Privacy Policy

Company: Netheimur (“Netheimur”, “we”, “us”, “our”)
Website: https://netheimur.is
Contact: adstod@netheimur.is

This Privacy Policy explains how Netheimur collects, uses, shares, and protects personal data when you visit our website or use our services (collectively, the “Service”).

1. What we collect

Depending on how you interact with us, we may collect:

Information you provide

  • Name, email, phone number, company name, job title
  • Messages you send us (forms, email, support tickets)
  • Account details (if you create an account), such as login identifiers and preferences
  • Billing details (where applicable). Note: payment processing is typically handled by third-party providers; we do not store full payment card details unless explicitly stated.

Information collected automatically

  • Device and browser details (e.g., IP address, browser type, operating system)
  • Usage data (pages visited, actions taken, timestamps)
  • Approximate location (derived from IP)
  • Cookies and similar technologies (see “Cookies”)

Customer/End-user data processed on behalf of customers
If you use a Netheimur-hosted application as part of your employer/customer relationship, Netheimur may process personal data as a service provider/processor on behalf of that customer. In those cases, the customer is responsible for determining what data is collected and why.

2. How we use personal data

We use personal data to:

  • Provide, operate, and maintain the Service
  • Respond to inquiries and provide support
  • Create and manage accounts (where applicable)
  • Send transactional/service communications (e.g., security alerts, confirmations, billing notices)
  • Send newsletters and marketing messages only if you opt in, and to manage unsubscribes/suppression lists
  • Improve the Service, troubleshoot issues, and analyze performance
  • Prevent abuse, spam, fraud, and security incidents
  • Comply with legal obligations

Where GDPR applies, we rely on:

  • Contract (to provide the Service you request)
  • Legitimate interests (security, service improvement, preventing abuse)
  • Consent (for marketing/newsletters and non-essential cookies, where required)
  • Legal obligation (tax/accounting and other compliance requirements)

4. Email communications

Transactional emails: We send operational emails needed for the Service (e.g., password resets, alerts). You cannot opt out of these without stopping use of the Service.

Marketing/newsletters: We send these only to people who have opted in. Every newsletter includes an unsubscribe link. You can also unsubscribe by emailing adstod@netheimur.is.

We maintain suppression lists to ensure we do not email recipients who unsubscribed or addresses that consistently bounce.

5. Cookies and tracking

We use cookies and similar technologies to:

  • Make the website function properly
  • Remember preferences
  • Understand usage and improve performance
  • Support security and abuse prevention

You can control cookies through your browser settings. If we use optional analytics/marketing cookies, we will request consent where required.

6. How we share personal data

We do not sell personal data.

We may share data with:

  • Service providers who help us run our business (hosting, email delivery, analytics, customer support tools, payment processing). They may only process data under our instructions and for the purposes described here.
  • Legal/compliance recipients when required by law, court order, or to protect rights and safety.
  • Business transfers if Netheimur is involved in a merger, acquisition, or asset sale (with appropriate protections).

7. International transfers

Some service providers may process data outside Iceland/EEA. When this happens, we use appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) where required.

8. Data retention

We keep personal data only as long as necessary for the purposes described:

  • Support/inquiry records: typically retained for operational continuity and auditing
  • Account data: retained while the account is active, and for a limited period after closure unless legal obligations require longer
  • Billing records: retained as required by applicable accounting/tax laws
  • Marketing subscription records: retained until you unsubscribe (and thereafter only as needed to maintain suppression)

9. Security

We use reasonable technical and organizational safeguards to protect personal data (access controls, least privilege, monitoring, and secure configuration practices). No system is 100% secure; if you suspect misuse, contact adstod@netheimur.is.

10. Your rights

Depending on your location (and particularly in the EEA/UK), you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

To exercise these rights, email adstod@netheimur.is. We may request verification before fulfilling requests.

11. Children

The Service is not intended for children under 13 (or the minimum age required by local law). We do not knowingly collect personal data from children.

Our website may link to third-party sites. We are not responsible for their privacy practices. Review their policies separately.

13. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will post an update on this page and revise the effective date.

14. Contact

For privacy questions or requests: adstod@netheimur.is