Privacy Policy

Privacy Policy – Nordur Expeditions
Effective date: 15 August 2025

Nordur Expeditions (“Nordur”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1) Who we are (Data Controller)

Nordur Expeditions
Strathbay House, Gairloch, Highlands, Scotland, IV21 2BP
Email: info@nordur.co.uk
Phone: 07854197584

2) Personal data we collect

  • Identity: name, date of birth, nationality, passport/ID details.

  • Contact: email, phone, postal address.

  • Booking & payment: booking history, billing details (card details handled securely by our payment processor; we do not store full card numbers).

  • Health & safety: relevant medical information, dietary needs, emergency contacts (only where necessary to run trips safely).

  • Marketing preferences: consents and opt-outs.

  • Technical/usage: IP address, device/browser info, pages viewed, cookies/analytics data.

3) How we collect data

We collect data directly from you (e.g., enquiries, bookings, forms, emails, calls, events), through our website (including cookies and analytics), and from trusted service partners when needed to deliver your booking.

4) How we use data (purposes)

  • Administering enquiries, bookings, payments, and customer accounts.

  • Trip planning, safety management, and essential communications.

  • Meeting legal, insurance, and regulatory obligations.

  • Website performance, security, and service improvement (analytics — used with consent where required).

  • Marketing with your consent (you can withdraw at any time, for example via unsubscribe links in our emails or by contacting us).

5) Lawful bases for processing

  • Contract: to provide services you request.

  • Legal obligation: e.g., tax, insurance, safety compliance.

  • Legitimate interests: running and improving our services, ensuring safety — always balanced against your rights.

  • Consent: e.g., for marketing emails or processing certain special category data.

6) Special category data

Where health information is required for safety, we process it with your explicit consent and/or because it is necessary for providing safe expedition services. Access is strictly limited and safeguards are applied.

7) Sharing your data

We share personal data only when necessary with:

  • Guides and operational staff (for safety and service delivery).

  • Payment processors, insurers, transport/accommodation providers, and IT/website service providers.

  • Authorities in emergencies or where required by law.

We only use third-party providers who meet UK GDPR standards. We never sell personal data.

8) International transfers

If we transfer personal data outside the UK (e.g., to overseas providers), we use appropriate safeguards such as the UK International Data Transfer Agreement/Clauses or rely on an adequacy decision.

9) Retention

  • Booking, finance, and insurance records: retained for up to 7 years to meet legal and insurance requirements.

  • Health and safety information: kept for the duration of the trip and any legal/insurance retention period; otherwise deleted when no longer needed.

  • Marketing data: kept until you unsubscribe or withdraw consent.

We review retention regularly and securely delete data when no longer required.

10) Your rights

You can request to:

  • Access, correct, erase, restrict, or object to processing of your data.

  • Port your data.

  • Withdraw consent where used.

Contact us at info@nordur.co.uk or 07854197584 to exercise your rights.
You can also complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.

11) Cookies & analytics

We use cookies and similar technologies for site functionality, security, and analytics. Non-essential cookies (including analytics) are only set with your consent, in line with PECR.
You can manage cookies in your browser. See our Cookie Policy [link] for details.

12) Data security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or loss. Access is restricted to those who need it for legitimate purposes.

13) Children’s data

Our services are primarily for adults. Where we handle a young person’s data for a programme, we obtain parental/guardian authority and apply additional safeguards. We do not knowingly collect children’s personal data without such consent. If you believe we have received data in error, contact us to have it deleted.

14) Changes to this policy

We may update this notice from time to time. The latest version will always be posted here with a new effective date. If we make material changes, we will notify customers directly (e.g., by email).

15) Contact

Questions or requests about this policy or your data:
info@nordur.co.uk | 07854197584
Nordur Expeditions, Strathbay House, Gairloch, Highlands, Scotland, IV21 2BP