Privacy Policy

Modified on Wed, 4 Jan, 2023 at 2:51 PM

The protection of personal data is important to us. Your personal data will be processed by us when visiting our websites, when using our services and when contacting us as a supplier, service provider or comparable contractual partner. In the following, we would like to inform you about the nature, extent and purpose of the processing of your personal data. The terms we use, such as "Processing" or "Responsible" follow the content of the definitions of the General Data Protection Regulation (Article 4 GDPR).


Flekaskil ehf. (hereinafter also: we) provides its customers with Software as a Service. Our customers can use this service to generate and manage their guests’ bookings which they receive directly, via their own websites or third parties and link these with other processing operations. 


Insofar as Flekaskil ehf. processes customers’ booking data, Flekaskil ehf. acts as a data processor. Rights and obligations arising from data processing ensue in this respect from a separate agreement.


I. What types of data are processed for what purpose?

We process personal data only to the extent necessary to provide a functional website, content and services or with the consent of the user. An exception applies in cases where prior consent is not possible or where the processing of the data is permitted by other applicable legal provisions.

1. Provision of the website and creation of log files

Access Data

Our website can be visited without registration. However, in such cases we also collect data on access to our pages and save them as "server log files". The following data is logged:

  1. Information about the browser type and version used 

  2. The user’s operating system

  3. The user’s IP address

  4. Date and time of access

  5. Websites from which the user’s system reaches our website

  6. Websites accessed by the user’s system via our website

The data is collected for statistical purposes and in order to improve our website. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The server log files are regularly checked to maintain the performance of the server, especially when there are concrete indications of unlawful use. The legal basis for the temporary storage of data and log files is Art. 6 paragraph 1 letter f GDPR.


Cookies

We use cookies as part of our online offering. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. The cookies contain a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies primarily to make our website more user-friendly (technically necessary cookies). Some elements of our website require that the calling browser be identified even after a change of page. The following data is stored and transmitted in the cookies:

  1. System settings 

  2. Log-in information 

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features on our website cannot be offered without the use of cookies. In such cases, it is necessary that the browser is recognized even after a change of pages. The user data collected through technically necessary cookies will not be used to create user profiles.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) letter f GDPR.

In addition to our own cookies, third parties also use cookies when using our online service. For details, see the following information.


Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), as part of our online offering. Google uses cookies. The information generated by the cookie about the use of the online offering by the users is usually transmitted to a Google server in the USA and stored there.


Google will use the information we collect on our behalf to evaluate the use of our online offering, to compile reports on the activities within this online offering and to provide us with other services related to the use of the online offering and internet usage. Pseudonymous user profiles can be created from the processed data.


We only use Google Analytics with activated IP anonymization. This means that Google’s IP address will be truncated within member states of the European Union and in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there.


The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users may also prevent the collection by Google of the data generated by the cookie related to their use of the online offering and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com. Google is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection law https://www.privacyshield.gov 


For more information about data usage by Google, settings and contradictory options, please visit the websites of Google: "Google Uses Your Data When You Use Our Partners Sites or Apps", " Advertising ", " Managing information that Google uses to show you advertising "


Google Fonts 

We incorporate the fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA into our online offering. More information: privacy Policy, opt-out


Google ReCaptcha

In order to detect bots, e.g. when entering information on online forms ("reCAPTCHA"), we incorporate the function of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, into our online offering. Further information: privacy policy , opt out 


YouTube

We include videos from the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, in our online offering. Further information: privacy policy opt-out 

Using Facebook Social Plugins 

We use features from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA as part of our online offering. When you visit our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers, and data is already transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish to assign this data to your Facebook account, please log out of Facebook before visiting our page. Interactions, in particular the use of a comment function or the clicking on a "like" or "share" button, are also passed on to Facebook. Find out more at www.facebook.com.


Twitter

As part of our online offering we use features and content from Twitter, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If users of our website are members of the service Twitter, Twitter can assign the calling of contents and functions of our online offering to the profiles of the users there. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation https://www.privacyshield.gov . Further information: Privacy Policy opt-out 


LinkedIn

Within our online offering we use functions and contents of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If users of our website are members of the LinkedIn service, LinkedIn can assign the calling of content and features of our online offering to users’ profiles there. LinkedIn is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation https://www.privacyshield.gov . Further information: privacy policy opt-out 

2. Newsletter 

As part of our online offer, you can subscribe to a free newsletter. 

The data from the sign-up form on our website will be sent to us during the registration. To subscribe to the newsletter, it is sufficient to enter your e-mail address. Supplying a name is optional.

