PoliciesPolicies

At EFLA we strive to provide exceptional service that adds palpable value to our customers. We aspire to be the preferred partner for our clients, embodying our core values of courage, cooperation, and trust in every way.

Our principles:

• Professionalism and Reliability: We maintain a high level of professionalism and reliability in all our projects and communication with customers.

• Positivity and Politeness: Our team is characterized by positivity, agility, and polite conduct, always treating others with respect and honesty.

• Timeliness and Responsiveness: We offer prompt service, ensuring swift and secure responses to all customer inquiries and messages.

• Collaborative Problem-Solving: We collaborate closely with our clients to identify optimal solutions, proactively providing advice and embracing innovation for better outcomes.

• Openness to Feedback: We encourage customer suggestions and feedback, swiftly addressing issues and communicating improvements.

• Commitment to Sustainability: We focus on sustainability, having a positive impact on the environment and empowering communities.

Our service policy serves as a guiding compass for how we engage with our valued customers. It complements our other policies and reinforces our mission to become a pioneering knowledge-based company, leading the way when addressing pressing social projects.

Every member of the EFLA team plays a vital role in bringing our service policy to life. At EFLA anything is possible.

This privacy statement describes the procedures used by EFLA regarding the information that EFLA collects in the operation of the company and the manner in which such information is processed. The majority of the customers of EFLA are legal entities. In cases where EFLA works with personally identifiable information, however, efforts are made to use as little personally identifiable information as possible, without, however, detracting from the services provided to the customer.

EFLA is concerned about the security of the personally identifiable information of customers and its employees and is determined to ensure reliability and confidentiality, as well as the security of the personally identifiable information that is processed within the company. As a result, all personally identifiable information is treated in a lawful and fair manner and in accordance with personal data protection legislation in effect in Iceland, as well as the relevant provisions contained in the EEA Agreement.

What personally identifiable information does EFLA collect about you?

The nature of the contract and other communications will dictate what information is collected. Efforts are made to only collect personal information directly from customers and other stakeholders. EFLA collects, as applicable, the following personal information:

• Name
• E-mail
• Tel. No.
• ID No.
• Address
• Workplace
• Account No.
• IP numbers
• Signatures

EFLA's policy is to refrain from collecting personal information that can be classified as sensitive personal information, information on culpable offences or personal information on children under the age of 13.

The purpose of collecting personal information

The purpose of collecting personal information is to:

• Execute and fulfil the contracts that the company has entered into, such as project agreements, service agreements and employment contracts.
• Manage communications histories and ensure traceability as applicable.
• Engage in marketing and prepare marketing material in specific cases.

Legal grounds for processing

EFLA collects and process personal information based on the following authorisations:

• To fulfil contractual obligations
• On the basis of granted permissions
• To protect the legitimate interests of the company
• To fulfil legal obligations

The legitimate interests of EFLA involve actions that are necessary to manage the operation of the company and which necessitate the collection and processing of personal information, such as fulfilling the object of the company according to its Articles of Association, attending to business relations with our customers, managing employee issues and organising the execution of the work of the company, providing access to the appropriate information systems of the company, complying with internal and external rules, documentation requirements and handling of requests, complaints and claims from third parties.

Disclosure of personal data to third parties

Under no circumstances does EFLA sell personal information. EFLA only discloses personal information to third parties as required by law or in the case of a service provider, agent or contractor who is appointed by EFLA to work a predetermined task. An example of such are parties who are responsible for hosting information and telephone systems. In the event that a party with whom EFLA shares information is considered processor, EFLA makes a processing agreement with the party receiving your personal information. Such agreements stipulate, inter alia, the obligation of processors to keep your personal information safe and to not use it for other purposes. EFLA also shares personal information with third parties when this is necessary to protect the company's critical interests, such as collecting on non-payments.

EFLA's personal privacy policy does not extend to information or processing by third parties; we have no control or responsibility for the use, disclosure or other work by them. We encourage you to familiarise yourself with the personal privacy policy of third parties, e.g. by the web hosting providers of sites that may refer to us, software companies such as Facebook, Apple, Google and Microsoft, along with the payment service you choose to use.

