top of page

Privacy Policy

ESJA Legal ehf., ID. 470909-2180, operator of the website Valdimarsson.is (hereinafter referred to as the “company” or “the company” or “we” or “our”) places great emphasis on the security and legal use of personal data processed by us in its operations. This privacy policy is based on the Act on the Protection of Personal Data and the Processing of Personal Data No. 90/2018. For definitions of individual words, please refer to Article 3 of that Act. Personal data is any information about an identified or identifiable individual, i.e. information that can be directly or indirectly traced to an individual. All processing of personal data by the company is carried out in accordance with the Act on the Protection of Personal Data No. 90/2018 and the General Data Protection Regulation (EU) 2016/679.

Processing of personal data classified as health data differs in many ways from other types of processing of personal data, including in terms of the interests of the data subjects. For this reason, there are many special provisions on such processing in the data protection laws that take into account the special nature of the processing. The company's privacy policy takes this special situation into account. It describes what personal data the company collects and processes, why, how long the information can be expected to be stored, and how its security is ensured.

The main content of this privacy policy is fourfold:

 

  1. We only use the personal information we process based on the authorization we have been granted, based on a mandate or law. The information is only used to ensure the services we offer our clients.

  2. The personal information that is or becomes accessible in our work must be stored in a secure manner and careful care must be taken to ensure that it does not fall into the hands or be seen by unauthorized persons.

  3. The information entrusted to us by authority or law is not shared with others except on the basis of a clear authorization to do so, a legal order, or a final court order.

  4. The information used in our work is permanently deleted as soon as permitted or required by law.

For a more detailed explanation of our privacy policy, please refer to the information below:

 

  1. The company's purpose and authorization for processing personal data is found in Articles 5 and 6 of the Act. If information is obtained from others than the individuals concerned themselves, it is done in accordance with legal authorizations. The company uses personal data about customers only for the purposes that customers were informed about when they were collected. If the company considers it necessary to use the information for other and unrelated purposes, customers will be informed about this and on what legal basis the company considers such use permissible.

  2. In the course of the company's operations, various personal data are collected and retained for a longer or shorter period of time, concerning our customers, to the extent necessary to ensure good service and in direct legitimate connection with the service that the customer has requested. Data is never retained if necessary or required by law. The data in question can be both personal data and sensitive personal data, including health data, which according to law must be processed with special care. The company is also subject to legal obligations that generally apply to all Icelandic operators that process certain personally identifiable data, for example for personnel management and provisions of accounting and tax laws.

  3. The information we collect is intended to ensure that the activities carried out by the company meet the requirements of the law and to safeguard the interests of the company itself, should any disputes of any kind arise at a later stage. Among the information collected about both individuals and legal entities are:

    1. Financial information related to the individual/legal entity in question;

    2. Information on the type of legal entity, name of the individual/legal entity, gender of the individual, telephone number and main contacts;

    3. Information about the activities of a legal entity/individual, the individual's job and education.

    4. Information about an individual's health and family situation.

  4. It is guaranteed that no processing of personal data takes place at the company, unless it is based on one of the sources required by law, on the basis of a mandate or agreement between the parties or to ensure our interests or those of third parties that are legitimate. The information we collect may be obtained from the customer himself or a third party that has a direct connection to you, such as an employer. Personal data may also be shared with us by holders of judicial or executive authority. The same working principles apply to the handling of all personal data, regardless of how it is obtained.

 

 

5. In cases where personal information is shared with third parties, this is done solely on the basis of consent, authorization, contract or legal obligation.

 

6. The company strives to take appropriate technical and organizational measures to protect personal data, taking into account its nature. These measures are intended to protect personal data against accidental loss or alteration and against unauthorized access, copying, use or disclosure. Examples of security measures taken by the company include that the company's data storage is access-controlled, encrypted and tracked.

 

7. General customer information is retained for 1 year from the end of the transaction, except in the case of information covered by special laws or regulations. In the case of information covered by accounting laws, it is retained for 7 years from the end of the relevant financial year.

 

8. An individual has the right to receive information about what personal data is processed about him within the limits and with the restrictions specified by the Privacy Act, in addition to which the Privacy Act grants data subjects a variety of rights concerning the processing of personal data about them. Customers who have given informed consent also have the right to withdraw their consent at any time and without specific explanation, in which case their personal data will be deleted, except for those that are required to be retained by law. An individual also has the right to file a complaint with the Icelandic Data Protection Authority if they believe that the provisions of the Privacy Act on the processing of personal data have not been complied with. Further information can be found on the Icelandic Data Protection Authority website, personuvernd.is

 

 

 

9. Individuals who request information about the processing of personal data about them on the basis of Act No. 90/2018, have the option of contacting the company's office, Hlíðarfót 15, ground floor, 102 Reykjavík. Forms for requesting information about the processing can be obtained there. The individual in question is required to show valid photo identification when submitting a request for information, to ensure secure identification. Requests for information about the processing of personal data are not accepted by telephone or email, as such means of communication do not meet privacy requirements. Individuals are encouraged to never send sensitive personal information about themselves by email.

10. The Company may amend and supplement this Privacy Policy at any time, and such amendments shall take effect without notice. Such amendments may, for example, be made to bring the Privacy Policy into line with applicable laws and regulations relating to privacy at any time.

 

11. The mailbox of the coordinator of this privacy policy, Ómar R. Valdimarsson, Attorney at Law, is omar@valdimarsson.is, tel. 517-3100.

This Privacy Policy was established on July 15, 2018 and last updated on October 14, 2022.

 

Cookie Policy

 

Personal information processed by the company

 

On the website valdimarsson.is, the company primarily processes personal information that customers provide themselves, such as name, email address and message when sending messages from the website. In addition, the website collects non-personally identifiable data through Google Analytics.

 

Use of cookies

 

When you use valdimarsson.is, information about your visit is generated. The company does not share this information with third parties. We use cookies on the website to track visits and to store user preferences, such as language settings.

 

If website users do not want cookies to be saved, it is simple to change the browser settings to reject them.

 

Google Analytics is used for web analytics on the website. Google Analytics collects information about each visit to the website, for example, the date and time of the visit, how the user accesses the website, which browser and what device they are using. It also checks whether keywords are used. This data gives us insight into how we can adapt and improve the website based on user needs.

 

Cookies that are stored and their lifespan

 

  • _ga_ H4ZY2FM62Y - Google Analytics cookie - lifetime: 2 years

  • _ga - Google Analytics cookie - lifetime: 2 years

  • _gid - Google Analytics cookie - lifetime: 1 day

  • _gat_gtag_ UA_191218151_1 - Google Analytics cookie - lifetime: 1 minute

  • _fbp - Facebook cookie - lifetime: 3 months

SSL certificate

 

The website uses SSL certificates so that all communications sent between the user and the website are encrypted, which increases the security of data transmission. The purpose of SSL certificates is to prevent outside parties from obtaining sensitive data such as passwords or personal information.

bottom of page