Juris slf. - Data protection policy

Juris slf.

Data protection policy

Introduction

Juris slf., id. no. 580411-0610, Borgartúni 26, Reykjavík (herein referred to as “Juris” or “we”) takes seriously the reliability, security and privacy of personal data that we process. This data protection policy aims to explain how we process the personal data of individuals who are clients of Juris, individuals who contact Juris and individuals who represent legal entities who are clients of Juris, as well as other contact persons (herein collectively referred to as “customers” or “you”), in addition to informing you of your data protection rights.

All processing done by Juris is carried out in accordance with the applicable data protection laws in force at each time, currently Icelandic Act No. 90/2018 on data protection and processing of personal information, cf. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation/GDPR).

If you have any questions about this data protection policy or Juris’ handling of personal data, please feel free to contact us via the email juris@juris.is.

 

The personal data we process

We collect, use, store and transfer different kinds of information about our customers. Personal data means any information about an identified or identifiable individual; an individual is identifiable if it is possible to identify them either directly or indirectly. Our collection of personal data depends on the nature of the relationship we have with you, for instance whether you are yourself a client of Juris or whether you represent a corporate client of Juris. In all instances we put emphasis on personal data being sufficient, relevant and not more than is necessary in light of the purpose of the processing.

The following are examples of personal data that we process about individuals who are clients of Juris:

  • Contact information such as name, address, residence, telephone number and email address;

  • Identification number (where relevant);

  • Communication history, including other information contained in communications which may include sensitive personal data such as information about union membership and/or health, where such information is necessary due to our representation of the client;

  • Billing and invoicing information;

  • Other personal data that the individual provides to us.

The following are examples of personal data that we process about individuals who represent legal entities who are clients of Juris:

  • Contact information such as name, telephone number and email address;

  • Communication history, including other information contained in communications.

The following are examples of personal data that we process about individuals who contact us:

  • Contact information such as name, telephone number and email address;

  • Communication history, including other information contained in communications. This may for instance include information about applications for employment with us.

The above is not an exhaustive list of the personal data that we may process, and there may for example be other information that individuals provide to us.

 

How Juris processes personal data and for what purposes

We collect information through the following methods:

  • Information directly from the individual in question – this is information such as the name and contact information that customers provide to us at the start of our engagement, as well as information which is provided in connection with our services or when individuals contact us, for instance to apply for employment.

  • Information about services provided – this is information about the services customers use, for instance information about the types of services provided to customers, invoice and billing history, invoice amounts, amounts owed and other issues which relate to customers’ accounts.

  • Information from third parties – it may be necessary for us to collect certain information from third parties such as financial institutions, public bodies, courts, Registries Iceland, counterparties and other lawyers. Information may also be collected from the internet depending on the circumstances.

If you wish to restrict, correct or object to our processing of your personal data, please contact us and we will deal with your request as soon as practical, and in all circumstances within one month of receiving your request.

We only process personal data for legitimate purposes and in conformity with applicable data protection law from time to time. Information may for instance be necessary for us to identify customers and correspond with them; as well as to provide requested services.

Most commonly information will be processed on the basis of the following authorisations:

  • When it is necessary due to our legitimate interests or those of a third party and the individual’s interests and fundamental rights do not override those interests.

  • When it is necessary to perform a contract between us and the individual

  • When we need to comply with a legal obligation.

  • When an individual has consented to us using the information.

We will only use personal data for the purposes for which it was collected.

 

How long is personal data stored?

We store personal data only for as long as is necessary and consistent with the purpose for which it was collected, including to comply with legal and accounting obligations. When assessing the appropriate storage time we take into account the extent, type and nature of the information in question, the risk of unauthorised persons accessing the information or information being used in an unauthorised manner, the purpose of the processing of the information and whether we can achieve the same purpose by other means, as well as appropriate legal obligations to the extent applicable.

 

Cookies

Our website does not use cookies.

 

When is my data disclosed to third parties?

Personally identifiable data about customers and related individuals may be disclosed to other companies or public bodies in certain circumstances, to the extent permitted. Examples include:

  • To companies that work with us to collect debts. In these circumstances only information related to billing and invoicing is shared, for instance information regarding particular transactions, amounts owed and debt history. These parties are subject to confidentiality obligations in respect of the information provided.

  • To our external advisers who are variously data processors, data controllers or joint data controllers with us depending on the circumstances, in connection with advice.

  • To counterparties in disputes, witnesses or customers’ collaborators.

  • To service providers for IT services for operation of our computer systems or other services which are necessary for our operations.

  • To provide public bodies with information, such as the police or the courts, but only where we are legally obliged to respond to such requests.

We require all third parties to whom we disclose information in accordance with the above to ensure the security of the personal data and handle it in accordance with law. Our service providers are not authorised to use personal data for their own purposes and are only authorised to process information for specific purposes in accordance with our instructions from time to time.

We will not transfer personal data to countries outside the European Economic Area (“EEA”) unless it is ensured that the information will benefit from a similar degree of protection as within the EEA or pursuant to specific consent in each instance. If it is necessary to transfer information to a country outside of the EEA we will only transfer the information if satisfactory actions have been taken in accordance with data protection law, for instance the use of standard contractual terms which have been approved by the European Commission or other satisfactory methods.

 

Security of personal data

We place emphasis on security when processing personal data. We have implemented appropriate security measures, including technical and organisational measures, to ensure that personal data is not lost or changed, and does not come into the possession of third parties. We manage access to information and ensure that our staff are bound by confidentiality obligations in their work for us. These confidentiality obligations continue after a staff member has ceased to work for us.

If there is a security breach in respect of personal data and it is confirmed or suspected that personal data has come into the possession of an unauthorised person, the Icelandic Data Protection Authority is informed. Individuals may also be informed about the security breach unless the security breach does not result in a high risk to individuals.

 

Rights in respect of personal data processed by Juris

In certain circumstances you have rights on the basis of data protection law. For instance you have a right to confirmation as to whether we process personal data about you or not, and, where we do, you can request access to that information which we have. You also have a right to request rectification of the data we process. In certain circumstances you can also request that your personal data be erased or that we restrict the processing of your personal data, as well as the right to object to our processing in certain circumstances. If the processing of your personal data is done on the basis of consent, you have the right to withdraw that consent. In certain circumstances you may also have a right to the transfer of your personal data to another data controller.

These rights are not absolute, and your request may be refused in accordance with the law. In the event that we refuse a request in whole or in part we will endeavour to explain the basis for refusal. In general, you can request access to data or exercise your rights without charge, but we reserve our rights to charge a reasonable compensation if your request is manifestly unfounded, repeated or excessive. We may also refuse your request in those circumstances.

If you have any questions about our handling of your personal data or if you wish to exercise your rights, please feel free to contact us via the email juris@juris.is.

In the event of a disagreement regarding the handling of personal data, you may make a complaint to the Icelandic Data Protection Authority by email to postur@personuvernd.is.

 

Changes to this data protection policy

We may update this data protection policy from time to time as a result of changes to the applicable law or changes to our handling of personal data. All changes to this data protection policy shall take effect when the updated policy is made available on our website.

It is important to us that all personal data that we process is correct and up to date, and we request that you contact us if your personal data changes during the course of our provision of services.

 

This data protection policy was adopted on 19 February 2020.

Juris slf.

Borgartún 26,

105 Reykjavík

Phone: + 354 580 4400

Kt. 580411-0610

vsk. nr. 107921