Privacy Policy

Last Updated: January 20, 2026

1. Introduction

Mykines sp/f ("we," "our," or "us") operates the ferry booking service at mykines.fo (the "Service"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information

When you make a booking, we collect the following personal information:

  • Contact details: First name, last name, email address, phone number
  • Passenger information: Names and types (adult, child, infant) of all passengers
  • Nationality information
  • Payment information (processed securely by QuickPay)
  • Booking preferences and special requests

2.2 Automatically Collected Information

When you visit our Service, we automatically collect certain information:

  • Device information (browser type, operating system)
  • IP address and approximate location
  • Pages visited and time spent on pages
  • Referral source (how you found our website)

2.3 Cookies

We use cookies and similar tracking technologies to improve your experience. See our Cookie Policy for details.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Booking Management: Process and manage your ferry bookings
  • Communication: Send booking confirmations, tickets, cancellation notices, and customer support responses
  • Payment Processing: Process payments through our secure payment provider (QuickPay)
  • Service Improvements: Analyze usage patterns to improve our Service
  • Legal Compliance: Comply with legal obligations (tax records, accounting)
  • Marketing: Send promotional offers (only with your consent, opt-out anytime)

4. Legal Basis (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contractual Necessity: Processing is necessary to fulfill our contract with you (booking service)
  • Legal Obligation: Required by law (tax records, accounting - 7 year retention)
  • Legitimate Interest: Fraud prevention, service improvement
  • Consent: Marketing emails, analytics cookies (you can withdraw anytime)

5. Data Sharing and Disclosure

We share your information only with trusted partners:

  • QuickPay: Payment processing (PCI DSS compliant)
  • Mailgun: Email delivery (booking confirmations, tickets)
  • Microsoft Azure: Cloud hosting and data storage
  • Legal Authorities: When required by law or to protect our rights

We never sell your personal data to third parties.

6. Data Retention

  • Confirmed Bookings: Retained for 7 years (tax/accounting requirements)
  • Cancelled Bookings: Anonymized after 1 year (personal data removed)
  • Payment Data: Stored by QuickPay (not on our servers)
  • Analytics Cookies: 2 years (if consented)

7. Your Privacy Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion (subject to legal retention requirements)
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Opt-out of marketing emails or analytics anytime
  • Lodge a Complaint: Contact the Faroese Data Protection Authority

To exercise your rights, contact us at privacy@mykines.fo.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest (AES-256)
  • Secure authentication with bcrypt password hashing (admin users)
  • Regular security audits and updates
  • Access controls and audit logging
  • PCI DSS compliant payment processing (QuickPay)

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. International Transfers

Your data is primarily stored in the European Economic Area (EEA) on Microsoft Azure servers. Some service providers (e.g., Mailgun) may process data outside the EEA with appropriate safeguards (Standard Contractual Clauses).

10. Children's Privacy

Our Service does not knowingly collect personal information directly from children under 16. Bookings for children must be made by a parent or legal guardian. If you believe we have inadvertently collected data from a child, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or a prominent notice on our website. The "Last Updated" date at the top indicates the latest revision.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Mykines sp/f

Email: privacy@mykines.fo

Support: info@mykines.fo

Website: www.mykines.fo