your indicated interests or offering personalized discounts (if allowed by law and your preferences). Any such profiling for personalization will be done in a non-intrusive manner and in line with your privacy rights.
• Marketing and Promotional Communications: If you join our mailing list or otherwise opt-in, we will use your name and email to send you newsletters, promotions, or travel offers that might interest you. You will only receive marketing emails if you have consented to them (e.g., by signing up on our website or checking an opt-in box). You can opt out of these communications at any time (see Your Choices below for how to unsubscribe). We do not send marketing messages to EU individuals without a lawful basis (usually prior consent). For California residents, we also ensure compliance with “Do Not Spam” and direct marketing laws.
• Analytics and Service Improvement: We use automatically collected data (and cookies) to understand how our Services are used and to improve user experience. For instance, we analyze which pages are most visited, how users navigate the Site, and where users encounter errors. This helps us troubleshoot issues, optimize our website design, and develop new features that better serve our users. We may use tools like Google Analytics for this purpose, which provide aggregated statistics on website traffic. (Where required by law, we will obtain your consent for the use of analytics cookies.)
• Security and Fraud Prevention: We process personal data as needed to maintain the security and integrity of our Site and Services. For example, we may use information (like IP addresses or device information) to detect and prevent fraudulent transactions, spam, and abuse. Payment information and device identifiers may be used with fraud- detection services (including those of Stripe) to protect against unauthorized transactions. We also may use data to verify identity in cases where required (such as confirming your identity if you make a privacy rights request).
• Legal Compliance: We use and retain personal information to comply with our legal and regulatory obligations. This includes keeping records required by law (for example, for tax, accounting, or audit purposes), and responding to valid legal orders or law enforcement requests. If required, we may use your data to comply with travel industry regulations or security protocols (for example, transmitting passenger information to government authorities for border control, when applicable to international travel).
• Protecting Rights and Interests: We may process personal data to protect our rights, privacy, safety, or property, or those of our customers or others. For example, we may use personal information to investigate or defend against legal claims, or to enforce our website’s Terms and Conditions.

We will not use your personal information for purposes that are incompatible with those listed above without informing you and obtaining your consent if required. If we plan to process your personal data for a new purpose, we will update this Privacy Policy or provide you with a just-in- time notice explaining the new use.

3. LEGAL BASES FOR PROCESSING (GDPR – European Economic Area)

In Short: For users in the EEA and UK, this explains the lawful grounds on which we rely to process your personal data. We process your data under legal bases such as contract performance, consent, legal obligations, and legitimate interests, ensuring your rights are respected at every stage.

If you are located in the European Economic Area (EEA) or the United Kingdom, we must have a valid legal basis to process your personal data. We rely on the following legal grounds under the GDPR:

• Performance of a Contract: Many of our processing activities are necessary to provide our services to you under our contract (the Terms of Service or the agreement when you make a travel booking with us). For example, when you book a trip through Nord Skies, we must process your name, contact details, and payment information to fulfill that booking and provide the services you requested. This also includes processing necessary to take steps at your request before entering into a contract – for instance, if you inquire about a tour, we may use your details to provide information or quotes.
• Your Consent: We will rely on your consent in certain cases, such as when you subscribe to our newsletter or marketing communications, or when we place non- essential cookies (analytics or advertising cookies) on your device (as required by ePrivacy laws in the EU). If we ask for your consent, you have the right to withdraw it at any time. For example, you can opt out of marketing emails by clicking the “unsubscribe” link in any email, and you can manage cookie preferences as described in our Cookie Policy. Withdrawal of consent will not affect the lawfulness of processing already carried out.
• Legitimate Interests: We process some personal data for purposes that are in our legitimate interests (or those of third parties) – provided those interests are not overridden by your data protection rights. For instance, it is our legitimate interest to understand how users use our Site so we can improve our services (analytics), to secure our Services and prevent fraud, and to market our services to existing customers. When we rely on legitimate interests, we consider and balance any potential impact on your rights. We do not use your data for activities where our interests are overridden by the impact on you (for example, we would not use contact info for unsolicited telemarketing, and in the EU we do not rely on legitimate interest for processing sensitive personal data or for sending you marketing communications without consent).
• Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation to which we are subject. For example, we may be required to retain transaction records for tax reporting, or to disclose information if compelled by court order or regulatory authorities (such as fulfilling duties under consumer protection laws or providing data to law enforcement with proper authority).
• Vital Interests: Although unlikely, there could be situations where we need to process personal data to protect your vital interests or those of another person. (For example, if you have a medical emergency on a trip you booked through us, we might share information with medical personnel if known to us.) This basis is rarely used and only in critical, life-threatening situations.

