Blue Lagoon - Cookies

We use cookies on Bluelagoon.com to enhance your experience. By continuing to use our site, you are agreeing to the use of cookies. See our Cookie Statement

Privacy Policy

Thank you for visiting our website. Your privacy is very important to us. This policy explains what information we collect, why we collect it, and how we use it. We value your trust and are committed to safeguarding your details.

This Privacy Policy applies to personal information and data regarding guests and other individuals with whom we do business or who visit us and to the use of that personal information in any form – whether oral, electronic or written.

Please read the Privacy Policy carefully. Should you not agree with it, please do not use our website. Accessing this site is considered acceptance of this Privacy Policy and your agreement that we may process your personal data in accordance with this Privacy Policy. In case of the Privacy Policy not applying, Icelandic law shall apply.

Information we may require about you

The kinds of personal information we may collect from you include:
Contact information, such as name, email address, telephone number and postal address

  • Contact information, such as name, date of birth, email address, telephone number, and postal address
  • Financial information, such as credit card number, expiration date and CVC code
  • Accommodation preferences, health requirements, booking history, and travel arrangements. We will only collect information on health requirements when you have provided such information on your own initiative or when based on your informed consent.
  • We may keep a record of communication and correspondence with you
  • At the Blue Lagoon, Silica Hotel and The Retreat there are surveillance cameras located at crucial places to ensure your safety while enjoying our facilities. Recordings are kept for no longer than 3 months unless related to possible legal issues, like incidents.

You may choose what personal information you provide us with. However, please note that if you choose not to provide us with certain information, your experience may be affected.

The purpose of this data collection is for us to be able to offer you our services, maintain your safety and to enhance your experience while staying at our facilities. You may refuse to provide us with your personal information. However, please note that if you choose not to provide us with certain information, some or all of our services may not be available to you, and your experience may be affected.

Personal data will only be stored for the duration which it needs to be used in conformity with the original purpose of its collection. In some cases your personal data may be stored for up to 8 years in accordance with Article 20 of the Icelandic Accounting Act No. 145/1994.

All personal information, except surveillance videos, are stored and managed by a third party who must comply with Icelandic laws and regulations, including regulation no. 77/2000. Surveillance data is stored in-house with strict access control.

We do not intentionally collect information from minors. If a minor has provided us with information, a parent or guardian of the minor should contact us and we will remove the information from our database immediately.

You have the right to access your personal information at all times and to have the information corrected if needed. You have the right to restrict processing concerning your personal information if you contest the accuracy of the information for a period enabling us to verify the accuracy of the information, if the processing is considered unlawful, or if we no longer need the information for the purposes of processing.

In case of a personal data breach, Blue Lagoon Ltd. will without undue delay and where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Icelandic Data Protection Authority (Persónuvernd), unless the personal data breach is unlikely to result in a risk to your rights and freedoms. When the personal data breach is likely to result in a high risk to your rights and freedoms, Blue Lagoon Ltd. will communicate the personal data breach to you without undue delay unless otherwise stated by law.

Websites

Our website Bluelagoon.com and subdomains use cookies to provide you with as relevant information as possible and tailor them to your needs. Examples of this would be presenting the appropriate currency, preserving users’ selections during any booking process, etc. You can choose not to accept cookies by disabling them in the settings of your web browser. You can find more information about cookies at: http://www.allaboutcookies.org.

We use Google Analytics and Google Adwords. We use Analytics to collect information on how visitors use our website, information such as IP address, operating system, browser type, origin of traffic, etc. This data is then used to measure performance and implement improvements as needed.

We might use AdWords for remarketing, to advertise our products and services on third party websites to previous visitors to our site. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits. You can set preferences for how Google advertises to you using the Google´s Ads settings page. You have the right to object at any time to the processing of your personal data to the extent that it is related to direct marketing purposes. If you object to remarketing of your personal data you can opt out of a third-party vendor's use of cookies by visiting the Network Advertising Initiative opt-out page.

