RAM ehf. („RAM“), which runs the Kvosin Hotel and Aldamót bar, is committed to maintaining the accuracy, confidentiality and security of your personal data. This Privacy Policy describes the personal data that RAM collects from or about you, and how we use and to whom we disclose that data.
This Privacy Policy applies to the personal data of our customers, individuals who have applied for a job with RAM, and our business contacts (collectively “you”). Our use of cookies is explained under Section 6 of this Privacy Policy.
If you are unsure of how this Privacy Policy applies to you, please contact our hotel manager at manager@kvosinhotel.is for more information.
All references in this Privacy Policy to “RAM”, “Company”, “we”, “us”, “our” and like terms should be interpreted accordingly.
1. Purpose and compliance with law
RAM is committed to comply with applicable data protection legislation at all times. This Privacy Policy is based on Act no. 90/2018 on Data Protection and the Processing of Personal Data (“Data Protection Act”). RAM is the controller of the personal data being processed, unless otherwise stated.
2. What is personal data?
For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable individual, i.e. information that can be traced directly or indirectly to a specific costumer, applicant or other individual. Personal data does not include anonymous data or non-personal data (i.e. information that cannot be associated with or tracked back to a specific individual).
3. What personal data is processed about customers and why?
We collect and maintain different types of personal data about our customers, depending on your relationship with us.
When booking a stay with us we process the following personal data:
- Name, e-mail address, phone number;
- nationality;
- occupancy data (i.e. type of accommodation, number of rooms and guests);
- payment data; and
- any special requests, which may contain sensitive data such as health data and data revealing religious beliefs.
Personal data which is necessary for us to be able to confirm your booking is marked accordingly in the relevant booking form. Failure to provide the necessary personal data may lead to us not being able to confirm your reservation.
Our collection of nationality data is based on our legal obligation to provide Statistics Iceland with data requested by the authority. Statistics Iceland processes statistical data on the nationality of our guests for the purposes of publishing monthly statistics about the travel industry in Iceland.
The processing of any sensitive personal data you provide us with is based on your explicit consent, which you provide us with when you communicate such data to us. You can always withdraw your consent by contacting manager@kvosinhotel.is, but keep in mind that withdrawing your consent may affect the services we can provide in relation to any special requests.
During your stay with us we may also process personal data which is necessary in order to provide you with any services you may request, such as:
- Type and date of service/transportation; and
- flight number.
In addition to the above, we may also keep our correspondence with you in relation to your stay and services requested. When third parties are involved in providing you with services (such as tour and transport providers) it may be necessary to transfer specific personal data relating to the requested services to such third parties.
When renting the Aldamót Bar as a venue we process the name, contact data and social security number of the customer, as well as our correspondence. The processing of this personal data is based on our lease contract with you and is necessary for the performance of such contract and for billing purposes. Failure to provide necessary data may lead to RAM not being able to enter into a lease contract with you.
At Kvosin Hotel and Aldamót Bar, we also maintain electronic surveillance for security purposes, which is described in further detail under Section 7 of this Privacy Policy.
In addition to the data listed above we may collect and process other data, including data voluntarily submitted by our customers and any other information necessary for RAM’s business purposes.
As a general rule, we receive your personal data directly from you. However, we may also receive your personal data from third-party service providers, such as travel agencies and booking sites (e.g. Booking and Expedia).
4. What personal data is processed about job applicants and why?
We collect and maintain different types of personal data about our applicants, as different jobs may require the processing of different types of personal data. The following data is collected and further processed from applicants and potential candidates:
- contact details, including name, e-mail address, phone and current address;
- gender;
- prior work experience and professional skills;
- education;
- cover letters;
- reason for applying;
- references;
- extract from judicial record; and
- other data voluntarily submitted by applicants (e.g. marital status, hobbies and interests).
For short-listed applicants RAM may also process data collected from interviews and public social media sites.
The personal data we collect about you is used to evaluate your application, to assess your capabilities and qualifications for a job with RAM, to conduct reference checks and to communicate with you throughout the recruitment process. This processing is necessary in order to take steps at your request prior to entering into an employment contract, as applicable. Some data is necessary for us to be able to evaluate your job application, such as name, surname, e-mail, CV and references. For some positions, it may be necessary for you to provide an extract from your judicial record. Other personal data is voluntary. If you fail to provide the necessary data, we may be unable to consider your job application.
As a general rule, we collect personal data directly from applicants. We may however collect personal data from third parties, such as from your former employers and references. We will notify you if any further information is collected from third parties.
5. What personal data is processed about business contacts and why?
We collect and maintain different types of personal data on our business contacts, depending on our relationship with them. For business management purposes and to be able to reach our business partners easily, we process the following personal data on our business contacts:
- contact details, including name, place of work, telephone and e-mail address; and
- communication between the business contact and RAM.
The above personal data usually comes directly from you, or the entity you work for, i.e. our business partner. The processing of the data is based on the legitimate business interests of RAM to maintain a relationship with the Company’s business contacts as well as on RAM’s contract with its business partners where the communication is necessary for the performance of that contract.
