Privacy Policy

This Privacy Policy is based on the current Icelandic Privacy Act no. 90/2018, as well as on the General Data Protection Regulation no. 2016/679 from 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as ,,GDPR’’.

1. Information about us

BBA Fjeldco ehf., Katrínartúni 2, 105 Reykjavík, reg. no.6108190950 (also referred to as BBA//Fjeldco and ‘’we’’’) is the controller of any personal information that we process in connection to the legal services we provided to our clients.

The aim of this Privacy Policy is to provide our clients with information about the purpose and legal basis for the processing of personal data and inform clients about their rights in relation to such processing. If you have any further questions or observations to this Privacy Policy please refer to the Supervisor of this Privacy Policy by mail or email. The Supervisor will respond to your inquiry as soon as possible in writing.

BBA Fjeldco ehf.  
Katrínartún 2    
105 Reykjavík    
c/o Sara Rut Sigurjónsdóttir        
email: sara@bbafjeldco.is

2. Types of personal information we collect

Personal information means any information that can be used to directly or indirectly to identify a specific individual.

BBA//Fjeldco collects and processes certain personal information for the purposes of providing legal services to clients.  Depending on whether you are a client of BBA//Fjeldco or whether you are representing a legal person that is a client of BBA//Fjeldco.

The following are examples of personal data that BBA//Fjeldco processes of individuals that are clients of BBA//Fjeldco:

The following are examples of information about individuals that represent a client who is a legal person or an individual that is in another way a contact for a client:

It shall be noted that providing personal data is always optional for a client. If certain information is not provided it may affect BBA//Fjeldco's ability to provide legal advice.

In general BBA//Fjeldco collects personal information directly from a client or a representative of a client. In some instances, the information may be provided by third parties, such as the National Register of Iceland, Property Register of Iceland, CreditInfo, Keldan, the Directorate of Internal Revenue, banks or other financial companies, District Courts, District Commissioner and public authorities.

BBA//Fjeldco may in some cases collect data through website visits to the Company’s website, www.bbafjeldco.is, including information regarding the location of the individual that opens the website, the type of browser that is used and general information regarding traffic on the website.

3. Legal bases for collection

The processing of personal data that BBA//Fjeldco holds depends on the purpose of the collection of personal data. For example, BBA//Fjeldco processes personal data of a client to:

If a client has provided its consent to BBA//Fjeldco for the processing of personal data for a specific purpose then consent is the legal basis for processing. The client can withdraw its consent at any time when the processing of personal information is based on consent. Further, it shall be noted that the withdrawal of consent does not affect the legality of the processing before the withdrawal of consent.


4. Disclosure of personal data

The employees of BBA//Fjeldco have access to personal data to the extent necessary to fulfil our contractual obligations towards our clients. Personal data may be delivered to third parties that process data on behalf of BBA or provide services to us. Those parties are for example IT system and software providers, banking and financial service providers as well as debt collectors.

In some instances, BBA//Fjeldco has a legal obligation to disclose a client’s personal information to regulatory authorities, law enforcement agencies, district courts and other governmental bodies.

It shall be noted that the attorneys employed at BBA//Fjeldco are bound by a legal duty of confidence regarding all information they receive according to Article 22 of Act no. 11/1998, except if they have a legal obligation to disclose information or the client has provided consent for such disclosure. Other employees are also bound by a similar confidentiality requirement.


5. Data transfers outside the European Economic Area

GDPR is applicable in all countries within the European Economic Area (,,EEA area’’) and data transfers within the EEA area are unlimited if based on an appropriate legal basis. GDPR restricts data transfers to countries outside the EEA area, including the United Stated. BBA//Fjeldco uses the services of providers in the United States and transfers data to the United States for example, in relation to the monitoring of our website. As a data controller BBA//Fjeldco is responsible for ensuring that our clients personal data is only transferred to parties that provide adequate protection to clients’ personal data. Therefore, BBA//Fjeldco only transfers personal data to parties certified as Privacy Shield members or parties who have provided appropriate safeguards such as standard contractual clauses.


6. Data retention

Personal information is generally processed and retained as long as necessary to fulfil contractual obligations to clients, legal obligation and legitimate interests of BBA//Fjeldco. When data is no longer necessary to fulfil contractual obligations or legal obligation they are deleted. However, BBA//Fjeldco may retain personal information relating to legal services for a longer period when obliged by legal and/or regulatory requirements, such as limitation periods for taking legal action and accounting requirements.


7. Data subject rights

Individuals enjoy certain rights in relation to the processing of BBA//Fjeldco on personal data. They include the right to:

It shall be noted that BBA//Fjeldco is permitted in limited circumstances to deny that personal data is erased, transferred or that access to data is provided. BBA//Fjeldco will ensure that the personal data of each client is updated and reliable.

A client also has the right to lodge a complaint with a supervisory authority if he considers that the processing of BBA//Fjeldco infringes or is not in compliance with the applicable legislation. Further information on the rights of data subjects are provided by the representative of the BBA//Fjeldco Privacy Policy (please refer to our contact information in section 1).

8. Protection of information

BBA//Fjeldco has taken appropriate and reasonable steps to ensure that all personal data is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The measures taken to protect personal data include:

9. Privacy policy amendments

This Policy will be updated regularly in accordance to the changes made by BBA//Fjeldco in relation to the processing of personal data. We encourage you to review this policy on a regular basis to be informed about how we use and protect your personal data.