Data Processing Agreement (DPA) Summary
At Skaftafell Adventures, we work with trusted third-party service providers who process data on our behalf. In accordance with the General Data Protection Regulation (GDPR), we ensure that all data processors have signed agreements that define their responsibilities and guarantee your data is treated with care and in full compliance with EU law.
1. Our Role
We act as the Data Controller — responsible for the collection and use of your personal data. The processors listed below operate under our instructions only and are prohibited from using your data for their own purposes.
2. Summary of Data Processors
| Processor | Service Provided | Location | Legal Basis | GDPR Safeguards |
|---|---|---|---|---|
| Bókun (Tripadvisor) | Booking & payment system | Iceland/EU | Contractual necessity | GDPR-compliant DPA |
| Google (Analytics & Ads) | Analytics & marketing | US/global | Consent, Legitimate Interest | Standard Contractual Clauses (SCCs) |
| Meta (Facebook/Instagram) | Social media, Ads | US/global | Consent | SCCs + EU-approved safeguards |
| [Email Provider] | Email communication (newsletters, updates) | [Specify] | Consent | GDPR-compliant processor |