Privacy policy

ARCUR attaches great importance to protecting individuals' personal information and respecting their rights. This policy provides information on how the company processes personal data, for what purpose, how long it is retained, its dissemination and how its security is ensured. All processing of personal information is carried out in accordance with personal protection laws at all times.

Personal information is any information about an identified or identifiable individual. An individual is considered personally identifiable if it is possible to identify him/her, directly or indirectly, such as by reference to identifiers such as name, social security number, username and location.

Processing is an operation or series of operations in which personal data is processed, whether the processing is automatic or not.        
Examples of processing are collection, recording, classification, retention, adaptation, use and deletion.

Customer is a party that purchases services from ARCUR, e.g. companies, municipalities, institutions or ministries as well as their managers or staff.

ARCUR ehf., identification number 490419-0550, hereinafter referred to as ARCUR, processes and handles personal data either as a responsible party or a processing party.

Clients may provide ARCUR with personal information in connection with the processing of consultancy projects carried out by ARCUR. The information may concern employees or business partners of customers. The information can be expressed in various ways, e.g. in interviews, in workshops, in submitted data or working documents that the client delivers to ARCUR.

The purpose of processing personal information that the customer provides to ARCUR is to be able to provide him with the requested service. In projects where personal data is processed, a processing agreement (DPA) is concluded between ARCUR and the client. A processing agreement deals with how personal data is processed in the project in question.

ARCUR generally does not share personal information with third parties except on the basis of consent. 

ARCUR may be required or obliged to provide personal data to public authorities, courts or other third parties if delivery is based on a legal obligation or is necessary to protect previously identified rights.

If the delivery of information is due to collaboration with a third party for which ARCUR is responsible, it will only be carried out on the basis of a processing agreement.

In other respects, ARCUR does not share information about individuals to third parties except on the basis of consent. Under no circumstances will ARCUR sell personally identifiable information to third parties or use it for purposes other than those described in this Privacy Policy.

ARCUR focuses on ensuring that the storage and processing of personal information is carried out in a secure manner with appropriate technical and organizational security measures.

Data in project areas for customers, e.g. contracts, products from ARCUR, incoming data, notes and communication data, are preserved for an unspecified period unless contracts with customers or the law stipulate otherwise.

9.1 Right to rectification

It is important that customer information is correct and up-to-date. A customer can request to have their personal information changed if it is incorrect. 

9.2 Right to access information

The customer can request access to the personal information that ARCUR processes about him. The customer's right to access information may be limited by law, but in such cases ARCUR will inform and explain it separately.

9.3 Right to deletion of information and limitation of processing

A customer can request that their information be deleted. ARCUR will comply with all such requests unless there are legitimate reasons for storing the information. 

9.4 Automated decision-making 

ARCUR does not use automatic decision-making, including the creation of a personal profile, in connection with the processing of personal information of the company's customers. If automated decision-making will be used, the company will inform about such use in accordance with the relevant provisions of the law. 

9.5 Other important information

If a customer has questions about the privacy policy or further questions about the processing of personal data by ARCUR, you can contact ARCUR directly by sending an email to the email address arcur@arcur.is.

ARCUR can make changes to this privacy policy in order to meet legal or regulatory changes, government recommendations or due to changes in the processing of personal information about the company's customers. Changes to the policy come into effect when the updated policy is published on the company's website, www.arcur.is. A new version will always be identified with a release date.

This latest version of ARCUR's privacy policy was approved and published on February 1, 2021.