Note for California Residents: The above legal basis section is specific to GDPR. Under CCPA/CPRA in California, we describe our purposes for collection in the “How We Use Your Information” section and your rights in the “Your Rights” section. Generally, our collection and use of personal data is for the business purposes identified above (which align with the CCPA’s definition of “business purposes,” such as fulfilling orders, detecting security incidents, etc.).

4. DATA STORAGE, INTERNATIONAL TRANSFERS, AND RETENTION

In Short: Find out where we store your data, how long we keep it, and the safeguards we use to protect it. Data is stored in the U.S. and may be processed by trusted partners globally. We retain it only as long as needed for service delivery and legal compliance, with strong security in place.

We take steps to ensure that your personal information is stored securely and retained only as long as necessary.

• Where We Store Data: Nord Skies is based in the United States, and our website servers and databases are likely located in the U.S. (or in other jurisdictions through cloud service providers). This means that if you are outside the U.S., your personal data will be transferred to and processed in the United States. We may also use cloud services or third-party service providers located in other countries. Regardless of where your data is processed, we will protect it in accordance with this Privacy Policy and applicable law.
• International Data Transfers (EU/EEA Users): If you are in the EU, UK, or another region with data transfer restrictions, we will ensure that appropriate safeguards are in place when we transfer your personal data to the U.S. or other jurisdictions. These safeguards may include using standard contractual clauses approved by the European Commission, or ensuring the recipient is certified under an approved framework (if applicable), or that we rely on another valid transfer mechanism. Despite the data being stored in a country with different privacy laws, we will ensure your personal data receives a level of protection equivalent to that in the EEA. You can contact us if you have questions about international transfers of your personal data.
• Data Security: We employ a variety of security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include technical, administrative, and physical safeguards appropriate to the sensitivity of the data. For example, our Site is secured using HTTPS encryption (TLS) to protect data in transit, and sensitive information (like passwords) is stored in encrypted form. We restrict access to personal data to employees and service providers who need it to perform their tasks, and they are subject to confidentiality obligations. We also maintain procedures to handle any suspected data breach. However, please note that no website or internet transmission is completely secure. We cannot guarantee absolute security of data, but we do our best to protect it. It is also important that you protect your account credentials and not share your password with anyone.

• Data Retention: We retain personal information for as long as it is needed to fulfill the purposes for which we collected it, and to comply with our legal obligations. The exact duration will depend on the type of information and the context in which it was collected:
  • User Account Information: If you have an account with us, we will retain your account data while your account is active. You may request that we delete your account (see Your Rights below), in which case we will delete or anonymize your personal data associated with the account, except for information we are required or permitted to retain by law.
  • Transaction and Booking Data: We retain information about your travel bookings, transactions, and communications with us as needed for our records. For example, we keep booking records and invoices for a number of years to handle any post-trip issues, refunds, or disputes, and to meet legal record-keeping requirements (for instance, financial records may be kept for at least [7] years under certain tax laws).
  • Marketing Data: If you have consented to receive marketing emails, we will retain your contact information for that purpose until you opt out or unsubscribe. If you unsubscribe, we may keep your email on a suppression list to ensure we honor your opt-out.
  • Automatically Collected Data: Analytics data is typically collected in aggregate form and may be retained for our internal analysis. Cookies and similar tracking data have varying retention periods (see Cookie Policy for specifics). We honor cookie expiration and deletion if you clear your browser cookies or opt out via our cookie management tools.
  • Legal Retention: In all cases, we may retain personal information for a longer period if required by law (for example, to comply with regulatory requests or hold for litigation) or if necessary to protect our rights. When personal data is no longer needed, we will securely delete or anonymize it.

5. SHARING YOUR INFORMATION WITH THIRD PARTIES

In Short: This section explains the situations in which we share your data and the protections in place to ensure it remains secure. We share data only with trusted service providers like payment processors, travel partners, and analytics services—under strict contracts ensuring data safety. We do not sell your personal data.

We do not sell your personal information to third parties. However, we do share your information with certain third parties for legitimate business purposes, as described below. When we share data, we ensure that these parties are bound to protect your information and use it only for the purposes we specify.

