Explore the Skaftafell Area on ATV Quads

Privacy Policy

Effective Date: 15-May-2025

At Skaftafell Adventures, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are

This website is operated by Skaftafell Adventures, based in Iceland. For the purposes of applicable data protection laws, we are the data controller of the personal information you provide to us via this website and related services.

If you have any questions or concerns regarding your privacy, please contact us at:
📧 info@skaftafelladventures.is

2. What Information We Collect

We collect the following categories of personal data:

a. Information You Provide Directly

  • Name, email address, and phone number (e.g., when contacting us or making a booking)

  • Booking and travel information (collected via our booking platform, BĂłkun)

  • Payment information (handled securely via BĂłkun and its third-party payment providers)

b. Information We Collect Automatically

  • IP address, browser type, device information, and usage patterns (via Google Analytics)

  • Cookies and tracking technologies (used for analytics and advertising purposes)

c. Information from Third Parties

  • Booking details via BĂłkun, a service provided by TripAdvisor

  • Publicly available data from social media platforms (Facebook, Instagram)

  • Data from advertising and analytics partners (Google Ads, Facebook Ads, Google Analytics)

3. How We Use Your Information

We use your personal data for the following purposes:

  • To process and manage bookings

  • To communicate with you regarding your reservations or inquiries

  • To improve our website and user experience

  • To provide customer support

  • To run marketing campaigns (e.g., retargeting through Google and Facebook Ads)

  • To comply with legal obligations and protect our legitimate interests

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases to process your data:

  • Consent – when you sign up for newsletters or accept marketing cookies

  • Contractual necessity – when you make a booking or inquiry

  • Legal obligation – for compliance with tax, legal, or regulatory requirements

  • Legitimate interests – such as improving services, marketing to customers, and website security

5. Cookies and Tracking

We use cookies to:

  • Analyze website traffic (Google Analytics)

  • Display relevant ads to you across platforms (Google and Facebook Ads)

  • Enable social media features and feeds (Facebook, Instagram)

You can control your cookie preferences through our cookie banner or your browser settings. For detailed information, please refer to our [Cookie Policy] (link if applicable).

6. Sharing Your Information

We only share your personal data with trusted third-party services, including:

  • BĂłkun (Tripadvisor Company) – for booking and payment processing

  • Google Analytics and Google Ads – for website analytics and advertising

  • Facebook / Meta Platforms – for social media integration and advertising

  • Email service providers – to communicate with you

  • Regulatory bodies – when required by law

We do not sell or rent your personal data to third parties.

7. Data Transfers Outside the EU/EEA

Some of our third-party service providers (e.g., Google, Facebook) process data outside the European Economic Area (EEA). Where this is the case, we ensure that your data is protected through appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, including:

  • Booking data: 7 years (to comply with financial and legal obligations)

  • Analytics and marketing data: 14–26 months (depending on Google settings)

  • Email communications: until you unsubscribe or request deletion

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (“right to be forgotten”)

  • Restrict or object to data processing

  • Withdraw consent at any time

  • Lodge a complaint with the Icelandic Data Protection Authority

To exercise your rights, please contact us at info@skaftafelladventures.is.

10. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Secure SSL encryption on our website

  • Access control and data minimization practices

  • Secure handling of payment data via trusted third parties

11. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised “Effective Date.” We encourage you to review the policy periodically.