1. About whom we process personal information
We collect information about our clients, the employees of the companies we serve, our employees and other parties we interact with because of our activities, including suppliers, contractors and other parties who provide services for us or in collaboration with us. It depends on the nature of the relationship with each person what information is at issue at each time.
2. How personal information is processed
All processing of personal data is in accordance with applicable privacy laws. The processing is always for clear, legitimate and objective purposes and care is taken to ensure that the information is relevant and not beyond what is necessary.
Information is collected in order to perform the services we provide. Processing of personal and health information about clients and employees of companies utilizing health protection services is necessary to fulfill the needs of the registered person, fulfill contractual obligations of individuals with third parties and service companies for absentee registration and health inspections of employees.
The information may come directly from the person concerned or from a third party, such as from a company where the individual works. The collection and processing of personal information is usually a prerequisite for us to provide the services we provide. Examples of information we work on individuals, directly or indirectly, can be mentioned below:
(i) the social security number, address, address, telephone number and other information necessary for the communication and identification of the person concerned;
(ii) health information, such as information on health, absence from work due to illness, accidents at work and children's illness, and results of health research;
(iii) information from third parties, including companies or agencies that hold personal information about a person, when the aforementioned parties are authorized to provide us with information,
(iv) account information and payment history related to accounting and accounting.
We collect and preserve information about legal representatives who are our clients, to the extent necessary. Examples of such information are those specified in paragraph 2.i.
We process sensitive personal information about individuals, especially health information.
3. Legal basis for processing
We collect and process personal information based on the following sources:
- Based on a person's consent.
- To fulfill the contractual obligation.
- To fulfill legal requirements.
4. Dissemination of personal information
We disseminate personal information to various parties in accordance with legal obligations. These include the Icelandic Health Insurance and the Office of the Director of Health. We also disseminate information to other health care providers and healthcare professionals when appropriate and may be necessary for the services provided. The sharing of personal information may take place on the basis of contracts, including with parties that provide services in computer and information systems and medical devices.
Disclosure can also take place on the basis of the informed consent of the person concerned. Health Protection never sends information about individuals to third parties except on the basis of prior consent or on legal grounds, in accordance with our terms. When employees call us to report absences from work, we only report the length of absence to the company and whether they are due to the employee's illness, child illness or work injury. We may collect statistical information and send companies in our services where all information is non-personally identifiable, in accordance with our terms.
We may be required to provide information to third parties on the basis of authority and / or obligation set by applicable laws and regulations, including government and court rulings. In such cases, we will always respect the rights relating to the information and our own obligations.
When we enter into agreements with external parties that involve the sharing of personal information, it is always ensured that those parties can ensure the security of the information.
5. Your rights
According to the privacy legislation, you have certain rights and you can avail them by sending a request to email firstname.lastname@example.org or contact us at 510-6500. You do not have to pay anything to exercise your rights. We have one month to respond to your complaint, but the deadline can be extended by two months if the request is particularly extensive. We will let you know within a month if so.
- You have the right to access and copy all personal information we process about you. In some cases, exceptions to the right may apply, such as due to the rights of others who weigh more, but the general rule is that access should be granted.
- You have the right to receive corrected personal information about you that you believe is incorrect. You also have the right to add information to the personal information we hold about you and you feel incomplete.
- You are entitled in certain cases to the deletion of your personal information, but we are obliged to record and store certain information. The preservation of medical records data is in accordance with the Act on Medical Records no. 55/2009 and on accounting data in accordance with the Accounting Act no. 145/1994. Other personal information is deleted or rendered non-personally identifiable when personal information is no longer needed for the purpose of the work.
- You have the right to request that processing be restricted in certain situations.
- Then you have the right to file a complaint with the Data Protection Authority if you see a reason for doing so.
- When processing personal data is based on consent, it can always be revoked.
6. How long we keep personal information about you
Personal data is deleted or rendered impersonal at the same time as it is no longer needed for the purpose of the processing. The preservation of medical records data is in accordance with the Act on Medical Records no. 55/2009 and on accounting data in accordance with the Accounting Act no. 145/1994.
We strongly emphasize that privacy and health information is kept confidential. All of our staff is bound by silence and is committed to maintaining the utmost confidentiality. Violations of confidentiality are considered serious to the eyes and are defined.
8. Security of personal information and security breach notification
Security in the processing of personal data is important to us and we have taken appropriate technical and organizational security measures to ensure the protection of personal data. Only employees have access to the data and access controls are used since only those employees who work with the relevant data for their work have access to them. All employee reviews in our records are recorded.
In the event of a security breach affecting your personal information, and if such breach is deemed to pose a high risk to your freedom and your rights, we will notify you without delay. In this sense, a security breach is considered an event that causes your personal information to be lost or deleted, altered, disclosed or unauthorized to access it unauthorized.
10. Learn more
Privacy representative of Health Protection ehf. is:
Jón Örn Árnason
If you believe that we have not processed your personal information legitimately, you can contact our privacy representative via email email@example.com
In the event of a dispute regarding the processing of privacy information, a complaint can be sent to the Privacy Office at the email address firstname.lastname@example.org or by sending a letter to Privacy, Rauðarárstíg 10, 105 Reykjavík (see further at www.personuvernd.is).
Kopavogur 19 February 2019.