Registration for our newsletter on our website involves a so-called double-opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that nobody can register with external e-mail addresses. Registration for the newsletter is logged as proof of the registration process in accordance with legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.

Providing your e-mail address enables us to deliver our newsletter to you. Should you choose to provide your name, this is used solely to address you personally in the context of our newsletter. The collection of other personal data in the context of the registration process on our website serves to prevent misuse of the services or the email address used. The legal basis for the processing of user data in the scope described is Art. 6 paragraph 1 letter a GDPR.


Newsletter provider

We use Mailchimp as our newsletter software. Your data will be sent to the Mailchimp to facilitate the sending of our newsletter. You can see the privacy policy of the newsletter service provider here. The newsletter service provider uses the data of recipients exclusively in pseudonymous form, without assignment to a user, in order to optimize or improve their own services, e.g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes. The newsletter service provider expressly does not use the data transmitted to it to contact recipients or to pass on the data to third parties.

The legal basis for the transmission of user data is Art. 6 paragraph 1 letter f GDPR.

Performance measurement 

Our newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the server when opening the newsletter from our server, or if we use a newsletter service provider. This call will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. 

  1. About the browser 

  2. IP address 

  3. Time of retrieval 

  4. Followed Links 

This information is used for the technical improvement of our newsletter service. Statistical surveys also include determining if the newsletters are opened, when they are opened, and which links are clicked. The legal basis for the statistical evaluation of the usage data is Art. 6 paragraph 1 letter f GDPR.

3. Contact form and e-mail contact 

A contact form is available on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form will be transmitted to us and saved. These data are:

  1. First name 

  2. Last Name 

  3. Email address 

  4. Website 

  5. Message content

At the time the message is sent, the following data is also stored: 

  1. The user’s IP address

  2. Date and time of sending

Alternatively it is possible to contact the provided e-mail address. In this case, the user’s personal data transmitted by e-mail will be stored. There is no transfer of the data to third parties. The data is used exclusively for processing the message.

The processing of the personal data from clients’ input is used only to deal with the communication. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data, given the provision of consent by the user, is Art. 6 paragraph 1 letter a GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter f GDPR. If the purpose of the e-mail is to conclude a contract, then the additional legal basis for processing is Art. 6 paragraph 1 letter b GDPR.

4. Forum use

As part of our online offering, our customers have the opportunity to leave comments about our services and about contributions by other users. We store the following information:

  1. The user’s IP address 

  2. Date and time of login 

  3. Content of the article 

This processing provides us with protection in the event that an author’s comment infringes the rights of third parties and/or illegal content is sold. No information is passed on to third parties. There is also no comparison between data collected in this process with data that may be collected via other components of our site. The legal basis is Art. 6 paragraph 1 letter f GDPR.

5. Data collection for contract execution with customers

If you make use of our SaaS as a paid service or in the context of a free trial, we will process the data entered in order to provide our services. The basic information we process includes:

  1. Inventory data (e.g., names, addresses). 

  2. Contact information (e.g., e-mail, phone numbers). 

  3. Contract data (e.g., contract, term, customer category). 

  4. Payment details (e.g., bank details, payment history). 

  5. Usage data (e.g., data that includes both the temporal criteria of your use of our service and the extent of its use.). 

  6. Meta / communication data (e.g., device information, IP addresses). 

The processing of this data serves the purpose of enabling the provision of the contractually agreed services; in particular to get in touch with you and to bill for services rendered to you. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter b GDPR.

6. Data collection for contract execution with supplier, service provider or comparable contractual partner

Insofar as you conclude contracts with us for the delivery of goods and services or submit preparatory offers to us or we request such, we will process your personal data insofar as this is necessary for the execution of the contract. The basic information we process includes:

  1. Inventory data (e.g., names, addresses). 

  2. Contact information (e.g., e-mail, phone numbers). 

  3. Contract data (e.g., contract, term, duration). 

  4. Payment details (e.g., bank details, payment history). 

The processing of this data serves the purpose of enabling the provision of the contractually agreed services; in particular to get in touch with you and to bill for services rendered to you. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) letter b GDPR.


  1. Session replays to help with support

We use Freshmarketer for session replays that are deleted after a day to help with our support. Our provider for these replays are Freshmarketer. Review their privacy policy here.

