Privacy Policy

Privacy Policy

This Privacy Policy explains how Nemur Net ehf collects, uses, and protects your personal data when you visit our website or use our services. We are committed to processing your personal data in accordance with the Icelandic Data Protection Act (Lög um persónuvernd og vinnslu persónuupplýsinga nr. 90/2018) and the EU General Data Protection Regulation (GDPR).

1. Who We Are

The data controller is:

Nemur Net ehf
Hrísateigur 3
105 Reykjavík
Iceland
Kennitala: 481118-0180
Email: [email protected]
Phone: +354 698 9152

2. What Personal Data We Collect

We collect personal data that you provide to us directly when you contact us or book one of our services, including:

  • Contact details: name, email address, phone number.
  • Booking details: the tour or service you are booking, preferred dates, number of participants, dietary or accessibility requirements.
  • Payment information: payments are processed by our card payment provider (Wise); we do not store full card details on our own systems.
  • Correspondence: emails and other messages you send to us.

We do not currently use cookies, analytics, or tracking technologies on the nemur.net website beyond what is strictly necessary for the site to function. If this changes, we will update this policy and request your consent where required.

3. Why We Use Your Personal Data

We use your personal data for the following purposes:

  • to respond to your enquiries and provide information about our services,
  • to confirm and administer bookings, including issuing payment links and receipts,
  • to deliver the tour or service you have booked, including preparing participant lists and certificates,
  • to comply with our legal and accounting obligations under Icelandic law,
  • where applicable, to fulfil our obligations under the Erasmus+ programme.

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases:

  • Performance of a contract — to deliver the services you have booked.
  • Legitimate interests — to respond to enquiries and operate our business.
  • Legal obligation — to keep accounting records as required by Icelandic law.
  • Consent — where you have explicitly agreed, for example to receive optional communications. You can withdraw your consent at any time.

5. Sharing Your Personal Data

We do not sell your personal data. We share it only with:

  • Our card payment provider (Wise), which handles the payment for your booking,
  • Erasmus+ programme partner organisations and National Agencies, where the activity is part of an Erasmus+ project that Nemur Net ehf coordinates or participates in, and where reporting or participant administration requires it,
  • Third-party course or programme providers, where you have booked a wider programme through them and Nemur Net ehf is delivering only part of the service (for example, a tour); in such cases, each party acts as a data controller for its own part of the service,
  • Our accountant and tax advisers, to meet legal obligations,
  • Hosting and email providers that help us run our website and communications.

These parties only receive the data necessary to perform their role and are required to keep it secure.

6. International Transfers

Some of the providers we work with may be located outside the European Economic Area (EEA). Where this is the case, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses.

7. How Long We Keep Your Personal Data

  • Booking and accounting records are kept for seven (7) years as required by Icelandic accounting law.
  • General enquiry correspondence is kept for up to two (2) years unless it leads to a booking.
  • Erasmus+ project records are kept for the period required by the Erasmus+ programme rules, typically five (5) years after project closure.

8. Your Rights

Under the GDPR you have the right to:

  • request access to the personal data we hold about you,
  • ask us to correct inaccurate data,
  • ask us to delete your data, subject to our legal retention obligations,
  • object to or restrict our processing of your data,
  • request the portability of your data,
  • withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please email [email protected]. We will respond within 30 days.

9. Complaints

If you believe we are not handling your personal data in accordance with the law, you have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd):

Persónuvernd
Rauðarárstígur 10
105 Reykjavík
Website: www.personuvernd.is

10. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version is always available on this page, with the date of the last update shown below.

Last updated: 25 April 2026