Tours

Featured

Meet Joanna

How to Book

FAQ

Contact

Explore the Tours

Tours

Meet Joanna

How to Book

FAQ

Contact

Featured Private Tours

Mývatn & Earth Lagoon

Mývatn & Dettifoss

Diamond Circle

Featured Regular Tours

Mývatn & Earth Lagoon

Mývatn & Dettifoss

Explore the Tours

Viltour Iceland

Effective date: April 2026 | Last updated: April 24, 2026

Effective date: April 2026
Last updated: April 24, 2026

Privacy Policy

This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with our website and services.

1. Introduction

This Privacy Policy explains how Viltour ("we", "us", "our") collects, uses, stores and protects your personal data when you visit our website viltour.com, make a booking through our online reservation system, or otherwise communicate with us.

We are committed to safeguarding your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") as implemented in Iceland by Act No. 90/2018 on Data Protection and the Processing of Personal Data.

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read and understood the practices described herein.

2. Data Controller

The data controller responsible for your personal data is:

Viltour
Sole proprietorship of Joanna Maria Szemik
Hafnarstræti 26b, 600 Akureyri, Iceland
Kennitala: 020582-3409
Email: viltouriceland@gmail.com
Phone: +354 853 1460

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at the email address above.

3. What Personal Data We Collect

We collect personal data from the following sources:

3.1 Data you provide directly

When you contact us by email, by phone or through the contact form on our website, we may collect:

  • Your name

  • Email address

  • The content of your message, including any tour preferences or special requirements you share with us

The contact form on our website is powered by Framer (our website host). When you submit the form, your data is transmitted through Framer's servers and delivered to us via email. Framer processes this data on our behalf solely for the purpose of delivering your message.

3.2 Data collected through the booking system

Our online tour reservations are processed through the Bókun booking platform (operated by Tripadvisor LLC), which is embedded on our website as a booking widget. When you make a reservation, Bókun collects:

  • First and last name

  • Email address

  • Phone number

  • Number of participants

  • Selected tour, date and booking details

Currently, payment for tours is collected on arrival. No payment card data is collected through our website. Viltour does not collect or store payment card details. Should online payment be introduced in the future, it will be processed by a certified third-party payment service provider, and this Privacy Policy will be updated accordingly.

3.3 Data collected automatically

Our website is built and hosted on Framer (Framer B.V.). Framer provides built-in website analytics that are fully anonymised and privacy-friendly. Framer Analytics does not use cookies and does not collect or store any data that can identify an individual person. Visitor counts are calculated using a daily-rotating hash of IP address and user agent, which is reset and deleted every day. No persistent identifiers are created.

The Bókun booking widget embedded on our website may use its own essential cookies necessary for the booking process to function correctly (such as maintaining your session and shopping cart during checkout).

We do not use any third-party analytics tools (such as Google Analytics), advertising trackers (such as Meta Pixel), or marketing cookies on our website.

4. Purposes of Processing

We process your personal data for the following purposes:

  • Processing and fulfilling your tour reservation — legal basis: Art. 6(1)(b) GDPR (performance of a contract).

  • Communicating with you before, during and after the tour (including logistics, meeting points, weather updates, itinerary changes) — legal basis: Art. 6(1)(b) GDPR (performance of a contract).

  • Responding to your enquiries and providing customer support — legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest).

  • Ensuring participant safety during tours in Iceland's variable natural conditions — legal basis: Art. 6(1)(f) GDPR (legitimate interest — safety).

  • Processing payments and refunds — legal basis: Art. 6(1)(b) GDPR (performance of a contract).

  • Maintaining accounting and financial records as required by Icelandic law — legal basis: Art. 6(1)(c) GDPR (legal obligation).

  • Improving our services and the quality of our tours — legal basis: Art. 6(1)(f) GDPR (legitimate interest).

  • Protecting against fraud and resolving disputes — legal basis: Art. 6(1)(f) GDPR (legitimate interest).

We do not use your personal data for marketing, profiling or automated decision-making purposes.

5. Who We Share Your Data With

We share your personal data only to the extent necessary to deliver our services. The categories of recipients are:

5.1 Service providers (data processors)

  • Bókun (Tripadvisor LLC) — booking and reservation management platform. Location: USA / EEA.

  • Framer (Framer B.V.) — website hosting and contact form delivery. Location: Netherlands (EEA).

