future404 ehf. (kt. 4307170300), Postbox 8042, 108 Reykjavík (hereafter also referred to as future404 or the company) is a consulting think tank that offers a variety of holistic safety services.
- Personal data processing,
- who has access to the personal data,
- what the data is used for,
- how the security of the personal data is guaranteed.
If you have questions on how or if this policy affects you personally you are encouraged to contact us for further information at gdpr[at]future404.is.
What is personal information?
Why do we need personal information?
future404 needs personal information to be able to fulfil its tasks. The company primarily processes personal data for necessary communications and operations. The data we collect is only processed while necessary such as if required for the legal interests of the company, e.g. to fulfil financial obligations such as send invoices etc. The processing of personal information relies upon the consent given by you.
Your personal information is only kept and saved under the following circumstances:
- with your consent, and you are always authorized to withdraw consent;
- while a business relation is in place between you and the company;
- after your business relations ends with the company we keep the information for 12 months or until future404 is obligated to erase the data in accordance with Icelandic legislation.
We are obligated to keep some data for a certain amount of time, such as accounting data which must be stored for seven years according to Icelandic legislation.
Who can access your personal information?
In most cases future404 is the only entity that can access the data. Staff members at future404 will in general have access to data in order to communicate with clients. Access to personal information is restricted within the company and we have regulated the access as well as the processing of personal information to adhere to strict legal standards.
future404 does not distribute or communicate personal information to a third party unless there is an obligation or a legal warrant to do so, e.g. in the cases of public authorities making legitimate claims on information.
Personal information might also be shared with a third party that services the company in the field of information technology as well as other services involving processing data that is a part of the management of future404. Those parties might in some cases be situated outside of Icelandic borders. futuer404 will nevertheless not share data outside the European Economic Area (EEA), excluding cases where such permission is in place on grounds of appropriate legislation of Data Protection as well as protection of the person. Namely, when there are standard terms of agreements; your consent; or when the Icelandic Data Protection Authorities has confirmed that the state in question has satisfactory Personal Data Protection according to GDPR.
How we ensure the safety of personal information
future404 has appropriate arrangements in place in the field of technology and organization to properly protect personal information in regards to the nature of collected data. These arrangements will protect personal information from being lost or accidentally changed, as well as protect against unauthorized access, sharing, processing and copying of information.
Access to our systems and software is restricted. Staff members that have access to personal information controlled by future404 sign a confidential agreement defining their responsibility and obligations.
Your rights and interests
Individuals are in charge of their own personal information.
There may be restrictions to an individual’s rights according to data protection laws. Those restrictions may occur when other laws require future404 to deny a request to access or erase data. There may also be other interests prohibiting access or erasure of data, for example on the basis of intellectual property law or to not infringe the rights of others. Under those circumstances future404 will explain the reasons for having to deny the request.
If any questions arise, or if you have a request regarding your rights, you can send an inquiry to future404 at gdpr[at]future404.is
The Icelandic Data Protection Authority (personuvernd.is) handles complaints from people that believe a mishandling or a breach of their personal information has occurred. You can contact the Data Protection Authority at postur[at]personuvernd.is.
This policy might change to fit any change of the Data Protection Law or other Personal Data Acts. It might also change if future404 changes processing procedures of personal information.