Privacy Policy

This Privacy Policy explains how Arctic Exped and Arctic Divers ehf collect, use, and protect the personal data of users who visit www.arcticexped.is.

This policy is provided in accordance with Article 13 of EU Regulation 2016/679 (GDPR), which applies in Iceland as a member of the European Economic Area (EEA), and in accordance with the Icelandic Act on Data Protection and the Processing of Personal Data no. 90/2018 (Lög um persónuvernd og vinnslu persónuupplýsinga).

This policy applies exclusively to the website www.arcticexped.is and not to any third-party websites accessible through links on this site. The policy may be updated periodically; users are encouraged to check this page regularly.

1. Data Controller

The data controller — the entity that determines the purposes and means of processing personal data — is:

• Company: Arctic Divers ehf
• Operating name: Arctic Exped
• Address: Mávahlíð 41, 105 Reykjavík, Iceland
• Contact: info@arcticexped.is
• Representative: Julian O’Neil

For any questions regarding this Privacy Policy or to exercise your rights, you may contact the data controller at the email address above.

2. Data Processors and Third-Party Service Providers

The website uses third-party service providers who may process personal data on behalf of Arctic Divers ehf, acting as data processors pursuant to Article 28 of the GDPR. These include:

• 1984 Hosting (1984 ehf) — Icelandic web hosting provider. Server located in Iceland. Privacy Policy
• Google LLC — Analytics (Google Analytics 4) and related services. Data may be transferred to the United States under standard contractual clauses. Privacy Policy
• Meta Platforms Ireland Ltd. — Facebook and Instagram pages linked from this website. Privacy Policy

3. Data Collected and How It Is Collected

3.1 Navigation data (log files)

Like all websites, this site automatically collects certain technical information through log files during user visits. This may include:

• IP address
• Browser type and device parameters
• Internet Service Provider (ISP)
• Date and time of visit
• Referring and exit pages
• Number of clicks

This information is collected in aggregate form solely to verify that the site functions correctly and for security purposes. It is retained based on the legitimate interests of the data controller and is never used to identify individual users.

3.2 Data voluntarily provided by the user

When users contact Arctic Exped via the contact form, email, or newsletter subscription, the following personal data may be collected:

• First name and surname
• Email address
• Any other information voluntarily included in the message

This data is used exclusively to respond to requests or provide the service requested (e.g., sending the newsletter). It is retained only for as long as necessary to fulfil the specific purpose, and in any case for no longer than 2 years, unless a longer retention period is required by law or by the nature of the ongoing relationship.

3.3 Cookies and tracking technologies

See Section 4 below for full details on cookies.

4. Cookies

4.1 What cookies are

Cookies are small text files stored on the user’s device (computer, tablet, smartphone) by websites they visit. They are widely used to make websites work more efficiently and to provide information to website owners. Cookies are not executable code and cannot transmit viruses.

4.2 Cookie management on this site

This website uses Complianz as its cookie consent management platform. When you first visit the site, a banner allows you to accept, decline, or customise your cookie preferences. You can review or change your consent at any time by clicking the cookie settings link in the footer.

4.3 Types of cookies used

Technical / functional cookies (always active)
These cookies are strictly necessary for the website to function and cannot be disabled. They include session cookies that allow navigation between pages and remember your cookie preferences. No personal data is stored persistently through these cookies.

Statistical / analytics cookies
This website uses Google Analytics 4 (provided by Google LLC) to collect anonymous, aggregated information about how visitors use the site. Data collected includes pages visited, time spent on site, and approximate geographic location. IP addresses are anonymised. These cookies are only activated with the user’s consent.
→ Google Privacy Policy | Google Analytics opt-out

Marketing / profiling cookies
These cookies may be used to deliver advertising more relevant to users and their interests. They are only activated with the user’s explicit consent.

4.4 Managing cookies through your browser

In addition to managing preferences through the cookie banner, users can configure or disable cookies at any time through their browser settings. Please note that disabling certain cookies may affect the functionality of the website. For guidance on managing cookies in your browser, visit:

• Chrome
• Firefox
• Safari
• Edge

5. Legal Basis for Processing

The legal bases for processing personal data collected through this website are:

• Legitimate interests (Article 6(1)(f) GDPR) — for the processing of navigation data and server logs for security and correct operation of the site.
• Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR) — when users submit enquiries or request services.
• Consent (Article 6(1)(a) GDPR) — for newsletter subscriptions, analytics cookies, and any marketing cookies. Consent can be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Data Retention

Personal data is retained only for the time strictly necessary to fulfil the purpose for which it was collected:

• Contact and enquiry data: retained for up to 2 years from the date of last contact.
• Newsletter subscriber data: retained until the user unsubscribes.
• Server log data: retained for a maximum of 12 months for security purposes.
• Cookie data: duration varies by cookie type; see the cookie banner for details.

7. Data Security

Arctic Divers ehf processes personal data lawfully and correctly, adopting appropriate technical and organisational measures to prevent unauthorised access, disclosure, modification, or destruction. The website uses SSL/TLS encryption (HTTPS) for all data transmitted between the user’s browser and the server.

Access to personal data is restricted to authorised personnel and, where applicable, to third-party service providers bound by data processing agreements.

8. International Data Transfers

Some third-party services used by this website (notably Google Analytics) may transfer data to countries outside the EEA, including the United States. Such transfers are carried out in accordance with the applicable provisions of the GDPR, including the use of Standard Contractual Clauses (SCCs) as approved by the European Commission.

9. Your Rights

Under the GDPR and Icelandic data protection law, users have the following rights regarding their personal data:

• Right of access (Article 15 GDPR) — the right to obtain confirmation of whether personal data is being processed, and to access that data.
• Right to rectification (Article 16 GDPR) — the right to have inaccurate data corrected.
• Right to erasure (Article 17 GDPR) — the right to have personal data deleted (“right to be forgotten”).
• Right to restriction of processing (Article 18 GDPR) — the right to limit how data is used.
• Right to data portability (Article 20 GDPR) — the right to receive personal data in a structured, commonly used format.
• Right to object (Article 21 GDPR) — the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — where processing is based on consent, the right to withdraw it at any time.

To exercise any of these rights, please contact the data controller at: info@arcticexped.is.

If you believe your rights have been violated, you have the right to lodge a complaint with the Icelandic Data Protection Authority:

• Persónuvernd (Icelandic Data Protection Authority)
  Rauðarárstígur 10, 105 Reykjavík, Iceland
  www.personuvernd.is
  Email: postur@personuvernd.is

10. Links to Third-Party Websites

This website may contain links to external sites, including the company’s social media profiles on Facebook and Instagram. Arctic Divers ehf is not responsible for the privacy practices of those websites, and users are encouraged to read the respective privacy policies of any external sites they visit.

11. Amendments to This Policy

This Privacy Policy may be updated from time to time to reflect changes in the law, our data practices, or the services we use. Any significant changes will be communicated to users through a notice on the website.

This document was last updated on April 2026.