II. Data deletion and storage duration 

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise in the context of this privacy policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. Insofar as the data is not deleted because it is required for other and legitimate purposes, its processing will be restricted, i.e. that data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. In accordance with legal requirements in Germany, data is stored for 6 years pursuant to § 257 paragraph 1 HGB (account books, inventories, opening balance sheets, annual accounts, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 Abs. 1 AO (books, records, financial reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

III. Your rights

If your personal data are processed by us, you are a concerned person within the meaning of the GDPR. You then have the following rights in relation to us or the "controller" within the meaning of the GDPR:

Who is responsible for processing personal information? 

Responsibility for the processing of personal data lies with Flekaskil ehf, Laugavegur 176, 105 Reykjavík, Iceland. info@godo.is

Right of access to personal data

You may request confirmation from us as to whether personal information concerning you is processed by us. You can then request information from the controller regarding the following:

  1. The purposes for which the personal data are processed; 

  2. The categories of personal data being processed; 

  3. The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed; 

  4. The planned period of storage of personal data concerning you or, if specific information is not available, criteria for determining the duration of storage; 

  5. The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; 

  6. The existence of a right of appeal to a supervisory authority; 

  7. All available information on the source of the data if the personal data are not collected from the data subject; 

  8. The existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject. 

You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organization. You can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with such transfers.


Right to Correction

You have a right to the correction and/or completion of your personal data by the controller, insofar as the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

Processing restriction 

You may request the restriction of the processing of your personal data under the following conditions:

  1. If you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information; 

  2. The processing is unlawful and you reject the deletion of personal data and instead demand the restriction of the use of personal data; 

  3. The controller no longer needs personal information for the purposes of processing, but you need it for the purposes of enforcing, exercising or defending legal claims;

  4. If you have objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons. 

If the processing of your personal data has been restricted, your personal data may be processed only with your consent, or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons concerning the important public interest of the Union or of a Member State.

If processing is restricted according to the conditions referred to above, you will be informed by the controller before the restriction is lifted.


Deletion right

You may request that your personal information be deleted immediately if one of the following applies:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed. 

  2. You revoke your consent to the processing in accordance with Art. 6 paragraph 1 letter a or Art. 9 paragraph 2 letter a GDPR and there is no other legal basis for processing.

  3. You register an objection in accordance with Art. 21 paragraph 1 GDPR to the processing and there are no overriding justifiable reasons for the processing, or you register an objection to the processing in accordance with Art. 21 paragraph 2 GDPR. 

  4. Your personal data has been processed unlawfully.

  5. The deletion of the personal data concerning you is required to fulfil a legal obligation under European Union law or the law of the Member States to which the controller is subject.

  6. The personal data relating to you were collected in relation to information society services offered in accordance with Article 8 (1) GDPR.




Right to information disclosed to third parties

If the controller has made the personal data concerning you public and is obligated to delete this data in accordance with Article 17 (1) of the GDPR, the controller, taking into account the available technology and implementation costs, shall take appropriate measures, including of a technical nature, to inform data controllers who process the personal data that you as an affected person have demanded that such data controllers delete all links to this personal data or to copies or replications of this personal data.


Exceptions

The right to deletion does not exist if the processing is necessary 

  1. to exercise the right to freedom of expression and information; 

  2. to fulfil a legal obligation which requires the processing under the law of the European Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferred on the controller;

  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) letter h and i and Art. 9 (3) GDPR; 

  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing;

  5. to assert, exercise or defend legal claims. 




Right to Information

If you have made known to the controller your assertion of your right to the correction, deletion or restriction of the processing of your personal data, the controller is obliged to notify all recipients of your personal data of the correction or deletion of the data concerned or of the restriction of its processing unless this proves impossible or involves disproportionate effort. You have a right to demand that the controller inform you about these recipients. 


Data portability

You have the right to receive data relating to your person that you have passed on to the controller in a structured, current and machine-readable format. In addition, you have the right to transfer this information to another person without hindrance by the controller who has provided you with the data relating to your person, provided that

  1. the processing is based on an agreement pursuant to Art. 6 paragraph 1 letter a GDPR or Art. 9 paragraph 2 letter a GDPR or on a contract pursuant to Art. 6 paragraph 1 letter b GDPR and

  2. processing is done by automated methods. 

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another party, insofar as this is technically feasible. The freedoms and rights of others may not hereby be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.


Right to object

You have the right at any time, for reasons arising from your particular situation, to register your objection to the processing of personal data concerning you that takes place pursuant to Art. 6 paragraph 1 letter e or f; this also applies to profiling based on these provisions.

The controller will no longer process the personal data relating to you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

If the personal data relating to you are processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. 

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.

Right to complain to a regulator

Irrespective of any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.



Effective date: 12.06.2019


                                                                                                                                                            Next category


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article