SecureIT logo

Privacy Policy

Download PDF

Privacy Policy

Effective Date: 09.02.2026

1. Introduction

SecureIT ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website secureit.is (the "Website").

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and Icelandic data protection laws, Act no. 90/2018 Lög um persónuvernd og vinnslu persónuupplýsinga).

This policy describes how we handle your data. Where applicable, we process your data based on your consent, our legitimate interests, or contractual necessity.

2. Who We Are

Data Controller: SecureIT (ITSecurity ehf.)

Registered Office: Hlíðarvegur 55, 200 Kópavogur, Iceland

Company Registration Number: 500517-2630

Email: legal@secureit.is

Phone: +354 888 4268

SecureIT (ITSecurity ehf.) is an Icelandic company and the data controller responsible for your personal data collected through the Website.

3. Data We Collect

3.1 Information You Provide Directly

We may collect personal data that you voluntarily provide when you:

  • Fill out contact forms
  • Subscribe to our newsletter
  • Request information about our services
  • Create an account (if applicable)
  • Communicate with us via email or phone

This data may include:

  • Name
  • Email address
  • Phone number
  • Company name
  • Job title
  • Message content
  • Any other information you choose to provide

3.2 Automatically Collected Information

When you visit our Website, we automatically collect certain technical data:

Via Google Analytics:

  • IP address (anonymized)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Referring website
  • Geographic location (country/city level)
  • Date and time of visit

Via HubSpot:

  • Website interaction data
  • Form submissions
  • Email engagement (opens, clicks)
  • Cookie identifiers
  • Session recordings (if enabled)

3.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

4. How We Use Your Data

4.1 Legal Bases for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent (e.g., newsletter subscription)
  • Legitimate Interests: To operate and improve our Website, analyze usage, and protect against fraud
  • Contractual Necessity: To provide services you've requested
  • Legal Obligation: To comply with applicable laws

4.2 Purposes of Processing

We use your personal data for the following purposes:

Service Delivery:

  • Responding to your inquiries and requests
  • Providing information about our services
  • Processing your orders or service requests
  • Managing customer relationships

Marketing Communications:

  • Sending newsletters and promotional materials (with your consent)
  • Informing you about our products, services, and events
  • Conducting market research and surveys

Website Improvement:

  • Analyzing Website usage and performance
  • Improving user experience and functionality
  • Troubleshooting technical issues
  • Ensuring Website security

Legal and Security:

  • Complying with legal obligations
  • Protecting against fraud and abuse
  • Enforcing our Terms of Use
  • Defending legal claims

5. Third-Party Services

5.1 Google Analytics

We use Google Analytics to analyze Website traffic and user behavior. Google Analytics collects data via cookies and processes it on Google's servers.

Data Collected: Anonymized IP addresses, browsing behavior, device information

Purpose: Website analytics and performance optimization

Data Location: May be transferred to Google servers in the United States

Privacy Policy: https://policies.google.com/privacy

Opt-Out: You can install the Google Analytics Opt-Out Browser Add-on

5.2 HubSpot

We use HubSpot for customer relationship management, marketing automation, and analytics.

Data Collected: Contact information, website behavior, email engagement

Purpose: Marketing, sales, and customer service

Data Location: HubSpot servers (primarily in the United States)

Privacy Policy: https://legal.hubspot.com/privacy-policy

5.3 Data Transfer Safeguards

When data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Other legally approved transfer mechanisms

Our major third-party service providers (Google, HubSpot) are certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of protection for data transfers to the US.

6. Cookies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Website. They help us recognize you and remember your preferences.

6.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Essential for Website functionality
  • Cannot be disabled

Analytics Cookies:

  • Google Analytics cookies for usage analysis
  • Help us understand how visitors use the Website

Marketing Cookies:

  • HubSpot cookies for tracking marketing effectiveness
  • Used to deliver relevant advertising

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect Website functionality.

