Nordic Visitor's Data Protection Policy
1.Purpose and legality
Nordic Visitor endeavours to meet the requirements of all applicable data protection legislation and this policy is based on the Icelandic Act no. 77/2000 on the protection of privacy as regards the processing of personal data (“Data Protection Legislation”), as amended.
2.What is personal data?
Personal data within the meaning of this policy is information about an identified or an identifiable person, i.e., information that can be directly or indirectly linked to a particular person. Data that is unidentifiable or anonymous is not considered to be personal data.
3. Personal data that Nordic Visitor collects and processes
In connection with our communication and collaboration with you, we may collect personal data about you. Different personal data may be collected on different parties and the processing and collection of personal data may depend on your relationship with us.
Regarding our communication with you we may need to process a variety of personal data, e.g.:
- contact information, e.g., name, ID number, address, phone number and email address;
- travel period;
- information on the purpose of the trip and special wishes for the trip;
- information regarding the combination of the travel group;
- health and religion information;
- country of residence;
- IP number, when needed; and
- billing information.
In general, Nordic Visitor obtains the personal data directly from you. If data is obtained from a third party the company will endeavour to inform you.
4.Why do we collect and process personal data and on what grounds?
The processing of personal data about you is mainly based on our agreement with you, or the party which you work for. This includes contact information so we can contact you and send invoices.
5. Disclosure to third parties
Nordic Visitor may disclose your personal data to contractors, consultants and suppliers in relation to their work for the company. Therefore, personal data may for example be disclosed to external parties that provide us with IT services, but also to service providers of trips that we book on your behalf.
6. How is the safety of personal data secured?
Nordic Visitor endeavours to take appropriate technical and organisational measures to protect the safety of your personal data, with special regard to the nature of the data. For example, Nordic Visitor has access controls to systems which store data about you. These measures are meant to secure personal data against accidental destruction or alteration and against unauthorised access, duplication, use or disclosure of the personal data.
7. Retention of personal data
Nordic Visitor will endeavour to retain your personal data only for as long as necessary for the purpose of the processing, unless otherwise permitted or obligated by law.
The retention time of personal data is further determined in Nordic Visitor’s Data Retention Policy.
8.Your rights regarding the company’s processing
You are entitled to request access to the personal data we process on you and information on the processing. You may also be entitled to a copy of the personal data undergoing processing.
Under certain circumstances you may have the right to request that we erase personal data concerning you without undue delay. You may also have the right to obtain from us the restriction of processing, where certain requirements are fulfilled. You are also entitled to request rectification of inaccurate data on you. It is therefore important that if your personal data happens to change during the course of your relationship with Nordic Visitor, that you keep us informed of such changes
You may furthermore be entitled to a copy of the personal data that you have provided to us in electronic form, or request that we transmit them direct to a third party.
When we process your personal data based on legitimate interests you are at any time authorised to object to the processing.
The aforementioned rights are however not without limitation. Laws and regulations may authorise or oblige the company to deny your request. However, your right to object the processing of your personal data for direct marketing purposes is unconditional.
9. Inquiries and complaints to the data protection authority
If you wish to exercise your rights according to Clause 8 of this policy, or if you have any questions regarding this data protection policy or how we process your personal data, please contact firstname.lastname@example.org who will seek to answer any inquiries you may have and instruct you on your rights pursuant to this policy.
If you are not satisfied with the company’s processing of your personal data you can send a complaint to The Data Protection Authority (www.personuvernd.is).
10. Communication with the company
Within Nordic Visitor, the Quality & IT department is responsible for the enforcement of this data protection policy. Below you can find the contact information:
Nordic Visitor reserves the right to review this policy in accordance with changes to applicable legislation or regulations or in relation to changes in the company’s processing of personal data. You will be notified of any changes made to this policy with an updated version, in the same manner that this policy was presented to you.
Any amendments that may be made to the policy will take effect after the updated version has been presented to you.
This data protection policy was made on 23rd of May 2018.