GDPR policy

PERSONAL DATA PROTECTION POLICY OF THE UNIVERSITY OF ICELAND LOTTERY

One of the objectives of the University of Iceland Lottery is to guarantee the reliability and safety of the personal data it handles on behalf of the institution. In its personal data protection policy, the University of Iceland Lottery (UIL) places an emphasis on the importance of ensuring that the processing of any personal data within the institution is conducted in accordance with the provisions of the personal data protection policy. The privacy policy applies to any processing of personal data on behalf of the UIL. Employees are obliged to always be guided by the policy when working with personal data.

PROCESSING OF PERSONAL DATA

In its work, the University of Iceland Lottery needs to collect certain data. Personal data are considered to be any kind of data which can be used to directly or indirectly identify individuals, such as collected, logged, stored or deleted data. The collection of personal data shall be limited to the data that is needed and appropriate for the purpose of the processing of the data in each case. Care shall be taken to ensure that the processing of the personal data is not out of line with the original purpose of the processing and that the processing of the personal data does not exceed what is required to reach the desired objective.

The main personal data of customers which UIL handles are: National ID number, name, address, phone number, email address and debiting information.

SECURITY OF PERSONAL DATA

The University of Iceland lottery ensures the appropriate security of personal information, including protection against unauthorized or illegal processing and against loss, deletion or damage caused by accidents, through appropriate technical and organizational measures. Privacy protection measures have been put in place and tailored to the size, nature and operations of the organization, as well as the amount and nature of the personal data processed and the risks (including the use of encryption where appropriate). To ensure the security of the processing of personal data, there are appropriate procedures, which are tested on a regular basis.

In the event of a security breach in the processing of personal data, where there is either confirmation or the suspicion that personal data may have fallen into the hands of an unauthorized party, the Data Protection Authority and, as the case may be, individuals are notified of a security breach, unless the risk is considered to be insignificant.

CUSTODY OF PERSONAL DATA

The University of Iceland Lottery is an entity subject to an obligation of transfer in accordance with Public Archives Act no. 77/2014. This means that the Lottery is not permitted to destroy or dispose of any document that falls within the scope of the Act, except with the special permission of the State Archivist.

RELIABILITY OF PERSONAL DATA

Personal data shall be reliable and updated when necessary. Care shall be taken to ensure that unreliable personal data is deleted or corrected without delay. We must ensure that the personal data we possess is reliable, accurate, up to date and appropriate for the purpose of the processing. We check the reliability of personal data when they are collected and regularly thereafter. We take the appropriate measures to delete or correct unreliable or out-of-date personal data.

The University of Iceland Lottery takes the appropriate measures to guarantee the reliability and accuracy of the data and information that is processed on behalf of the institution. These measures are designed to protect personal data from being accidentally lost or altered and from unauthorized access, copying, use or dissemination.

RIGHTS OF REGISTERED INDIVIDUALS

Individuals may request a copy of any of their personal data held by The University of Iceland Lottery. If such a request is received it shall be processed as swiftly as possible and preferably in no less than a month.

DATA PROTECTION OFFICER

The Data Protection Officer of the University of Iceland Lottery is Attorney Hörður Helgi Helgason. The Data Protection Officer is responsible for monitoring that the applicable laws and regulations regarding personal data protection are observed in the activities of the institution. Queries, remarks and notifications regarding the processing of personal data can sent to him by email at [email protected].

In the event of a dispute regarding the processing of personal data, a complaint can be emailed to the Data Protection Authority at: postur@persónuvernd.is or sent by regular mail to: Persónuvernd (Data Protection Authority), Rauðarárstígur 10, 105 Reykjavík, Iceland.