Skip to main content
Book now and get 10% off summer tours — Promo Code: SUMMER2026
Golden Circle Day Tours

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: June 2026

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit our website, contact us, subscribe to our newsletter, or book a tour. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Icelandic Act on Data Protection and the Processing of Personal Data (Act No. 90/2018).

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

  • Birkimelur ehf., trading as Golden Circle Day Tours ("we", "us", "our")
  • Company registration (kennitala): 530116-0690
  • Registered address: Lækjartorg 5, 101 Reykjavík, Iceland
  • Email: info@goldencircledaytours.is
  • Phone: +354-787-8080

We are an independent Iceland-based tour operator. We are not affiliated with Icelandia or Reykjavik Excursions.

2. What Data We Collect and Why

We only collect the personal data we need for the specific purpose for which you provide it.

Contact form and enquiries

When you contact us through the website, by email or by phone, we collect your name, email address, phone number (if provided) and the content of your message. We use this to respond to your enquiry and provide customer support.

Newsletter

When you subscribe to our newsletter, we collect your email address. We use it to send you tour news, offers and travel information. You can unsubscribe at any time using the link in every email, or by contacting us.

Bookings

When you book a tour, we collect the information needed to fulfil and manage your booking, which may include your name, email address, phone number, tour date, number of guests, pickup/hotel location and any special requirements or accessibility, health or dietary information you choose to share. Bookings are processed through the Bókun booking platform.

We do not store your card details. Card and payment data are collected and processed directly by Bókun and its payment partners. We never see or store your full card number.

Website usage and analytics

When you consent, we collect analytics data about how you use our website (such as pages viewed, approximate location, device and browser type, and interactions). This helps us understand and improve the site. We also collect limited technical data for security and error monitoring (see Section 4).

3. Legal Bases for Processing

Under the GDPR we rely on the following legal bases:

  • Consent — for analytics and marketing cookies, and for sending you our newsletter. You can withdraw consent at any time.
  • Performance of a contract — to process and manage your tour booking and to communicate with you about it.
  • Legitimate interests — to respond to enquiries, keep our website secure, prevent fraud and abuse, and monitor and fix technical errors.
  • Legal obligation — to comply with accounting, tax and other legal requirements.

4. Service Providers (Processors) We Use

We do not sell your personal data. We share it only with the service providers (processors) that help us run our website and business, under appropriate data processing agreements:

  • Bókun — booking management and payment processing. Card data is handled by Bókun and its payment partners, not by us.
  • Resend — sending transactional emails (such as booking confirmations and enquiry replies).
  • Supabase — database hosting for the data we store.
  • Google Analytics (via Google Tag Manager) — website analytics. Loaded only after you accept analytics cookies.
  • PostHog — product analytics to understand how the site is used. Loaded only after you accept analytics cookies.
  • Sentry — error and performance monitoring to detect and fix technical problems.

We may also disclose personal data to partner businesses where strictly necessary to deliver your tour (for example, an attraction included in your booking), and to authorities where we are legally required to do so.

5. Cookies and Consent

We use cookies and similar technologies. Strictly necessary cookies, which are required for the website to function, are always active. Analytics and marketing cookies — including Google Analytics, Google Tag Manager and PostHog — are only loaded after you select "Accept all" in our cookie banner. If you do not consent, these tools are not activated.

You can change or withdraw your cookie choices at any time through the cookie settings on our website, and you can also block or delete cookies through your browser settings.

6. International Transfers

Some of our service providers (including Google, PostHog, Resend, Supabase and Sentry) are based in, or process data in, the United States. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards recognised under the GDPR — such as the EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework — to ensure your data receives an equivalent level of protection.

7. Data Retention

We keep your personal data only for as long as necessary for the purpose it was collected:

  • Booking and transaction records are retained for as long as required to meet Icelandic accounting and tax obligations (generally up to 7 years).
  • Enquiry and contact data is kept only as long as needed to handle your request and for a reasonable follow-up period.
  • Newsletter data is kept until you unsubscribe.
  • Analytics data is retained for a limited period in line with each provider's settings.

When data is no longer needed, we delete or anonymise it.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten") where applicable;
  • Restrict or object to processing, including direct marketing;
  • Data portability — receive your data in a portable format;
  • Withdraw consent at any time, without affecting processing carried out before withdrawal.

To exercise any of these rights, contact us at info@goldencircledaytours.is or +354-787-8080. You also have the right to lodge a complaint with the Icelandic Data Protection Authority, Persónuvernd (www.personuvernd.is).

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. As noted above, payment card data is handled by Bókun and its payment partners and is never stored on our systems.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page, with the "Last updated" date revised accordingly.

11. Contact Us

For any privacy-related questions or to exercise your rights, contact the data controller, Birkimelur ehf. (Golden Circle Day Tours), at info@goldencircledaytours.is or +354-787-8080.