Privacy Policy
This Privacy Statement describes how Hotel Stafholt ehf ., ID No. 690126-1170, Stafholtsveggir 2. 311 Borgarbyggd (hereinafter referred to as “Hótel Stafholt”, “company” or “we”), performs data processing, e.g. the collection, registration, storage and disclosure of personally identifiable information (hereinafter also referred to as “you”). The statement covers, in particular, the processing of personal data when individuals:
book and stay in our hotel
sign up and attend events held by us
contact the company, whether by e-mail, phone or social media
visit our website, hotelstafholt.is
sign up for our mailing list
Hotel Stafholt processes all personal information in accordance with current personal data protection legislation in effect in Iceland at any given time, as well as the relevant provisions contained in the EEA Agreement.
Personal data protection is important to Hotel Stafholt
Strong personal data protection is extremely important to Hotel Stafholt, and we recognise the importance of respecting the rights of individuals and ensuring that all handling of personal data remains in compliance with applicable regulations at any time and in accordance with the best practices of hotel operations.
What personal information does Hotel Stafholt collect, and what is the purpose of the collection?
Hotel Stafholt places emphasis on working only on the personal information that is necessary in accordance with the purpose behind the collection of the information. Hotel Stafholt does not process personal information for unrelated purposes unless the person is notified of such and informed of the authorisation on which the processing is based.
Hotel Stafholt collects, as necessary at any given time, only the following personal information:
identification and communication information, e.g. name and ID No., address, nationality, e-mail, phone number
financial information, such as card/payment information
technical information, e.g. IP address
digital cookies, e.g. Internet behaviour
information related to the selection of marketing
information related to your booking and stay, such as booking number, room number, signature and special requests, e.g. in connection with diet, timing and duration of stay
conversations through social media
footage recorded from surveillance cameras in our hotel
audio recordings of calls when a call is made to the hotel
Hotel Stafholt also collects, as appropriate, the following personal information that could be classified as sensitive personal information:
information on food intolerance and allergies
It is a policy of Hotel Stafholt not to collect personal information about children under the age of 13, except insofar as this is necessary in connection with bookings and stays in our hotels.
Hotel Stafholt only processes personal information for the purpose of:
processing bookings and looking after guests staying in our hotel
preparing and managing events held at the hotel
marketing and performing analysis
taking care of property and security services, including the use of surveillance cameras
responding to queries, complaints and compliments from individuals
fulfilling the legal requirements of the company
ordering trips for individuals with designated recreation companies
When you use our website www.islandshotel.is, we collect information on your use, i.e. IP address, type or version of browser used, timing and duration of the visit and which sub-pages you use on the Hotel Stafholt website. Here you can find more information about our use of cookies (www.hotelstafholt.is/about-cookies).
Legal grounds for processing
Hotel Stafholt collects and processes personal information based on the following authorisations:
To fulfil contractual obligations This authorisation applies particularly when individuals book stays in our hotel.
To fulfil legal obligations This authorisation applies in particular to data subject to legislation on accounting.
To protect the legitimate interests of the company This authorisation applies in particular to hotel camera surveillance of our property and security functions, as well as the collection of default claims.
On the basis of granted permissions This authorisation applies in particular to marketing items that we send to persons who have given their consent for such. Individuals are always allowed to withdraw their consent, and individuals can unsubscribe from the mailing list by clicking on the link found at the bottom of such mailings. However, withdrawal of approval does not affect processing that has already occurred during approval.
How long do we keep your personal information?
Hotel Stafholt stores personal information for the time necessary to fulfil the object of the processing as described above. For example, the information generated through camera surveillance is deleted within two weeks. The information belonging to accounting records is kept for seven years in accordance with the Accounting Act No. 145/1994.
From whom does Hotel Stafholt collect your personal information?
We collect personal information from you and in certain cases, from external sources such as booking sites, review sites and travel agencies.
How does Hotel Stafholt share your personal information with third parties and why?
Under no circumstances does Hotel Stafholt sell personal information about you. Hotel Stafholt only discloses personal information to third parties as required by law or to a service provider, agent or contractor who is appointed by Hotel Stafholt to work a predetermined task. Examples include those who take care of:
management of bookings
analysis and targeted advertising
overall management of e-mail addresses and mailing lists
information technology and telecommunications services
If a party to whom Hotel Stafholt discloses personal information is considered a processing party, then Hotel Stafholt will sign a processing agreement with the relevant party. The processing agreement stipulates, inter alia, the obligation of processors to keep personal information safe and to not use it for other purposes. Hotel Stafholt also shares personal information with third parties when this is necessary to protect the company’s critical interests, such as collecting on non-payments.
This Hotel Stafholt Privacy Statement does not extend to information or processing by third parties; we have no control or responsibility for the use, disclosure or other work by them. We encourage you to familiarise yourself with the personal privacy statements of third parties, e.g. the web hosting providers of sites that may refer to us, the financial institution, Straumur for electronic payment intermediation and software companies such as Facebook and Google.
Security of personal data and notifications of security breaches
Security during the processing of personal information is important to Hotel Stafholt, and we have taken the appropriate technical and organisational security measures to ensure the protection of your personal information in tune with our policies on security. In the event of a security violation involving your personal information and when such violation is considered to pose considerable risk to your freedom and rights, we will notify you without undue delay. In this sense, a security violation is considered an event that results in your personal information being lost or deleted, changed, disclosed or accessed by an unauthorised person. Here, however, we want to draw attention to the fact that the personal information you share with us on social media, e.g. on the Hotel Stafholt Facebook page, is considered public information and not under the control of the company, as Hotel Stafholt cannot control such information and is not responsible for its use or disclosure. If you do not want to share that information with other users or social media providers, do not share information on our social media site. We also encourage you to familiarise yourself with the privacy statements of these parties. Please note that when you visit our Facebook page, Facebook may add cookies to your device for diagnostic purposes.
Your rights
Subject to the conditions that are discussed further in the applicable privacy laws, you are entitled to:
receive information on what personal information Hotel Stafholt has about you and its origin, as well as information on the manner in which your personal information is processed
receive access to the personal information processed about you and to request that such information is sent to a third party
have your personal information updated and corrected if necessary
have Hotel Stafholt delete your personal information if there are no objective reasons or legal obligations to store such information
submit your objections if you wish to limit or prevent the processing of your information
receive information on whether automatic decision making is carried out, what the reasoning is behind such decision making and a review made of such automatic decision making
withdraw your approval that Hotel Stafholt may collect, record, process or store your personal information when the processing is based on such approval
If you want to exercise your rights, you can send a written inquiry to info@hotelstafholt.is.
You also have the right to file a complaint with the Data Protection Authority if you feel the need. Information on the Data Protection Authority can be found on the Agency’s website, www.personuvernd.is.
Further information
If you would like more information about issues relating to your personal information, please contact the Hotel Stafholt office.
Hotel Stafholt ehf.
Stafholtsveggir 2
311 Borgarbyggd
791 7400
Kt. 690126-1170
info@hotelstafholt.is
Review and revision of the Hotel Privacy Statement
The Hotel Stafholt Privacy Statement is reviewed and updated if and when necessary. The most recent update of the policy was on 07.05.2026.