Privacy Policy

1. Introduction

Welcome to the Privacy Policy of Aurora Adventures ("Aurora Adventures," "we," "us," or "our"). Our mission is to provide you with unforgettable, authentic, and safe adventures through the wild landscapes of Iceland. This commitment to excellence extends to the meticulous protection and transparent management of your personal information. This policy provides a comprehensive overview of how we collect, use, protect, and handle your personal data when you book our tours, use our website, interact with our adventure specialists, or travel with our guides. Your trust is the foundation of our relationship, and we are dedicated to safeguarding your data with the highest levels of security, integrity, and transparency. This document is designed to help you understand your privacy rights and how you can control the information you share with us as you prepare for your Icelandic saga.

2. Information We Collect

To provide our highly personalized and safety-critical adventure travel services, we collect and process several categories of information. The data we gather is essential for fulfilling your booking, ensuring your safety on tour, and continuously improving our expeditions.

• Account & Contact Information: To create and manage your booking, we collect your full name, email address, telephone number, and home address. This information is fundamental for managing your booking, sending confirmations, providing pre-trip information, and communicating any important updates.
• Traveler & Booking Information: To arrange your tour, we collect details such as your chosen tour itinerary, travel dates, and the names of all participants in your party. For certain bookings or legal requirements, we may need to collect passport information for identity verification. We also require emergency contact information (name and phone number of a person not traveling with you) for safety purposes.
• Health & Safety Information: This is a critical component for ensuring your well-being on our adventurous tours. We may ask you to voluntarily provide information regarding your physical fitness level, relevant medical conditions, severe allergies, or dietary restrictions (e.g., celiac disease, nut allergies). This allows our guides to be prepared for any situation and enables us to advise on the suitability of strenuous activities like glacier hiking or long treks. Providing this information is optional but highly recommended for your own safety.
• Travel Preferences & History: We maintain a secure record of your past trips with us and any travel preferences you share. This data allows us to personalize future travel recommendations and provide a higher level of customized service on subsequent journeys.
• Payment Information: Your payment details are processed directly and securely by our third-party, PCI-DSS compliant payment gateways (e.g., Stripe, Braintree). Aurora Adventures does not store, access, or process your full credit card number on our servers. We only retain encrypted tokens and transaction identifiers, which are necessary for managing your booking, processing refunds, and for financial record-keeping.
• User-Generated Content: We collect information you choose to share publicly, such as reviews, photos, and testimonials about our tours. This community feedback is invaluable for helping other travelers make informed choices and for celebrating the incredible experiences you have with us.
• Communications with Us: We keep records of your interactions with our Adventure Specialists and Customer Support teams. This includes email correspondence, contact form submissions, and notes from phone calls. These records are essential for providing consistent support throughout your planning process and for ensuring a seamless travel experience.
• Technical & Device Data: For security, analytics, and platform optimization, we automatically collect your IP address, device type (e.g., desktop, mobile), browser type and version, and operating system when you visit our website. This technical information helps us prevent fraudulent activity, diagnose bugs, and ensure our website functions correctly across all devices.
• Platform Usage Analytics: We use cookies and similar technologies to collect anonymized data about how you navigate and interact with our website. This includes pages visited, time spent on the site, and tours viewed. This aggregated data helps us understand traveler interests and improve the overall user experience of our website.

3. How We Use Your Information

We use your data in a purposeful and limited manner to perform the core functions of our adventure travel service and to enhance your experience. Your information is used for the following specific purposes:

• To Fulfill and Manage Your Tour: This is the primary use of your data. We use your contact, traveler, and payment information to confirm your booking, arrange all logistics with our partners (such as hotels and activity providers), and deliver all necessary travel documents and itineraries.
• To Ensure Your Safety and Well-being: Health and emergency contact information is used by our operations team and guides to manage risk and respond effectively in case of an emergency during your tour. Dietary information is shared with accommodation and food providers to prevent allergic reactions.
• To Operate and Improve Our Website: Technical and usage data is analyzed to maintain, secure, and enhance our website. This includes troubleshooting technical issues, preventing fraud, and performing data analysis to understand service performance and develop new, user-friendly features.
• To Communicate Effectively With You: We use your contact information to send essential service-related communications, such as booking confirmations, payment receipts, pre-trip packing lists, and important itinerary updates. With your explicit consent, we will also send you marketing communications about new tours, special offers, and stories from Iceland.
• To Provide Expert Support: Our Adventure Specialists use your account information and communication history to provide you with timely, accurate, and personalized support throughout the entire planning and booking process.
• For Legal and Regulatory Compliance: We are required to retain certain transactional and business records to comply with Icelandic tourism laws and applicable legal, tax, and financial accounting obligations. We may also use your information to establish, exercise, or defend legal claims if necessary.

