Introduction
Traveo ehf. ("we", "us", or "our"), operating as Iceland Travel Center, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at icelandtravelcenter.com.
Our registered headquarters are at Álfaskeið 40, 220 Hafnarfjörður, Iceland (registration no. KT: 650687-1759). We are a fully licensed travel agency registered with Ferðamálastofa (Icelandic Tourist Board).
GDPR Compliance
We operate in full compliance with the General Data Protection Regulation (GDPR), which is applicable in Iceland through the EEA Agreement. This regulation ensures that your personal data is processed lawfully, fairly, and transparently.
As a data controller, we are responsible for deciding how and why your personal data is processed. We have implemented appropriate technical and organizational measures to ensure the security of your data.
Data We Collect
We collect the following types of personal data:
Information You Provide
- Booking information: Name, email address, phone number, and any special requests related to your tour bookings
- Payment information: Credit card details are processed securely through our payment provider and are not stored on our servers
- Communication data: Any information you provide when contacting us via email or our contact form
- Newsletter subscription: Email address if you subscribe to our newsletter
Information Collected Automatically
- Technical data: IP address, browser type, device information, and operating system
- Usage data: Pages visited, time spent on pages, and navigation patterns
- Cookie data: Information collected through cookies and similar technologies (see Cookies section below)
How We Use Your Data
We use your personal data for the following purposes:
- Processing bookings: To confirm and manage your tour reservations
- Communication: To send booking confirmations, important updates about your tours, and respond to inquiries
- Payment processing: To process payments securely through our payment providers
- Legal compliance: To comply with legal obligations and protect our legitimate interests
- Service improvement: To analyze usage patterns and improve our website and services
- Marketing: To send promotional materials if you have opted in to receive them
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract performance: Processing necessary to fulfill your booking and provide our services
- Consent: Where you have given explicit consent, such as for marketing communications
- Legal obligation: Processing required to comply with applicable laws
- Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention and service improvement
Data Sharing
We may share your personal data with:
- Tour operators: To facilitate your bookings, we share necessary information with our partner tour operators
- Payment processors: To securely process your payments
- Service providers: Third-party services that help us operate our website and business
- Legal authorities: When required by law or to protect our legal rights
We do not sell your personal data to third parties. All data sharing is conducted in compliance with GDPR requirements, and we ensure appropriate safeguards are in place.
Cookies
Our website uses cookies and similar technologies to enhance your browsing experience and analyze website traffic.
Types of Cookies We Use
- Essential cookies: Required for the website to function properly, such as maintaining your session
- Analytics cookies: Help us understand how visitors interact with our website
- Functional cookies: Remember your preferences and settings
- Marketing cookies: Used to deliver relevant advertisements (only with your consent)
Managing Cookies
You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close your browser
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:
- Booking data: Retained for 7 years after the completion of your tour for legal and accounting purposes
- Communication records: Retained for 3 years after the last interaction
- Marketing preferences: Retained until you withdraw consent or unsubscribe
- Analytics data: Retained in anonymized form
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a structured, commonly used format
- Right to object: Object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact us at info@icelandtravelcenter.com. We will respond to your request within 30 days.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using SSL/TLS
- Secure storage of data with access controls
- Regular security assessments and updates
- Staff training on data protection
International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data.
Children's Privacy
Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Supervisory Authority
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd):
See also our Terms & Conditions for information about booking policies, cancellations, and other service terms.