Purpose and legal obligation
The Company seeks to comply with all applicable privacy legislation and this Policy is based on the Act on Data Protection and the Processing of Personal Data no. 90/2018 (the “Data Protection Act”).
What is personal data?
Personal data within the meaning of this Policy is any data about a personally identified or a personally identifiable person, i.e. data that can be directly or indirectly attributed to a particular individual. Data which is not personally identifiable does not constitute personal data.
Customers’ Personal Data processed by the Company
We collect and store various personal data about our Customers. Different types of personal data may be collected about you depending on whether you are in business with the Company yourself or whether you represent a legal entity in business with the Company.
When our Customer is an individual, Snerpa Power collects the following data on the Customer:
- contact information, such as name, address or place of stay, phone number and email address;
- identification number;
- information from our communication with the Customer;
When a Customer is a legal entity, Snerpa Power collects specific information regarding the representatives of such parties, in particular:
- contact information, such as name, phone number and email address; and
- communication history.
The Company may also obtain information regarding politically exposed persons within the meaning of the Act on Measures against Money Laundering and Terrorist Financing No. 140/2018 (“Money Laundering Act”). Politically exposed persons are natural persons, domestic or foreign, who have been entrusted with prominent public functions, together with their immediate family and close associates.
In addition to the above data, the Company may also collect and process other data with which Customers or representatives/contacts of Customers provide the Company themselves, as well as data that the Company processes for its activities, including its main activities. The data is processed primarily in order to be able to fulfill service agreements with our Customers and to perform any other duties resulting from our service to Customers.
As a rule, the Company receives personal data directly from its Customers or Customers’ representatives, however, data may also come from third parties.
Data on Customers and representatives/contacts of Customers processed for the purpose of initiating business are stored for 4 years from the end of a business transaction or, in case of a long-term business relationship, from the end of the business relationship. Data covered by the Accounting Act are stored for 7 years from the end of the relevant fiscal year.
Personal data of individuals who contact the Company and visit our website
When individuals contact our office, the Company generally processes the individual’s contact data and communication history with the Company.
When individuals visit the Company’s website, we may process specified data which is collected via cookies. The Company only uses necessary cookies, based on the Company’s legitimate interests. Non personally identifiable data is also collected on the website‘s traffic.
Sharing with third parties
Your personal data may be transferred to a third party to the extent permitted or required based on applicable laws or rules. Also, your personal data may be transferred to a third party to respond to legal measures such as house searches, subpoenas or a court order. Transfer may also be necessary in the event of an emergency or to ensure the safety of Snerpa Power’s employees or third parties.
Furthermore, your personal information may be shared with third parties that provide the Company with IT services.
These entities may be located outside of Iceland. However, Snerpa Power will not transfer personal data outside of the European Economic Area unless permitted by applicable privacy legislation, such as based on standard contractual clauses, your consent or a notice issued by the Icelandic Data Protection Authority (Persónuvernd) listing countries which ensure an adequate level of data protection.
How is the security of personal data ensured?
The Company seeks to take appropriate technical and organizational measures to protect personal data with particular regard to their nature. These measures are intended to protect personal data against being lost or changed by accident and against unauthorized access, copying, use or dissemination. The Company’s data security measures are further set out in its data security policy.
Changes and corrections to personal data
It is important that the personal data processed by the Company is both accurate and appropriate. Therefore, it is important that the Company is notified of any changes that may occur to your personal data. You have the right to have unreliable personal data about you corrected. Taking into account the purpose of the processing of your personal data, you also have the right to have incomplete personal data about you completed, including by submitting additional information.
Your rights regarding the personal data processed by the Company
You have the right to obtain confirmation whether we process personal data about you or not, and if so, you may request access to the data and information on how it is processed. You may also be entitled to obtain a copy of the data. In certain circumstances, you may request from the Company that we send data which you have provided us yourself or that originates with you, directly to a third party.
Under certain circumstances, you may request that your personal data be deleted without delay, e.g. where retention of the data is no longer necessary in light of the purpose of the processing or because you have withdrawn your consent for the processing of the personal data and the processing is not based on any other legal basis.
If the processing is based on your consent, you may at any time withdraw such consent.If the processing of your personal data is based on legitimate interests of the Company, you also have the right to object to such processing.
Your aforementioned rights are not absolute. Thus, laws may obligate the Company to reject a request for erasure or access to data. In addition, the Company may reject your request in consequence of the Company's rights, such as based on intellectual property rights or the rights of third parties, such as to privacy, if the Company considers these rights to prevail. In the event where we cannot meet your request, the Company will seek to explain why the request was rejected, taking into consideration legal restrictions which may apply.
Inquiries and complaints to the Data Protection Authority
If you wish to exercise the rights described in Article 7-8 of this Policy, or if you have any questions regarding this Privacy Policy or how the Company processes your personal data, please contact the Privacy Supervisor, cf. Article 10 of this Policy.
If you disagree with the Company's processing of personal data, you may submit a communication to the Data Protection Authority (www.personuvernd.is).
Contact information
We have appointed a Supervisor to monitor compliance with this Privacy Policy.
Should you require further information concerning this Privacy Policy or any other information, it should refer to the Supervisor by e-mail:
The Company's contact information:
Snerpa Power ehf. - Supervisor of Privacy Policy Borgartúni 27,
105 Reykjavík
Iceland
email:
[email protected]
Revision
Snerpa Power may from time to time change this privacy policy in accordance with changes to applicable laws or regulations or as a result of changes in the way the Company processes personal data.Any changes that may be made to this Policy will take effect after the updated version has been published on the Company's website.