This Privacy Statement describes how Íslandshótel Group hf., ID No. 630169-2919, Sigtún 38, 105 Reykjavík (hereinafter referred to as “Íslandshótel”, “company" or “we”), performs data processing, e.g. the collection, registration, storage and disclosure of personally identifiable information (hereinafter also referred to as “you”). The statement covers, in particular, the processing of personal data when individuals:
Íslandshótel processes all personal information in accordance with current personal data protection legislation in effect in Iceland at any given time, as well as the relevant provisions contained in the EEA Agreement.
Personal data protection is important to Íslandshótel
Strong personal data protection is extremely important to Íslandshótel, and we recognise the importance of respecting the rights of individuals and ensuring that all handling of personal data remains in compliance with applicable regulations at any time and in accordance with the best practices of hotel operations.
What personal information does Íslandshótel collect, and what is the purpose of the collection?
Íslandshótel places emphasis on working only on the personal information that is necessary in accordance with the purpose behind the collection of the information. Íslandshótel does not process personal information for unrelated purposes unless the person is notified of such and informed of the authorisation on which the processing is based.
Íslandshótel collects, as necessary at any given time, only the following personal information:
Íslandshótel also collects, as appropriate, the following personal information that could be classified as sensitive personal information:
It is a policy of Íslandshótel not to collect personal information about children under the age of 13, except insofar as this is necessary in connection with bookings and stays in our hotels.
Íslandshótel only processes personal information for the purpose of:
Legal grounds for processing
Íslandshótel collects and processes personal information based on the following authorisations:
How long do we keep your personal information?
Íslandshótel stores personal information for the time necessary to fulfil the object of the processing as described above. For example, the information generated through camera surveillance is deleted within two weeks. The information belonging to accounting records is kept for seven years in accordance with the Accounting Act No. 145/1994.
From whom does Íslandshótel collect your personal information?
We collect personal information from you and in certain cases, from external sources such as booking sites, review sites and travel agencies.
How does Íslandshótel share your personal information with third parties and why?
Under no circumstances does Íslandshótel sell personal information about you. Íslandshótel only discloses personal information to third parties as required by law or to a service provider, agent or contractor who is appointed by Íslandshótel to work a predetermined task. Examples include those who take care of:
If a party to whom Íslandshótel discloses personal information is considered a processing party, then Íslandshótel will sign a processing agreement with the relevant party. The processing agreement stipulates, inter alia, the obligation of processors to keep personal information safe and to not use it for other purposes. Íslandshótel also shares personal information with third parties when this is necessary to protect the company’s critical interests, such as collecting on non-payments.
This Íslandshótel Privacy Statement does not extend to information or processing by third parties; we have no control or responsibility for the use, disclosure or other work by them. We encourage you to familiarise yourself with the personal privacy statements of third parties, e.g. the web hosting providers of sites that may refer to us, the financial institution, Borgun for electronic payment intermediation and software companies such as Facebook and Google.
Security of personal data and notifications of security breaches
Security during the processing of personal information is important to Íslandshótel, and we have taken the appropriate technical and organisational security measures to ensure the protection of your personal information in tune with our policies on security. In the event of a security violation involving your personal information and when such violation is considered to pose considerable risk to your freedom and rights, we will notify you without undue delay. In this sense, a security violation is considered an event that results in your personal information being lost or deleted, changed, disclosed or accessed by an unauthorised person. Here, however, we want to draw attention to the fact that the personal information you share with us on social media, e.g. on the Íslandshótel Facebook page, is considered public information and not under the control of the company, as Íslandshótel cannot control such information and is not responsible for its use or disclosure. If you do not want to share that information with other users or social media providers, do not share information on our social media site. We also encourage you to familiarise yourself with the privacy statements of these parties. Please note that when you visit our Facebook page, Facebook may add cookies to your device for diagnostic purposes.
Subject to the conditions that are discussed further in the applicable privacy laws, you are entitled to:
If you want to exercise your rights, you can send a written inquiry to email@example.com.
You also have the right to file a complaint with the Data Protection Authority if you feel the need. Information on the Data Protection Authority can be found on the Agency’s website, www.personuvernd.is.
If you would like more information about issues relating to your personal information, please contact the Íslandshótel office.
Review and revision of the Íslandshótel Privacy Statement
The Íslandshótel Privacy Statement is reviewed and updated if and when necessary. The most recent update of the policy was on 05.11.2018.