Cookie and Privacy Policy

Data Controller

We are the data controller for the processing of the personal data that we process about our customers and business partners. You can find our contact details below:

Viknordik

Hafnargata 22
240 Grindavik, Iceland
Phone: +354 840 3981
Mail: david@viknordik.com

It is not a requirement for our company to have an external Data Protection Officer (DPO), but if you have any questions regarding the processing of your personal data, you are welcome to contact us at david@viknordik.com

---

Processing Activities

As data controller pursuant to the GDPR, we carry out the following processing activities:

Website Visits

When you visit our website, we use cookies to ensure that the website functions properly.

---

Communication with Potential Customers

If you have questions about our website or wish to learn more about our services, you can contact us via:

• Contact form

• Email

• Telephone

Through this, we process your personal data in order to engage in a dialogue with you, for example to respond to questions about our services. We only process the information that you provide in connection with our communication.

We typically process the following general personal data: name, email address, and phone number.

The legal basis for processing this personal data is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

We delete our communication with you once it is clear whether you wish to use our services or not.

In special cases, it may be necessary to store your personal data for a longer period.

---

Customers

We need to communicate with our customers to ensure that services are delivered correctly. In this connection, we may process information such as name, address, services provided, special agreements, payment information, and similar data.

The legal basis for processing this personal data is Article 6(1)(b) of the GDPR.

Once the service has been delivered and any outstanding matters have been settled, we will delete the personal data without undue delay.

---

Newsletter

We offer a newsletter, which is voluntary to subscribe to, and you may unsubscribe at any time.

The purpose of the newsletter is to send emails with new information from the company, which may include new website content and marketing of our services.

We will only send you emails if you have given your explicit consent. Initially, you must provide your email address, after which we will send you a confirmation email to verify your subscription. This ensures that you have actively subscribed to the newsletter and provided consent.

The legal basis for processing your personal data (i.e., your email address) in connection with the newsletter is Article 6(1)(a) of the GDPR.

We will process your personal data for as long as you remain subscribed to the newsletter. Upon unsubscribing, we will stop sending it to you. If we have not sent you a newsletter for one year, your consent will lapse due to inactivity.

When you unsubscribe, we store documentation of your previous consent for two years from the last use, in accordance with the Danish Consumer Ombudsman’s spam guidelines section 11.3.

---

Bookkeeping

We are required to store all accounting records in accordance with the Danish Bookkeeping Act. This means that we store invoices and similar documents for accounting purposes. These may contain general personal data such as name, address, and service descriptions.

The legal basis for processing personal data for bookkeeping purposes is Article 6(1)(c) of the GDPR.

We store this information for a minimum of five years after the end of the relevant financial year.

---

Job Applications

We welcome job applications in order to assess whether they match an employment need in our company.

If you send us a job application, the legal basis for processing your personal data is Article 6(1)(f) of the GDPR.

If you send an unsolicited application, HR will immediately assess whether your application is relevant and will delete your information if there is no match.

If you apply for a posted position and are not hired, we will delete your application once the right candidate has been found.

If you enter into a recruitment process and/or are hired, you will receive separate information about how we process your personal data in that context.

---

Data Processors

Few organizations can handle everything themselves, and the same applies to us. We therefore work with partners and suppliers, some of whom act as data processors.

External suppliers may provide systems for organizing our work, services, consulting, IT hosting, or marketing.

It is our responsibility to ensure that your personal data is processed properly. Therefore, we set high standards for our partners, who must guarantee that your personal data is protected.

We enter into data processing agreements with companies (data processors) that handle personal data on our behalf to ensure the security of your personal data.

---

Disclosure of Personal Data

We do not disclose your personal data to third parties.

---

Profiling and Automated Decisions

We do not carry out profiling or automated decision-making.

---

Transfers to Third Countries

As a general rule, we use data processors within the EU/EEA or those who store data within the EU/EEA.

In some cases, this may not be possible, and data processors outside the EU/EEA may be used if they can provide adequate protection of your personal data.

---

Security of Processing

We ensure the secure processing of personal data by implementing appropriate technical and organizational measures.

We have conducted risk assessments of our personal data processing activities and have subsequently implemented appropriate technical and organizational measures to enhance security.

One of our most important measures is keeping our employees updated on GDPR through ongoing awareness training, GDPR courses, and regular reviews of our GDPR procedures.

---

Rights of Data Subjects

Under the GDPR, you have a number of rights regarding our processing of your personal data.

If you wish to exercise your rights, please contact us.

Right of Access

You have the right to access the personal data we process about you, as well as additional information.

Right to Rectification

You have the right to have inaccurate personal data about you corrected.

Right to Erasure

In certain circumstances, you have the right to have your personal data erased before our general deletion procedures apply.

Right to Restriction of Processing

In certain cases, you have the right to restrict the processing of your personal data. If processing is restricted, we may only process the data (except for storage) with your consent, or for the establishment, exercise, or defense of legal claims, or to protect a person or important public interests.

Right to Object

In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to processing for direct marketing purposes.

Right to Data Portability

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have those data transmitted from one data controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency’s guidance on data subject rights at www.datatilsynet.dk.

---

Withdrawal of Consent

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.

---

Complaint to the Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find their contact details at www.datatilsynet.dk.

We generally encourage you to read more about the GDPR to stay updated on the rules.