Policy

  1. About this policy

We are concerned about the privacy and security of data that the company processes. The privacy policy states the purpose for which personal data is collected and how such data is processed. Our goal is that customers, other business partners, and individuals, as appropriate, are informed about how the company collects and processes personal data.

The processing of personal data is governed by applicable laws on privacy and the processing of personal data as they are in force in Iceland at any time, as well as this privacy policy.

This policy covers the processing of personal data in all the page operations towards former, current, and future customers of the company. The policy also applies to non-customers in cases where they interact for commercial or other purposes, visit the company or the website or participate in events organized by kringla.is.

Myndsýn ehf. kt. 430300-3340, Gjáhellu 13, 221 Hafnarfjörður, is the controller of the personal information provided to the company or collected by the company about you. You can send a written inquiry to the company regarding the processing of personal information to the email address myndsyn@myndsyn.is.

  1. What is personal information?

Personal information is any personally identifiable information about the data subject, i.e. information that can be directly or indirectly attributed to a specific individual, as defined in the Personal Data Protection Act. An individual is considered personally identifiable if they can be identified, directly or indirectly, such as by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors that identify them in physical, physiological, genetic, mental, economic, cultural or social terms.

Non-personally identifiable data is not considered personal data.

  1. Collection and processing of personal data

Examples of personal data that may be provided to kringla.is or that kringla.is may collect are:

  • Basic information: Name, social security number, address, telephone number, email address, and/or other basic information.
  • Communication information: Information about your interactions with kringla.is, such as written information about interactions in online chat, email, or letters, as well as verbal information that may be provided at the site or over the phone.
  • Identification information: Any copy of legal or electronic identification, such as a copy of a passport, or information about how you identify yourself and by what means.
  • Financial information: Information related to current and past transactions and transaction history, including the status and type of accounts and information about payment cards and payment history for your transactions with kringla.is.
  • Information collected through electronic monitoring: Audio and video recordings collected by surveillance cameras at KRINGLU’s premises.
  • Other information: The above list is for illustrative purposes and is therefore not exhaustive. KRINGLU may process other personal information than that listed here, in accordance with data protection laws and this policy.

Purpose of processing and authority

The page collects personal information about customers, contacts, and representatives of customers in cases where customers are legal entities, as well as contacts of suppliers and other partners. Of processing of personal information is conducted based on information that has been provided to KRINGLU at the initiative of the customer.

However, KRINGLU may independently collect information, such as from the government, and such processing is always conducted based on legitimate interests and in accordance with data protection laws. Such collection and processing of information by KRINGLU may, for example, processing of basic information from the national register and storage and processing of customer transaction history.

The processing of personal data

conducted primarily based on the following processing authorizations:

Legitimate interests: When kringla.is has a legitimate interest in processing personal data for a specific purpose, such as in-store camera recordings, for security and asset protection purposes. Contractual obligation: When kringla.is needs to process personal data to fulfil a contract that kringla.is has made or is preparing to make with you. Legal obligations: When kringla.is needs to process your personal data to fulfil legal requirements/rules that apply to kringla.is operations, generally or in individual cases. Consent: When you have given your consent to the processing and, where applicable, have taken the initiative to provide kringla.is with personal data.

kringla.is collects personal information about its customers to provide them with access to products and services in accordance with the provisions of business agreements, to ensure that services are tailored to their needs and to communicate information to them for marketing purposes. The aim of collecting information is primarily to serve customers better and to adapt and improve their experience of kringla.is services.

kringla.is only collects personal information that is necessary to provide advice or services at any given time. If a customer chooses not to provide personal information, kringla.is may not be able to provide the relevant party with products or services.

kringla.is uses personal information exclusively for the purpose for which it was collected.

kringla.is collects and stores various personal information about customers. Different personal information may be collected depending on whether an individual is doing business with the company himself or whether he is acting on behalf of a legal entity in doing business with the company, e.g. a supplier.

Individual transactions

kringla.is collects information about its customers in connection with individual transactions. Thus, kringla.is collects, among other things, customer contact information, information about the product/service purchased, e.g. product number and price agreement, contact information and the amount of the withdrawal authorization. The processing is based on an agreement or a customer’s request to enter into an agreement with the company. In the case of account transactions, information about creditworthiness and from the delinquency register may be processed based on the company’s legitimate interests.

If a customer violates the law in their transactions with kringla.is, information about the violation, e.g. about unauthorized account transactions or vehicle registration numbers related to the violation, may be processed based on the company’s legitimate interests. In such cases, the violation may be reported to the police.

kringla.is may also send targeted mail to its customers based on the company’s legitimate interests. Customers can always object to such processing by clicking on the link provided in targeted emails, sending an email to myndsyn@myndsyn.is or contacting kringla.is customer service at 895-6030.

Mailing list

kringla.is uses an email address that an individual has registered and approved in advance for targeted mailings to individuals on the company’s mailing list. Furthermore, an individual can register information such as name, social security number, address, telephone number, and gender. Their consent is then requested to process information about their purchase of kringla.is products and services to market products on kringla.is and services and those parties that kringla.is selects for collaboration. By registering this optional information, the individual agrees that kringla.is may combine information about them from the company’s other business systems, such as sales systems and CRM systems (Customer Relationship Management), to provide better service and send out more personalized messages. This processing is based on consent, and an individual is always allowed to withdraw their consent and unsubscribe from the company’s mailing list at any time by clicking on the link provided in targeted emails, sending an email to personuvernd@Kringla.is or contacting customer service at 895 6030.