• Service Providers (Processors): We share personal data with trusted third-party companies that provide services on our behalf, to help us run our business. These include:
  • Payment Processors: As noted, we use Stripe and PayPal to process payments. When you enter your payment information at checkout, you are actually providing it directly to these processors via embedded secure forms. Stripe may collect device and network information (such as IP address, device ID, browser type) when processing payments to aid in fraud prevention. PayPal collects your payment details on its own secure pages and does not share your full financial information with us. We share with these processors the necessary personal data to charge your payment method (such as the purchase amount, currency, your name and perhaps billing address). These payment providers are responsible for the personal information they collect and we recommend reviewing their Privacy Policies (available on the Stripe and PayPal websites) to understand their practices.
  • Travel Partners and Fulfillment: If your travel booking or any portion of the Services is provided by a third-party partner, we will share the necessary information with them to fulfill the service. For example, if you book a flight or hotel through Nord Skies, we will share passenger details (like your name, gender, date of birth, nationality, and passport number if required by the airline or government) with the airline or hotel to secure your reservation. Similarly, if you book a tour operated by a local partner, we provide them the information needed (names of travelers, contact info, etc.). These partners will use your information only for the purposes of the booking or service and are contractually or legally obligated to protect your data. (They may have their own privacy policies as well in how they handle that data.)
  • Website Hosting and IT Providers: Our website and database may be hosted by third-party companies. Those providers may process stored data as part of their infrastructure services. We ensure any such provider maintains strong security and confidentiality. Additionally, we might use vendors for services such as email delivery (for sending confirmation or notification emails), cloud storage or backup, customer support tools, or other IT services. These providers will have access to information as needed to perform their functions for us (for example, if we use an email service to send out our newsletters, that service will handle your email address and the content of the newsletter).
  • Analytics Services: We use third-party analytics tools like Google Analytics to collect information about Site usage and user interactions (as described in Information We Collect). Analytics providers set their own cookies or similar identifiers to gather usage data. The information (including possibly your IP address and device info) is transmitted to and stored by these providers (e.g., Google) on their servers for analysis on our behalf. We use these insights to improve our Services. These analytics providers act as our data processors, meaning they only use the data on our instructions and not for their own purposes (Google Analytics’ terms prohibit using the data for other Google services without our consent, and we have configured Google Analytics to anonymize IP addresses in the EU). You can opt out of Google Analytics as explained in our Cookie Policy section.

• Business Transfers: If Nord Skies undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, your personal information may be transferred to the acquiring or successor entity as part of the transaction. We will ensure the new owner will continue to honor the commitments we have made in this Privacy Policy. If such a transfer is subject to additional restrictions by law, we will comply with those. We will notify you (for example, via a notice on our Site or email) of any change in ownership or uses of your personal information as a result of an acquisition, as well as any choices you may have regarding your personal information.
• Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement agencies, regulators, or attorneys) when we believe in good faith that such disclosure is necessary to:
  • Comply with a law, regulation, legal process, or enforceable governmental request (for example, to respond to a subpoena or court order).
  • Enforce or apply our Terms of Service and other agreements, or investigate potential violations.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Protect the rights, property, or safety of Nord Skies, our users, our employees, or the public. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction (subject to applicable data protection laws).

• With Your Consent: Apart from the cases listed above, we will only share your personal data with third parties when you have given us your explicit consent to do so. For example, if we ever want to post a customer testimonial that includes personal information (like your name or a profile photo), we would seek your permission. Or if you opt-in to a program where we share data with a partner for their own marketing (which is not something we currently do), we would only do so with your clear consent and provide you with relevant details at that time.

No Sale of Personal Information: We do not sell your personal information to third parties for monetary consideration. We also do not share your personal information with third parties for their own direct marketing use unless you give us permission. In the context of CCPA: in the past 12 months, Nord Skies has not sold personal information and has not shared personal information for cross-context behavioral advertising. If this ever changes, we will update this Policy and provide appropriate notices and opt-out mechanisms as required by law.

6. YOUR PRIVACY RIGHTS

In Short: Learn about the rights you have over your personal data and how to exercise them depending on where you live. Depending on your region (e.g., EU or California), you may have rights to access, correct, delete, or limit how we use your data. We honor all legally required privacy rights.

Depending on your residency or location, you have certain rights regarding your personal information. We are committed to honoring your rights and have processes in place for you to exercise them. These rights include, for example, rights provided under the GDPR for individuals in the EU/EEA, and rights under the CCPA (as amended by CPRA) for California residents. We extend basic privacy rights to all our users, but the availability of some specific rights may depend on your jurisdiction.

