Privacy Policy

Kodiak Travel ehf. ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and Icelandic data protection law.

1. Who We Are

Kodiak Travel ehf.
Langalína 2, 210 Garðabær, Iceland
Email: [email protected]

We are the data controller for the personal data you provide through this website.

2. What Data We Collect

We collect the following personal data when you submit a booking request or contact form:

We do not collect payment card details directly — payments are processed via PayPal's secure platform.

3. How We Use Your Data

We use your personal data for the following purposes:

We do not use your data for marketing purposes without your explicit consent. We do not sell your data to third parties.

4. Legal Basis for Processing

5. Data Retention

We retain booking records for 7 years following the rental in accordance with Icelandic accounting and tax law. Contact enquiries are retained for 2 years unless a longer retention period is required. After these periods, data is securely deleted.

6. Data Sharing

We share your data only as necessary:

7. International Transfers

Your data may be processed in the European Economic Area (EEA) by our technology providers. Any transfers outside the EEA are protected by appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

8. Your Rights

Under GDPR you have the following rights:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies and Local Storage

Our website uses only essential functional storage (browser localStorage) to remember your booking progress and language preference. We do not use tracking cookies, advertising cookies, or third-party analytics of any kind.

All fonts and assets are self-hosted on our server. No data is sent to Google or any other third party as a result of loading this website.

During the payment process, PayPal may set cookies on your device. These are strictly necessary to complete the transaction and are governed by PayPal's Privacy Policy.

10. Security and Server Logs

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. All data is transmitted over encrypted HTTPS connections.

For website security, our server automatically logs each request, recording the visitor's IP address, browser type, page accessed, and timestamp. This data is used solely to detect and block malicious activity (such as automated attacks, SQL injection attempts, and scanning bots). IP addresses are personal data under GDPR; we process them on the basis of our legitimate interests in protecting the security and integrity of this website (Article 6(1)(f) GDPR).

Security logs are retained for a maximum of 90 days, after which they are automatically and permanently deleted. They are not shared with third parties and are not used for any purpose other than security.

11. Complaints

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd): www.personuvernd.is

12. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available on this page with the date of the last update.

13. Contact

For any privacy-related questions:
Kodiak Travel ehf.
Langalína 2, 210 Garðabær, Iceland
Email: [email protected]