PRIVACY & DATA PROTECTION POLICY



ICYPEAKS EHF.

Last Updated: January 2026


1. INTRODUCTION
At IcyPeaks ehf. (kt. 490323-0150, "The Company", "We"), we understand that privacy is the ultimate luxury. We are committed to protecting the confidentiality and security of the personal information you entrust to us.

This policy outlines how we collect, use, and safeguard your data in strict accordance with the Icelandic Act on Data Protection and the Processing of Personal Data No. 90/2018 (Lög um persónuvernd) and the European GDPR.

2. DATA COLLECTION
We collect only the information necessary to curate and safely execute your private expedition. This includes:

  • Identity Data: First name, last name, date of birth, and passport details (where required for aviation or accommodation).
  • Contact Data: Email address, phone number, and billing address.
  • Health & Safety Data: Information regarding physical fitness, medical conditions, or dietary requirements relevant to ensuring your safety during active tours (e.g., glacier hikes).
  • Transaction Data: Details of payments and the specific services you have commissioned.
  • Technical Data: IP address and browser data collected via cookies to optimize your website experience.

3. HOW WE USE YOUR DATA
Your personal data is utilized exclusively for the following purposes:

  • Service Execution: To process bookings, secure luxury accommodation, and arrange private transport.
  • Safety Logistics: To inform our guides of any medical conditions or dietary needs critical for your wellbeing in the field.
  • Concierge Communication: To manage your itinerary and respond to your requests.
  • Legal Compliance: To fulfill tax and accounting obligations under Icelandic law.

4. DATA SHARING & THIRD PARTIES
We operate with strict discretion.  We do not sell or trade your data. However, to fulfill your itinerary, limited data must be shared with trusted partners:

  • Essential Service Providers: Names and dietary needs are shared with hotels (e.g., Deplar Farm, The Retreat), private flight operators, or third-party activity providers integral to your package.
  • Authorities: We may disclose data if mandated by Icelandic law (e.g., search and rescue operations or tax audits).

5. INTERNATIONAL TRANSFERS
Your data is primarily processed within the European Economic Area (EEA). If we engage service providers outside the EEA, we ensure they adhere to the same stringent data protection standards (Standard Contractual Clauses).

6. DATA SECURITY
We have implemented robust security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Access to your personal file is strictly limited to employees and partners who have a business need to know and are subject to a duty of confidentiality.

7. MEDIA & PRIVACY
Respecting your privacy is a core value of IcyPeaks. We do not publish photographs or videos of our clients for marketing purposes (social media, website) without obtaining your explicit verbal or written consent.

8. YOUR LEGAL RIGHTS
Under the Data Protection Act, you have the right to:

  • Request access to your personal data.
  • Request correction of incorrect data.
  • Request erasure of your data ("Right to be forgotten"), provided there is no legal requirement for us to retain it (e.g., accounting laws).
  • Withdraw consent at any time.

To exercise any of these rights, please contact us directly.

9. CONTACT
IcyPeaks ehf.
Aðalvík 7, 800 Selfoss, Iceland
Email: info@icypeaks.is


I N Q U I R E