Privacy Policy

future404’s Privacy Policy

future404 ehf. (kt. 4307170300), Postbox 8042, 108 Reykjavík (hereafter also referred to as future404 or the company) is a consulting think tank that offers a variety of holistic safety services.
Our Privacy Policy aims to inform those who are in contact with the company, our clients and those who act on behalf of our clients, of the following:

  • Personal data processing,
  • who has access to the personal data,
  • what the data is used for,
  • how the security of the personal data is guaranteed.

Our Privacy Policy covers all traceable personal data, that is data on clients, prospective clients, those in any business relation with the company and any others with possible relations with the company and/or their associates.

If you have questions on how or if this policy affects you personally you are encouraged to contact us for further information at gdpr[at]

What is personal information?

For the purpose of this Privacy Policy, personal information is defined as any information that can be traced directly or indirectly to a person. future404 primarily processes personal information for necessary communications and operations. We only process personal data that you give us.

Why do we need personal information?

future404 needs personal information to be able to fulfil its tasks. The company primarily processes personal data for necessary communications and operations. The data we collect is only processed while necessary such as if required for the legal interests of the company, e.g. to fulfil financial obligations such as send invoices etc. The processing of personal information relies upon the consent given by you.

Your personal information is only kept and saved under the following circumstances:

  • with your consent, and you are always authorized to withdraw consent;
  • while a business relation is in place between you and the company;
  • after your business relations ends with the company we keep the information for 12 months or until future404 is obligated to erase the data in accordance with Icelandic legislation.

We are obligated to keep some data for a certain amount of time, such as accounting data which must be stored for seven years according to Icelandic legislation.

Who can access your personal information?

In most cases future404 is the only entity that can access the data. Staff members at future404 will in general have access to data in order to communicate with clients. Access to personal information is restricted within the company and we have regulated the access as well as the processing of personal information to adhere to strict legal standards.

future404 does not distribute or communicate personal information to a third party unless there is an obligation or a legal warrant to do so, e.g. in the cases of public authorities making legitimate claims on information.

Personal information might also be shared with a third party that services the company in the field of information technology as well as other services involving processing data that is a part of the management of future404. Those parties might in some cases be situated outside of Icelandic borders. futuer404 will nevertheless not share data outside the European Economic Area (EEA), excluding cases where such permission is in place on grounds of appropriate legislation of Data Protection as well as protection of the person. Namely, when there are standard terms of agreements; your consent; or when the Icelandic Data Protection Authorities has confirmed that the state in question has satisfactory Personal Data Protection according to GDPR.

How we ensure the safety of personal information

future404 has appropriate arrangements in place in the field of technology and organization to properly protect personal information in regards to the nature of collected data. These arrangements will protect personal information from being lost or accidentally changed, as well as protect against unauthorized access, sharing, processing and copying of information.

Access to our systems and software is restricted. Staff members that have access to personal information controlled by future404 sign a confidential agreement defining their responsibility and obligations.

Your rights and interests

Individuals are in charge of their own personal information.

Each person has various rights regarding their personal information in accordance with data protection laws. Rights that you would want to exercise with this Privacy Policy might be; right to change your personal information, the right to know what information we have and how we are processing it and the right to a copy of the personal information we have about you as well as to have your personal information erased if it is no longer being processed for their original intent.

There may be restrictions to an individual’s rights according to data protection laws. Those restrictions may occur when other laws require future404 to deny a request to access or erase data. There may also be other interests prohibiting access or erasure of data, for example on the basis of intellectual property law or to not infringe the rights of others. Under those circumstances future404 will explain the reasons for having to deny the request.

If any questions arise, or if you have a request regarding your rights, you can send an inquiry to future404 at gdpr[at]
The Icelandic Data Protection Authority ( handles complaints from people that believe a mishandling or a breach of their personal information has occurred. You can contact the Data Protection Authority at postur[at]

A review of this Privacy Policy

This policy might change to fit any change of the Data Protection Law or other Personal Data Acts. It might also change if future404 changes processing procedures of personal information.

This Privacy Policy was last updated on January 15th 2021.