Privacy Policy of GreenFish ehf.
GreenFish ehf., ID no. 5411232530, Grandagarður 16, 101 Reykjavík ("the company"), is responsible for ensuring that the processing of personal data in its operations complies with the provisions of the Act on Data Protection and the Processing of Personal Data No. 90/2018 and Regulation (EU) 2016/679 of the European Parliament and Council, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as all applicable rules, recommendations, and guidelines on data protection.
This privacy policy is intended to inform individuals about how the company, as a data controller, processes personal data. GreenFish ehf. also acts as a data processor on behalf of its subscribers, who are considered data controllers in relation to end users.
Types of Personal Data Collected
The company collects the following information about GreenFish users:
- Email address.
- Login information.
- Details of user interactions with GreenFish.
- User feedback on GreenFish services.
The company also collects the following information in all cases where it is the data controller:
- Messages and other communications sent to the company.
- Contact details of customers, both publicly available and those provided by the customer.
Sources of Personal Data
The company obtains personal data from users when they log into GreenFish, subscribe to mailing lists, or interact with the service.
Why Is Personal Data Collected?
The company collects personal data in order to:
- Comply with applicable legal requirements.
- Fulfill contractual obligations for the provided service.
- Ensure the security of data.
- Communicate with users.
- Improve products and services.
- Market its services.
Purpose of Data Use
The company processes personal data to fulfill contracts with its customers and to protect its legitimate interests. The company maintains a database of customer contact information which is used to maintain communication and fulfill contractual obligations.
How Long Is Personal Data Retained?
The company retains personal data for the duration of the contractual relationship, as long as required by law, or as long as legitimate interests justify. Retention periods may vary depending on the type and nature of the data.
Contact information collected is generally not retained longer than four years from the end of a business relationship, or after the termination of ongoing customer interaction. Communication with GreenFish is always stored for 30 days unless deleted by the user or if the user closes their account. Retention of other data is based on the statute of limitations for legal claims, which may extend up to 14 years.
Data Security
The security and handling of information are monitored, and technical and organizational measures are implemented to ensure adequate protection and responsible processing of personal data.
Company staff are bound by confidentiality under internal policies.
In the event of a data security breach, the company will follow internal procedures and act in accordance with data protection laws.
The company will never disclose customer information without the explicit consent of the data subject.
Data Subject Rights
Under data protection laws, individuals have the right to request access to their personal data, correction, deletion, portability, and restriction of processing.
If individuals have questions or concerns about how their personal data is handled by the company, or wish to exercise their rights under data protection laws, they may contact:
greenfish@greenfish.is
Individuals also have the right to file a complaint with the Icelandic Data Protection Authority in accordance with applicable law. Complaints can be submitted by email to postur@personuvernd.is. More information can be found on the Icelandic Data Protection Authority's website, www.personuvernd.is.
Last updated: April 16, 2025