Data Protection Information
The purpose of this Data Protection Information is to inform you about our processing of personal information.
The Data Protection Information explains when we have the right to obtain personal information about you, such as when you contact us.
In addition, we have described what kind of information we need and how we protect your information, where we get our information and what rights you have in this regard.
We – The data controller
The Nordic House in the Faroe Islands forms part of a Nordic co-operation, whose goal is to present Nordic art and culture in the Faroe Islands, as well as strengthen Faroese art and culture within the Faroe Islands, in the Nordic countries and across the world.
The public Nordic co-operation takes place within the framework of the Nordic Council of Ministers, where the governments co-operate with the Nordic Council - the parliamentary centre. At the forefront stand the co-operation's ministers and elected parliamentarians.
If you want to know more about the way we process your personal information, please get in touch with us in one of the following ways:
What is personal information?
According to the Faroese Data Protection Act, personal information is any information or evaluation that is or can be, connected to a specific physical person. This could be name, address, telephone number, picture or email address, etc.
We collect personal information in several ways
We collect personal information about you in the following ways:
- When you use our website
- When you buy our products online
- When you sign up for our newsletter
- When you personally provide us with your personal information
- If you enter into a contract with us
- If you contact us directly through email etc.
- If you participate in meetings and lectures in the house
- If you buy tickets to events in the house
Our data processing
We register personal information about you to be able to get back to you or provide you with specific services that you want to receive, such as conveniences, newsletters and other tasks related to our institution and the services that you want to receive or use.
Furthermore, we register personal information for in-house statistics. Only persons, who want to receive newsletters etc., will receive them. You always have the option to let us know if you no longer wish to receive newsletters.
The purpose of collecting and using personal information about you can be divided in the following way:
1) Firstly, there is various information that we have to know about you in order to provide you with good service. Examples include name, address, telephone number and email address, i.e. necessary proof of identification and contact information. If we cannot process this personal information, we are unable to provide you with the services you require. If you e.g. want to sign up to receive the Nordic newsletters it is necessary to consent to the processing of personal information, e.g. email address for the purpose of transmission. There is also a possibility of other grounds for the processing, such as contracts or, when legislation requires it, that we must register and store various personal information. This is, for example, personal information used to fulfill the requirements of the Taxation- and Accounting Act.
2) Secondly, there is also personal information that we would like to know about you, even though this information is not crucial for our processing because when we get this information about you, we are able to provide you with the necessary specialized knowledge that you need. This could be, among others, collected personal information about visits to our website, including IP addresses and cookies on your computer. This is necessary to keep our website running correctly and helps us make the website more userfriendly.
None of the personal information in section no. 2 is highly necessary for us to provide the right service. Therefore, our processing in this connection is your consent.
If we want to use your personal information in a different way than originally intended, we will request a new consent from you if we consider the use to be outside of the previous consent.
We delete your information when it is no longer necessary
We estimate when we will no longer need your personal information, and all personal information is deleted when the need for the information is no longer there.
Some personal information must be stored for at least 5 years in accordance to legislation, among others, the Accounting Act. Personal information is needed, e.g. in relation to invoices to enable us to settle taxes and VAT, and to be able to attest veracity to the authorities, such as contracts etc.
Other information, which is part of the case processing of the Nordic co-operation, is journalized in the proper way in accordance to general public principles. Only essential and necessary personal information will be included in the case processing. When the case processing is concluded, the personal information cannot be deleted. The personal information will be sent to the National Archive where it legally will be deleted in co-operation with the Nordic Council of Ministers.
We transfer your personal information in the following instances
We only transmit your personal information to third parties:
- If it is necessary for us to fulfil legal requirements
- If you have given your consent
- If it is in connection with the use of data processors inside the EU, the EEA or a secure third county
n the extent that the law permits, we may transmit personal information with the aim of either protecting or enforcing our rights. Examples of instances where this could be essential are in connection to preventing falsification or other culpable activities.
If you wish to exercise the abovementioned rights, please send an email to email@example.com titled “My rights concerning the processing of personal information”, where you explain the situation and what right you wish to exercise.
How we store your personal information
We are committed to protecting your personal information in accordance to ethical guidelines, both for our own sake and to abide by all legislation. We use relevant and reliable technical and organizational systems to prevent unauthorized persons from accessing the personal information that we store. The purpose is to prevent personal information from being used, destroyed, changed, publisized or in any other way misused.
We have internal regulations for information security
We have internal regulations for information security, which include policies, guidelines, and procedures etc.
This means, among other things, that personal information is only accessible to the relevant employee, who needs the information. One of our guidelines on information security is that we teach our employees to handle personal information, and have awareness-raising campaigns.
We have launched IT regulations
We have launched IT security systems that will ensure that our IT security is sufficient relative to the information we store.
We have a fixed procedure for reporting, which ensures that we inform the relevant authorities when necessary.
As previously mentioned, we have launched several measures to secure the processing of your personal information. In the event that our IT systems and other systems are compromised, we will inform you of this without delay if your rights and freedom are at high risk.
The registered person has the right to complain to the Dátueftirlitið (The Data Protection Authority) about our processing of personal information. If you have a complaint, you can contact Dátueftirlitið (The Data Protection Authority) in the following ways: