Privacy statement of Klappir Grænar Lausnir hf. (“Klappir”, “Company” “we”, “our”).
Our customers’ data security is of great importance to us. We are aware that some of the information collected, processed and presented on Klappir software services is regarded as personal data according to Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”). We are determined to protect our customer’s data to the fullest extent possible and have taken the appropriate steps to ensure we are compliant with the GDPR.
This privacy statement will inform you as to how we look after your personal data when you visit our website and use our Software Services and other services and tell you about your privacy rights and how the law protects you.
PURPOSE OF THIS PRIVACY STATEMENT
This privacy statement aims to give you information on how Klappir collects, processes and presents personal data through your use of our Software Services, including any data you may provide when you subscribe to, or log on to our services. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact us using the details set out below:
Klappir Grænar Lausnir hf.
Address: Hlidasmari 3, 201 Kopavogur, Iceland
Tel: +354 5193800
THE DATA WE COLLECT
Personal data, or personally identifiable information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes your full name, username or similar identifier, title and user image.
- Contact Data includes e-mail addresses and telephone numbers.
- Transaction Data includes details about payments for services.
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your login details, preferences and feedback.
- Usage Data includes information on how you use our website and Software Services.
Where we need to collect personal data under the terms of an agreement we have made with you or an entity that you represent and you fail to provide that data when requested, we may not be able to perform the agreement or provide our services.
Our Software Services are not intended for the processing of sensitive personal data and any personal data that you input as a user of the services is at your discretion and your responsibility as stipulated in the Service Terms.
Klappir does not knowingly process any personal data of any person under the age of 16. If you suspect any processing of personal data of data subjects under the age of 16, please contact us.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you apply for our products or services or give us some feedback.
- Automated technologies or interactions. As you interact with our website or Software Services, we may automatically collect Usage Data and Technical Data about your equipment, software usage and patterns. We collect this personal data by using cookies and other similar technologies.
- Third parties or publicly available sources. As you engage in our services, you may choose to give us access to your data from third-party data sources. Third parties, including customers of Klappir who have a business relationship with a company you represent, may send us your contact information in order to request to connect with a company you represent via our Software Services. We may also collect contact data from publicly available sources for business development and marketing purposes, insofar as it is our legitimate interest. Although most of the raw data collected from the third-party data sources does not consist of personal data, some of it may be relatable with an identified or identifiable individual, thus falling under the definition of personal data.
We use Hubspot CRM tools on our website. The provider is Hubspot Inc., 25 First Street, Cambridge, MA 02141 USA. The use of Hubspot CRM tools allows us to manage our existing and potential customer contact information across different channels and to record and analyze visitor’s behavior on our website. Hubspot’s Data Processing Agreement includes Standard Contractual Clauses ensuring appropriate data protection safeguards when transferring data out of the EU/EEA.
We collect Usage Data via Datadog, a third party observability service for cloud-scale applications to monitor users’ navigation of our Software Services. The provider is Datadog Inc., 620 8th Avenue, Floor 45, New York, NY 10018. We collect your Usage Data for analytic purposes in order to enhance the user experience. We collect session data to aid with support that can be linked back to the user. All data is kept within the EU at Klappir’s request. Datadog’s Data Processing Addendum includes Standard Contractual Clauses ensuring appropriate data protection safeguards when transferring data out of the EU/EEA.
HOW WE USE YOUR PERSONAL DATA AND LEGAL BASES FOR DATA PROCESSING.
We will only use your personal data in accordance with the law. Article 6 of the GDPR stipulates that all processing of personal data must have a legal basis. Accordingly, we will use your personal data in the following circumstances:
- With your consent.
- When we need to perform the agreement we are about to enter into or have entered into with you. This includes providing the software services and other services and for communications relating to the agreement and other communications with you regarding our services.
- For our legitimate interest, as outlined in this Privacy Statement. This includes when we want to send you communications about product updates, newsletters, invitations to webinars and other material that we think may be relevant to you as a user or prospective user of our services. You can opt out of these communications at any time.
- Where we need to comply with statutory obligations.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is lawful and compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
TRANSFER OF DATA
We may transfer your personal data to third parties, such as cloud storage services, to make it possible for us to provide you with our services. Some of these parties may be located outside of the European Economic Area (EEA). Transfer of personal data to third parties outside of the EEA is based on Standard Contractual Clauses adopted by the European Commission.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the specified purposes and in accordance with our instructions.
The Klappir Sustainability Platform is hosted in Amazon Web Services (AWS) data centers, utilizing the AWS infrastructure as a service (IaaS). The services making up the systems for the Platform are deployed in AWS regions in the following locations:
As of 2023, we are in the process of relocating our Software Services wholly into AWS’s hosted infrastructure in Sweden.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
Our Software Services are hosted in AWS, which has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015, and CSA STAR CCM v4.0.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any statutory requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
YOUR LEGAL RIGHTS
Under certain circumstances you, or those whose personal data you share with us, have rights under data protection laws. These rights include:
- Requesting access to personal data.
- Requesting correction of personal data.
- Requesting erasure of personal data.
- Objecting to processing of personal data.
- Requesting restriction of processing personal data.
- Requesting transfer of personal data
- Right to withdraw consent.
If you wish to exercise any of the rights set above, please contact us at firstname.lastname@example.org We endeavor to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you are not satisfied with our resolution or believe that Klappir has not complied with relevant data protection laws and regulations, you may contact a Data Protection Authority, including the Icelandic DPA.
CHANGES TO OUR PRIVACY STATEMENT.
This privacy statement may be updated occasionally and we will always post the most recent version on our webpage. This privacy statement was last reviewed and updated on February 21, 2023.