The aim of this policy is to inform our customers what information is gathered and processed in relation to the customer relationship.

The information regarding the handling of personal data describes how Sp/f Nemlia protects your personal data and statutory rights.

We register and use personal data in relation to our business practice. We take all protective measures regarding current legislation to protect your personal data.

Why do we register and use your personal data?
We register and use information about you to comply with the agreement with you, including agreements about product purchases and services. This means that we register and use personal data when:

• You have or consider entering an agreement with us regarding our service or a

product, cf. the general data protection regulation (GDPR) 6.1 (b)

• You have given us consent to use your personal data for certain purposes, cf. the

GDPR 6.1 (a)

• We are legally obliged to, e.g., referring to
  • Tax legislations
  • Acts on Bookkeeping
  • Payment Services Acts
  • Data Protection Acts
• It is necessary to follow Nemlias legitimate interests, cf. the GDPR 6.1 (f). This may be to prevent abuse or loss and/or for marketing purposes. In this context we register and only use your personal data if our interest clearly weighs more than your interest that we do not process your personal data.

What personal data do we register and use?
We register and use different types of personal data depending on which services or products you have ordered or are interested in, including:

• Basic personal data, e.g., your name, your contact information, and your address
• Information about the services and products we provide you.

Specific categories of personal data (sensitive personal data)
Generally, we do not register sensitive personal data. If this for any reason should become

necessary, we would explicitly ask you for your permission, cf. GDPR 9.2 (a), to register sensitive personal data, unless we have a statutory right to register sensitive personal data, e.g. in respect to legal requirements, c.f. the GDPR 9.2 (f).

Why and how do we register and use your personal data?
We register and use personal data in respect to our services, delivery of our products and

marketing. We register and use information in respect to other activities in relation to specific services and products, including:

• Customer service and administration
• Development of our products, services, systems, and business
• Marketing of our services and products
• Establishment of fees and prices on our services and products
• Identification and approval of customers
• To meet statutory requirements

We collect data directly from you or by observing your actions, e.g., when:

• You complete forms when ordering service or products.
• You call us. We will inform you if we record the call.
• You use our webpage, mobile apps, products, or services.
• You participate in customer satisfaction or campaigns that we have organised.

Our website
Our webpage does not contain functions or tools at the moment, that require us to process personal data.

Our website however does contain cookies, but Nemlia does not store information about you when you visit our website and we can not track you through these cookies. The website only uses socalled sessioncookies. See further information about cookies, when you visit our website https://nemlia.com

Social media pages
Nemlia is active on social media platforms. At the moment, Nemlia has a businesspage on Facebook and LinkedIn.

When you interact with Nemlia on these pages, you make information available for both Nemlia and the social media, for example when you react on our posts on the media by commenting, sharing, liking etc., and when you for example follow or like our page on the social media. The purpose with these kind of processing is to market Nemlia. We have a legitimate interest to do so in accordance with GDPR art. 6.1 (f).

By using these social media platforms, these social media corporations also use your personal data, that is gathered through our pages on the platform, for their own purposes. Nemlia and these social media platforms share the data controller role in these situations.

You can read more about our shared role with LinkedIn here:

https://legal.linkedin.com/pages-joint-controller-addendum and with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum

Authorization
In order to process your personal data, we need authorization. Depending on the type of data

processing, the authorization will be one or several of the following:

• The data processing is necessary to fulfil the contract that you are part of (e.g., your purchase of our products) or carrying out measures which are made on your request, before signing the contract, cf. the GDPR 6.1 (b).
• The data processing is necessary to comply with legal commitment that rests with e.g., pursuant to the legislation, including accounting and tax legislation, cf. the GDPR6.1 (c).
• The development is necessary for us, or a third party to pursue a legitimate interest, which after a balancing of interests
• Concretely, we had to obtain consent from you for the processing, cf. the GDPR 6.1 (a).

