Privacy Policy

Welcome to GK Travels, an Icelandic luxury airport transfer and private tour company specializing in premium travel experiences. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our services, including:

• Luxury airport transfers

• Private tours in Iceland

• Booking and reservation services

• Customer support and inquiries

By using our services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our services.

2. Information We Collect

We may collect the following types of information:

A. Personal Information

• Contact Details: Name, email address, phone number, home address.

• Booking Information: Flight details, pickup/drop-off locations, travel dates, special requests.

• Payment Information: Credit/debit card details (processed securely via third-party payment processors), billing address.

• Identification Documents: Passport details (if required for specific tours).

B. Non-Personal Information

• Device & Usage Data: IP address, browser type, operating system, pages visited on our website.

• Cookies & Tracking Technologies: We use cookies to enhance user experience (see Section 6).

C. Special Categories of Data

We do not intentionally collect sensitive data (e.g., race, religion, health information) unless provided voluntarily (e.g., for accessibility needs).

3. How We Use Your Information

We process your data for the following purposes:

• Service Provision: To fulfill bookings, arrange transfers, and provide tours.

• Customer Support: To respond to inquiries and resolve issues.

• Marketing & Promotions: With your consent, we may send offers, newsletters, or updates.

• Legal Compliance: To meet Icelandic and EU regulations (e.g., tax, fraud prevention).

• Improvement of Services: Analyzing trends to enhance user experience.

4. Legal Basis for Processing (GDPR Compliance)

Under the General Data Protection Regulation (GDPR), we process data based on:

• Contractual Necessity: To fulfill bookings and services.

• Consent: For marketing communications (you may withdraw anytime).

• Legal Obligation: Compliance with Icelandic laws.

• Legitimate Interest: Improving services and preventing fraud.

5. Data Sharing & Third Parties

We may share data with:

• Service Providers: Payment processors, drivers, tour guides, hotels, and partners involved in your itinerary.

• Legal Authorities: If required by law (e.g., tax audits, court orders).

• Business Transfers: In case of mergers or acquisitions.

We ensure all third parties adhere to strict confidentiality agreements.

6. Cookies & Tracking Technologies

Our website uses cookies for:

• Essential Functions: Session management and security.

• Analytics: Google Analytics to track website performance.

• Marketing: Retargeting ads (you can disable cookies via browser settings).

7. Data Retention & Security

• Retention Period: We retain data only as long as necessary (e.g., bookings for 7 years for tax purposes).

• Security Measures: Encryption, secure servers, access controls, and regular audits to prevent unauthorized access.

8. International Data Transfers

As an Icelandic company, we primarily store data within the EEA. If transfers occur outside the EEA, we ensure GDPR-compliant safeguards.

9. Your Rights Under GDPR

You have the right to:

• Access, correct, or delete your data.

• Restrict or object to processing.

• Withdraw consent (for marketing).

• Data portability (request a copy of your data).

• Lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd).

To exercise these rights, contact us at [Your Email/Contact Form Link].

10. Children’s Privacy

We do not knowingly collect data from children under 16 without parental consent.

11. Changes to This Policy

We may update this policy periodically. Changes will be posted on our website with an updated revision date.