Privacy Policy for clients. 

AX Law slf., reg. 540219-0280, Hlíðarsmára 6, 201 Kópavogi (also referred to as “the Company” and “we”) has resolved to ensure the reliability, confidentiality and security of personal data that are processed within the Company. This Privacy Policy applies to personal data relating to individuals who are in business with the Company, individuals who contact the Company, contracts representing legal entities in business with the Company, as well as other contacts (hereafter referred to collectively as “Customers” or “you”). 

This Privacy Policy is intended to inform you about what personal data the Company collects, how the Company uses such personal data and who get access to the data.  

If you are unsure of how this policy concerns you, please contact the Privacy Supervisor for more information. The Supervisor´s contact information is stated near the end of this Policy. 

1. Purpose and legal obligation 

AX Law seeks to comply fully with privacy legislation and this Policy is based on the current Privacy Act, as well as on the General Data Protection Regulation (EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), as it is intended to be transposed into Icelandic law.  

2. What are personal data? 

Personal data within the meaning of this Policy are any data about a personally identified or a personally identifiable person, i.e., data that can be directly or indirectly attributed to a particular individual. Data that are not personally identifiable do not constitute personal data. 

Processing of personal data means any operation or set of operations where personal data is processed, whether or not by automated means.  

3. Personal data on Customers that AX law processes 

We collect and store various personal information about our Customers. Different types of personal data may be collected about you depending on whether you are in business with the Company yourself or whether you represent a legal entity in business with the Company. 

The following are examples are examples of data that AX law processes on individuals in business with the Company: 

  • contact information, such as name, address or place of stay if different, phone number and email address; 
  • identification numbers 
  • gender; 
  • creditworthiness information; 
  • information from communication; 
  • financial information, bank account information, including information on VAT number and special wishes relating to billing; 
  • photographs, sound and/or video recordings 
  • sensitive personal data, i.e., data revealing racial, or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health, a person´s sex life or sexual orientation genetic data and biometric data, if the processing of such information is necessary for the provision of services to the client. 

The following are examples of data that AX Law processes on individuals representing legal entities in business with the Company: 

  • contact information, such as name, phone number and email address 
  • communication history. 

The following are examples of data that AX Law processes on other contacts representing legal entities in business with the Company: 

  • contact information, such as name and email address 
  • information from communication. 

The following are examples of data that AX Law processes on individuals who contact the Company: 

  • contact information, such as name and email address 
  • information from communication. 

4. Where does personal data originate from? 

In addition to the above data, AX Law may also collect and process other data with which Customers or representatives/contacts of Customers provide the Company themselves as well as data that the Company processes for its activities, including its main activities, which is legal services. The data are processed primarily to be able to fulfil formal and informal service agreements with the Company´s Customers and to perform any other duties resulting from our service to Customers, but the processing also occurs based on our legitimate interests of ensuring that the Company’s Customers receive good service. Also, data may be processed on the basis of a legal obligation and independent of services the Company has undertaken to provide to its Customers, e.g., regarding rules on money laundering or accounting laws. 

As a rule, AX Law procures personal data directly from its Customer or his/her contact. However, data may also come from third parties, such as Credit Info, the government, courts, service providers to Customers, counterparties, and other lawyers. Personal data may also be collected online, from various websites, social media and databases. If personal data are procured from a third party in other instances, the Company will endeavor to notify its Customers.  

Data on Customers and representatives/contacts of Customers processed for the initiation of business are stored for 4 years from the end of business or from the end of the business relationship if a long-term business relationship was involved. In the case of data covered by the Accounting Act, they are stored for 7 years from the end of the relevant fiscal year. As a rule, data concerning the Company´s actual legal services will be stored for longer, as their processing may prove necessary for establishing, maintaining, or defending legal claims. In that case, the retention period is subject to rules on the expiration of claims that may generally take a maximum of 14 years. However, the data may be deleted earlier for operational efficiency. 

4. Sharing with third parties 

AX Law may share your personal data with third parties, such as in connection with their contractual relationship with the Company, or for legal services to you or to the company whose contact you are. For example, data about you may be shared with a debt collector for the collection of debts or to other third parties, such as an external adviser or contractor, in connection with counsel given to you or the protection of your interests.  

