GDPR and disclaimers

1. General

Nói Síríus hf., id. 490269-7039, based at Hestháls 2-4, 110 Reykjavík (hereinafter "Nói Síríus") places great emphasis on protecting personal information. This privacy policy is intended to explain how we collect and use personal information at the company.

Noah-Sirius strives to comply with the provisions and regulations of the law on personal protection, which are in force at all times. This privacy policy is based on the Act on Personal Protection and Processing of Personal Information, no. 90/2018 (pvl.) and regulation of the European Parliament and the Council (EU), no. 2016/679 (reg.).

Nói Síríus is considered to be a responsible party in the sense of the law and is therefore responsible for how personal information is stored and used in the company's operations. This policy is available on the website of Nói Síríus and this version was approved by the company's board of directors on May 10, 2019.

2. Principles of processing

We always keep in mind the principles of personal law when processing personal information. These rules include, among other things, that personal data is:

• reliable and regularly updated;
• processed lawfully, fairly and transparently;

3. Personal information collected

The processing of personal information by Nói Síríus is in most cases carried out in connection with contractual services or the operation of the company. Noah-Sirius processes, among other things, personal information about:

• job applicants
• employees
• visitors to the website and to Noa-Sirius' house visits
• contacts of customers, suppliers and/or contractors

Different information is collected about different categories of individuals. For example, more extensive information is collected about employees than about customer and/or supplier contacts. Examples of information include:

• name, email address, relationship with the company, phone number, job title and communication history, for the purpose of selling products and services and to be able to fulfill our obligations according to the Accounting Act;
• name, social security number, address, e-mail address of former employees who are on the company's honor roll;
• information collected through our website, for example about IP addresses and how the website is used. This information is collected through cookies;
• name, social security number, address, email address and telephone number in connection with social media games and in-store games; and
• video recordings in the company's security camera system.

4. Basis of processing

Nói Síríus mainly processes personal data on the basis of a contractual relationship that the company is in, such as with staff, customers, suppliers and contractors, or to establish such a contractual relationship.

Processing is also carried out to fulfill a legal obligation, such as in connection with the payment of salary-related fees, accounting laws or according to labor law legislation.

Sensitive personal information is mainly processed about Noah-Sirius employees, on the basis of a contractual relationship or legal obligation. In those cases, we have taken appropriate protective measures.

In some cases, Noah-Sirius processes personal data on the basis of consent, for example for marketing purposes, and on the basis of legitimate interests, such as for monitoring, such as camera surveillance, for security and asset management purposes. This is done to protect the interests of the company, customers and employees. When processing is necessary for our (or a third party's) legitimate interests, we ensure that the interests, fundamental rights and freedoms of data subjects do not outweigh them.

5. Mediation

Nói Síríus may share personal information with third parties (processors) for various reasons. For example, it may be service providers or contractors who provide the company with IT, communication and marketing services, and/or financial and recruitment services.

When such parties have access to personal information due to the nature of the service in question, Nói Síríus ensures that only personal information that is necessary is provided, and that it is a responsible processor that meets the requirements of privacy laws and regulations, especially with regard to the security of personal information.

All content posted or shared by individuals on Noah-Sirius-related social media sites is public information. Including name, photo and comments shared on such forum. Content shared on our social media sites is shared with the provider of the social media service. The use of that information takes into account the privacy policy of the social media in question. In certain cases, Nói Sírius uses the analysis tool Facebook Analytics to analyze web traffic on the company's social media pages on Facebook.

6. Security

Nói Síríus places great emphasis on the security of personal data and the company has taken appropriate technical and organizational measures to protect personal data, all taking into account the nature and extent of processing. These include processes and specific procedures.

In the event of a security breach concerning the personal data of registered individuals at Nói Síríus, which results in a risk for the individuals, Nói Síríus will report this without undue delay to Personal Protection. In certain cases, Noah-Sirius must also notify data subjects of security breaches. Noah-Sirius has established procedures to respond to such situations.

A breach of security may include, among other things, a breach of security that leads to the unintentional or unlawful destruction of personal information, or that it is lost, changed, disclosed or accessed without permission.

7. Retention and Deletion

Noah-Sirius stores personal data for the time necessary to fulfill the purpose of processing, such as commercial purposes, unless a longer storage period is required or permitted by law. After that time, the data is deleted. Laws that we must follow are, for example, the law on accounting, no. 145/1994. If there is a possibility that personal information will be needed later to fulfill a legal obligation, for example to the tax authorities, or to file or defend a legal claim, we will keep that personal information in a secure form for as long as necessary.

8. Rights of data subjects

Individuals can request information about personal data that the company owns and processes, and to exercise their other rights related to processing with personal data, by sending a written inquiry to the email address: personuvernd@noi.is  or by calling 575-1800.

In certain cases, individuals have the right to:

• access to personal information
• copy of personal data, right to correction and deletion
• to object to processing and/or restrict processing
• to request the withdrawal of consent for processing
• to request that personal data be transferred to another party.

Individuals may have additional rights in relation to Noa-Sirius' processing of personal data. The aforementioned may also be subject to restrictions resulting from, among other things, the law or the interests of others to whom the information relates.

In order to process inquiries, we will request confirmation of the identity of registered persons, such as with a driver's license or passport, so that information does not reach unauthorized parties.

9. Communication

Inquiries regarding Noa-Sirius' privacy issues can be directed to the email address  personuvernd@noi.is .

In the event of a dispute regarding the handling of personal data, individuals have the right to send a complaint to the Personal Protection Agency. Information on how to contact the organization can be found here:  www.personuvernd.is .

10. Cookies

Cookies from the first party are used on various parts of the website and for various purposes. They can, for example, be used to follow a specific user's path through the web, save the settings he has chosen. Noah-Sirius also uses cookies to analyze web traffic. Cookies are not linked to personal data, except in the aforementioned cases.

Personal information is never saved in the cookies themselves. Users' personal information is never transferred to a third party without the person's consent, except with a prior court order. Cookies belonging to third parties (Google and Facebook) are used on the website, among other things, to analyze the use of the website in terms of the number of users and their behavior on the website. Information on how these parties use cookies can be found on their websites.

11. Changes

The privacy policy is reviewed regularly and may therefore be subject to change. Changes to the policy take effect upon publication on the company's website;  www.Nói-Síríus.is . This version was approved by the board of Noah-Sirius on May 10, 2019

GENERAL TERMS AND CONDITIONS

Product information, including prices, appearing on this website may, in exceptional cases, include inaccuracies or errors. Noah-Sirius therefore does not guarantee that all information on the website is correct. Information is published without warranty.