Rights of Individuals in the European Union (GDPR Rights)

If you are in the European Union, European Economic Area, UK, or a similar jurisdiction that provides GDPR-equivalent rights, you have the following rights with respect to your personal data:

• Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the personal data we hold about you, as well as information about how we use it. This is sometimes called a “Data Subject Access Request.”
• Right to Rectification: If any of your personal data we have is inaccurate or incomplete, you have the right to request that we correct or update it. For example, you can correct your contact details or update preferences by contacting us or via your account settings.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances (GDPR: A Guide to the 8 Data Subject Rights – IT Governance Blog). This is also known as the “right to be forgotten.” We will honor such requests when, for instance, the data is no longer needed for the purposes it was collected, or you withdraw consent and we have no other legal basis to continue processing. Please note there are exceptions – we may retain data if necessary for compliance with a legal obligation or for establishing or defending legal claims, among other lawful reasons.
• Right to Restrict Processing: You can ask us to restrict or suspend the processing of your personal data in certain situations. For example, if you contest the accuracy of your data, you can request we limit processing while we verify your claim. Or if you object to our use of your data based on legitimate interests and we are evaluating the request, you may request we pause further use of that data.
• Right to Data Portability: You have the right to obtain a copy of certain information you provided to us in a structured, commonly used, machine-readable format, and to have that information transmitted to another controller, where technically feasible. This typically applies to personal data processed based on your consent or for performance of a contract (e.g., your account data).
• Right to Object: You have the right to object to our processing of your personal data in some cases. In particular, you can object to any direct marketing (you have an absolute right to tell us to stop sending you marketing emails, as described below in Your Choices). You can also object if you believe your rights outweigh our legitimate interests in processing certain data. If you raise an objection, we will review it and unless we have a compelling legitimate ground to continue processing or it is needed for legal reasons, we will cease the processing in question.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can withdraw consent for marketing communications or analytics cookies. Withdrawal of consent will not affect the lawfulness of processing that was done before withdrawal.
• Right Not to Be Subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you, unless it is necessary for a contract, authorized by law, or you have given your explicit consent. (Nord Skies does not engage in automated decision-making of this nature without human involvement. We do not make any decisions about you that would have a significant effect on you purely by algorithms.)
• Right to Complain: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where the issue occurred. We encourage you to contact us first, so we can address your concerns directly, but you are free to contact the regulator at any time.

How to Exercise EU Rights: You can exercise these rights at any time by contacting us via the contact information below. We may need to verify your identity before fulfilling certain requests (to ensure we don’t disclose data to the wrong person). We will respond to your request within one month (or inform you if we need an extension). In general, we will not charge a fee for these requests unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request with an explanation.

Rights of California Residents (CCPA/CPRA Rights)

If you are a resident of California, you are entitled to certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) amendment. These rights (subject to certain limitations under the law) include:

• Right to Know (Access): You have the right to request that we disclose what personal information we collect, use, disclose, and share about you. This includes the specific pieces of personal information we have collected, as well as the categories of personal information, the categories of sources of that information, the business or commercial purposes for collecting or sharing it, and the categories of third parties with whom we share it. (In this Privacy Policy, we have provided details on these aspects: see Information We Collect, How We Use It, and Sharing sections. You can also request this information formally from us.)
• Right to Delete: You have the right to request that we delete personal information we have collected from you, with certain exceptions. Upon verification of your request, we will delete (and instruct our service providers to delete) your personal information from our records, except to the extent we need to retain it for reasons permitted by law (for example, completing transactions you have requested, detecting security incidents, complying with legal obligations, etc.).
• Right to Correct: You have the right to request that we correct inaccurate personal information that we hold about you. We will take into account the nature of the personal information and the purposes of processing, and work with you to correct any inaccuracies if you notify us of them.
• Right to Opt-Out of Sale or Sharing: The CCPA gives you the right to opt out of the “sale” of your personal information, or the “sharing” of your personal information for cross-context behavioral advertising. However, Nord Skies does not sell personal information for monetary value, and we do not share your personal information with third parties for cross-context behavioral advertising purposes (as defined by applicable law). In other words, we do not exchange your data with third-party advertisers in a way that would be considered a sale or targeted advertising “sharing” under California law. Because we do not engage in these activities, we do not have a “Do

Not Sell or Share My Personal Information” link on our Site. If this changes in the future, we will implement appropriate opt-out mechanisms and update this Policy.

o Note: Some transfers of personal information are deemed “sharing” under CPRA (for example, using analytics cookies could be interpreted as sharing data with the analytics provider). We treat such scenarios with care: we either obtain consent for analytics cookies (for users where required) or offer an opt-out. If you have enabled the Global Privacy Control (GPC) or a similar preference signal in your browser indicating a desire to opt-out of sale/sharing, we currently interpret that in good faith as a request to opt out of analytics cookies for California residents. Since we don’t otherwise sell or share data, honoring the GPC mainly means disabling non-essential cookies, which you can also do manually (see Cookie Policy below).

