Privacy policy
How we collect, use and protect personal data — including children's data.
⚠️ Draft structure — the legal text below is marked TODO and must be completed and reviewed by a qualified person before launch. This is not legal advice.
1. Introduction
TODO: who we are (the data controller), the scope of this policy, and how to reach our data contact.
2. What we collect
TODO: list the personal data collected at registration — including children's data (name, year of birth) and parent/guardian contact details — and any data collected via the website.
3. Why we collect it
TODO: the purposes — processing registrations, running courses, contacting parents, and (separately consented) showcase photos/video.
4. Legal basis
TODO: the GDPR legal basis for each purpose (contract, consent, legitimate interest), and that photo/media use relies on separate, optional consent.
5. Who processes your data
TODO: list third-party processors. Note: the sign-up form currently posts to Formspree (a US processor) — confirm the appropriate safeguards (DPA / EU-hosted handler) before launch.
6. How long we keep it
TODO: retention periods for registration data, financial records, and media; and how data is deleted.
7. Your rights
TODO: rights of access, rectification, erasure, restriction, portability and objection, and how to exercise them; right to complain to Persónuvernd (the Icelandic Data Protection Authority).
8. Photo & media consent
TODO: how showcase photo/video consent works — optional, separate from registration, and withdrawable at any time.
9. Cookies
TODO: what cookies/local storage the site uses (e.g. cookie-consent and announcement-dismissed flags) and how to manage them.
10. Contact
TODO: how to contact us about privacy. For now, reach us through the contact page.