1. CONTROL AND PROCESSINGADVEL acts as a controller when we decide on the processing of certain personal data which has been submitted to us in connection to a particular case or project. When we are entrusted with processing on the behalf of others we are to be considered a processor. This would for instance apply when we carry out a due diligence review. When we act as a processor, the processing is always based on a data processing agreement with the relevant controller.
2. NATURE OF PROCESSING AND CATEGORIES OF DATA
In order to be able to provide legal services we need to process certain categories of personal data:
General legal services
If you are our client or a prospective client we process the data necessary to be able to provide services. This includes name, ID number, address, e-mail, phone number, marital status, gender and financial information.In general, information related to companies and their activities is not considered personal data under privacy legislation. We may however process personal data such as name, ID number, address and title when providing services to companies. The legal basis for processing is Article 6 (1) (b) of the GDPR.
In certain instances we may be required to process sensitive data such as health information and criminal records. The legal basis for processing is Article 9 (2) (f) of the GDPR.
As a law firm we are obliged to fulfill certain requirement of money laundring legislation, cf. Act on Money Laundring No 64/2006. In this respect we may need to process personal data such as name, ID number and Passport Number.
We process personal data such as name and ID number when we interact with our clients by sending out news, information or for the marketing of our services. Such processing is based on individual consent which can at any time be terminated, cf. Article 6 (1) (a) of the GDPR.
Cookies are text files stored by webpages in your browser. The text file stores information on your preferred setting by analysing your use in order to improve your user experince. The cookies contain text, numbers and/or other information such as dates and location.
3. TRANSFER OF DATA
ADVEL does not transfer personal data to third parties in general. When we need to engage processors in our ordinary course of business we require the conclusion of a data processing agreement.
In certain instances we may need to to provide information to police, public authorites, courts, arbitration panels or other law firm. Sharing of information with third parties is only carried out if this is necessary in order to be able to provide services or required by law.
ADVEL does not transfer data to third countries outside the European Economic Area without explicit consent of the data subject.
ADVEL places a great emphasis on security. We have anacted procedures to ensure the secure filing of data inter alia by a system of access control, restricted access and identification. Hosting is provided by certified providers and based on certified technology.
5. STORAGE OF DATA
We will erase all personal data which is no longer needed in order for us to provide services. In several instances we are however obliged to retain data due to legal obligations such as compliance with money laundering legislation, accounting principles etc.
6. YOUR RIGHTS
You are at all times entitled to get access to the personal data we store unless limitations are stipulated by law. You can also object to the processing of data and request rectification and/or deletion.
We ask you to send all requests related to access to data, rectification or deletion to the e-mail firstname.lastname@example.org with an identification attached such as a scanned copy of an ID or Passport.
In Iceland, Perónuvernd is the supervisory authority in data protection and you can submit requests and/or complaints to that authority at any time. The website www.personuvernd.is.