4. Data Security

We consider the security of your data to be a top priority and implement a multi-layered security strategy to protect it. Our security measures include, but are not limited to, end-to-end SSL/TLS encryption for all data transmitted between your device and our servers; secure, modern cloud infrastructure with advanced firewalls and threat detection systems; and strict, role-based internal access controls to ensure that only authorized personnel with a legitimate business need can access sensitive information. We apply heightened security protocols for sensitive data, such as passport details and any health-related information you provide, ensuring it is encrypted both in transit and at rest. Our team undergoes regular security and privacy training, and we conduct periodic vulnerability assessments to identify and remediate potential threats. All personal details are treated with the strictest confidentiality.

5. Data Sharing and Disclosure

We do not sell or rent your personal data to any third party. We only share information with essential, trusted partners who are contractually bound to protect your data and use it only for the purpose of delivering your tour. We provide only the minimum information necessary for them to perform their service. Categories of third parties we may share data with include:

• Accommodation Providers: We share guest names with hotels, guesthouses, and farm stays to secure your reservations.
• Activity & Transport Partners: For certain activities (e.g., boat tours, snowmobiling) or transport services, we may need to share participant names with our vetted, licensed partners.
• Payment Processors: Your payment information is shared directly with our PCI-compliant payment gateways to securely handle transactions.
• Technology Service Providers: We work with providers for essential services like cloud hosting, email delivery, and customer support software. These providers process data on our behalf and under our strict instructions.
• Legal and Regulatory Authorities: We may be required to disclose certain data to law enforcement, government agencies (such as the Icelandic Tourist Board), or other regulatory bodies if compelled by a subpoena, court order, or other legal process. We will only do so after verifying the legitimacy of the request and only to the extent required by law.

6. Data Retention Policy

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected. We will keep your booking information for the duration of your trip planning and completion. After your tour is finished, we may retain certain information for a limited period as required by law (e.g., for tax and accounting purposes) or for legitimate business needs, such as responding to post-trip inquiries or for legal defense. Anonymized and aggregated data, which can no longer be used to identify you, may be kept indefinitely for analytics and service improvement purposes.

7. Your Privacy Rights and Choices

As a valued Aurora Adventures traveler, you have specific rights concerning your personal data, in line with GDPR and other privacy regulations. We are committed to facilitating the exercise of these rights:

• Right to Access: You have the right to request access to the personal data we hold about you and receive a copy of that information.
• Right to Rectification: You can update or correct your personal information at any time by contacting our customer support team.
• Right to Erasure (Right to be Forgotten): You may request the deletion of your booking information and personal data. We will fulfill this request subject to our legal and financial obligations to retain certain transactional records.
• Right to Opt-Out of Marketing: You have full control over your marketing preferences. You can opt out of promotional communications at any time by using the "unsubscribe" link in every email. You will continue to receive essential service-related communications (e.g., booking confirmations, itinerary updates) even if you opt out of marketing.
• Right to Data Portability: Where applicable, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Restrict Processing: Under certain conditions, you may have the right to request that we restrict the processing of your personal data.

To exercise any of these rights, please contact us using the information provided at the end of this policy.

8. Changes to Our Privacy Policy

The world of travel, technology, and privacy law is constantly evolving. We may update this Privacy Policy from time to time to reflect changes in our business practices, new tour features, or for other operational, legal, or regulatory reasons. We will notify you of any significant or material revisions by sending an email to your registered address or by posting a prominent notification on our website before the changes take effect. The "Last Updated" date at the top of this policy will always indicate the most current version. Your continued use of Aurora Adventures' services after such changes have been communicated constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed about how we are protecting your information.