• Right to Limit Use of Sensitive Personal Information: The CPRA provides California residents the right to limit how a business uses “sensitive personal information” (SPI) if it is used for purposes beyond what is necessary to provide the services. Sensitive data can include things like account login credentials, precise geolocation, racial or ethnic origin, health data, etc. In our case, the sensitive information we may collect (for instance, account login info or payment card details) is only used for providing the Services you request (e.g., processing a payment or securing your account). We do not use or disclose sensitive personal information for purposes like profiling or targeted advertising. Therefore, we do not require a “Limit Use of My Sensitive Info” link because we automatically limit our use to what is necessary. If you have concerns or wish to ensure no secondary use of any sensitive information, you may contact us to discuss or exercise any applicable rights.
• Right of No Retaliation/Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your CCPA rights. This means we will not deny you services, charge you a different price, or provide a different level of quality of service just because you exercised your privacy rights. (If you have signed up for a service or promotion that requires certain data, and you request deletion of that data, we will let you know if that impacts our ability to continue providing the service – but we will not otherwise punish you for making a request.)
• Shine the Light: Separately from CCPA, California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes (if any). As noted above, we do not share personal data with third parties for their own direct marketing without consent. Therefore, we believe we are in compliance with this requirement by not engaging in such sharing. If you nonetheless would like to make a Shine the Light inquiry, you can contact us as described below and we will respond as required.

How to Exercise California Rights: If you are a California resident and wish to exercise your Right to Know, Delete, or Correct, you (or your authorized agent) can submit a request to us through the contact methods listed in Contact Us below. Please indicate that you are a California resident making a “CCPA/CPRA request” and specify which right you seek to exercise. We will need to verify your identity to process certain requests – typically by asking you to provide information that matches our records (such as confirming your email address or recent transaction). For an access request, we will provide the information for the 12-month period preceding your request (you can request beyond 12 months up to January 1, 2022, if applicable, and we will include that if required by CPRA). We aim to respond to your request within 45 days as required by law (if needed, we may take an extension of an additional 45 days but will inform you of the reason). If you use an authorized agent, we may require proof of their authorization and also verification of your identity directly. All requests and responses under CCPA are generally free of charge.

Other Jurisdictions

If you are located in certain U.S. states (such as Colorado, Virginia, Utah, or others with similar privacy laws), you may have additional rights (e.g., right to access, delete, or correct your data, or to opt out of certain processing like targeted advertising or profiling). Nord Skies will honor applicable rights in those jurisdictions as well. You can contact us to inquire about your specific privacy rights if you are from these regions.

Regardless of jurisdiction, we will do our best to honor requests from individuals to access, correct, or delete their personal information, so long as it aligns with applicable law.

7. YOUR CHOICES AND OPT-OUT OPTIONS

In Short: Discover how you can manage your personal data preferences, including marketing, cookies, and account settings. You can unsubscribe from marketing emails, disable cookies, manage account info, or opt out of certain data uses. We make it easy to exercise your choices.

You have control over how we use your personal information in several areas. This section explains the choices you can make and how to exercise them:

