If you are unsure of how this policy concerns you, please contact the Privacy Supervisor for more information. The Supervisor's contact information is stated near the end of this Policy.
1. Purpose and legal obligation
LOGOS seeks to comply fully with privacy legislation and this Policy is based on the current Privacy Act, as well as on the General Data Protection Regulation (EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), as it is intended to be transposed into Icelandic law.
2. What are personal data?
Personal data within the meaning of this Policy are any data about a personally identified or a personally identifiable person; i.e., data that can be directly or indirectly attributed to a particular individual. Data that are not personally identifiable do not constitute personal data.
3. Personal data on Customers that LOGOS processes
We collect and store various personal information about our Customers. Different types of personal data may be collected about you depending on whether you are in business with the Company yourself or whether you represent a legal entity in business with the Company.
The following are examples of data that LOGOS processes on individuals in business with the Company:
- contact information, such as name, address or place of stay if different, phone number and email address;
- identification number;
- information on place of stay and domicile;
- creditworthiness information;
- information from communication;
- bank account information, including information on VAT number and special wishes relating to billing;
The following are examples of data that LOGOS processes on individuals representing legal entities in business with the Company:
- contact information, such as name, phone number and email address;
- communication history.
The following are examples of data that LOGOS processes on other contacts representing legal entities in business with the Company:
- contact information, such as name and email address;
- information from communication.
The following are examples of data that LOGOS processes on individuals who contact the Company:
- contact information, such as name and email address; and
- information from communication.
In addition to the above data, LOGOS may also collect and process other data with which Customers or representatives/contacts of Customers provide the Company themselves as well as data that the Company processes for its activities, including its main activities, which is legal services. The data are processed primarily in order to be able to fulfil formal and informal service agreements with the Company's Customers and to perform any other duties resulting from our service to Customers, but the processing also occurs on the basis of our legitimate interests of ensuring that the Company's Customers receive good service. Also, data may be processed on the basis of a legal obligation and independent of services the Company has undertaken to provide to its Customers, e.g. regarding rules on money laundering or accounting laws.
As a rule, LOGOS procures personal data directly from its Customer or his/her contact. However, data may also come from third parties, such as Credit Info, the government, courts, service providers to Customers, counterparties, and other lawyers. Personal data may also be collected online, from various websites, social media and databases. If personal data are procured from a third party in other instances, the Company will endeavour to notify its Customers.
Data on Customers and representatives/contacts of Customers processed for the initiation of business are stored for 4 years from the end of business or from the end of the business relationship if a long-term business relationship was involved. In the case of data covered by the Accounting Act, they are stored for 7 years from the end of the relevant fiscal year. As a rule, data concerning the Company's actual legal services will be stored for longer, as their processing may prove necessary for establishing, maintaining or defending legal claims. In that case, the retention period is subject to rules on the expiration of claims that may generally take a maximum of 14 years. However, the data may be deleted earlier for operational efficiency.
4. Sharing with third parties
LOGOS may share your personal data with third parties, such as in connection with their contractual relationship with the Company, or for legal services to you or to the company whose contact you are. For example, data about you may be shared with a debt collector for the collection of debts or to other third parties, such as an external adviser or contractor, in connection with counsel given to you or the protection of your interests.
Your personal data may also be delivered to a third party to the extent permitted or required on the basis of applicable laws or rules, such as to the government, the courts, the counterparty in a dispute, witnesses, partners of Customers or other interested parties.
Also, personal data might be shared with third parties who supply us with information technology services and other services related to processing and which form part of the Company's activities.
These entities may be located outside of Iceland. However, LOGOS will not transfer personal data outside of the European Economic Area unless permitted by applicable privacy legislation, such as based on standardized contractual terms, your consent or a notice issued by The Data Protection Authority (Persónuvernd) listing states granting personal data adequate protection.
Finally, personal data on you may be delivered to the extent permitted or required on the basis of applicable laws or rules or to respond to legal measures such as house searches, subpoenas or a court order.
5. How is the security of personal data ensured?
LOGOS seeks to take appropriate technical and organizational measures to protect personal data with particular regard to their nature. These measures are intended to protect personal data against being lost or changed by accident and against unauthorized access, copying, use or dissemination. Examples of security measures taken by LOGOS are access controls to the Company's systems.
6. Changes and corrections to personal data
It is important that the personal data processed by LOGOS are both accurate and pertinent. Therefore, it is important that the Company be notified of any changes that may occur to your personal data.
You have the right to have unreliable personal data about you corrected. Taking into account the purpose of processing your personal data, you also have the right to have incomplete personal data about you completed, including by submitting additional information.
Please direct all updates to the Privacy Supervisor, cf. Article 9 of this Policy.
7. Your rights regarding the personal data processed by the Company
You have the right to obtain confirmation whether we process personal data about you or not, and if so, you may request access to the data and how it is processed. You may also be entitled to obtaining a copy of the information. In certain circumstances, you may request from the Company that we send data with which you have provided us yourself or that originates with you, directly to a third party.
Under certain circumstances, you may request that your personal data be deleted without delay, e.g. where retention of the data is no longer necessary in light of the purpose of the processing or because you have withdrawn your consent for the processing of the personal data and the processing is not based on any other authorization. If the processing is based on consent, you may at any time withdraw your consent.
If you do not want to have your data deleted, e.g., because you need them for your defence against a claim, but you nevertheless do not want them to be processed further by the company, you may request their processing to be limited.
If the processing of your personal data is based on legitimate interests of the Company, you also have the right to object to such processing.
Your above rights are not absolute. Thus, laws may obligate the Company to reject a request for deletion or access to data. In addition, the Company may reject your request in consequence of the Company's rights, such as on the basis of intellectual property rights or the rights of other parties, such as to privacy, if the Company considers these rights to prevail.
In case of a situation where the Company cannot meet your request, the Company will seek to explain why the request was rejected, albeit with regard to limitations on the basis of legal obligation.
8. Inquiries and complaints to The Data Protection Authority
If you disagree with the Company's processing of personal data, you may submit a communication to The Data Protection Authority (www.personuvernd.is).
9. Contact information
Þórólfur Jónsson, firstname.lastname@example.org, +354 540 0300
The Company's contact information:
Any changes that may be made to this Policy will take effect after the updated version has been published on the Company's website.