top of page

Privacy Policy

Iceland Challenge ehf. uses this Privacy Policy in perpose to protect our customers' privacy. This policy adheres to the Icelandic Act no. 90/2018 on the protection of privacy concerning the processing of personal data (“Data Protection Legislation”).

This data protection policy applies to the personal data of Iceland Challenge ehf. customers.

In connection with our communication and collaboration with you, we may collect personal data about you. Different personal data may be collected on different parties and the processing and collection of personal data may depend on your relationship with us.


  • Name, ID number, address, phone number, and nationality

  • Travel dates

  • Health and religious information

  • Trip purpose

  • Group composition

  • Credit card details


In addition to the previously mentioned details, Iceland Challenge ehf.  may gather and handle other information provided by you, such as photographs, as well as data crucial for the company’s operations.

In general, Iceland Challenge ehf. acquires personal data directly from you. If obtained from a third party, we will strive to notify you.

The processing of your personal data is primarily based on our agreement with you or the entity you represent. This includes contact details for communication and invoicing purposes.

Personal data may also be processed based on your request to enter into an agreement, which may include interests, travel dates, trip purposes, and special requests.

Sensitive personal data will only be processed with your explicit consent, collected only when deemed necessary.

Furthermore, personal data may be processed based on our legitimate interests, such as sending customer surveys or direct marketing.

If essential information is not provided to Iceland Challenge ehf., we may be unable to enter into an agreement with you or fulfill our obligations.

If processing is based on your consent, you can withdraw it at any time by contacting

Iceland Challenge ehf. commits to ensuring that all personal data processing is lawful, fair, and transparent. Data is collected for specific, explicit, and legitimate purposes, with processing limited to what is necessary.

Disclosure to third parties Personal data may be disclosed to contractors, consultants, and suppliers for company-related work. This includes external parties providing IT services and trip service providers.

Third-party services may be located outside of Iceland, but transfers are only permitted according to applicable data protection laws.

Personal data may also be disclosed in accordance with legal obligations or regulations, or in emergency situations to ensure safety.

Iceland Challenge ehf. implements technical and organizational measures to protect personal data, including access controls to data systems.

Data retention Personal data is retained only as long as necessary for processing purposes, unless otherwise required by law or permitted by the Data Retention Policy.

Your rights regarding processing You have the right to access, rectify, or erase personal data, as well as request data portability. You can object to processing based on legitimate interests.

For inquiries or exercising your rights regarding personal data, contact Complaints can be directed to The Data Protection Authority.

bottom of page