Storage time of personal information

The storage time of personally identifiable information at EFLA is variable and depends on the nature of the information each time. EFLA, however, endeavours to ensure that information is not kept for longer than necessary, unless there is legitimate reason to do so. EFLA, therefore, stores personal information for the time necessary to fulfil the object of the processing as described above and for as long as the information is necessary for the company so that it is able to fulfil its role or while such storage is obligatory according to law. Personal information stated on invoices is stored for seven years in accordance with accounting legislation. A review of the personal data stored is performed once a year. If it becomes apparent on review of the personal data stored that EFLA no longer requires the data for processing or due to a legal obligation to store your personal information, EFLA will stop processing and storing personal information from that time.

You are entitled to receive:

• Information on what personal information EFLA has about you and their origin, as well as information on the manner in which your personal information is processed
• Access to the personal information processed about you and to request that such information is sent to a third party

You are also entitled to:

• Have your personal information updated and corrected if necessary
• Have EFLA delete your personal information if there are no objective reasons or legal obligations to store such information
• Submit your objections if you wish to limit or prevent the processing of your information
• Withdraw your approval that EFLA may collect, record, process or store your personal information when the processing is based on such approval
• Information on whether automatic decision making is carried out, what the reasoning is behind such decision making and a review made of such automatic decision making
• Submit a complaint to regulatory bodies should you see reason to do so

Request for access to information

All requests for access to your own information, demands for corrections or the deletion of personally identifiable information should be sent to the e-mail personuvernd@efla.is.

We will confirm receipt of the request and will normally respond to requests within a month from receipt. In the event that it is not possible to respond within one month, we will notify you of the delay within one month.

The party making the request must be able to verify his identity before the request is taken into consideration.

Security of personal data and notifications of security breaches

Security during the processing of personal information is important to EFLA, and we have taken the appropriate technical and organisational security measures to ensure the protection of your personal information in tune with our policies on security. In the event of a suspected security violation, the IT Department, in co-operation with the information security team and the Managing Director of EFLA, will immediately embark on the appropriate measures to stop the security violations as soon as possible and minimise the damage as much as possible. In the event of a security violation involving your personal information and when such violation is considered to pose considerable risk to your freedom and rights, we will notify you without undue delay. In this sense, a security violation is considered an event that has the result that your personal information is lost or deleted, changed, disclosed or accessed by an unauthorised person.

The employees of EFLA have been informed about the correct response to suspected security violations.

Review and revision of the EFLA Privacy Statement

The EFLA Privacy Policy is under continuous review to ensure that the strictest requirements are always fulfilled. Customers are encouraged to find out about EFLA's working practices as regards personal data protection and contact us if any questions arise at the e-mail address personuvernd@efla.is.

The EFLA Privacy Policy is regularly reviewed and updated if necessary. The most recent update of the Policy was on 20 September 2018.

EFLA places high value on environmental and social responsibility in every aspect of its operation and continually strives to do so. EFLA strives for leadership in new environmental friendly solutions in its services.

As a part of this commitment EFLA has joined the UN Global Compact and commit to the ten principles regarding human rights, labour, environment and anticorruption.

EFLA's Sustainability Report

Key requirement for participating in the Global Compact is annual submission of a Communication on Progress (COP) that describes EFLA´s efforts to implement the ten principles. EFLA publishes its sustainable reports that contains information about the performance and progress in accordance with the ten principles of UN Global Compact.

The ten principles of the UN Global Compact are:

Human Rights

• Businesses should support and respect the protection of internationally proclaimed human rights
• Make sure that they are not complicit in human rights abuses

Labour

• Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining
• The elimination of all forms of forced and compulsory labor
• The effective abolition of child labor
• The elimination of discrimination in respect of employment and occupation.

Environment

• Businesses should support a precautionary approach to environmental challenges
• Undertake initiatives to promote greater environmental responsibility
• Encourage the development and diffusion of environmentally friendly technologies

Anti-Corruption

• Businesses should work against corruption in all its forms, including extortion and bribery

EFLA as a member of UNGlobal Compact is committed to ensure integration, consistency and social responsibility principles as a part of its strategy, culture and day-to-day operations, making a clear statement of this commitment to the stakeholders and general public.

EFLA’s strength is built on its highly qualified and experienced professionals with expertise in a wide variety of fields. The company mission is to enable and support the success of its customers and society as a whole through progressive and value-driven solutions. 

EFLA’s employees are guided by the company values in all their work, decision making and communication with partners and customers.