Privacy policy

This Privacy policy explains how Old Iceland restaurant (Fiskbarinn ehf, ID 6904142440) collects and uses personal data when you contact us through the contact form on our website.

1. Data controller

The data controller responsible for your personal data is:

Old Iceland restaurant (Fiskbarinn ehf, ID 6904142440)
Laugavegur 72, 101 Reykjavík, Iceland

Email: oldiceland@oldiceland.is

2. Personal data we collect

When you submit the contact form, we collect the following information:

Name
Email address
Any other information you choose to include in the message field

3. Purpose of processing

We use your personal data only for the following purposes:

To receive, read and manage your enquiry
To respond to you and provide the information or assistance you have requested
To keep a record of our communications with you, where appropriate

We do not use your personal data for direct marketing unless you have explicitly agreed to this separately.

4. Legal basis for processing

We process your personal data on the following legal basis:

Your consent – by submitting the contact form, you consent to us processing your personal data in order to respond to your enquiry, in accordance with the General Data Protection Regulation (GDPR) and Icelandic data protection legislation.

You may withdraw your consent at any time (see section 7 below). This will not affect the lawfulness of any processing carried out before you withdrew your consent.

5. How long we keep your data

We retain your personal data only for as long as necessary for the purposes described above.

Contact form messages and related personal data are normally kept for up to 12 months after we have responded to your enquiry.

After this period, your personal data will be securely deleted or anonymised, unless we are required to keep it for a longer period by law or to establish, exercise or defend legal claims.

6. Sharing of personal data

We do not sell or rent your personal data to third parties. We do not transfer your personal data outside the EEA.

We may share your data only with:

Service providers who assist us in operating the website or email services (for example, hosting and IT service providers), under appropriate data protection agreements;
Public authorities or other third parties, if required by law or necessary to protect our rights.

Any service providers will be required to keep your data secure and to use it only in accordance with our instructions.

7. Your rights

Under the GDPR and Icelandic data protection legislation, you have several rights regarding your personal data. These include:

Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy of the data.
Right to rectification – to have inaccurate or incomplete personal data corrected.
Right to erasure (“right to be forgotten”) – to request deletion of your personal data in certain circumstances.
Right to restriction of processing – to request that we limit the processing of your data in certain situations.
Right to data portability – to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller, where applicable.
Right to object – to object to certain types of processing, where applicable.
Right to withdraw consent – where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us using the details in section 1.

You also have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) if you believe that your rights have been violated:

Persónuvernd – Icelandic Data Protection Authority
www.personuvernd.is

8. Changes to this Privacy policy

We may update this Privacy policy from time to time. Any changes will be posted on this page with an updated “last updated” date.

-Last updated November 15th 2025.