• Opting Out of Marketing Communications: If you have subscribed to our promotional emails, you can opt out at any time. To unsubscribe, simply click the “Unsubscribe” or “Manage Preferences” link in any marketing email we send. You can also request removal by contacting us at our support email (see Contact Us). Please note that even if you opt out of marketing emails, we may still send you transactional or service messages (for example, booking confirmations, travel updates, or security/privacy notices) as these are not promotional in nature.
• Account Information: If you have an account on our Site, you can log in and update or correct certain personal information directly in your account profile (such as your contact details or preferences). If you wish to delete your account, you can do so through the account settings if that feature is available, or by contacting us to request deletion. Deleting your account will remove your profile information, but we may retain some transaction records as needed for legitimate purposes (see Data Retention above). If you just wish to deactivate your account or stop using it, you may simply stop logging in; we will retain your account info until you request deletion or as per our retention schedule.
• Cookies & Analytics Preferences: You have choices about whether certain cookies or tracking tools are placed on your browser:
  • When you first visit our Site from the EU or other jurisdictions that require consent for non-essential cookies, you will be presented with a cookie consent banner. You can choose to accept or reject analytics cookies. If you reject or ignore the banner, we will not place those cookies (only essential ones for site functioning will be used).
  • Even if you accepted cookies, you can always change your mind. See our Cookie Policy below for details on how to adjust your cookie settings or withdraw consent. This can typically be done by clicking a “Cookie Settings” link on our Site (if available) or by using your browser settings to clear or block cookies.
  • To specifically opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on which prevents Google Analytics from collecting data on your browser. We also respect the “Do Not Track” or Global Privacy Control (GPC) signals as described earlier, by treating them as opt-outs of analytics for California residents, and generally not using tracking cookies if a DNT/GPC signal is detected, where feasible.
• Targeted Advertising Choices: Currently, Nord Skies does not serve third-party targeted advertisements on our Site (and we do not share data for those purposes). If in the future we partner with advertising networks or social media platforms to deliver ads, we will update our policies to inform you and provide opt-out links. Generally, if online ads are used, you can opt out of targeted advertising by using industry tools such as the NAI Opt-Out or DAA WebChoices for browser opt-outs, and adjusting settings on your mobile device for mobile app advertising.
• Do Not Track: “Do Not Track” is a setting available in most browsers that allows you to signal a preference regarding tracking by websites. There is currently no standard interpretation of DNT signals, and as such, our Site currently does not respond to generic Do Not Track browser signals. Instead, we rely on the cookie consent and opt-out mechanisms described above. However, as noted, if you are using a Global Privacy Control (which is an emerging standard for a universal opt-out, especially in California), we will treat it as a request to opt out of cookies that are not strictly necessary.
• Declining to Provide Information: You have the choice not to provide certain personal information to us. However, please understand that some information is necessary for the performance of our Services. If you decline to provide essential data (like your name or payment information for a booking), we may not be able to fulfill your request or provide the service. We will try to indicate clearly what data is optional. For instance, you can choose not to fill out your profile completely (some fields may be optional) or not to participate in surveys or contests we run.
• Additional Choices: If we ever use your personal data in new ways not described in this Policy, we will provide appropriate notice and the ability to opt out or opt in as required. We want you to feel in control of your information. Should you have any questions about exercising control over your data, you can always reach out to us.

8. COOKIE POLICY

Our Site uses cookies and similar tracking technologies to distinguish you from other users, to improve your experience on our Site, and to understand usage of our Services. This section explains how we use cookies, what kinds of cookies we use, and how you can manage them. (This Cookie Policy is an integral part of our Privacy Policy.)

What are Cookies? Cookies are small text files that are placed on your device (computer, smartphone, etc.) when you visit a website. They allow the website to recognize your device and store certain information about your preferences or past actions. Other tracking technologies include web beacons (clear image files used in emails or on websites) and scripts that record data about your interactions. For simplicity, we refer to all of these as “cookies” in this policy.

How We Use Cookies

Nord Skies uses cookies for a variety of reasons:

• Essential Cookies: These cookies are necessary for our Site to function properly. They enable core functionality such as secure log-in, session management, and access to member-only features. For example, if you log into your Nord Skies account, we use a session cookie to keep you logged in as you navigate between pages. Without these cookies, certain services you request (such as account access or booking process) cannot be provided. These cookies do not gather information for marketing or analytics.
• Analytics Cookies: We use analytics or performance cookies to collect information about how visitors use our Site, so we can improve it. For instance, we use Google Analytics cookies to see which pages are popular, how users move through the site, and if they encounter errors. The data collected is aggregated and anonymous – it does not identify you personally. It tells us things like how many users visited a page or how long they spent on the site. This helps us optimize our content and design. Google Analytics may set cookies such as _ga, _gid, and others to track user interactions. We have configured Google Analytics to anonymize IP addresses for visitors from the EU (so the last digits of your IP are masked before storage) for additional privacy. We do not use Google Analytics to track you across different websites, only to measure our Site’s traffic. (Google Analytics might also use or read certain non-cookie identifiers on mobile devices for app tracking, but our use is currently limited to our website.)
• Preference Cookies: These cookies remember your preferences and settings to provide a more personalized experience. For example, a cookie might remember your chosen language or region, so you don’t have to select it each time. Or if we have a cookie consent tool, a cookie will remember your choices so we don’t ask for consent every time you visit. Another example is a cookie that remembers items you added to a cart or a travel itinerary if such a feature exists, so they remain there on your next visit.
• Advertising Cookies: Currently, we do not host third-party ads on NordSkies.com that would use advertising cookies. If in the future this changes, advertising cookies would be used to deliver relevant ads to you, track ad campaign performance, or limit how many times you see an ad. They may be set through our site by advertising partners (like Google Ads or social media platforms). These cookies can remember that you visited our site and may track your browsing on other sites as well to serve you targeted ads. Because we currently do not use this type of cookie, you should not see third-party advertising cookies from our Site. We will update our policy and obtain necessary consents if we introduce advertising cookies.
•  Third-Party Cookies: Some cookies on our Site are placed by third parties on our behalf (with our permission) to provide services. The primary third-party cookies in use are those set by Google Analytics (as discussed) and possibly by our payment processors or other integrated services:
  • If a component of our site integrates with PayPal or Stripe (for example, a checkout widget), those services might set their own cookies or tracking technologies to enable the payment process and for fraud prevention. Stripe, for instance, may place a cookie to remember your device or to facilitate a quick checkout. These cookies are controlled by those third parties, but they are only used in the context of providing their service on our Site.
  • Content from other sources: We might at times embed content from third-party sites (like an interactive map, or a YouTube video on a blog). Those external sites may set cookies when you interact with their content. For example, YouTube might set cookies if you watch an embedded video of a travel destination. We do not control these cookies – they are governed by the privacy/cookie policy of the third-party providing them.

