Authenteq Ltd. (“Authenteq” or “we”) is the operator of the website https://authenteq.com (the “Website”) and collects and processes personal data of individuals using the Website (the “User” or “you”). The protection and confidentiality of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable legal data protection laws, in particular with the EU General Data Protection Regulation (the „GDPR“). We process your personal data according to the data processing purposes as listed below.
Any data directly or indirectly referring to you are considered personal data, e. g. name, e-mail address, IP address, etc. We collect and process your personal data on the basis of your express consent or where processing of personal data is permitted by applicable data protection laws. At any rate, we will inform you on the legal basis for the processing of personal data.
We will delete your personal data as soon as the purpose of the storage no longer applies. In addition, data may also be stored if applicable European or national legislature has provided for storage in Union regulations, laws or other provisions which Authenteq is subject to. In particular, Authenteq may be obliged by applicable European or national laws to retain data.
In the following, we inform you on which data are collected in connection with the use of the Website, the legal basis for the processing of personal data, the data processing purposes and how your personal data are processed, the duration of data storage and your rights in connection with data processing carried out by us.
1. Name and contact details of the responsible body
The responsible body (the “Controller”) for processing of your personal data is:
- – Authenteq ehf, Borgartun 27, IS105 Reykjavik, Iceland
- – E-Mail: [email protected]
- – Website: https://authenteq.com
You can reach the Controller and the data protection officer via email at: [email protected]
2. Provision of the Website and creation of log files
We automatically collect and store information in so-called server log files, which the computer system of the computer used to use the Website automatically transmits to us:
- (i) browser type and browser version;
- (ii) operating system used;
- (iii) your IP address;
- (iv) time of the server inquiry.
The data are stored in the log files of our system. These data are not stored together with other User’s personal data and are not combined with other data sources.
The legal basis for the temporary storage of data and log files is Art. 6 paragraph 1 lit. f) GDPR. The temporary storage by the system is necessary to enable the Website to be delivered to your computer. The storage in log files is done to ensure the functionality of the Website. In addition, the data are used to optimize the Website and to ensure the security of our information technology systems. For these purposes, the data must be stored for the duration of the session. Our legitimate interest in data processing pursuant to Article 6 paragraph 1 lit. f) GDPR also lies in these purposes. Without collection and storage of data as described, the operation of the Website is not possible.
The data are stored for seven days and will be then deleted from the web server.
We use so-called “cookies” on our Website. These are small text files sent from our web server to your computer to store certain information (e.g. identification features). If you use our Website anonymously, statistical evaluations are made using cookies for use, including the recording of new and returning visitors.
The presentation of our Website is also possible without the storage of cookies. You can deactivate the storage of cookies in the settings of your browser or set it so that it informs you about the intended storage by a website. In this case you decide about the acceptance of the cookie. For technical reasons, however, it is necessary to allow temporary cookies in full for the full functionality of our Website.
The legal basis is the legitimate interest pursuant to Article 6 paragraph 1 lit. f) GDPR. As the operator of this Website, we have a legitimate interest in analysing user behaviour in order to optimise our Website and, where applicable, our advertising. Further, some cookies are necessary for implementation of security settings provided by third parties.
It is also possible to use our Website without cookies. For more information on blocking cookies, please refer to the help pages of your internet browser. Stored cookies can be deleted in the system settings of your internet browser.
4. Cfduid Cookie
The cfduid cookie is set by the CloudFlare service to identify trusted web traffic. The cookie is necessary for the proper functioning of the CloudFlare service. The cookie does not store any personally identifiable information. For more information see What does the Cloudflare cfduid cookie do.
5. Google Analytics
This Website uses the functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google is certified under the EU Privacy Shield and thus guarantees compliance with European data protection laws, https://policies.google.com/privacy/frameworks?hl=en&gl=de .
Google will use this information to evaluate your use of our Website, to compile reports on website activity and to provide other services associated with the use of the Website and the Internet. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Information generated by the cookies are automatically deleted by Google after 26 months.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this Website in full. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the Website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
6. Contact form
A contact form is available on our Website which you may use to contact us. The data entered in the input mask will be stored by us in the respective e-mail accounts. We use G Suite, the e-mail service provider of Google. For more information please see https://gsuite.google.com/terms/dpa_terms.html?_ga=2.33963492.433621457.1528117485-659710155.1528117485.
Before submitting your data, we will ask for your consent for processing the entered data.
Alternatively, you may send us an e-mail to the e-mail address provided on the Website. We store any personal data you transmit with your e-mail to us. They are stored exclusively in order to communicate with you.
The legal basis for storage and processing of data entered in the contact form is your consent in accordance with Article 6 paragraph 1 lit. a) GDPR, for the storage of personal data transmitted via e-mail Article 6 paragraph 1 lit. f) GDPR. The storage of the latter is necessary for communication with you being the legitimate interest in data processing pursuant to Article 6 paragraph 1 lit. f) GDPR.
We will delete your personal data as soon as the purpose of the storage no longer applies. We regularly check whether data is still needed or whether it can be deleted.
7. Your rights in connection with processing of personal data
In the following, we inform you on your rights that you have in connection with the processing of personal data by us and may exercise according to applicable data protection laws, in particular to the GDPR.
8. Right of access
You have the right at any time to demand information on if we process your personal data. In the event of such processing, you may request the following information from us:
- (i) the purposes for which personal data are processed;
- (ii) the categories of personal data which are processed;
- (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed;
- (iv) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage duration;
- (v) the existence of a right to correct or delete your personal data, a right to restrict the processing by us or a right of objection to such processing;
- (vi) the existence of a right of appeal to a supervisory authority; (vii) all available information on the origin of the data if the personal data are not collected directly from you;
- (vii) all available information on the origin of the data if the personal data are not collected directly from you;
- (viii) the existence of automated decision-making, including profiling in accordance with Article 22 paragraph 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you.
You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed on the appropriate guarantees in connection with the transfer of data.
9. Right to rectification
You have the right to demand us to correct and/or complete your personal data if your personal data processed is incorrect or incomplete.
10. Right to erasure
You may demand your personal data to be deleted if:
- (i) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
- (ii) you revoke your consent to the processing and there is no other legal basis for the processing;
- (iii) you submit an objection to data processing and there are no predominant justifiable reasons for the processing;
- (iv) your personal data have been processed illegally;
- (v) the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
11. Right to restriction of processing
You may request to restrict the processing of your personal data if:
- (i) you deny the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data;
- (ii) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- (iii) we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims;
- (iv) if you have lodged an objection against the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your grounds.
12. Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You have the right to transmit your data to another Controller. Where technically feasible, you have the right to have your data transmitted directly from us to another Controller.
13. Right to object
On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data which is carried out on the basis of Article 6 paragraph 1 lit. f) GDPR. Such grounds exist, in particular, if they underline your interests and outweigh our interest in the respective data processing. If your personal data are processed in order to carry out direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.
14. Right to revoke the declaration of consent under data protection law
If you give us the consent to process your personal data, you have the right to revoke your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
15. Right to lodge a complaint with the supervisory authority
You have the right to address the supervisory authority for any questions or complaints. The supervisory authority is The Icelandic Data Protection Authority.