Privacy Policy

Last updated: January 2025

Introduction

Traveo ehf. ("we", "us", or "our"), operating as Iceland Travel Center, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at icelandtravelcenter.com.

Our registered headquarters are at Álfaskeið 40, 220 Hafnarfjörður, Iceland (registration no. KT: 650687-1759). We are a fully licensed travel agency registered with Ferðamálastofa (Icelandic Tourist Board).

GDPR Compliance

We operate in full compliance with the General Data Protection Regulation (GDPR), which is applicable in Iceland through the EEA Agreement. This regulation ensures that your personal data is processed lawfully, fairly, and transparently.

As a data controller, we are responsible for deciding how and why your personal data is processed. We have implemented appropriate technical and organizational measures to ensure the security of your data.

Data We Collect

We collect the following types of personal data:

Information You Provide

  • Booking information: Name, email address, phone number, and any special requests related to your tour bookings
  • Payment information: Credit card details are processed securely through our payment provider and are not stored on our servers
  • Communication data: Any information you provide when contacting us via email or our contact form
  • Newsletter subscription: Email address if you subscribe to our newsletter

Information Collected Automatically

  • Technical data: IP address, browser type, device information, and operating system
  • Usage data: Pages visited, time spent on pages, and navigation patterns
  • Cookie data: Information collected through cookies and similar technologies (see Cookies section below)

How We Use Your Data

We use your personal data for the following purposes:

  • Processing bookings: To confirm and manage your tour reservations
  • Communication: To send booking confirmations, important updates about your tours, and respond to inquiries
  • Payment processing: To process payments securely through our payment providers
  • Legal compliance: To comply with legal obligations and protect our legitimate interests
  • Service improvement: To analyze usage patterns and improve our website and services
  • Marketing: To send promotional materials if you have opted in to receive them

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to fulfill your booking and provide our services
  • Consent: Where you have given explicit consent, such as for marketing communications
  • Legal obligation: Processing required to comply with applicable laws
  • Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention and service improvement

Data Sharing

We may share your personal data with:

  • Tour operators: To facilitate your bookings, we share necessary information with our partner tour operators
  • Payment processors: To securely process your payments
  • Service providers: Third-party services that help us operate our website and business
  • Legal authorities: When required by law or to protect our legal rights

We do not sell your personal data to third parties. All data sharing is conducted in compliance with GDPR requirements, and we ensure appropriate safeguards are in place.

Cookies

Our website uses cookies and similar technologies to enhance your browsing experience and analyze website traffic.

Types of Cookies We Use

  • Essential cookies: Required for the website to function properly, such as maintaining your session
  • Analytics cookies: Help us understand how visitors interact with our website
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Used to deliver relevant advertisements (only with your consent)

Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies
  • Delete all cookies when you close your browser

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:

  • Booking data: Retained for 7 years after the completion of your tour for legal and accounting purposes
  • Communication records: Retained for 3 years after the last interaction
  • Marketing preferences: Retained until you withdraw consent or unsubscribe
  • Analytics data: Retained in anonymized form

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Receive your data in a structured, commonly used format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at info@icelandtravelcenter.com. We will respond to your request within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS
  • Secure storage of data with access controls
  • Regular security assessments and updates
  • Staff training on data protection

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data.

Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd):

See also our Terms & Conditions for information about booking policies, cancellations, and other service terms.