Cookies and Consent

For visitors from the EU (and where otherwise legally required), we show a cookie consent banner when you first visit our Site. This banner allows you to accept or decline non-essential cookies (like analytics cookies). Essential cookies (which are necessary for site operation) will be set regardless, as the law permits.

If you opt out of analytics cookies via the banner, those cookies will not be placed, and the site should function normally, though our insight into usage will be reduced (which is okay – we prioritize your choice).

For users outside of regions requiring explicit consent, by using our Site you agree to the placement of cookies as described in this Policy. You still have the ability to control cookies as described below.

Managing and Disabling Cookies

Your Browser Settings: Most web browsers provide settings to let you control or delete cookies. You can typically find these options in the “Options” or “Preferences” menu of your browser. You can set your browser to refuse all cookies, accept only certain types, or notify you when a cookie is set. You can also delete cookies that have already been set.

• If you disable cookies entirely, note that our Site may not function properly. For example, you may not be able to log in or complete a booking, because essential cookies are needed for those processes.
• If you delete cookies, any preferences or settings controlled by those cookies will be cleared (for instance, if you disabled analytics through our banner and then cleared cookies, you would get the consent banner again on your next visit).
• Each browser is different: Check your browser’s help or support section for specific instructions on how to manage cookies. Here are links to manage cookie settings for common browsers: Google Chrome, Mozilla Firefox, Safari (desktop), Safari iOS (mobile), Microsoft Edge.

Cookie Preference Tool: Our Site offers a cookie preferences or settings tool (located in the footer with link title”Revisit Cookie Consent“), you can use that to customize which categories of cookies you accept. It allows you to toggle analytics or other cookies on/off even after your initial choice. 

Google Analytics Opt-Out: As mentioned, Google offers an opt-out browser add-on for Google Analytics which, once installed in your browser, prevents GA from collecting your data on any site that uses it. You can obtain this add-on here: https://tools.google.com/dlpage/gaoptout. Using this add-on will not affect the basic functioning of our site; it simply tells Google Analytics script not to run.

Advertising Industry Opt-Outs: In the event we use advertising or social media cookies in the future, you will be able to opt out through industry websites (like the NAI or DAA pages mentioned in Your Choices above). Additionally, social media platforms like Facebook or Twitter allow you to adjust your ad preferences on their own sites if you don’t want interest- based ads.

Mobile Devices: If you use our Services via a mobile device, the device’s operating system (iOS, Android, etc.) may offer settings to control tracking by ads or cookies within mobile apps. Although our services are primarily web-based, if in future we offer a mobile app or you access via a mobile browser, you can explore the device settings for “privacy” or “advertising” to limit ad tracking or reset advertising identifiers.

Cookies We Use (Categories and Examples)

For transparency, here are the categories of cookies in use on NordSkies.com, with some examples:

• Essential Cookies:
  • SessionID: Keeps you logged in and maintains your session on the server.(Expires when you close your browser.)
  • CSRF-Token: A security cookie to prevent cross-site request forgery attack during form submissions. (May expire after a short time or end of session.)

