All processing of personal data is governed by the Icelandic Act on Data Protection and the Processing of Personal Data and applicable regulations. The purpose of this policy is to minimise the risk of unintentional or unlawful deletion of personal data or the risk of personal data being lost, amended, disclosed or accessed without authorisation.
For HS Veitur hf., this policy is to intended to safeguard the company’s operations, with regard to the above-mentioned purpose, against internal and external threats due to intentional non-compliance, negligence or accident.
This policy has been approved by the Board of HS Veitur hf.
This policy ensures:
- That data is protected from all unauthorised access and that the confidentiality of information is safeguarded
- That the integrity of data is preserved
- That applicable laws, guidelines and regulations are followed. This also applies to provisions of business contracts relating to data security
- That a business continuity plan is drawn up and maintained
- That all confirmed and suspected security breaches are reported, investigated, documented and responded to
The needs of the business for access to data must also be fulfilled.
Employees must act in accordance with this policy.
Subject access requests
According to the Icelandic Act on Data Protection and the Processing of Personal Data, individuals have the right to confirmation from HS Veitur as to whether personal data on the individual in question is being processed, and where that is the case, be given access to that personal data and relevant information pertaining to the processing.
Please complete the applicable form to make a subject access request under data protection law. Email your completed form to firstname.lastname@example.org. We will process your request as soon as possible.