Privacy policy
Skáld Hotel (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you visit our website (skaldhotel.is), make a reservation, or interact with our services. It has been prepared in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable Icelandic data protection law.
1. Data Controller
The data controller responsible for your personal data is:
Skáld Hotel Akureyri (Bohemian Hotels)
Hafnarstræti 80–82, IS-600 Akureyri, Iceland
Phone: +354 595 2000
Email: [email protected]
Website: skaldhotel.is
2. Personal Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity data | First name, last name, nationality, date of birth, passport/ID number |
| Contact data | Email address, phone number, billing address |
| Booking & transactional data | Reservation details, stay dates, room preferences, payment information |
| Technical & usage data | IP address, browser type, device identifiers, pages visited, referring URLs |
| Cookie data | Preferences, session tokens, analytics identifiers (see Section 6) |
| Communication data | Enquiries submitted via contact forms, email or phone correspondence |
| Marketing preferences | Newsletter subscription status and communication preferences |
We do not intentionally collect special categories of personal data (e.g. health data, religious beliefs) unless strictly necessary and with your explicit consent.
3. Legal Basis for Processing
We process your personal data on one or more of the following lawful bases under GDPR Article 6:
- Contract performance – to process and fulfil your hotel reservation (Art. 6(1)(b))
- Legal obligation – to comply with applicable laws, such as accounting, tax, and guest registration requirements (Art. 6(1)(c))
- Legitimate interests – to improve our services, prevent fraud, and ensure website security, where such interests are not overridden by your rights (Art. 6(1)(f))
- Consent – for marketing communications, non-essential cookies, and analytics tracking (Art. 6(1)(a)). You may withdraw consent at any time.
4. How We Use Your Data
Your personal data is used for the following purposes:
- Processing, confirming, and managing hotel reservations and check-ins
- Sending booking confirmations, pre-arrival information, and post-stay follow-ups
- Processing payments and invoicing
- Complying with guest registration requirements under Icelandic law
- Responding to enquiries and providing customer support
- Sending promotional offers and newsletters (only with your consent)
- Analysing website traffic and improving our online services
- Fraud detection and prevention
5. Data Sharing & Third Parties
We may share your personal data with carefully selected third parties only where necessary and lawful. These include:
- Hilton Worldwide – as Skáld Hotel Akureyri operates as part of the Hilton Curio Collection; certain booking and loyalty programme data may be processed under Hilton’s privacy framework
- Payment processors – to securely handle card transactions (e.g. payment gateway providers operating under PCI-DSS standards)
- Booking platforms – such as Booking.com, Expedia, or other Online Travel Agencies (OTAs) through which you may have made your reservation
- IT service providers – hosting, email delivery, and reservation management system providers acting as data processors on our behalf
- Analytics providers – such as Google Analytics, subject to your cookie consent
- Icelandic authorities – where required by law (e.g. Ferðamálastofa – the Icelandic Tourist Board, tax authorities)
We do not sell your personal data to any third parties. All data processors are bound by data processing agreements ensuring GDPR-compliant handling. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).
6. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to provide a functional, personalised, and optimised browsing experience. Cookies are small text files stored on your device when you visit our website.
| Cookie Type | Purpose | Legal Basis |
|---|---|---|
| Strictly necessary | Enable core website functionality (e.g. session management, security) | Legitimate interest – no consent required |
| Functional / preference | Remember your language, currency, and other settings | Consent |
| Analytics / performance | Understand how visitors use our website (e.g. Google Analytics) | Consent |
| Marketing / advertising | Deliver personalised ads and measure campaign effectiveness | Consent |
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy or to comply with legal obligations:
- Booking & guest records – retained for 7 years to comply with Icelandic accounting and tax legislation
- Marketing data – retained until you withdraw consent or unsubscribe
- Website analytics data – typically retained for up to 26 months (per analytics provider settings)
- Contact form enquiries – retained for up to 2 years from last contact
- Cookie consent logs – retained for up to 3 years as proof of consent
Once data is no longer required, it is securely deleted or anonymised.
8. Your GDPR Rights
As a data subject under the GDPR, you have the following rights regarding your personal data:
Right of Access (Art. 15): Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17): Request deletion of your data where no longer necessary (“right to be forgotten”).
Right to Restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
Right to Portability (Art. 20): Receive your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior lawful processing.
Right to Lodge a Complaint: File a complaint with the Icelandic Data Protection Authority (Persónuvernd).
To exercise any of the above rights, please contact us using the details provided in Section 9. We will respond within 30 days of receiving your request, in line with GDPR requirements.
9. Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Icelandic Data Protection Authority:
Persónuvernd – Data Protection Authority of Iceland
Rauðarárstíg 10, 105 Reykjavík, Iceland
Phone: +354 510 9600
Email: [email protected]
Website: www.personuvernd.is
10. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us:
Skáld Hotel Akureyri
Hafnarstræti 80–82, IS-600 Akureyri, Iceland
Phone: +354 595 2000
Email: [email protected]
Website: skaldhotel.is
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acknowledgement of the updated policy.