Privacy Policy

Privacy Policy

1. Processing and processing of personal information

Matís places great emphasis on the safe and responsible handling of personal information and care is taken to ensure that all processing of personal information by Matís is in accordance with the Privacy Act at all times. The aim is always to limit the processing of personal information as much as possible and not to collect personal information beyond what is necessary. All processing of personal information, including the collection, registration, storage and processing on behalf of Matís, is subject to Act no. 90/2018 on personal protection and handling of personal information.

Personal information is any kind of information about a personally identifiable individual, ie. information that can be traced directly or indirectly to a specific individual, such as name, ID number, telephone number, address, location data, photograph, etc. Information that is not personally identifiable is not considered personal information.

2. Collection of personal information and purpose of processing

In connection with Matís' operations, information on employees, customers and suppliers related to the company is collected in order to fulfill its obligations in accordance with Act no. 68/2006 on the establishment of Matvælarannsóknir hf. Information is also gathered in connection with the preparation and publication of marketing material.

3. Legal basis for processing

Matís collects and processes personal information with reference to the following laws:

• To fulfill the contractual obligation (Item 2 of Article 9 of Act No. 90/2018)
• On the basis of approval (Item 1 of Article 9 of Act No. 90/2018)
• To protect the legitimate operational interests of the company (Item 6, Article 9 of Act No. 90/2018)
• For statistical purposes (Item 5 of Article 9 of Act No. 90/2018)
• To fulfill legal obligation (Item 3 of Article 9 of Act No. 90/2018)

4. Security of personal information

Matís places emphasis on ensuring the security of personal information, with special regard to its nature. Examples of security measures are access controls in the company's systems and encrypted communication between users and the website with SSL certificates. These measures are intended to protect personal information from being accidentally lost or altered and from unauthorized access, copying, use or disclosure. Matís 'operator, who is in charge of the operation of Matís' information systems, is certified in accordance with ISO 27001 on the information security management system.

5. Retention of personal information

Matís is a public limited company and operates on the basis of Act no. 77/2014 on public archives, Matís is not permitted to gauze or discard documents that fall within the scope of the Act, except with the permission of the National Archivist.

6. Personal information and rights of individuals

Individuals can request information about processing that takes place at Matís and concerns them. They may object to it if they consider that it does not comply with applicable laws and regulations and, as the case may be, demand that incorrect, misleading or incomplete personal information about themselves be deleted. On the other hand, due to Matís' obligation to deliver to the National Archives, cf. Article 6. Matís' privacy policy, the right of individuals to delete personal information is limited.

7. Web metrics

Matís uses Google Analytics to measure web pages on its websites. With each visit to Matís' website, items are recorded, such as time and date, keywords, from which country you are visiting, type of browser and operating system. This information can be used for market analysis, web improvements and its development, for example about the content that users are most looking for, etc. No attempt is or will be made to obtain further information regarding visits to Matís' website or to link it to personally identifiable information.

8. Disclosure of personal information to third parties

Matís never uses personal information for purposes other than those for which it was collected and personal information is never shared with third parties without obtaining consent or in accordance with agreements or laws. In cases where a third party, ie. the processor gets access to personal information, Matís ensures confidentiality and that data is deleted after processing.

9. Inquiries and suggestions

Matís' Privacy Officer receives inquiries and requests from the individuals who are being processed with information about the e-mail address personuvernd@matis.is. The Data Protection Officer is the liaison with the Data Protection Authority and monitors compliance with the Data Protection Act and Matís' data protection policy.

10. Review of Matís' privacy policy

Matís reserves the right to change and update this Privacy Policy as needed. The current privacy policy is available on Matís' website, http://www.matis.is/.