This Policy was last reviewed June 2022.

ITsecurity ehf. (kt. 500517-2630), Hlíðarvegur 55, 200 Kópavogur (hereafter also referred to as SecureIT or the company) is a security consulting company that offers a variety of managed and unmanaged information security services. Our Privacy Policy aims to inform those who are in contact with the company, our clients and those who act on behalf of our clients, of the following:
  • Personal data processing,
  • who has access to the personal data,
  • what the data is used for,
  • how the security of the personal data is guaranteed. 

Our Privacy Policy covers all traceable personal data, that is data on clients, prospective clients, those in any business relation with the company and any others with possible relations with the company and/or their associates.

If you have questions on how or if this policy affects you personally you are encouraged to contact us for further information at lets[at]

To review the Cookie Policy click here

What is personal information?

For the purpose of this Privacy Policy, personal information is defined as any information that can be traced directly or indirectly to a person. SecureIT primarily processes personal information for necessary communications and operations. We only process personal data that you give us.



Why do we need personal information?

SecureIT needs personal information to be able to fulfill its tasks. The company primarily processes personal data for necessary communications and operations. The data we collect is only processed while necessary such as if required for the legal interests of the company, e.g. to fulfill financial obligations such as send invoices etc. The processing of personal information relies upon consent given by you.


Your personal information is only kept and saved under the following circumstances:

  • while a business relation is in place between you and the company;
  • with your consent, and you are always authorized to withdraw consent;
  • after your business relations ends with the company we keep the information for 12 months or until SecureIT is obligated to erase the data in accordance with Icelandic legislation.

We are obligated to keep some data for a certain amount of time, such as accounting data which must be stored for seven years according to Icelandic legislation.



Who can access your personal information?

In most cases SecureIT is the only entity that can access the data. Staff members at SecureIT will in general have access to data in order to communicate with clients. Access to personal information is restricted within the company and we have regulated the access as well as the processing of personal information to adhere to strict legal standards.

SecureIT does not distribute or communicate personal information to a third party unless there is consent for sharing, an obligation or a legal warrant to do so, e.g. in the cases of public authorities making legitimate claims on information.

Personal information might also be shared with a third party that services the company in the field of information technology as well as other services involving processing data that is a part of the management of SecureIT. Those parties might in some cases be situated outside of Icelandic borders. SecureIT will nevertheless not share data outside the European Economic Area (EEA), excluding cases where such permission is in place on grounds of appropriate legislation of Data Protection as well as protection of the person. Namely, when there are standard terms of agreements; your consent; or when the Icelandic Data Protection Authorities has confirmed that the state in question has satisfactory Personal Data Protection according to GDPR.



How we ensure the safety of personal information

SecureIT has appropriate arrangements in place in the field of technology and organization to properly protect personal information in regards to the nature of collected data. These arrangements will protect personal information from being lost or accidentally changed, as well as protect against unauthorized access, sharing, processing and copying of information.

Access to our systems and software is restricted. Staff members that have access to personal information controlled by SecureIT sign a confidential agreement defining their access, responsibility and obligations.



Your rights and interests

Individuals are in charge of their own personal information.

Each person has various rights regarding their personal information in accordance with data protection laws. Rights that you would want to exercise with this Privacy Policy might be; right to change your personal information, the right to know what information we have and how we are processing it and the right to a copy of the personal information we have about you as well as to have your personal information erased if it is no longer being processed for their original intent.

There may be restrictions to an individual’s rights according to data protection laws. Those restrictions may occur when other laws require SecureIT to deny a request to access or erase data. There may also be other interests prohibiting access or erasure of data, for example on the basis of intellectual property law or to not infringe the rights of others. Under those circumstances SecureIT will explain the reasons for having to deny the request.

If any questions arise, or if you have a request regarding your rights, you can send an inquiry to SecureIT at: lets[at]

The Icelandic Data Protection Authority ( handles complaints from people that believe a mishandling or a breach of their personal information has occurred. You can contact the Data Protection Authority at: postur[at]



Changes and reviews to this Privacy Policy

We may modify or amend this Privacy Policy from time to time at our discretion. When we make changes to this Policy, we will amend the revision date at the top of this page, and such modified or amended Privacy Policy shall be effective as to you and your information as of that revision date.

We encourage you to periodically review this Privacy Policy to be informed about how we are ensuring the protection of personally identifiable information.

This policy might change to fit any change of the Data Protection Law or other Personal Data Acts. It might also change if SecureIT changes processing procedures of personal information.

All rights reserved SecureIT© 2021