Home / Privacy Policy

Privacy Policy

Last updated: March 2026 · Published by Puffer AB

HotelsVetted is a service by Puffer AB (org.nr 556850-9144), a company registered in Sweden. We take your privacy seriously and comply with the General Data Protection Regulation (GDPR) and Swedish data protection law.

1. Who we are

The data controller for your personal data is:

Puffer AB
Organisation number: 556850-9144
Registered in Sweden
Contact: Contact form

2. What data we collect

We collect minimal data to operate the site:

  • Usage data — pages visited, time on site, browser type, approximate location (country/city). Collected via analytics (no personal identifiers).
  • Cookies — see our Cookie Policy for full details.
  • Email — only if you contact us directly via email.
  • Affiliate tracking — when you click a booking link, our affiliate partner (Booking.com) may set cookies. We receive anonymised commission data only.

We do not collect names, payment information, or account credentials. We do not require you to register.

3. Why we collect data

PurposeLegal basis
Understand how the site is used (analytics)Legitimate interest
Affiliate commission trackingLegitimate interest / Consent (via cookie banner)
Respond to contact emailsLegitimate interest
Improve content and user experienceLegitimate interest

4. Third parties we share data with

  • Booking.com (Booking Holdings Inc.) — affiliate partner. When you click a booking link, you are redirected to their platform and their privacy policy applies.
  • Analytics provider — anonymised, aggregated traffic data only.
  • Hosting provider — site infrastructure. No personal data beyond server logs.

We do not sell your data. We do not share your data with advertisers or data brokers.

5. How long we keep data

  • Analytics data: 26 months (standard retention period)
  • Email correspondence: as long as necessary to resolve your query, maximum 3 years
  • Cookie data: see Cookie Policy

6. Your rights under GDPR

If you are in the EU or EEA, you have the following rights:

  • Access — request a copy of the data we hold about you
  • Correction — ask us to correct inaccurate data
  • Deletion — ask us to delete your data ("right to be forgotten")
  • Objection — object to processing based on legitimate interest
  • Portability — receive your data in a machine-readable format
  • Withdrawal of consent — withdraw cookie consent at any time via our Cookie Policy

To exercise any right, use our contact form. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish supervisory authority: Integritetsskyddsmyndigheten (IMY).

7. International transfers

Some of our service providers are based outside the EU/EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

8. Security

We use HTTPS encryption for all data in transit. Access to any operational systems is restricted to authorised personnel only. We do not store sensitive personal data.

9. Changes to this policy

We may update this policy from time to time. Material changes will be flagged with an updated date at the top of this page. Continued use of the site after changes constitutes acceptance.

10. Contact

Questions about this policy or your personal data:

Use our contact form

Puffer AB, Stockholm, Sweden