5.2 Other disclosures

We may also share your personal data if required by law, regulation, or legal process, or if necessary to protect the rights, property or safety of Viltour, our customers, or others.

We do not sell, rent or trade your personal data to any third party for marketing or commercial purposes.

6. International Data Transfers

Some of our service providers operate or store data outside the European Economic Area (EEA). In particular, Bókun (Tripadvisor LLC) is based in the United States.

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions by the European Commission (where applicable)

  • Other legally recognised transfer mechanisms under the GDPR

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

  • Booking and transaction records: 7 years from the date of the transaction (in accordance with the Icelandic Accounting Act).

  • General enquiries and correspondence: 12 months after the last communication, unless the enquiry leads to a booking.

After the applicable retention period, personal data is securely deleted or anonymised.

8. Your Rights

Under the GDPR and Icelandic data protection law, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.

  • Right to rectification — You can ask us to correct inaccurate or incomplete data.

  • Right to erasure — You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.

  • Right to restriction of processing — You can ask us to limit how we use your data in certain circumstances.

  • Right to data portability — You can request that we provide your data in a structured, commonly used, machine-readable format.

  • Right to object — You can object to processing based on legitimate interests.

  • Right to withdraw consent — Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at viltouriceland@gmail.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Icelandic Data Protection Authority:

Persónuvernd — The Icelandic Data Protection Authority
Rauðarárstíg 10, 105 Reykjavík, Iceland
Email: postur@personuvernd.is
Phone: +354 510 9600
Website: www.personuvernd.is

9. Cookies

Our website uses minimal cookies. We do not use any advertising, marketing or third-party tracking cookies.

Framer (website host): Framer's built-in analytics are entirely anonymised and do not use cookies. No personal data is collected through Framer Analytics.

Bókun booking widget: The embedded Bókun booking widget may place essential cookies on your device that are strictly necessary for the booking and checkout process to function (such as maintaining your session). These cookies do not track your browsing activity and are not used for marketing purposes.

Because we do not use any non-essential cookies, a cookie consent banner is not required on our website. Should this change in the future, we will update this policy and implement appropriate consent mechanisms.

10. Data Security

We take the security of your personal data seriously. Measures in place include:

  • Viltour is a sole proprietorship with limited personnel access to customer data, reducing the risk of unauthorised access.

  • All bookings are processed through Bókun, which maintains industry-standard security measures and is operated by Tripadvisor LLC.

  • Our website is hosted on Framer, which holds ISO 27001 and SOC 2 certifications.

While we implement appropriate technical and organisational measures to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

11. Safety and Operational Communication

Viltour operates guided tours in Northern Iceland, where natural conditions — including weather, road closures, volcanic activity and terrain — can change rapidly. For the safety and wellbeing of our participants, we may use your contact details (phone number and/or email) for time-sensitive operational communication, such as:

  • Notifying you of weather-related changes to your tour itinerary

  • Communicating meeting point updates or schedule adjustments

  • Contacting you during the tour in case of safety-related matters

This processing is carried out on the basis of our legitimate interest in ensuring the safety and proper delivery of the booked service (Art. 6(1)(f) GDPR) and for the performance of the contract (Art. 6(1)(b) GDPR).

12. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If a parent or guardian becomes aware that their child has provided us with personal data without their consent, please contact us and we will take steps to delete such data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

14. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our data processing practices, please contact us:

Viltour
Joanna Maria Szemik
Hafnarstræti 26b, 600 Akureyri, Iceland
Email: viltouriceland@gmail.com
Phone: +354 853 1460

Tours

Meet Joanna

How to Book

FAQ

Contact

Privacy Policy

Terms & Conditions

Private Mývatn & Earth Lagoon

Private Diamond Circle

Private Mývatn & Dettifoss

Certified Tour Operator

Tours

Meet Joanna

How to Book

FAQ

Contact

Privacy Policy

Terms & Conditions

Private Mývatn & Earth Lagoon

Private Diamond Circle

Private Mývatn & Dettifoss

Certified Tour Operator

Tours

Meet Joanna

How to Book

FAQ

Contact

Privacy Policy

Terms & Conditions

Private Mývatn & Earth Lagoon

Private Diamond Circle

Private Mývatn & Dettifoss

Certified Tour Operator