Tours of Iceland

Privacy Policy

Last updated: March 6, 2026

1. Who We Are

Iceland Transfer (“we”, “us”, “our”) operates the website icelandtransfer.is. We are the data controller for the personal data described in this policy. You can contact us at [email protected].

2. Data We Collect

  • Account data — name, email address, and password when you create an account.
  • Booking data — travel dates, pick-up/drop-off locations, passenger count, and contact details submitted when booking transfers, tours, or custom itineraries.
  • Payment data — processed securely by Stripe. We never store full card numbers on our servers.
  • Usage data — pages visited, browser type, device information, and IP address, collected via cookies and server logs.
  • Communications — messages sent through our contact form or email.

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing and managing bookings and accounts (contractual necessity).
  • Sending transactional emails such as booking confirmations (contractual necessity).
  • Improving our services through anonymised analytics (legitimate interest).
  • Preventing fraud and abuse (legitimate interest).
  • Complying with legal obligations (legal requirement).

4. Third-Party Services

We share data with the following processors, each operating under a data processing agreement:

  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Sentry — error monitoring (anonymised data).
  • Cloudflare — CDN, DDoS protection, and CAPTCHA (Turnstile).
  • Supabase — database hosting (EU region).

5. Cookies

We use essential cookies to maintain your session and preferences. Analytics cookies are loaded only after you consent. See our cookie consent banner for controls. You can also manage cookies via your browser settings.

6. Data Retention

Account data is retained while your account is active. Booking records are kept for 7 years to meet Icelandic tax and accounting obligations. You may request deletion of your account and associated data at any time.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (where consent is the legal basis).
  • Lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd).

To exercise any of these rights, contact us at [email protected].

8. Data Security

We use HTTPS encryption, secure HTTP-only cookies, and follow industry best practices to protect your data. Access to personal data is restricted to authorised personnel only.

9. International Transfers

Your data may be processed by third-party services located outside the EEA. In such cases, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. The “last updated” date at the top of this page indicates the most recent revision.

Contact

For privacy inquiries, contact us at [email protected] or write to: Iceland Transfer, Reykjavík, Iceland.

Privacy Policy | Tours of Iceland