Privacy Policy
This Privacy Policy is based on the current Icelandic Privacy Act no. 90/2018, as well as on the General Data Protection Regulation no. 2016/679 from 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as ,,GDPR’’.
1. Information about us
BBA Fjeldco ehf., Katrínartúni 2, 105 Reykjavík, reg. no.6108190950 (also referred to as BBA//Fjeldco and ‘’we’’’) is the controller of any personal information that we process in connection to the legal services we provided to our clients.
The aim of this Privacy Policy is to provide our clients with information about the purpose and legal basis for the processing of personal data and inform clients about their rights in relation to such processing. If you have any further questions or observations to this Privacy Policy please refer to the Supervisor of this Privacy Policy by mail or email. The Supervisor will respond to your inquiry as soon as possible in writing.
BBA Fjeldco ehf.
Katrínartún 2
105 Reykjavík
c/o Sara Rut Sigurjónsdóttir
email: [email protected]
2. Types of personal information we collect
Personal information means any information that can be used to directly or indirectly to identify a specific individual.
BBA//Fjeldco collects and processes certain personal information for the purposes of providing legal services to clients. Depending on whether you are a client of BBA//Fjeldco or whether you are representing a legal person that is a client of BBA//Fjeldco.
The following are examples of personal data that BBA//Fjeldco processes of individuals that are clients of BBA//Fjeldco:
- identification information of the individual that is a client, such as name/that is, identification number and domicile;
- communication information, such as a telephone number, email and communication with a client;
- financial information;
- personal identification, such as a copy of a passport or drivers licence; and
- other personal information that an individual provides us with in connection to legal services.
The following are examples of information about individuals that represent a client who is a legal person or an individual that is in another way a contact for a client:
- contact information, such as the name of the employee, the name of the legal person that the employee works for and title; and
- communication information, such as telephone number, email and communication with an employee.
It shall be noted that providing personal data is always optional for a client. If certain information is not provided it may affect BBA//Fjeldco's ability to provide legal advice.
In general BBA//Fjeldco collects personal information directly from a client or a representative of a client. In some instances, the information may be provided by third parties, such as the National Register of Iceland, Property Register of Iceland, CreditInfo, Keldan, the Directorate of Internal Revenue, banks or other financial companies, District Courts, District Commissioner and public authorities.
BBA//Fjeldco may in some cases collect data through website visits to the Company’s website, www.bbafjeldco.is, including information regarding the location of the individual that opens the website, the type of browser that is used and general information regarding traffic on the website.
3. Legal bases for collection
The processing of personal data that BBA//Fjeldco holds depends on the purpose of the collection of personal data. For example, BBA//Fjeldco processes personal data of a client to:
- fulfil our contractual obligations of providing legal services;
- ensure the interests of our client or other obligations in connection to the legal services we provide;
- fulfil legal obligations;
- safeguard the legitimate interests of BBA//Fjeldco, particularly in relation to asset and security management and marketing, such as debt collection, managing the clients, marketing etc.
If a client has provided its consent to BBA//Fjeldco for the processing of personal data for a specific purpose then consent is the legal basis for processing. The client can withdraw its consent at any time when the processing of personal information is based on consent. Further, it shall be noted that the withdrawal of consent does not affect the legality of the processing before the withdrawal of consent.
4. Disclosure of personal data
The employees of BBA//Fjeldco have access to personal data to the extent necessary to fulfil our contractual obligations towards our clients. Personal data may be delivered to third parties that process data on behalf of BBA or provide services to us. Those parties are for example IT system and software providers, banking and financial service providers as well as debt collectors.
In some instances, BBA//Fjeldco has a legal obligation to disclose a client’s personal information to regulatory authorities, law enforcement agencies, district courts and other governmental bodies.
It shall be noted that the attorneys employed at BBA//Fjeldco are bound by a legal duty of confidence regarding all information they receive according to Article 22 of Act no. 11/1998, except if they have a legal obligation to disclose information or the client has provided consent for such disclosure. Other employees are also bound by a similar confidentiality requirement.
5. Data transfers outside the European Economic Area
GDPR is applicable in all countries within the European Economic Area (,,EEA area’’) and data transfers within the EEA area are unlimited if based on an appropriate legal basis. GDPR restricts data transfers to countries outside the EEA area, including the United Stated. BBA//Fjeldco uses the services of providers in the United States and transfers data to the United States for example, in relation to the monitoring of our website. As a data controller BBA//Fjeldco is responsible for ensuring that our clients personal data is only transferred to parties that provide adequate protection to clients’ personal data. Therefore, BBA//Fjeldco only transfers personal data to parties certified as Privacy Shield members or parties who have provided appropriate safeguards such as standard contractual clauses.
6. Data retention
Personal information is generally processed and retained as long as necessary to fulfil contractual obligations to clients, legal obligation and legitimate interests of BBA//Fjeldco. When data is no longer necessary to fulfil contractual obligations or legal obligation they are deleted. However, BBA//Fjeldco may retain personal information relating to legal services for a longer period when obliged by legal and/or regulatory requirements, such as limitation periods for taking legal action and accounting requirements.
7. Data subject rights
Individuals enjoy certain rights in relation to the processing of BBA//Fjeldco on personal data. They include the right to:
- request information about how BBA//Fjeldco processes personal data and receive a copy of the information;
- request erasure of personal data, rectification of inaccurate personal data or request that BBA //Fjeldco complete incomplete personal data;
- request to receive personal data in a structured, commonly used, and machine-readable format and to have them transferred to another party.
It shall be noted that BBA//Fjeldco is permitted in limited circumstances to deny that personal data is erased, transferred or that access to data is provided. BBA//Fjeldco will ensure that the personal data of each client is updated and reliable.
A client also has the right to lodge a complaint with a supervisory authority if he considers that the processing of BBA//Fjeldco infringes or is not in compliance with the applicable legislation. Further information on the rights of data subjects are provided by the representative of the BBA//Fjeldco Privacy Policy (please refer to our contact information in section 1).
8. Protection of information
BBA//Fjeldco has taken appropriate and reasonable steps to ensure that all personal data is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The measures taken to protect personal data include:
- implementation of technical and organisational measures designated to ensure continued confidentiality, continuity, availability and load resistance of processing systems and services;
- managing the access of individuals to our premises;
- managing the access of employees and others to systems that contain personal information;
- ensuring that third parties who have access to the personal data of clients have made appropriate security safeguards to protect personal information; and
- limiting the retention period of the personal data of clients.
9. Privacy policy amendments
This Policy will be updated regularly in accordance to the changes made by BBA//Fjeldco in relation to the processing of personal data. We encourage you to review this policy on a regular basis to be informed about how we use and protect your personal data.