ADVEL places the upmost importance on privacy and confidentiality. This privacy policy describes our retention of personal data and processing in compliance with the Act on data protection and processing No 90/2018 (the Data Protection Act) which implements Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).

1. CONTROL AND PROCESSING

ADVEL acts as a controller when we decide on the processing of certain personal data which has been submitted to us in connection to a particular case or project. When we are entrusted with processing on the behalf of others we are to be considered a processor. This would for instance apply when we carry out a due diligence review. When we act as a processor, the processing is always based on a data processing agreement with the relevant controller.

2. NATURE OF PROCESSING AND CATEGORIES OF DATA

In order to be able to provide legal services we need to process certain categories of personal data:

General legal services

If you are our client or a prospective client we process the data necessary to be able to provide services. This includes name, ID number, address, e-mail, phone number, marital status, gender and financial information.

In general, information related to companies and their activities is not considered personal data under privacy legislation. We may however process personal data such as name, ID number, address and title when providing services to companies. The legal basis for processing is Article 6 (1) (b) of the GDPR.

In certain instances we may be required to process sensitive data such as health information and criminal records. The legal basis for processing is Article 9 (2) (f) of the GDPR.

As a law firm we are obliged to fulfill certain requirement of money laundring legislation, cf. Act on Money Laundring No 64/2006. In this respect we may need to process personal data such as name, ID number and Passport Number.

Direct Marketing

We process personal data such as name and ID number when we interact with our clients by sending out news, information or for the marketing of our services. Such processing is based on individual consent which can at any time be terminated, cf. Article 6 (1) (a) of the GDPR.

Cookies

Our website uses cookies in order to improve the user‘s experience. Here is a further description of cookies, how they are used and what they contain:

Cookies are text files stored by webpages in your browser. The text file stores information on your preferred setting by analysing your use in order to improve your user experince. The cookies contain text, numbers and/or other information such as dates and location.

Our web solution uses cookies from services providers such as Google Analytics. Google Analytics is a tool which enables us to monitor the traffic on our webpage to see which pages are more visited than others. This information is used to develop and improve our services. ADVEL does not share this information with third parties.

3. TRANSFER OF DATA

ADVEL does not transfer personal data to third parties in general. When we need to engage processors in our ordinary course of business we require the conclusion of a data processing agreement.

In certain instances we may need to to provide information to police, public authorites, courts, arbitration panels or other law firm. Sharing of information with third parties is only carried out if this is necessary in order to be able to provide services or required by law.

ADVEL does not transfer data to third countries outside the European Economic Area without explicit consent of the data subject.

4. SECURITY

ADVEL places a great emphasis on security. We have anacted procedures to ensure the secure filing of data inter alia by a system of access control, restricted access and identification. Hosting is provided by certified providers and based on certified technology.

5. STORAGE OF DATA

We will erase all personal data which is no longer needed in order for us to provide services. In several instances we are however obliged to retain data due to legal obligations such as compliance with money laundering legislation, accounting principles etc.

6. YOUR RIGHTS

You are at all times entitled to get access to the personal data we store unless limitations are stipulated by law. You can also object to the processing of data and request rectification and/or deletion.

We ask you to send all requests related to access to data, rectification or deletion to the e-mail personuvernd@advel.is with an identification attached such as a scanned copy of an ID or Passport.

In Iceland, Perónuvernd is the supervisory authority in data protection and you can submit requests and/or complaints to that authority at any time. The website www.personuvernd.is.

7. CHANGES TO THE PRIVACY POLICY

We regularly review this Privacy Policy in order to ensure that it meets all the requirements of data protection legislation as interpreted and applied from time to time.