GreenFish LogoGreenFish

Data Protection Policy of GreenFish hf.

GreenFish hf., ID no. 541123-2530, Grandagarður 16, 101 Reykjavík, Iceland (the “Company”), respects the privacy of users, customers, and visitors (collectively, “Customer”) and recognizes the importance of protecting personal data collected through the Company’s website, https://www.greenfish.is, and its subdomains (the “Website”), the Company’s software, and other communication channels. This Data Protection Policy details how the Company collects, uses, and shares personal information from Customers.

This Data Protection Policy applies solely when the Company acts as a controller of personal data, as defined in item 6, paragraph 1, Article 3 of Act No. 90/2018 on Data Protection and the Processing of Personal Data ("the Data Protection Act").

If the Customer has questions regarding this Data Protection Policy, the Customer should contact the Company through dpo@greenfish.is.

  1. Types of Personal Data Collected

    Personal data refers to any information relating to an identified or identifiable individual. It does not include enterprise data, anonymous data, or non-identifiable data.

    To ensure the effective operation of, and deliver optimal experiences with, its software and services, The Company may collect information about Customers through the following means:

    • Information Provided by the Customer: Can include name, company name, job title, postal address, email address, phone number, username, password, and any other information provided to the Company or its employees in connection with any intended or actual transaction, Subscription Agreement, or order.
    • Information Collected Automatically: When the Customer visits the website or uses the Company’s software, the Company automatically records details about the Customer and their device. This includes the Customer’s operating system, browser type and language, pages viewed, time spent on each page, access times, IP address, and interactions and activities on the website and in the Company’s software.
    • Information from Third Parties: The Company may obtain additional information from external sources to supplement the data collected through the website or software.
    • Cookies: The Company uses small data files, called cookies, that are stored on Customers' devices to improve their experience, analyze website usage, and monitor interactions with the website.
    • Information from job applicants: The Company may receive and process information from job applicants in connection with a potential or actual hiring process. This may include details about the applicant’s educational and professional background, as well as other information deemed necessary and relevant for assessing the applicant.

  2. Use of Personal Information

    The Company utilizes the Customer’s personal information in the following ways: 

    • Operating, maintaining, and enhancing the Company’s software, services and website.
    • Engaging with the Customer, addressing their comments and inquiries, and providing customer service.
    • Sending various types of information, such as confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
    • Sharing promotions, upcoming events, updates, and other relevant news about the company's software and services, as well as those of its selected partners.
    • Linking or combining Customer information with other personal data. Using the Customer’s personal information to prevent fraudulent, unauthorized, or illegal activities through protective, investigative, and deterrent measures.
    • Fulfilling and delivering software and services as requested by the Customer.
    • Evaluating job applicants and managing recruitment processes by reviewing submitted application materials and any related information obtained during the hiring process.

    The data is primarily processed to provide the requested service to the Customer and perform other duties resulting from the Company’s services and software. However, processing also occurs based on the Company’s legitimate interest in ensuring the Customer receives quality service and software. Additionally, data may be processed based on a legal obligation. 

  3. Legal Basis for Processing Personal Data

    The Company processes personal data in accordance with the Data Protection Act. The legal bases for processing personal data include:

    • Consent
      • Where the Customer or applicant has given explicit consent for specific purposes, such as receiving marketing communications.
    • Contractual Necessity
      • To perform obligations under a contract with the Customer, including Subscription Agreements and service delivery.
    • Legal Obligation
      • Where processing is necessary to comply with applicable laws and regulations.
    • Legitimate Interests
      • For purposes such as improving services, ensuring security, and communicating with Customers, provided such interests are not overridden by the Customer’s rights and freedoms.

  4. Sharing of personal information

    The company may disclose personal information under the following circumstances: 

    • With the Customer’s explicit consent, the Company may share personal information, allowing for its use by third parties for their marketing endeavors. Such usage will be subject to the privacy policies of those third parties.
    • In the event of a business transaction, negotiation, or any dealings involving the sale or transfer of the Company’s business or assets, personal information may be shared. This includes mergers, financing, acquisitions, or bankruptcy proceedings.
    • Personal information may be shared for legal, protective, and safety purposes, including compliance with applicable laws in the jurisdictions where the Company operates.
    • The Company may disclose information in response to lawful requests and legal processes, as well as to protect its rights, property, and those of its agents, customers, partners and others. This encompasses the enforcement of agreements, policies, and terms of use.
    • In emergency situations aimed at safeguarding the well-being of the Company’s employees and agents, customers, or any individual, information may be shared.
    • Information may be disclosed to individuals engaged in work on behalf of the Company, including data processors.
    • Additionally, the Company may share aggregated and/or anonymized data with third parties for their independent use.
    • It's worth noting that certain data collected from the Website may not be covered by non-disclosure agreements if the Company and others have mutually executed such agreements.

  5. Retention of personal data

    The Company stores personal data only for as long as necessary for the intended purpose, unless otherwise authorized or required by law. Personal data collected through the website is generally not stored for more than 18 months. Personal data collected through the company's software is retained for the duration of the customer's use of the software and the existence of the business relationship with the customer. 

  6. Data Subject’s Rights

    Under the General Data Protection Regulation (GDPR) and the Data Protection Act, individuals (data subjects) have the following rights regarding their personal data:

    • Right of Access
      • The right to request confirmation of whether personal data concerning you is being processed and to access such data.
    • Right to Rectification
      • The right to request that inaccurate or incomplete personal data be corrected without undue delay.
    • Right to Erasure ("Right to be Forgotten")
      • The right to request the deletion of your personal data where there is no legal or contractual obligation for its retention.
    • Right to Restriction of Processing
      • The right to request that the processing of your personal data be limited under certain conditions, such as while verifying its accuracy.
    • Right to Data Portability
      • The right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.
    • Right to Object
      • The right to object to the processing of your personal data when it is based on legitimate interests or for direct marketing purposes.

