Guide Updated 2026
Reviewed by the Kravflyg Editorial Team6min read

Privacy policy — how Kravflyg handles personal data and cookies

Kravflyg's privacy policy: what personal data we process, the lawful basis under GDPR, cookies and consent, your rights as a data subject, and how to contact us.

Check your rights

Are you entitled to compensation?

If all 5 conditions below are met, it is very likely that you are entitled to compensation under EU Regulation 261/2004.

  • The flight departed from an airport within the EU, or landed in the EU and was operated by an EU-based airline.
  • The delay at the final destination was 3 hours or more — or the flight was cancelled or you were denied boarding.
  • You had a confirmed booking and checked in on time.
  • The airline did not give notice of the cancellation at least 14 days in advance.
  • The cause was not a genuine extraordinary circumstance (documented extreme weather, air-traffic-control strike and the like).
Start your claim →
Lugn arkitekturdetalj av en modern skandinavisk byggnadsfasad i frostat glas och blekt betong, kyliga blågrå toner — Kravflygs integritetspolicy

This policy describes how Kravflyg handles personal data when you visit kravflyg.com. It follows the EU General Data Protection Regulation (GDPR) and the supplementary Swedish data protection law. We have written it in plain language rather than in standard legal text, because a site about your rights should be intelligible also when it is about your own data.

Kravflyg is an information site. We collect as little data as possible, we never sell personal data, and we do not process sensitive data about you.

Data controller

The data controller for the processing is the editorial team of Kravflyg, which runs the website kravflyg.com. If you want to contact us about a matter concerning personal data, you can reach us at dataskydd@kravflyg.com. Other contact details are on the page about Kravflyg.

What data we process

We process mainly two kinds of data, and only when there is a reason to.

Data collected automatically when you visit the site. When you load a page, our provider receives technical data needed to deliver and protect the website — including your IP address, approximate geographic region, which page was requested, the time, and your browser and device type. Kravflyg is delivered via Cloudflare, which processes such data for operation, performance and protection against attacks. If you have given your consent, our analytics tool also collects statistics on how the site is used — which pages are visited and for how long. We do not use that statistics to identify you as a person.

Data you provide yourself. If you write to the editorial team — for example to report an error or ask a question — we process the email address and the content you send, for as long as is needed to reply to you. Kravflyg has no accounts to register for, no subscription service with personal data and no forms that ask for your booking or your travel details. If you want to pursue a compensation claim, you do that with the airline, ARN or a claim service — not here. We go through what rights EU 261 gives you in a section of its own.

Lawful basis for the processing

All processing rests on a lawful basis under Article 6 of the GDPR.

Purpose

Data

Lawful basis

Deliver and protect the website

Technical data, IP address, logs

Legitimate interest (Art. 6(1)(f)) — being able to run the site securely

Statistics on how the site is used

Analytics data via an analytics tool

Consent (Art. 6(1)(a)) — you choose in the cookie banner

Reply to messages to the editorial team

Email address, the content of your message

Legitimate interest (Art. 6(1)(f)) — being able to reply to you

Processing based on consent only happens if you have given active consent, and you can withdraw it at any time. Processing based on legitimate interest we limit to what is actually needed to run the site.

Cookies and similar technologies

A cookie is a small text file stored in your browser. Kravflyg uses two categories.

Necessary cookies are required for the website to function and be secure — for example to remember your cookie choice and for Cloudflare's basic security functions. They are set without consent because the site cannot be delivered without them.

Analytics cookies, or similar analytics techniques, are used only if you say yes. When you visit Kravflyg for the first time, a cookie banner appears where you can accept or decline non-necessary cookies. If you decline, no analytics cookies are set and no usage statistics are collected about you. Your choice is saved so you are not asked at every visit, and you can change it at any time via the cookie-settings link in the page footer.

You can also block or delete cookies in your browser settings. Note that if you block necessary cookies, parts of the site may stop working.

Recipients and third-party services

Kravflyg uses a small number of external providers to be able to run the site. They process data on our behalf or as independent controllers for their part. We go through Kravflyg and the editorial team in a section of its own.

  • Cloudflare — delivers and protects the website (content delivery, security, operation).
  • Analytics provider — compiles anonymised or pseudonymised usage statistics, and only if you have consented.

We do not disclose your personal data for sale or marketing. Affiliate links to AirHelp involve no transfer of your personal data from Kravflyg — only if you click through yourself and provide data to AirHelp does AirHelp process it under its own privacy policy. How the affiliate links work is described on the page about affiliate links and funding.

If a provider processes data outside the EU/EEA, it does so with the safeguards the GDPR requires, for example the European Commission's Standard Contractual Clauses.

How long we keep data

We keep data only for as long as the purpose requires. Technical logs for operation and security are cleared on an ongoing basis after a short period. Statistics are kept in aggregated form. Email correspondence with the editorial team is kept for as long as the matter is current and deleted afterwards, unless we need to retain it for legal reasons.

Your rights

Under the GDPR you have several rights regarding your personal data. You have the right to

  • request access — confirmation of whether we process data about you and, if so, which,
  • request rectification of inaccurate data,
  • request erasure of data when there is no longer a reason to process it,
  • request restriction of processing or object to processing that rests on legitimate interest,
  • request data portability for data you have provided yourself and that is processed with consent, and
  • withdraw a consent you have given, without it affecting the processing carried out before you withdrew it.

If you want to exercise a right, write to dataskydd@kravflyg.com. We answer your request without undue delay and within one month at the latest. Because Kravflyg collects very little data about individual visitors, we may in some cases need additional information to connect a request to you.

Complaints to the supervisory authority

If you consider that we process your personal data in breach of the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY — Integritetsskyddsmyndigheten) , the supervisory authority for data protection in Sweden. We are also glad to receive your comment directly, so that we have the chance to put it right.

Changes to this policy

If we change how we process personal data — for example if the analytics or operating setup changes — we update this page and the date below. For more significant changes we inform you more prominently than that. Do review the page from time to time.

<p class="seomatrix-disclaimer"><em>Last reviewed and updated: 17 May 2026.</em></p>

No comments yet

Related articles