The privacy statement of Curron Ltd.
General
Curron Ltd., Kt. 440391-1929, Ármúla 27, 108 Reykjavík, (hereinafter "Curron", "the company", "we", "our"), is concerned about the privacy of individuals and takes the right to privacy very seriously. The company places great emphasis on the handling and processing of personal data in accordance with applicable privacy laws. This notice informs what personal information the company collects about individuals during its business practices and for what purpose. Additionally, we include details about other recipients of said information and the amount of time we store that information. Also included are details about on what legal basis Curron collects personal information, individual rights and additional important information related to the Privacy Act and the processing of personal information no. 90/2018 (the "Privacy Act").
2. What is personal information and how is it processed?
Personal information refers to any information about a person that is personally identified or can be personally identifiable trough his data. An individual is considered personally identifiable if he or she can be directly or indirectly identified by reference to certain identifiers such as name, social security number, location data, network identifier, or one or more factors that characterise him in a physical, physiological, genetic, mental, economical, spiritual, physical, social manner.
The processing of personal data means all processing and use of personal data, such as collection, registration, preservation, alteration and deletion.
3. Is Curron acting as the data controller or data processor for the processing of personal data?
Under the Data Protection Act, the data controller is the party that decides the purpose and methods of processing personal information, while the data processor is the party that processes personal data on behalf of the data controller.
Curron's processing of personal information is, in principle, carried out by the company's customers who have entered into a service agreement with the company for the purchase of information-related services. In such cases, Curron plays the role of a data processor within the meaning of the Privacy Act. However, this privacy statement is limited to Curron's role as the data controller in the processing of personal information. Further information about the Company's processing of personal information as a data processor, such as the operation of the "CareOn" system, can be found here.
4. About whom and what personal information does Curron collect as a data controller?
As a data controller, Curron works with information on customer contacts and individuals that requires interaction on regular basis. In any case, Curron endeavours to collect only personal information necessary for the purpose of processing. The information in question is most often limited to a name, telephone number, email address, place of work, job title and communication information.
5. Purpose and legal basis of the process?
Curron processes said personal information in order to to provide customers with requested services and to fulfil service contracts made with those customers. Furthermore, that information is necessary to communicate with customers and other third parties when appropriate as well as in the event of fulfilling certain legal obligations, such as the obligation under the Accounting Act no. 145/1994. The data processing is therefore carried out on the basis of legal obligations and on the basis of the legitimate interests of the company ensuring normal operation and function.
6. How long does Curron store personal information?
Curron stores personal information for the time period deemed necessary for the system to execute certain functions. When personal information is no longer needed, the company safely deletes it.
7. From whom does Curron collect personal information?
Curron uses contact information that the customer has provided to the service provider or contact information that has been made public in other ways. For example, on customer websites or in public records such as the telephone directory.
8. When does Curron disclose personal information to third parties and why?
Curron disseminates personal information to third parties hired by the company to do a specific job, such as hosting data. In such cases, the company enters into a processing contract with the party concerned. Such an agreement stipulates, among other things, the obligation to comply with Curron's instructions on the processing of personal data and is prohibited from using it for any other purpose. It also includes obligation to ensure the security of said information in an appropriate manner.
Curron may also in certain cases have to share information with third parties when required by law.
9. Transfer of personal data outside the European Economic Area
Curron is aware that strict conditions apply to the transfer of personal data to countries located outside the European Economic Area. The Company does not under any circumstances do so unless there is sufficient authority to do so under the Privacy Act.
10. Rights of individuals
If individuals have given consent for the processing of certain personal information, they are entitled to withdraw their consent at any time under the Privacy Act. They also enjoy other rights, such as the right to access the data, the right to correct incorrect or misleading information, the right to delete their personal information, the right to prevent the processing of their personal information and the right to transfer their own data. Keep in mind that the rights of individuals are not always absolute and may be subject to various conditions and stipulations.
11. Safety of personal information
Curron has taken the appropriate technical and organisational security measures to ensure the safety of personal information in accordance with the Privacy Act. This ensures that access to personal information is limited to employees that require such access in order to do their work. In addition, the company promotes regular training and security protocols for employees.
12. Curron contact information
Name: Curron Ltd.
Address: Ármúla 27, 108 Reykjavík.
Email: curron@curron.is.
13. Further information and privacy officer
If you have further questions about how Curron handles your personal information, please contact our privacy officer:
Email: karl@sekretum.is
14. Right to file a privacy complaint
If you doubt that Curron handles your personal information in accordance with the Privacy Act, you have the right to file a complaint with the Privacy Policy (www.personuvernd.is).