    To exercise any of these rights, the Customer may contact the Company at dpo@greenfish.is. Additionally, the Customer has the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) if they believe their rights have been infringed.

    Further information is available at: https://www.personuvernd.is

  7. Security of the Customer’s personal information 

    The Company is committed to ensuring that its servers, software and connections are equipped with the latest encryption and security measures. The Company has implemented physical, electronic, and managerial protocols to protect and secure the collected information. However, it's important to note that no data transmission can be guaranteed to be completely secure, and malicious actors may circumvent the Company’s security measures. Therefore, the Company cannot assure the absolute security of information transmitted to or from the Website or through the use of the Company’s services and software. The Customer provides such information at their own risk. Consequently, the Company disclaims any liability for the theft, loss, interception, unauthorized access, or damage to the Customer’s data or communications while utilizing the Website, the Company’s software and services. By visiting the Website and by using the Company’s software and services, the Customer acknowledges that they understand and accept these risks. 

  8. Data Protection Policy updates 

    If the Customer is not satisfied with how the Company processes its personal data, the Customer can always send a complaint to the Data Protection Authority. 

    Information regarding the Data Protection Authority is available at https://www.personuvernd.is

    The Company reserves the right to amend and modify the terms of this Data Protection Policy at any given time. Any alterations will be communicated by indicating the date of the last revision of the Data Protection Policy. The Customer’s continued use of the Website, the Company’s services or software, subsequent to the posting of such revised policy will signify the Customer’s acknowledgment and acceptance of any changes made. The Company recommends reviewing the Data Protection Policy each time the Customer uses the Website, the Company’s software or service, to ensure the Customer fully understands how their information may be collected and utilized. 

  9. Contact information

    The Company appreciates the Customer’s comments or inquiries regarding this Data Protection Policy. The Customer can reach out to the Company at the following email address: dpo@greenfish.is

Last updated: July 24, 2025

Cookie Policy

This Cookie Policy supplements the Privacy Policy of GreenFish hf., reg. no. 5411232530, Grandgarði 16, 101 Reykjavík, Iceland ("We", "Us", or "Our") and provides information about how We use cookies and similar technologies (collectively referred to as “Cookies”) when you visit Our website https://www.greenfish.is and any of its subdomains (the “Website”). This Policy explains what Cookies are, why We use them, and how you can control their use.

What are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone, etc.) when you visit a website. Cookies serve various purposes, including enabling websites to function properly, remembering your preferences (e.g. language, region), and helping to deliver relevant content or services.

What Cookies Do We Use?

We use both first-party and third-party Cookies to enhance the functionality of the Website, improve performance, understand user behavior, and deliver targeted content. Cookies used on the Website are categorized as follows:

  1. Necessary Cookies

    These Cookies are essential for the Website to operate and cannot be switched off in Our systems. They include functions such as remembering cookie preferences and securing login sessions. These do not require user consent.

  2. Preference Cookies

    These Cookies allow the Website to remember choices you make (such as language or region) and provide enhanced, personalized features. These Cookies are only used with your consent.

  3. Analytical Cookies

    We use analytical Cookies (e.g., via Google Analytics) to collect aggregated, anonymous information on how users interact with the Website. This helps Us understand traffic patterns and improve Website performance. These Cookies require user consent.

  4. Marketing Cookies

    Marketing Cookies are used to track browsing behavior across websites and build a profile of your interests to show relevant ads. These may be set by third-party advertising networks and require user consent.

Third-Party Services and Their Purpose

We partner with the following third-party providers who may set Cookies on the Website:

  • Google Analytics - Collects statistical information about Website usage to help Us improve user experience and functionality.
  • Google Ads / Facebook Ads / LinkedIn Ads - Tracks your activity across websites to serve relevant advertising content.
  • Socail Media Platforms - Allow users to share Website content and interact with Us via social channels (e.g., Facebook, Instagram, LinkedIn).

How Do We Use the Information Collected?

The information collected through Cookies is used to:

  • Ensure the Website functions as intended
  • Understand user behavior and preferences
  • Improve performance and usability
  • Personalize content and advertising (only with consent)

In some cases, Cookie data may be linked to personally identifiable information — but only if explicitly provided by the user and with proper consent.

How Long Are Cookies Stored?

Cookies may be either:

  • Session Cookies - Deleted automatically when you close your browser.
  • Persistent Cookies - Remain on your device for a set period (typically no longer than 13 months), unless deleted manually or via browser settings.

How Can You Control Cookies?

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete Cookies. However, blocking certain Cookies may impact your ability to use certain features of the Website.

  1. Cookie Banner – Upon your first visit, you will be asked to choose your Cookie preferences.
  2. Settings Link – You can update or withdraw your consent at any time by accessing the Cookie settings available on the Website.
  3. Browser Settings – Most browsers allow you to refuse or delete Cookies via their settings.

Note: If you disable certain types of Cookies, some functionality of the Website may be affected.

Changes to This Cookie Policy

We reserve the right to update this Cookie Policy at any time, for example to reflect changes in law or Our data practices. Changes will be published with an updated “last modified” date. If material changes are made to optional Cookies, We will ask for renewed consent where required.

We encourage you to review this Cookie Policy regularly.

Contact Us

If you have any questions about this Cookie Policy or how We use Cookies, please contact:

Email: dpo@greenfish.is

Address: GreenFish hf., Grandagarður 16, 101 Reykjavík, Iceland

Last updated: July 28, 2025