6. What personal data is processed about users of Kvosin Hotel’s website?
We use cookies on our website, kvosinhotel.is, in order to personalise content and ads and to analyse our website traffic. The use of statistical cookies enables us to gather statistical data about the traffic on our website and marketing cookies enable us to conduct marketing campaigns with our social media partners. Statistical and marketing cookies are only enabled if you specifically allow their use.
We use Google Analytics for web measuring purposes in order to check the performance of our marketing and website content. We use Facebook Pixel to measure, optimise and build audiences for our ad campaigns. For these purposes, Google and Facebook collect personal data about our website guests. However, RAM only has access to unidentifiable data of website guests which the Company receives from Google and Facebook respectively.
When you visit our website for the first time you will be informed about our use of cookies via a pop-up window which appears on the site, where we ask for your consent for the use of statistical and marketing cookies. You can always withdraw your consent by either going back to the cookie setting on our website or by deleting cookies from your browser.
Additionally, RAM uses necessary cookies which are required for the operation of our website and are based on our legitimate business interests.
If necessary cookies are disabled, our website may not function properly.
Information on how to delete cookies from your browser can be found below:
- Internet Explorer
- Mozilla
- Firefox
- Chrome
- Opera
- Safari
7. What data is collected via electronic surveillance?
Video surveillance is used in public areas and outside of Kvosin Hotel and Aldamót Bar, which may record your presence during your visit. Our processing of personal data via video surveillance is based on our legitimate interests of maintaining a safe work and leisure environment for our guests and employees, as well as safeguarding networks, devices and other property of RAM.
8. To whom do we disclose your personal data?
We may share your personal data with contractors, consultants and other third parties who require such data to assist us with managing our relationship with you. Third parties who provide us with information technology and data processing services may also have access to your data, as necessary. These third parties may be established outside the European Economic Area (“EEA”). However, we only transfer your personal data to countries outside the EEA if such transfer is permitted under applicable privacy legislation.
Your personal data may also be disclosed to third parties as permitted or required by applicable law. Moreover, your personal data may be disclosed to third parties due to regulatory requirements or in order to comply with valid legal processes such as search warrants, subpoenas or court orders. In addition, personal data may be disclosed or transferred to a third party in the event of a change in ownership of RAM.
9. How is your personal data protected?
RAM maintains physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal data in question. These safeguards are designed to protect your personal data from loss and unauthorised access, copying, use, modification or disclosure.
10. How long does RAM keep your data?
Except as otherwise permitted or required by applicable law or regulatory requirements, RAM is committed to retain your personal data only for as long as necessary to fulfil the purposes for which the personal data was collected.
We generally keep personal data of our customers for four (4) years from when the services were provided.
Job applications will be stored for six (6) months, unless you withdraw your application sooner. We may also ask for your consent to store your application for up to two years, for the purposes of considering you for other job openings with RAM.
We keep the contact data of our business contacts for four (4) years after the end of our contract with a business partner. If data relating to our business contact or customer falls under book-keeping laws, such data is kept for seven (7) years, in accordance with Icelandic book-keeping laws.
As regards personal data collected and processed via video surveillance, we keep the data for no longer than ninety (90) days, unless the data is necessary to establish, exercise or defend against legal claims. Backup files of video surveillance data may however be kept for longer.
11. How can you exercise your rights provided under data protection legislation?
RAM is committed to ensuring your rights under the Data Protection Act.
You have the right to access and rectify the personal data RAM collects about you and to be informed about the purpose of the collection. You may also be entitled to a copy of the personal data undergoing processing.
Furthermore, you may under certain circumstances and where technically feasible, have the right to request us to transfer your personal data to a third party.
You may also have the right to request us to restrict the processing of your personal data, for example if you object to its processing, but prefer the data not to be erased.
If the processing of your personal data is based on RAM’s legitimate interests, you have the right to object to the processing, following which we must stop the processing unless we demonstrate a compelling legitimate ground for the processing which override your interests.
In certain instances, you have the right to have your personal data erased, such as where the data is no longer necessary in relation to the purpose for which they were collected or otherwise processed, or if you withdraw your consent for the processing of your personal data. Your rights to access, erasure, rectification, restriction and portability of data are however not absolute. In those instances where we cannot accept your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Please refer all requests concerning your rights to manager@kvosinhotel.is, as described in Section 12 of this Privacy Policy.
In general, we keep requests from data subjects for a year from their receipt. Disputed requests may however be kept for longer, if deemed necessary.
12. Inquiries or concerns
If you have any questions about this Privacy Policy or how we manage your personal data, please contact our hotel manager via e-mail at manager@kvosinhotel.is or phone at +354 415 2400.
If you are unsatisfied with our response, you may be entitled to make a written submission to the respective data protection authorities, including the Icelandic Data Protection Authority (www.personuvernd.is).
13. Revisions to this Privacy Policy
RAM may make changes to this Privacy Policy to reflect changes to our legal or regulatory obligations or to the manner in which we process your personal data.
Any changes to this Privacy Policy will be effective from the time they are posted on our website, kvosinhotel.is/.
This Privacy Policy was last reviewed on May 12, 2020.