1. Purpose and legal obligation
LOGOS seeks to comply with all applicable privacy legislation and this Policy is based on the Act on Data Protection and the Processing of Personal Data no. 90/2018 (the “Data Protection Act”).
2. What is personal data?
Personal data within the meaning of this Policy is any data about a personally identified or a personally identifiable person, i.e. data that can be directly or indirectly attributed to a particular individual. Data which is not personally identifiable does not constitute personal data.
3. Customers’ Personal Data processed by LOGOS
We collect and store various personal data about our Customers. Different types of personal data may be collected about you depending on whether you are in business with the Company yourself or whether you represent a legal entity in business with the Company.
When our Customer is an individual, LOGOS collects the following data on the Customer:
- contact information, such as name, address or place of stay, phone number and email address;
- identification number;
- creditworthiness information;
- information from our communication with the Customer;
- bank account information, including information on VAT number and special instructions relating to billing;
When a Customer is a legal entity, LOGOS collects specific information regarding the representatives of such parties, in particular:
- contact information, such as name, phone number and email address; and
- communication history.
The Company may also obtain information regarding politically exposed persons within the meaning of the Act on Measures against Money Laundering and Terrorist Financing No. 140/2018 (“Money Laundering Act”). Politically exposed persons are natural persons, domestic or foreign, who have been entrusted with prominent public functions, together with their immediate family and close associates.
In addition to the above data, LOGOS may also collect and process other data with which Customers or representatives/contacts of Customers provide the Company themselves, as well as data that the Company processes for its activities, including its main activities, which is legal services. The data is processed primarily in order to be able to fulfil formal and informal service agreements with our Customers and to perform any other duties resulting from our service to Customers, but also on the basis of our legitimate interests of ensuring that our Customers receive good service. Also, data may be processed on the basis of a legal obligation, irrespective of the services the Company has undertaken to provide to its Customers, e.g. obligations relating to rules on money laundering or accounting laws.
As a rule, LOGOS receives personal data directly from its Customers or Customers’ representatives. However, data may also come from third parties, such as Creditinfo, public authorities, courts, service providers to Customers, counterparties and other lawyers. Personal data may also be collected online, from various websites, social media and databases. If personal data are received from a third party in other instances, the Company will endeavour to notify its Customers thereof.
Data on Customers and representatives/contacts of Customers processed for the purpose of initiating business are stored for 4 years from the end of business or, in case of a long-term business relationship, from the end of the business relationship. Data covered by the Accounting Act are stored for 7 years from the end of the relevant fiscal year. As a rule, data concerning the Company's actual legal services will be stored for longer, as their processing may prove necessary for establishing, maintaining or defending legal claims. In that case, the retention period is subject to rules on the expiration of claims that may generally take a maximum of 14 years. However, the data may be deleted earlier for operational efficiency.
4. Personal data of individuals who contact the Company and visit our website
When individuals contact our office, LOGOS generally processes the individual’s contact data and communication history with the Company.
When individuals visit the Company’s website, we may process specified data which is collected via cookies. LOGOS only uses necessary cookies, based on LOGOS‘ legitimate interests. Non personally identifiable data is also collected on the website‘s traffic.
5. Direct Mail
LOGOS regularly sends newsletters and invitations to events and courses organized by the Company to its Customers, Customer contacts and others who have registered to the Company’s mailing list. The processing of e-mail addresses for such purposes is based on the Company’s legitimate marketing interests and helps us ensure that Customers experience exemplary service.
If you do not wish to be on the LOGOS mailing list, you can unsubscribe by filling out the form available here. The Company regularly reminds contacts on the mailing list of their right to unsubscribe.
6. Sharing with third parties
LOGOS may share your personal data with third parties, such as in connection with their contractual relationship with the Company, or in relation to the legal services provided to you or the company which you represent. For example, data about you may be shared with a debt collector for the collection of debts or to other third parties, such as an external adviser or contractor, in connection with counsel given to you or the protection of your interests.
Your personal data may also be delivered to a third party to the extent permitted or required on the basis of applicable laws or rules, such as to public authorities, the courts, counterparties in a dispute, witnesses, partners of Customers or other invested parties, and in order to respond to legal measures such as a house search, subpoenas or a court order.
Also, personal data might be shared with third parties who supply us with information technology services and other services related to processing and which form part of the Company's activities.
These entities may be located outside of Iceland. However, LOGOS will not transfer personal data outside of the European Economic Area unless permitted by applicable privacy legislation, such as based on standard contractual clauses, your consent or a notice issued by the Icelandic Data Protection Authority (Persónuvernd) listing countries which ensure an adequate level of data protection.
7. How is the security of personal data ensured?
LOGOS seeks to take appropriate technical and organizational measures to protect personal data with particular regard to their nature. These measures are intended to protect personal data against being lost or changed by accident and against unauthorized access, copying, use or dissemination. Examples of security measures taken by LOGOS are access controls to the Company's systems as well as the use of operational logs.
8. Changes and corrections to personal data
It is important that the personal data processed by LOGOS is both accurate and appropriate. Therefore, it is important that the Company is notified of any changes that may occur to your personal data.
You have the right to have unreliable personal data about you corrected. Taking into account the purpose of the processing of your personal data, you also have the right to have incomplete personal data about you completed, including by submitting additional information.
9. Your rights regarding the personal data processed by the Company
You have the right to obtain confirmation on whether we process personal data about you or not, and if so, you may request access to the data and how it is processed. You may also be entitled to a copy of the data. In certain circumstances, you may request from the Company that we send data which you have provided us with yourself or that originates with you, directly to a third party.
Under certain circumstances, you may request that your personal data be deleted without delay, e.g. where retention of the data is no longer necessary in light of the purpose of the processing or because you have withdrawn your consent for the processing of the personal data and the processing is not based on any other legal basis. If the processing is based on your consent, you may at any time withdraw such consent.
If you do not want to have your data deleted, e.g. because you need it for your defence against a claim, but you nevertheless do not want it to be processed further by the Company, you may request its processing to be limited.
If the processing of your personal data is based on legitimate interests of the Company, you also have the right to object to such processing.
Your above rights are not absolute. Thus, laws may obligate the Company to reject a request for deletion or access to data. In addition, the Company may reject your request in consequence of the Company's rights, such as on the basis of intellectual property rights or the rights of other parties, such as to privacy, if the Company considers these rights to prevail.
In case of a situation where the Company cannot meet your request, the Company will seek to explain why the request was rejected, subject to any limitations on the basis of legal obligation.
10. Inquiries and complaints to the Data Protection Authority
If you disagree with the Company's processing of personal data, you may submit a communication to the Data Protection Authority (www.personuvernd.is).
11. Contact information
Benedikt Egill Árnason, firstname.lastname@example.org, +354 540 0300.
The Company's contact information:
Any changes that may be made to this Policy will take effect after the updated version has been published on the Company's website.