Privacy Policy | Aurora Hotel

Aurora Hotel ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, and safeguard your information in accordance with the Icelandic Data Protection Act and the EU General Data Protection Regulation (GDPR).

1. Information We Collect

We collect information necessary to process your booking and provide hospitality services, including:

Identity Data: Name, date of birth, gender, and passport/ID number (required by Icelandic law for foreign nationals).
Contact Data: Email address, phone number, and residential address.
Financial Data: Payment card details (processed via secure, PCI-DSS compliant gateways).
Stay Details: Arrival/departure dates, special requests, and room preferences.
Technical Data: IP address and cookies if you use our website.

2. How We Use Your Data

We process your data based on the following legal grounds:

Performance of a Contract: To manage your reservation and provide hotel services.
Legal Obligation: To comply with tax laws and police registration requirements for foreign visitors.
Legitimate Interests: For security purposes (e.g., CCTV in public areas) and to improve our services.
Consent: If you opt-in to receive our marketing newsletter.

3. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

Booking Engines & Channel Managers: To facilitate your reservation.
Payment Processors: To securely handle transactions.
Public Authorities: Only when required by Icelandic law.
Service Providers: IT support or housekeeping management systems.

4. Data Security and Retention

We implement robust technical and organizational measures to prevent unauthorized access or disclosure of your data.

Retention: We hold your personal data only as long as necessary to fulfill the purposes for which it was collected, typically for 7 years to comply with Icelandic accounting laws. Guest registration forms are kept for the duration required by local police regulations.

5. Your Rights

Under GDPR, you have the following rights regarding your data:

Access: Request a copy of the data we hold about you.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your data (subject to legal retention requirements).
Portability: Request transfer of your data to another provider.
Objection: Object to processing based on legitimate interests.

To exercise these rights, please contact us at reception@aurorahotel.is.

6. CCTV

For the safety of our guests and staff, CCTV cameras are in operation in public areas (lobby, corridors, entrances). Footage is automatically overwritten after 30 days unless required for a legal investigation.

7. Cookies

Our website uses cookies to improve user experience and analyze traffic. You can manage your cookie preferences through your browser settings.

8. Changes to this Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date."

Contact Information: Aurora Hotel Keflavík, Iceland Email: reception@aurorahotel.is