Electronic surveillance in stores

Since kringla.is has electronic surveillance cameras, customers who visit kringla.is may therefore be recorded on video. The processing of the information collected through camera surveillance is based on the legitimate interests of the company, as the processing is conducted for property and security purposes. Video material is stored for as long as necessary based on the purpose of the processing, but never longer than 90 days, unless it is necessary to keep it longer due to suspicion of a criminal act, an accident or something similar.

Cookies

When kringla.is website stores cookies on your computer or smart device. Cookies are small text files that store information to analyse the use of the websites and improve the user experience. Cookies are also used to tailor the website to your needs, e.g. to promote the functionality of the site, save your settings, process statistical information, analyse traffic on the sites and for marketing purposes.

Representatives of companies and institutions

If an individual acts on behalf of a kringla.is partner, such as a supplier, contractor or customer who is a legal entity, kringla.is may process their contact information, such as name, telephone number, and email address. kringla.is may also process communication history and, where applicable, account information. This processing is necessary for the company to be able to fulfil its obligations based on a contract with the relevant partner. The company may also be obliged to process information based on a legal obligation, such as the Accounting Act.

Suggestions and/or comments from customers

If an individual submits a suggestion or complaint, kringla.is will process their contact information, such as name and email address, and the content of the complaint or suggestion that they have chosen to make.

  1. Disclosure of personal information

kringla.is does not disclose personal information to third parties except with your consent, in accordance with the provisions of business agreements, based on the company’s legitimate interests or based on a legal obligation.

kringla.is reserves the right to disclose personal information to a third party (processor) who is a service provider, agent, or contractor of kringla.is for the purpose of providing the requested service.

kringla.is shares information, for statistical purposes, with processors who collaborate with the company in quality and marketing work. kringla.is only provides the processors with the personal information that is necessary for them for the purposes. An agreement is concluded with such processors, in which they undertake to keep information about individuals secure and use it only for the purposes.

All kringla.is processors and partners have signed an appropriate confidentiality statement and processing agreement in accordance with the provisions of the Personal Data Protection Act. kringla.is thus ensures the protection of personal data in accordance with the laws and regulations on personal data protection as they are at any time, including by formulating a security policy on the handling and security of personal data and establishing security and procedural rules as required by the privacy law.

In cases where a third party (processor) gains access to personal data, kringla.is ensures confidentiality and that the data is deleted after processing. kringla.is never rents or sells personal data about customers.

  1. How long is personal data stored?

kringla.is will not process personal data longer than the purpose or legal basis permits. Personal data is processed for as long as a contractual obligation, consent or legal obligation requires, depending on the purpose and legal basis underlying the processing. Different retention periods apply depending on the type and nature of personal data.

Recordings from kringla.is electronic camera surveillance system are stored for 90 days, for security and asset protection purposes.

Please note that special laws may stipulate a minimum retention period for certain information such as accounting data, information related to customs and tax legislation and information based on data collection for the purpose of following up on the law on measures against money laundering, etc.

  1. Data security

kringla.is emphasizes ensuring that the storage of personal information is conducted in a secure manner. kringla.is ensures that appropriate technical and organizational security measures are taken to always ensure the highest level of data security.

These measures are intended to protect personal information against accidental loss or alteration and against unauthorized access, copying, use or dissemination. Changes and corrections to personal information

All communications with kringla.is web servers are of course encrypted over secure URLs (HTTPS).

  1. Your rights

A person has the right and may request that kringla.is provide him with information about the personal data the company holds as well as about the processing and handling of information about him. In addition, an individual may have the right to receive a copy of the information unless otherwise provided by law. In certain circumstances, an individual may request that the company send information that he himself has provided to us or that originates from him directly to a third party.

An individual has the right to have inaccurate personal data about him corrected. In certain cases, an individual has the right to have personal data about him deleted, e.g. if the information is no longer necessary for the purpose for which it was originally collected.

If an individual does not want their information to be deleted, e.g. because they need it to defend a claim, but still want it not to be further processed by the company, they may request that their processing be restricted.

If the processing of an individual’s personal data is based on the legitimate interests of the company, the individual also has the right to object to that processing.

However, the rights of the individual are not without precedence. For example, the law may oblige the company to reject a request for deletion or access to data. In such cases, the company may reject the request due to the company’s rights, such as based on intellectual property rights, or the rights of other parties, such as privacy, if the company considers those rights to be more important. However, your right to object to processing for marketing purposes is without precedence.

The individual will be notified and given an explanation if there is a delay in processing or if it is not possible to comply with the request in full no later than one month from its receipt. An individual may complain to the Icelandic Data Protection Authority (www.personuvernd.is) if kringla.is refuses to provide him with certain information or if the individual is dissatisfied with kringla.is processing of personal data.

If circumstances arise where the company cannot comply with an individual’s request, the company will endeavour to explain why the request has been denied, subject to limitations based on legal obligations.

  1. Policy Review

kringla.is Privacy Policy is reviewed regularly, and the company’s policy is to be as clear and explicit as possible about how the company collects personal information and for what purpose the information is used.

kringla.is reserves the right to change the Privacy Policy at any time, without notice. kringla.is Privacy Policy can be found at kringla.is and the updated policy will take effect when it has been published on the company’s website. All inquiries about the handling of personal information and kringla.is Privacy Policy should be sent to the email address kringla@kringla.is.

This Privacy Policy was set on September 1, 2025