- Personal data processing,
- who has access to the personal data,
- what the data is used for,
- how the security of the personal data is guaranteed.
If you have questions on how or if this policy affects you personally you are encouraged to contact us for further information at lets[at]secureit.is.
What is personal information?
Why do we need personal information?
SecureIT needs personal information to be able to fulfill its tasks. The company primarily processes personal data for necessary communications and operations. The data we collect is only processed while necessary such as if required for the legal interests of the company, e.g. to fulfill financial obligations such as send invoices etc. The processing of personal information relies upon consent given by you.
Your personal information is only kept and saved under the following circumstances:
- while a business relation is in place between you and the company;
- with your consent, and you are always authorized to withdraw consent;
- after your business relations ends with the company we keep the information for 12 months or until SecureIT is obligated to erase the data in accordance with Icelandic legislation.
We are obligated to keep some data for a certain amount of time, such as accounting data which must be stored for seven years according to Icelandic legislation.
Who can access your personal information?
In most cases SecureIT is the only entity that can access the data. Staff members at SecureIT will in general have access to data in order to communicate with clients. Access to personal information is restricted within the company and we have regulated the access as well as the processing of personal information to adhere to strict legal standards.
SecureIT does not distribute or communicate personal information to a third party unless there is consent for sharing, an obligation or a legal warrant to do so, e.g. in the cases of public authorities making legitimate claims on information.
Personal information might also be shared with a third party that services the company in the field of information technology as well as other services involving processing data that is a part of the management of SecureIT. Those parties might in some cases be situated outside of Icelandic borders. SecureIT will nevertheless not share data outside the European Economic Area (EEA), excluding cases where such permission is in place on grounds of appropriate legislation of Data Protection as well as protection of the person. Namely, when there are standard terms of agreements; your consent; or when the Icelandic Data Protection Authorities has confirmed that the state in question has satisfactory Personal Data Protection according to GDPR.
How we ensure the safety of personal information
SecureIT has appropriate arrangements in place in the field of technology and organization to properly protect personal information in regards to the nature of collected data. These arrangements will protect personal information from being lost or accidentally changed, as well as protect against unauthorized access, sharing, processing and copying of information.
Access to our systems and software is restricted. Staff members that have access to personal information controlled by SecureIT sign a confidential agreement defining their access, responsibility and obligations.
Your rights and interests
Individuals are in charge of their own personal information.
There may be restrictions to an individual’s rights according to data protection laws. Those restrictions may occur when other laws require SecureIT to deny a request to access or erase data. There may also be other interests prohibiting access or erasure of data, for example on the basis of intellectual property law or to not infringe the rights of others. Under those circumstances SecureIT will explain the reasons for having to deny the request.
If any questions arise, or if you have a request regarding your rights, you can send an inquiry to SecureIT at: lets[at]SecureIT.is.
The Icelandic Data Protection Authority (personuvernd.is) handles complaints from people that believe a mishandling or a breach of their personal information has occurred. You can contact the Data Protection Authority at: postur[at]personuvernd.is.
This policy might change to fit any change of the Data Protection Law or other Personal Data Acts. It might also change if SecureIT changes processing procedures of personal information.
All rights reserved SecureIT© 2021