Privacy policy

3.1 Types of Personal Data Collected

Dependingon your interactions with us, we may collect the following categories ofpersonal data:

• Identification and Contact Details: Name, email address, phone number,     billing address.
• Payment Information: Transaction details necessary for ticket purchases or other services (processed in conjunction with our payment providers).
• Preference and Behavioral Data: Information on how you interact with our     website, services, or marketing communications.
• On-Site Data: Data collected during visits to our     venue/event, such as ticket scans or attendance records.
  ‍

3.2 Legal Bases for Processing

We onlyprocess personal data when we have a valid legal basis under GDPR, including:

• Consent: When you have given clear consent for us to process your personal data for a specific purpose (e.g., receiving marketing updates).
• Contractual Necessity: To fulfill a contract, such as processing your ticket purchase or providing the services you requested.
• Legitimate Interests: For activities such as fraud prevention, internal analytics, or improving our services, provided these interests are not overridden by your fundamental rights and freedoms.
• Legal Obligations: To comply with legal requirements, such as accounting and taxation rules or law enforcement requests.
  ‍

3.3 How We Use Personal Data

We may useyour personal data for purposes including but not limited to:

• Providing services (ticket processing, event participation).
• Communicating with you about event updates, changes, or customer service inquiries.
• Managing our internal administrative operations (e.g., finance, accounting,     analytics).
• Marketing and promotional campaigns, if you have opted in or if we have a legitimate interest to do so.

We may share personal data with third-party service providers who perform functions on our behalf, such as:
‍

• Payment Processors: To handle payment transactions securely.
• Ticketing Platforms/Venues: For ticket issuance, venue access, or event management.
• Marketing Agencies: If you have consented to receive marketing materials or if it is within our legitimate interests.
• IT and Security Providers: For hosting, data storage, software maintenance, and security measures.
  ‍

4.2 Legal and Regulatory Compliance

We may disclose personal data to government authorities or law enforcement officials when required by law, court order, or other legal process, or to defend our legal rights or protect the rights or safety of others.
‍

4.3 Data Transfers Outside the EEA

If personal data is transferred outside the European Economic Area (EEA), we ensure it is protected by appropriate safeguards (e.g., EU Standard Contractual Clauses, adequacy decisions) in accordance with GDPR requirements.

5.1 Retention Periods

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or contractual requirements. Retention periods may vary depending on the type of data and the legal context.
‍

5.2 Secure Deletion

When personal data is no longer required, we will securely erase, anonymize, or otherwise dispose of it in accordance with our data retention policies.

6.1 Use of CCTV

Where CCTV cameras are in use (for instance, within our venue or event areas) for security and safety purposes, the footage may capture personal data such as identifiable features of visitors.
‍

6.2 Legal Basis

We operate CCTV under our legitimate interest in ensuring the safety of our visitors, personnel, and property, or where required by local laws and regulations.
‍

6.3 Access and Retention

• CCTV footage is stored securely and accessible only by authorized personnel.
• Footage is typically retained for a limited period unless it is required for investigation, legal, or regulatory purposes.

Under the GDPR, you have various rights regarding your personal data, including:
‍

7.1 Right of Access

You have the right to obtain confirmation whether your personal data is being processed and to request a copy of that data.
‍

7.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data.
‍

7.3 Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, such as when it is no longer necessary, or you have withdrawn your consent.
‍

7.4 Right to Restrict Processing

You may request to restrict the processing of your personal data if you contest its accuracy, believe the processing is unlawful, or object to our legitimate interest basis for processing.
‍

7.5 Right to Data Portability

Where technically feasible, you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.
‍

7.6 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation when we base our processing on legitimate interests.
‍

7.7 Right to Withdraw Consent

If processing is based on your consent, you may withdraw your consent at any time; this will not affect the lawfulness of any processing carried out before you withdrew your consent.
‍

7.8 Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you may lodge a complaint with a supervisory authority. In Iceland, this is the Icelandic Data Protection Authority (Persónuvernd).

8.1 Policy Changes

We may update or modify this Privacy Policy from time to time to reflect changes in our data processing practices or applicable laws. When we make material changes, we will post a notice on our website or otherwise notify you.
‍

8.2 Effective Date

The “last updated” date at the beginning of this Privacy Policy indicates when the latest modifications were made. Your continued use of our services after any such update constitutes your acceptance of the changes.

If you have questions or would like to exercise any of your rights under this Privacy Policy, please contact us at:
‍

• The Volcano Express – Eve Harpa ehf.
• Address: Thingholtsstraeti 6
• Email: info@volcanoexpress.is‍
• Phone: +354 5285050