Privacy Notice

Hotel Húsafell ehf.

1. Introduction and Purpose
Hotel Húsafell ehf. (hereinafter referred to as “Húsafell” or “we”) places great emphasis on ensuring that personal data is handled securely and confidentially, and that processing is carried out in accordance with applicable data protection laws and regulations.

This policy is based on Act No. 90/2018 on Data Protection and the Processing of Personal Data, which implements Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (GDPR). The aim is to provide a clear and accessible overview of what information is collected, how it is used, and what rights individuals have under the law.

This policy applies to all operations of Húsafell, including the hotel, swimming pool, Giljaböðin baths, campsite, activity center, restaurants, retail shop, and golf course. It also covers communications through our website, email, bookings, and cooperation with third-party service providers such as booking systems and travel agencies.

2. What Information Do We Collect?
We only collect the personal data necessary to provide services, ensure a quality guest experience, and comply with legal obligations. Examples of such information include:

- Name and contact details (phone number, email address)
- Booking-related information (e.g. arrival and departure dates, number of guests, room selection)
- Payment details (via secure payment gateways; not stored by Húsafell)
- Special requests related to your stay (e.g. accessibility, dietary preferences)
- Activity-related data (e.g. registration for tours or visits to Giljaböðin)
- Technical data from website use (e.g. IP addresses, cookies)

Information may also be received from third parties if bookings are made through partners such as travel agencies or booking platforms.

3. Purpose of Processing Personal Data
Personal data is used for the following purposes:

- To process and confirm bookings and payments
- To provide requested services
- To contact guests in the event of changes to bookings or services
- To improve service quality and guest experience
- To fulfill legal obligations, including accounting and data protection laws
- To ensure the safety of guests, staff, and property, e.g. through video surveillance systems
- To send information, offers, or newsletters – only with prior consent

Data will not be used for purposes other than those described above unless explicit consent is provided.

4. Disclosure of Personal Data to Third Parties
In certain cases, personal data may be shared with third parties when necessary to provide services, fulfill legal obligations, or based on legitimate interests.

Such parties may include:
- Booking systems and payment service providers used by Húsafell
- IT service providers maintaining Húsafell's systems
- Travel agencies or partners involved in booking and guest communication
- Public authorities when required by law

In all cases, data sharing is conducted securely and solely for the relevant purpose. Appropriate agreements and security measures are in place to ensure that third parties process personal data in compliance with applicable laws and Húsafell's standards.

5. Cookies and User Analytics
Húsafell’s website uses cookies and similar analytics tools to enhance functionality, ensure security, and analyze usage patterns.

Cookies are small text files stored on the user’s device, which may save settings, language preferences, and other information that improves the user experience. In some cases, analytics tools (such as Google Analytics) are also used to collect anonymized data on website behavior, such as visit counts, pages viewed, and duration of stay.

Use of cookies may involve data transfers to service providers located outside the European Economic Area (EEA). When such transfers occur, Húsafell ensures that personal data is protected in accordance with European data protection law, including the use of contractual safeguards designed to uphold privacy and individual rights.

Users can manage cookie preferences through browser settings and/or consent tools available on the Húsafell website.

6. Data Retention
Personal data is retained only as long as necessary for the purposes of processing, or as required by law or regulation.

Examples of retention periods:
- Booking and guest communication data are retained during the business relationship and for up to 4 years after the stay, unless otherwise required by law
- Accounting records are retained for 7 years, in accordance with accounting legislation
- Video surveillance data is generally retained for 7–30 days unless an incident requires longer storage
- Marketing contact data (e.g. mailing lists) is retained based on consent and deleted upon request or withdrawal of consent

At the end of the retention period, personal data is securely deleted or anonymized, as appropriate.

7. Rights of Individuals
Individuals whose personal data is processed by Húsafell have various rights under Act No. 90/2018 and the GDPR. Requests to exercise these rights can be sent in writing to info@hotelhusafell.is.

The main rights include:
- Right of access – to confirm whether personal data is being processed and receive a copy of such data
- Right to rectification – to correct inaccurate or incomplete personal data
- Right to erasure (‘right to be forgotten’) – to have data deleted under certain circumstances
- Right to restriction of processing – to limit data use when the legality of processing is disputed or data must be preserved
- Right to data portability – to receive data in a portable format when processing is based on consent or contract and carried out by automated means
- Right to object – to object to processing based on legitimate interests or for direct marketing purposes
- Right to withdraw consent – at any time when processing is based on consent

Individuals also have the right to lodge a complaint with the Icelandic Data Protection Authority if they believe their rights have been violated: postur@personuvernd.is

8. Data Security
Húsafell implements appropriate security measures to ensure the protection of personal data and prevent unauthorized access, disclosure, alteration, or destruction.

Security measures include:
- Access to systems and data is reviewed regularly and updated as needed
- Personal data is only accessed by authorized staff for work-related purposes
- Secure connections (e.g. encryption, VPN) are used during transmission and storage
- Regular backups are taken and stored securely
- Staff are informed about confidentiality obligations and internal data security rules
- Security incidents are investigated and handled according to established procedures

Please note that personal data shared by individuals on social media platforms such as Facebook and Instagram is considered public and outside of Húsafell’s control. Users are encouraged to review the privacy policies of services such as Meta (Facebook, Instagram), Google, and Microsoft. If you do not wish to share personal data with others, you should avoid posting it on social media.

9. Contact and Inquiries
For inquiries, comments, or requests regarding data protection and the handling of personal data by Húsafell, please contact:


Hotel Húsafell ehf.
Húsafell, 311 Borgarnes

Phone: +354 435 1551
Email: info@hotelhusafell.is



We will respond to all inquiries as promptly as possible.

Updated 05.June 2025

Stay informed by subscribing to our mailing list

Thank you! Your subscription has been received!
Oops! Something went wrong while submitting the form.
Logo
 
Highland Park
Location
Húsafell 311, Borgarbyggð, Iceland
Phone
+354 435 1551
Mail
info@hotelhusafell.is
Privacy Notice
Thank you, you will receive a response shortly.
Oops! Something went wrong while submitting the form. Please try it again.