• Analytics Cookies:
  • _ga (Google Analytics): Used to distinguish users with a random identifier.(Persistent cookie, typically expires after 2 years.)
  • _gid (Google Analytics): Used to distinguish users on a daily basis. (Expires after 24 hours.)
  • _gat (Google Analytics): Used to throttle request rate to Google Analytics (to prevent overload of requests). (Expires after 1 minute.)
  • AMP_TOKEN (Google Analytics): If our site uses AMP, contains a token to retrieve a client ID. (Expires in 30 seconds to 1 year, varies.)We may also use Google Analytics 4 (GA4) which can set additional cookies or use the same names with slightly different behavior. GA4 might also use an _ga_<container-id> cookie with a similar purpose to _ga.

• Preference Cookies:
  • lang: Remembers the language selected by the user (if our site is multi-lingual). (Persistent, e.g., 1 year expiration.)
  • cookieConsent: Remembers your choice on the cookie consent banner (so we don’t ask you again). (Persistent, maybe 6 months – 1 year.)
  • currency: If our travel site allows viewing prices in different currencies, this cookie might remember your preferred currency.

• Third-Party Integration Cookies:
  • __stripe_mid, __stripe_sid (Stripe): These cookies are set by Stripe to prevent fraud and assist in payment processing. One is a persistent cookie (maybe 1 year) and one is a session cookie. They help Stripe identify devices.
  • ts_c, dpni, ect (PayPal): PayPal sets various cookies when integrated for payment, such as for fraud screening (ts_c might be a security cookie). These cookies help maintain security during checkout.
  • If we embed a YouTube video, YouTube may set cookies like YSC (session) and VISITOR_INFO1_LIVE (to estimate bandwidth, persists ~6 months) and PREF (preferences, persists longer).

(The above are examples; the exact cookies in use may change as our Site evolves. We will keep this policy updated to reflect any significant changes in cookie usage.)

Additional Information on Cookies

• Third-Party Privacy Policies: For more details on how our third-party service providers handle information collected via cookies on our Site, you can review their privacy policies. Key ones include:
  • Google Analytics – Google Privacy Policy and Google Analytics Data Safeguarding.
  • Stripe – Stripe Privacy Policy (which discusses cookies and device data Stripe collects).
  • PayPal – PayPal Privacy Statement.
  • (If in future we use others like Facebook Pixel, etc., their policies would be listed as well.)

• Changes in Cookies: The cookies we use may change over time as we update our Site or change service providers. We will update the cookie information in this policy periodically to reflect those changes. We also may provide in-product notices or prompts if significant changes occur (for example, if we were to add advertising cookies for the first time, we would likely ask for consent anew).
• Cookie Policy Scope: This Cookie Policy covers only our Site (nordskies.com). If you follow links on our Site to third-party websites or services, they may set their own cookies which are not under our control. We encourage you to read the cookie and privacy policies of any external sites you visit.

By continuing to use our Site with cookies enabled in your browser (and, where required, by consenting via our cookie banner), you consent to the use of cookies as described in this policy. If you have questions about our use of cookies, you can contact us using the information below.

9. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are here to help and will respond as promptly as we can.

• Email: You can reach our privacy team at privacy@nordskies.com. This is the preferred and fastest way to reach us for any privacy-related inquiries or to exercise your rights.
• Postal Mail: If you wish to contact us by mail, you can write to us at:
  • Nord Skies Privacy Team
    30 N Gould st STE N
    Sheridan WY 82801

    United States

(Please include “Attn: Privacy” in your correspondence and provide a clear return address or contact information so we can respond.)

• Phone: For urgent matters or if you prefer to speak with us, you may call our customer service line at +1 347-695-8855 and request to speak to someone about the privacy policy or your personal data. (Note – Our phone support hours are: 7 AM – 2PM EST, Monday- Saturday)
• Data Protection Officer (if applicable): (At this time, Nord Skies is not required by law to have a dedicated Data Protection Officer, given the nature and scale of our data processing. However, our privacy team fulfills a similar role. If we appoint a DPO or EU Representative, we will update their contact details here.)

We will respond to your inquiries or requests within the time-frames required by law. For example, if you contact us about a privacy rights request (as described in Your Rights), we will handle that request in accordance with the applicable regulations.

10. UPDATING THIS POLICY

We may update this Privacy Policy and Cookie Policy from time to time to reflect changes in our practices, operational requirements, or for legal reasons. If we make material changes, we will notify users by posting a prominent notice on our Site (or by directly sending a notice if we have your contact information) prior to the change becoming effective. The “Last updated” date at the top of this Policy indicates when the latest changes were made.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If you continue to use our Services after any changes to this Privacy Policy take effect, it will signify your acceptance of the updated terms (to the extent permitted by law).