Payments and security

All credit card transactions are operated through Borgun hf. (http://www.borgun.com) and are safeguarded at all times. They are PCI DSS (Payment Card Industry Data Security Standard) certified to insure safe transactions of credit card information. Our websites are secured with SSL certificates with the highest level of encryption and security. SSL stands for Secure Sockets Layer and provides secure, encrypted communications between a website and an internet browser.

All personal information, except surveillance videos, are stored and managed by a third party who must comply with Icelandic laws and regulations, including the relevant Icelandic Act on Protection of Privacy, and carry out appropriate security safeguards in order to protect leakage, loss and damage of information. Surveillance data is stored inhouse with strict access control.

In case of a personal data breach, Blue Lagoon Ltd. will without undue delay and where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Icelandic Data Protection Authority (Persónuvernd), unless the personal data breach is unlikely to result in a risk to your rights and freedoms. When the personal data breach is likely to result in a high risk to your rights and freedoms, Blue Lagoon Ltd. will communicate the personal data breach to you without undue delay unless otherwise stated by law.

What we do with your information

Your personal information may be used to:

  • Process bookings and reservations.
  • Personalize and enhance your stay.
  • Respond to requests you have submitted through our website or by email.
  • Provide third party services when specifically requested by you.
  • Ensure your safety in certain circumstances and contact you in emergency situations.
  • To meet legal and regulatory requirements.

If your personal information will be required for any other purposes than what is stated here above, your acceptance will be requested beforehand.

Data portability

You have the right to transmit personal data concerning you, which you have provided to us, to another party without any hindrance from us when the processing has been based on your consent and the processing is carried out by automated means. This right shall, however, not adversely affect the rights and freedoms of others.

Disclosure

We will not loan, rent or sell any personal information to any third party. Personal information about you may be shared with a third party as explained in the chapter „Payments and Security“ in this Privacy Policy, i.e. in relation to credit card transactions or data storage on behalf of Blue Lagoon Ltd.

  • We do reserve the right to disclose any personal information we have concerning you when:
  • We should be compelled to do so by law or a government entity.
  • You have authorized a third party (such as an agent) to manage your personal information on your behalf to make necessary bookings, reservations, requests and payments for our services, products and/or accommodation.

Any disclosure of personal information by Blue Lagoon Ltd. to a third party will only be made on a confidential basis.

You will not receive any communication from Blue Lagoon Ltd. that is unsolicited or not directly related to a product or service that you have purchased or enquired about.

Opting out, inqueries, amendments & deletion of information

You have the right to access your personal information at all times and to have the information corrected if inaccurate or incorrect. You have the right to restrict processing concerning your personal information if you contest the accuracy of the information. The processing may be restricted for a period enabling us to verify the accuracy of the information. You also have the right to restrict the processing of your personal information if the processing is considered unlawful or if we no longer need the information for the purposes of processing but you don‘t want the information erased.
You have the right to have personal data erased if the information is no longer necessary in relation to the purposes for which it was collected, you have withdrawn your consent on which the processing is based or your information has been unlawfully processed. An exception to this shall be made if data is required to be kept in accordance with the law.

If you wish to have your personal information removed from our database, withdraw your consent for processing or have any other questions regarding this Privacy Policy or Blue Lagoon Ltd.’s processing and protection of personal information, please contact us by email at contact@bluelagoon.com with “Privacy“ in the subject line.

Minors

We do not intentionally collect information from minors. If a minor has provided us with information, a parent or guardian of the minor should contact us and we will remove the information from our database immediately.

Privacy policy amendments

We reserve the right to change this Privacy Policy at any time. Changes, additions or deletions shall be effective immediately and be a part of all new bookings after publication. The date of the latest revision of this Privacy Policy is set at the bottom of this page.

Your agreement to this Privacy Policy during booking will only relate to that particular version of the Privacy Policy. If any significant changes are made to the Privacy Policy which will need your approval before arrival, then the updated version will be sent to you for approval.

Complaints

You have the right to lodge a complaint to the Icelandic Data Protection Authority (Persónuvernd), Rauðarárstígur 10, 105 Reykjavík, Iceland (www.personuvernd.is) if you are of the opinion that processing of your personal data is against the law.