Your personal data may also be delivered to a third party to the extent permitted or required based on applicable laws or rules, such as to the government, the courts, the counterparty in a dispute, witnesses, partners of Customers or other interested parties. 

Also, personal data might be shared with third parties who supply us with information technology services and other services related to processing and which form part of the Company´s activities. 

These entities may be located outside of Iceland. However, AX Law will not transfer personal data outside of the European Economic Area unless permitted by applicable privacy legislation, such as based on standardized contractual terms, your consent or a notice issued by The Data Protection Authority (Persónuvernd) listing states granting personal data adequate protection. 

Finally, personal data on you may be delivered to the extent permitted or required based on applicable laws or rules or to respond to legal measures such as house searches, subpoenas, or a court order. 

5. How is the security of personal data ensured? 

AX Law seeks to take appropriate technical and organizational measures to protect personal data regarding their nature. These measures are intended to protect personal data against being lost or changed by accident and against unauthorized access, copying, use or dissemination. Examples of security measures taken by AX Law are access controls to the Company´s systems.   

6. Changes and corrections to personal data? 

It is important that the personal data processed by AX Law are both accurate and pertinent. Therefore, it is important that the Company be notified of any changes that may occur to your personal data. 

You have the right to have unreliable personal data about you corrected. Considering the purpose of processing your personal data, you also have the right to have incomplete personal data about you completed, including by submitting additional information.  

Please direct all updates to the Privacy Supervisor, cf. Article 9 of this Policy.  

7. Your rights regarding the personal data processed by the Company 

You have the right to obtain confirmation whether we process personal data about you or not, and if so, you may request access to the data and how its processed. You may also be entitled to obtaining a copy of the information. In certain circumstances, you may request from the Company that we send data with which you have provided us yourself or that originates with you directly to a third party. 

Under certain circumstances, you may request that your personal data be deleted without delay, e.g. where retention of the data is no longer necessary in light of the purpose of the processing or because you have withdrawn your consent for the processing of the personal data and the processing is not based on any other authorization. If the processing is based on consent, you may at any time withdraw your consent.  

If you do not want to have your data deleted, e.g., because you need them for your defense against a claim, but you nevertheless do not want them to be processed further by the company, you may request their processing to be limited. 

If the processing of your personal data is based on legitimate interests of the Company, you also have the right to object to such processing.  

Your above rights are not absolute. Thus, laws may obligate the Company to reject a request for deletion or access to data. In addition, the Company may reject your request in consequence of the Company´s right, such as based on intellectual property rights or the rights of other parties, such as to privacy, if the Company considers these rights to prevail.  

In case of a situation where the Company cannot meet your request, the Company will seek to explain why the request was rejected, albeit regarding limitations on the basis of legal obligations. 

8. Inquiries and complaints to The Data Protection Authority 

If you with to exercise the rights described in Article 7 of this Privacy Policy, or if you have any questions regarding this Privacy Policy or how the Company processes your personal data, please contact the Privacy Supervisor, cf. Article 9 of this Policy.  

If you disagree with the Company´s processing of personal data, you may submit a communication to The Data Protection Authority (www.personuvernd.is ).  

9. Contact information 

The Company has appointed a supervisor to monitor compliance with this Privacy Policy. Below you can find the Supervisor´s contact information: 

Inga Kristín Kjartansdóttir, inga@axlaw.is

The Company´s contact information: 

AX Lögmannsþjónusta slf. 

Hlíðasmára 6, 

210 Kópavogi 

11. Revision 

AX Law may from time to time change this privacy policy in accordance with changes to applicable laws or regulations or because of changes in the way Company processes personal data.  

Any changes that may be made to this Policy will take effect after the updated version has been published on the Company´s website.  

This Privacy Policy was adopted on the 15th of June 2021. 

Reykjavík 

  • AX Law slf. 
  • Hlíðasmára 6, 
  • 201 Kópavogi 
  • Ísland 
  • Company no. 540219-0280 / VAT. no. 133910 
  • axlogmenn@axlaw.is