Browser Settings:

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Options > Privacy & Security
  • Safari: Preferences > Privacy
  • Edge: Settings > Privacy, search, and services

Opt-Out Tools:

For more detailed information, see our Cookie Policy.

7. Marketing Communications

7.1 Consent

We only send marketing communications if you have:

  • Explicitly opted in (e.g., newsletter subscription)
  • Provided consent during account creation
  • Engaged with us as an existing customer (where permitted by law)

7.2 Opt-Out of Marketing

You can unsubscribe from marketing communications at any time:

Email: Click the "Unsubscribe" link in any marketing email

Contact Us: Email legal@secureit.is with your opt-out request

Account Settings: Manage preferences in your account (if applicable)

Important: Opting out of marketing does not affect:

  • Transactional emails (order confirmations, service updates)
  • Communications necessary for service delivery
  • Legal or security notifications

7.3 Processing Time

We will process opt-out requests within 5 business days.

8. Data Retention and Deletion

8.1 Retention Periods

We retain personal data only for as long as necessary:

Contact Form Inquiries: 2 years from last contact

Newsletter Subscribers: Until you unsubscribe, then 30 days

Customer Accounts: Duration of relationship plus 5 years

Analytics Data: 2 months for event data. 14 months for user data.

Legal Requirements: As required by Icelandic law

8.2 Deletion

After retention periods expire, we will:

  • Securely delete or anonymize your personal data
  • Remove data from active systems and backups
  • Ensure data cannot be reconstructed

8.3 Exceptions

We may retain data longer if:

  • Required by law or regulation
  • Necessary for legal claims or disputes
  • You have provided explicit consent for longer retention

9. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

9.1 Right of Access

You can request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

9.4 Right to Restrict Processing

You can request that we limit how we use your data.

9.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9.8 Right to Lodge a Complaint

You can file a complaint with the Icelandic Data Protection Authority (Persónuvernd):

10. How to Exercise Your Rights

To exercise any of your rights, please contact us:

Email: legal@secureit.is

Subject Line: "Data Protection Request"

Include:

  • Your full name
  • Email address or account information
  • Description of your request
  • Proof of identity (if required)

Response Time: We will respond within 30 days of receiving your request.

Verification: We may request additional information to verify your identity before processing certain requests.

Free of Charge: Exercising your rights is generally free. We may charge a reasonable fee for manifestly unfounded or excessive requests.

11. Data Security

11.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (SSL/TLS)
  • Secure server infrastructure
  • Access controls and authentication
  • Regular security audits and updates
  • Employee training on data protection
  • Incident response procedures

11.2 Limitations

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11.3 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

  • Notify the Icelandic Data Protection Authority within 72 hours, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
  • Inform affected individuals without undue delay if there is high risk to their rights and freedoms.
  • Provide information about the breach and remedial actions

12. Children's Privacy

Our Website is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New legal requirements
  • Improvements to our services

Notification: We will notify you of material changes by:

  • Posting the updated policy on our Website
  • Indicating the "Last Updated" date
  • Sending email notification (for significant changes)

Your Responsibility: Please review this Privacy Policy periodically.

14. International Data Transfers

As an Icelandic company within the EEA, we primarily process data within the EEA. However, our major third-party service providers (Google, HubSpot) are certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of protection for data transfers to the US.

15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

16. Contact Us and Concerns

16.1 General Inquiries

If you have questions about this Privacy Policy or our data practices:

SecureIT (ITSecurity ehf.)

Hlíðarvegur 55

200 Kópavogur

Iceland

Email: legal@secureit.is

Phone: +354 888 4268

Website: https://www.secureit.is

16.2 Data Protection Officer

DPO Email: legal@secureit.is

DPO Phone: +354 888 4268

16.2 Concerns and Complaints

If you have concerns about how we handle your personal data:

  1. Contact us first using the details above
  2. We will investigate and respond within 30 days
  3. If unsatisfied, you may lodge a complaint with the Icelandic Data Protection Authority (details in Section 9.8)

Last Updated: 09.02.2026

Previous Versions: [Link to archived versions if applicable]