 How long do we save your personal data?
We will delete your personal data when we no longer need to process it for one or more of the purposes mentioned above. However, special legislation, including in the Faroese Bookkeeping Act, the Faroese Limitation Act etc., may entail an obligation or right for us to store such data for an extended period of time. The data may also be processed and stored for a longer period, if it is anonymised.

Third parties and your personal data

Third parties that we share personal data with
In certain circumstances, we share your personal data with third parties.

• We pass on personal information to public authorities when necessary and when we hava a legal obligation to do so according to current legislation.
• We can pass on your information to external business partners if we have your consent or have a statutory right to do so.
• In relation to it-development, hosting and support, we transfer personal data to data processors. These data processors can be located inside the EU/EEA area or in third countries. We assure that your rights are protected, and the protection level is upheld in relation to these kind of data transfers.

Transfrers of personal data to a country outside the EU/EEA (a third country) that is considered to provide an adequate level of protection does not require a specific autorisation. Personal data can without further measueres be transferred to such third countries.

Transfers to so-called “unsafe” third countries may be carried out based on a variety of appropriate safeguards that have been established to provide an adequate level of protection of the data subjets´ rights. In terms of a specific example we can refer to entering into the EU-Comission´s standard contractual clauses with the recipient of the personal data.

Security
We have high security standards, also when it comes to the protection of your personal data. Accordingly, we have a range of internal procedures and policies designed to ensure that we live up to our high security standard and thus comply with the requirements for implementation of suitable technical and organisational security measures. Thereby, we do our best to safeguard the quality and integrity of your personal data. 

Your rights

Insight into your personal data
It is possible for you to get insight into registered and used personal data, including where it comes from and what it is used for. You can be told how long we save your information and who receives information about you.

Your right to access can be limited by law or restricted if it is necessary to protect the rights of others. 

Manual handling
You can get an insight into how an automated decision is made and the effects of the decision. You are entitled to a manual handling of any automated estimation. 

Right to object
In some circumstances you may object to our handling of your personal data. This is applicable when i.e., the handling is happening based on our legitimate interests.

Objection against direct marketing
You have the right to object to our use of your personal data for marketing purposes, including profiling in connection with such a purpose. 

Correction or deletion of data
If our data is incorrect, incomplete or irrelevant, you have the right to get the information corrected or deleted with the restrictions that follow the current legislation or rights to handle data. These rights are denoted as “the right for correction”, “the right to delete” and “the right to be forgotten”.

Limited usage
If you think that the registered information about you is incorrect or you have made an objection against our usage of the information, you can demand that we limit the usage of information for digital preservation.

Withdrawal of consent
You can at any time withdraw a consent. Note, if you withdraw a consent, we will possibly not be able to offer certain services or products. Note that we, however, proceed to use your personal data to e.g., honour an appointment we have made with you or if we have statutory right to do so.

Data portability
If we use information that you have given in consent or an appointment, and the processing of information is automated, you have the right to receive a copy of the information you have given in an electronic machine-readable.

Links to other websites etc.
Our website has links to other websites or to integrated websites. Nemlia is not responsible for the content of the websites of other companies (third-party websites) or for the practices of such companies regarding the collection of personal data.

When you visit other websites, you should always read their policies on protection of personal information and other relevant policies.

Changes to our privacy policy
We reserve the right to change this privacy policy based on material changes in legislation, new technological solutions, new or improved features, or to improve our website.

Contact information and complaint procedure.
You are always welcome to contact us if you have a question about your rights and how we register and use your personal data. You can contact us at: nemlia@nemlia.fo

Nemlia Sp/f
TIN: 612952
J.H. Schrøtersgøta 7
FO-100 Tórshavn
Tel.: (+298) 20 22 44

In case you wish to file a complaint regarding how we handle information about you, you can file a complaint to the Faroese Data Protection Agency (Dátueftirlitið):

Dátueftirlitið
Tinganes, PO box 300
FO-110 Tórshavn
Tel.: (+298) 30 91 00
E-mail: dat@dat.fo