Skip to main content
Bílrúðumeistarinn
IS

Privacy

Privacy Policy

Effective: 5 July 2015 · Version: 3 January 2024

This English version is an informational translation. The Icelandic version is the authoritative version.

Bílrúðumeistarinn slf. (also referred to as “the company,” “we” or “us”) operates the website https://brm.is (the “Website”).

We take the obligations of privacy and the security of personal information seriously, and we handle information received through the Website in accordance with Icelandic Act No. 90/2018 on Data Protection and the Processing of Personal Data.

This privacy policy describes which information we collect, how, and for what purpose.

Definitions

  • Website — the company website at https://brm.is.
  • Personal information — any information relating to an identified or identifiable individual.
  • Technical information — usage data collected automatically when you visit the Website (e.g. IP address and statistics). This data is never linked to your personal information.
  • Cookies — small files browsers store on devices, with a defined lifetime.
  • Data controller — the party that determines the purpose and means of processing personal data. Bílrúðumeistarinn is the controller for processing carried out in connection with the company's products and services.
  • Data processor — a party that processes personal data on behalf of the controller. We may transfer personal data to qualified third-party processors that meet all requirements.
  • Data subject — an individual interacting with us regarding a product or service.

What personal information we collect and why

We collect and retain various personal information for different purposes, including providing the requested service and improving the Website and the service itself.

Contact and personal details

When you interact with us via the Website or email, we record personal information so that we can contact and/or identify you and provide the requested service. This may include:

  • Name
  • Icelandic ID number (kennitala)
  • Email address
  • Phone number
  • Address, postal code, town
  • Communication history

We may use email marketing to inform customers about products and services they may be interested in. Customers can easily unsubscribe by clicking the unsubscribe link at the bottom of our emails.

Technical information

When you visit the Website we collect data automatically about the device you connect with and how you navigate the site. This may include IP address, browser type, pages viewed, time and date of the visit and time spent on pages. This data is never linked to your personal information. In most cases such data is collected using cookies.

Cookies

Cookies are small files browsers store on devices. They store statistics and user preferences but do not store personal information such as name, ID number, email or phone. Examples of cookies we use:

  • Strictly necessary cookies — ensure the Website works correctly.
  • Functional cookies — remember preferences such as language.
  • Security cookies — authenticate users and maintain security.
  • Analytics cookies — analyse Website usage. The information is anonymous.
  • Social media cookies — allow you to share content via social “share” buttons.
  • Marketing cookies — show you personalised advertising.

In accordance with applicable law we ask for your permission to use cookies. You can disable non-essential cookies or all cookies by changing your browser settings. Disabling all cookies may impact Website functionality.

How we use your personal information

  • To provide the product or service you have requested.
  • To respond to inquiries and process requests you send to us.
  • To inform you of changes to our services and terms.
  • To inform you about new products and services.
  • To analyse the use of our services and products.
  • To comply with legal requirements.

Legal basis for processing

  • To fulfil a contractual obligation (Art. 9 §2 of Act No. 90/2018).
  • Based on consent (Art. 9 §1 of Act No. 90/2018).
  • To protect the legitimate operational interests of the company (Art. 9 §6 of Act No. 90/2018).
  • For statistical purposes (Art. 9 §5 of Act No. 90/2018).
  • To fulfil a legal obligation (Art. 9 §3 of Act No. 90/2018).
  • Act No. 90/2018 at althingi.is

How long we retain personal information

We retain data as long as necessary for the purpose of processing as described in this policy, unless laws and regulations require a longer retention period (e.g. regulations on electronic invoices and accounting laws).

Disclosure of personal information

The company may disclose personal information to the following parties:

  • Employees within the company to deliver the requested service.
  • Our data processors (service providers) under data-processing agreements.
  • Banks and card companies in connection with payments.
  • Debt collection agencies for collection purposes.
  • Tax authorities as required by law or regulation.
  • New owners if the company is sold in whole or in part.

Security of personal information

We prioritise the security of personal information and use recognised methods. However, no method of transmitting data over the Internet or storing it electronically is 100% secure. Examples of measures we use include access controls in the company's systems and encrypted communications between users and the Website via SSL certificates.

Your rights regarding personal information

You have a number of rights under the law in connection with the processing of personal information, with certain limitations and exceptions in applicable laws and regulations. Your rights include:

  • Right of access — to confirmation that we process your personal information and access to it. Requests will be handled as quickly as possible and no later than one month from receipt.
  • Right to rectification and erasure (the “right to be forgotten”) — to correct and/or delete personal information that may be inaccurate or misleading.
  • Right to object to processing if you consider that the processing does not match its purpose.
  • Right to restriction of processing in specific cases.
  • Right to data portability — to transfer your data to another controller.
  • Right to withdraw consent at any time when processing is based on your consent.

To prevent abuse of these rights, we reserve the right to require you to verify your identity before handling a request.

To exercise these rights, please email pallg@brm.is.

Third-party websites

The Website may contain references to and from partner websites and other third parties. Please note that those sites are governed by other privacy rules which we do not control and for which we accept no responsibility. We encourage you to review those rules carefully before submitting personal information through such sites.

Children's privacy

We do not record personal information about children under the age of 18.

Changes to this privacy policy

We reserve the right to change and update this privacy policy at any time. We will notify of such changes on our website.

Contact

If you have any questions about this privacy policy, please contact pallg@brm.is.

Bílrúðumeistarinn slf., Dalvegur 18, 201 Kópavogur. Phone 571-1133. Email brm@brm.is.