Íslandshótel Privacy Statement
Thiss Privacy Statement describes how Íslandshótel Group hf., ID No. 630169-2919, Sigtún 38, 105 Reykjavík (hereinafter referred to as “Íslandshótel”, “company" or “we”), performs data processing, e.g. the collection, registration, storage and disclosure of personally identifiable information (hereinafter also referred to as “you”). The statement covers, in particular, the processing of personal data when individuals:
- book and stay in our hotel
- sign up and attend events held by us
- contact the company, whether by e-mail, phone or social media
- visit our website, islandshotel.is
- sign up for our mailing list
Íslandshótel processes all personal information in accordance with current personal data protection legislation in effect in Iceland at any given time, as well as the relevant provisions contained in the EEA Agreement.
Personal data protection is important to Íslandshótel
Strong personal data protection is extremely important to Íslandshótel, and we recognise the importance of respecting the rights of individuals and ensuring that all handling of personal data remains in compliance with applicable regulations at any time and in accordance with the best practices of hotel operations.
What personal information does Íslandshótel collect, and what is the purpose of the collection?
Íslandshótel places emphasis on working only on the personal information that is necessary in accordance with the purpose behind the collection of the information. Íslandshótel does not process personal information for unrelated purposes unless the person is notified of such and informed of the authorisation on which the processing is based.
Íslandshótel collects, as necessary at any given time, only the following personal information:
- identification and communication information, e.g. name and ID No., address, nationality, e-mail, phone number
- financial information, such as card/payment information
- technical information, e.g. IP address
- digital cookies, e.g. Internet behaviour
- information related to the selection of marketing
- information related to your booking and stay, such as booking number, room number, signature and special requests, e.g. in connection with diet, timing and duration of stay
- conversations through social media
- footage recorded from surveillance cameras in our hotel
- audio recordings of calls when a call is made to the hotel
Íslandshótel also collects, as appropriate, the following personal information that could be classified as sensitive personal information:
- information on food intolerance and allergies
It is a policy of Íslandshótel not to collect personal information about children under the age of 13, except insofar as this is necessary in connection with bookings and stays in our hotels.
Íslandshótel only processes personal information for the purpose of:
- processing bookings and looking after guests staying in our hotel
- preparing and managing events held at the hotel
- marketing and performing analysis
- taking care of property and security services, including the use of surveillance cameras
- responding to queries, complaints and compliments from individuals
- fulfilling the legal requirements of the company
- ordering trips for individuals with designated recreation companies
Legal grounds for processing
Íslandshótel collects and processes personal information based on the following authorisations:
- To fulfil contractual obligations This authorisation applies particularly when individuals book stays in our hotel.
- To fulfil legal obligations This authorisation applies in particular to data subject to legislation on accounting.
- To protect the legitimate interests of the company This authorisation applies in particular to hotel camera surveillance of our property and security functions, as well as the collection of default claims.
- On the basis of granted permissions This authorisation applies in particular to marketing items that we send to persons who have given their consent for such. Individuals are always allowed to withdraw their consent, and individuals can unsubscribe from the mailing list by clicking on the link found at the bottom of such mailings. However, withdrawal of approval does not affect processing that has already occurred during approval.
How long do we keep your personal information?
Íslandshótel stores personal information for the time necessary to fulfil the object of the processing as described above. For example, the information generated through camera surveillance is deleted within two weeks. The information belonging to accounting records is kept for seven years in accordance with the Accounting Act No. 145/1994.
From whom does Íslandshótel collect your personal information?
We collect personal information from you and in certain cases, from external sources such as booking sites, review sites and travel agencies.
How does Íslandshótel share your personal information with third parties and why?
Under no circumstances does Íslandshótel sell personal information about you. Íslandshótel only discloses personal information to third parties as required by law or to a service provider, agent or contractor who is appointed by Íslandshótel to work a predetermined task. Examples include those who take care of:
- management of bookings
- analysis and targeted advertising
- overall management of e-mail addresses and mailing lists
- information technology and telecommunications services
If a party to whom Íslandshótel discloses personal information is considered a processing party, then Íslandshótel will sign a processing agreement with the relevant party. The processing agreement stipulates, inter alia, the obligation of processors to keep personal information safe and to not use it for other purposes. Íslandshótel also shares personal information with third parties when this is necessary to protect the company’s critical interests, such as collecting on non-payments.
This Íslandshótel Privacy Statement does not extend to information or processing by third parties; we have no control or responsibility for the use, disclosure or other work by them. We encourage you to familiarise yourself with the personal privacy statements of third parties, e.g. the web hosting providers of sites that may refer to us, the financial institution, Borgun for electronic payment intermediation and software companies such as Facebook and Google.
Security of personal data and notifications of security breaches
Security during the processing of personal information is important to Íslandshótel, and we have taken the appropriate technical and organisational security measures to ensure the protection of your personal information in tune with our policies on security. In the event of a security violation involving your personal information and when such violation is considered to pose considerable risk to your freedom and rights, we will notify you without undue delay. In this sense, a security violation is considered an event that results in your personal information being lost or deleted, changed, disclosed or accessed by an unauthorised person. Here, however, we want to draw attention to the fact that the personal information you share with us on social media, e.g. on the Íslandshótel Facebook page, is considered public information and not under the control of the company, as Íslandshótel cannot control such information and is not responsible for its use or disclosure. If you do not want to share that information with other users or social media providers, do not share information on our social media site. We also encourage you to familiarise yourself with the privacy statements of these parties. Please note that when you visit our Facebook page, Facebook may add cookies to your device for diagnostic purposes.
Subject to the conditions that are discussed further in the applicable privacy laws, you are entitled to:
- receive information on what personal information Íslandshótel has about you and its origin, as well as information on the manner in which your personal information is processed
- receive access to the personal information processed about you and to request that such information is sent to a third party
- have your personal information updated and corrected if necessary
- have Íslandshótel delete your personal information if there are no objective reasons or legal obligations to store such information
- submit your objections if you wish to limit or prevent the processing of your information
- receive information on whether automatic decision making is carried out, what the reasoning is behind such decision making and a review made of such automatic decision making
- withdraw your approval that Íslandshótel may collect, record, process or store your personal information when the processing is based on such approval
If you want to exercise your rights, you can send a written inquiry to firstname.lastname@example.org.
You also have the right to file a complaint with the Data Protection Authority if you feel the need. Information on the Data Protection Authority can be found on the Agency’s website, www.personuvernd.is.
If you would like more information about issues relating to your personal information, please contact the Íslandshótel office.
Review and revision of the Íslandshótel Privacy Statement
The Íslandshótel Privacy Statement is reviewed and updated if and when necessary. The most recent update of the policy was on 05.11.2018.