Data Protection Policy of Hotel Rangá

We at Hotel Rangá emphasize processing only such personal data we deem as being necessary and in accordance with the purpose behind gathering information. We do not process personal data for unrelated reasons without especially disclosing this; as well as stating the grounds of such processing.

• Identification and communication data, for example, name, ID number, address, nationality, passport number, email address and telephone numbers.

• Payment information, for example, credit-card information.

• Technical information, for example, IP numbers.

• Digital footprints (cookies), for example, Internet conduct.

• Information in connection with the choice of marketing.

• Information in connection with reservations and stay, for example, booking number, room number, signature, special requests in connection with meals, vehicle registration number and length of stay.

• Dialogue via website and the social media.

In the instances of guests ordering wedding services by Hotel Rangá, the following personal data may be gathered:

• Copies of airline tickets.

• Copies of birth certificates.

• Copies of divorce certificates.

• Photographs.

Hotel Rangá could also request the following personal data that could be deemed as being sensitive information when buying wedding services:

• A certificate from the home country in connection with marriage.

Hotel Rangá´s policy is not to gather personal data of children under the age of 13 except to the extent this is deemed as necessary in connection with booking and stay at the hotel.

Hotel Rangá processes personal data for the following purpose:

• Preparation of bookings and taking care of guests staying at Hotel Rangá.

• Planning and handling weddings if such services are purchased.

• Follow-up on guests’ data use on the hotel´s wireless network.

• Statistical analysis and service, with the purpose of research or other commercial purposes.

• Safeguarding feedback received from guests.

• Meeting the company´s legal obligations, for example, submitting accommodation reports to Statistics Iceland.

• Preparing travel vouchers as payment to specific tour and leisure activity enterprises

When an individual uses our website we gather information about such use, for example, IP numbers, type or issuance of browsers that are used, dates and length of visits on the website in each instance, as well as which subpages of the website of Hotel Rangá are viewed.

Hotel Rangá collects and processes all personal data on grounds of the following authorizations:

• To meet contractual obligations. This authorization applies in particular when individuals book accommodation at Hotel Rangá.

• To meet legal obligations. This authorization applies in particular to data that may be categorized under the Accounting Act.

• To protect the lawful interests of the company. This authorization applies in particular to electronic supervision of the hotel´s wireless network, and regarding the collection of default claims.

• On grounds of consent. This authorization applies in particular to connection with marketing materials that we send to individuals who have granted their consent for receiving marketing materials, together with illustrations that are used for marketing purposes. An individual may always at his/her discretion withdraw such consent by removing his/her name from the mailing list by checking a link at the bottom of the page of such mailings. The withdrawal of consent, however, does not affect the impact of processing that took place while the consent was in effect.

We store personal data for as long as deemed necessary to fulfill the purpose of processing data as stated above. An example is information that is categorized as accounting data, which is stored for 7 years according to the Accounting Act no. 145/1994, whereas data regarding the planning and preparation of weddings is deleted upon the end of the wedding stay.

Hotel Rangá gathers personal data from you and in certain instances from external parties, for example booking sites, review sites and travel agencies.

Under no circumstances does Hotel Rangá sell your personal data. Hotel Rangá only discloses personal data to a third party if we are obligated to do so according to law, or if this involves a service provider or an agent or contractor hired by Hotel Rangá to carry out certain work in advance. Examples are parties handling the following:

• Processing of bookings.

• Analyzing and dispatching targeted advertising.

• Managing email addresses and mailing lists.

• Information technology and telecommunications services.

• Software used in order to facilitate communication with customers through the website of Hotel Rangá.

• Foreign certificates from the relevant authorities in connection with weddings that are held at Hotel Rangá.

If a party with whom Hotel Rangá provides access to personal data is deemed as being a processing party, Hotel Rangá enters into a collaboration agreement with said party. Such a collaboration agreement stipulates, among other things, the duty of the processing party to safeguard personal data and to only use such data as provided for in the agreement. The agreement shall state the duties of the processing party to safeguard personal data in a secure manner and not to use them for any other purposes. Hotel Rangá also shares personal data with a third party if this is necessary for protecting pressing interests of the company, for example, regarding the collection of default claims.

The Data Protection Policy of Hotel Rangá does not apply to data or third-party processing that is out of Hotel Rangá’s sphere of control or responsibility of use, disclosure or other means? Hotel Rangá therefore encourages everyone to study the data protection policies of third parties, including their host pages that may refer to us, social media enterprises like Facebook, Google, Instagram and Microsoft, as well as the payment services being used.

We strongly emphasize safety in the processing of personal data and have taken the appropriate technical and organizational safety measures to secure the protection of your personal data in conformity with our safety strategy. If breaches of safety occur in connection with personal data, and such breaches cause extensive risks to your liberty and rights, we will notify you as soon as possible. Safety breaches are considered to include loss or deletion of personal data; they are published or accessible by unauthorized parties without permission. It should be borne in mind that the personal data shared with us on social media, for example, on Hotel Rangá’s Facebook page, is considered to be public information and not under the sphere of responsibility of Hotel Rangá, as we have neither any control of such data nor are we responsible for such data´s use or disclosure. If you do not wish to share such data with other users or the relevant social-media service, you should not post the data on our social media. We furthermore urge you to study the protection data policy of these parties, Facebook, Google, Instagram and Microsoft. Note that when you enter our Facebook site, Facebook may possibly install cookies in your software for analytical purposes.

With reservations regarding the conditions as further addressed in the current Data Protection Act, you have the right to:

• Receive information regarding the personal data Hotel Rangá has registered about you, as well as its origin, and also to receive information about how your personal data is used.

• Receive access to the personal data that exists about you or to request that such information be sent to a third party.

• Have your personal data updated and corrected if there exists reason to do so.

• Have Hotel Rangá delete your personal data if there are no objective reasons or legal obligations to keep such information.

• Submit objections if you wish to limit or prevent the processing of your personal data.

• Withdraw your consent allowing Hotel Rangá to collect, register, process or store your personal data when processing is based on such consent.

• Receive information about whether automatic decision-making takes place, what premises exist for such decision-making and the revision of such automatic decision-making.

If you wish to exercise your right, we invite you to send a written inquiry to us through our contact form. We will confirm receipt of your request and respond within one month from the date of receipt. In the event of us being unable to respond to your request within a month, we will dispatch a notification to you within a month regarding delays in responding. There is no charge when an individual utilizes his/her right in accordance with the aforementioned, except in instances where a request is considered to be excessive or clearly without cause.

You also have the right to submit a complaint with the Icelandic Data Protection Authority if you deem there is a reason to do so. Information about the Data Protection Authority is contained on their website: Personuvernd