Personal Data.Information relating to an identified or identifiable natural person.

Your account information. We process this information when you sign up for and use the Services and a reasonable period thereafter in case you decide to re-activate the Services. We collect and associate with your User Account the information you provide to us like your first and last names, email address, mobile phone number, personal code,
address, workplace data, credit card and/or other billing information. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes and to enforce our agreements. We are acting as a data controller for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).

Your uploaded data (Customer Data). In order to provide the Services, we store, process and transmit your uploaded documents (e.g., court documents, hearing records, case files, etc.) and, respectively, data that they contain, as well as information related to them. This data is processed solely in accordance with the directions provided by you. We are acting as a data processor for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).

Your usage information. We collect information related to how you use the Services. We may collect information like IP addresses, the type of browser, device, operating system you use, actions you take when using our Services. We use this information in our legitimate interest to improve our Services, develop new products, features, and functionality, and ensure the security of your account and your data. Should this purpose require us to process Customer Data, the data will only be used in anonymized or aggregated form. We are acting as a data controller for this information.

Other information. We may receive information about you, including your Personal Data, from third parties we are working closely with (like Qualified Trust Service Providers, other Service Providers integrated into our Services, business partners, subcontractors, payment service providers, credit rating agencies) on the basis of agreement or from cookies on the basis of consent. We will treat this information as Personal Data in accordance with this Privacy Policy. We are acting as a data controller for this information.

Contact information. Based on your consent and to answer your questions, we process Personal Data that you provide us when using contact forms on our Website, such as name and surname, email address, phone number, organisation, message and other data that  you provide. We are acting as a data controller for this information.

With your consent. We will only share your personal information when we have your consent.

For internal processing. We shall ensure that the access to the Customer Data will be granted only to those employees or suppliers of Justikal which require such data for performing work functions or providing services to Customers.

For external processing. We may provide the Personal Data to our trusted business partners to process it for us, based on our instructions and in compliance with this Privacy Policy.

Lawful requests. We may disclose the Personal Data when we have a good belief that access, use, preservation or disclosure of such information is necessary to:

satisfy any applicable law, regulation, legal process or enforceable governmental request;

enforce our Terms of Service, including investigations of potential violations;

protect against imminent harm to our rights, property or safety, or that of our users or public as required or permitted by law.

Business transfers. We may share and/or transfer your Personal Data if we become involved in any merger, acquisition, reorganization, sale of assets, bankruptcy.

We have put in place reasonable and appropriate technical and organizational measures to protect the information we collect for the purposes of providing Services, including measures for protection from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data we process. For example, we have  developed a tool for our Customers to control who can access and edit or, instead, merely read certain documents. For sensitive documentation, the Customer can choose to only grant access to the court.

We also carefully select our third-party service providers to make sure that they, as your data processors, likewise ensure an appropriate level of data security.

However, please keep in mind that while we take reasonable steps to protect your Personal Data, no website, computer system or wireless connection is completely secure.

Once you delete your User Account from the Services, your Personal Data will be deleted within 30 days of the date of closure. Your account information and billing information (if applicable) is retained for a period of 7 years in accordance with the Icelandic accounting and taxation laws.

We retain information about your activity and system logs (the actions you take when using our Services) to ensure our Services are provided in a reliable and secure manner. This information related to your activity may contain Customer Data and/or Personal Data. This information is processed for no longer than necessary in relation to the purposes for which they are processed.

You act as a data controller for your uploaded data (Customer Data) that contains Personal Data. We are not responsible for any Personal Data stored at the discretion of our Customers, including but not limited Personal Data disclosed to us via access requests or appearing in documents that you upload.

We are not responsible for the manner in which our Customers collect, handle, disclose, distribute or otherwise process Personal Data. In most cases, Customers will process Personal Data, or documents containing Personal Data, in accordance with the requirements of the applicable type of judicial proceedings and relevant legal acts.

From the moment the User creates a case and uploads Customer Data containing Personal Data, the respective court is considered to be the data controller of such Personal Data, whereas Justikal acts as the court’s data processor providing the Services, as further detailed in the Data Processing Agreement. This includes cases that are not yet accepted by the court and are still “pending”, as the court already has access to the case and the Customer Data therein.

The terms for the cases of Personal Data processing where you are the data controller, and we are the data processor are defined in the Data Processing Agreement.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our Website. Hotjar stores this information on our behalf in a pseudonymized user profile. For further details, please see the ‘About Hotjar’ section on Hotjar’s support site.

We use Google Analytics to analyse the use of our Website. For more information about Google Analytics, see Google’s Privacy Policy.

Cookies are a small piece of information saved in your browser storage. They are used to improve the customer experience in pages and help third-party services to work properly. We use cookies in all our Services. We only store anonymous identifiers and other preferences, so your personal data is not stored. We inform you about the use of cookies when you visit our Website. We ask you to consent to the use of all, except essential, cookies on our Website. We use essential cookies on the basis of our legitimate interest, as we would not be able to provide our Services to you on our Website without the use of these cookies.

We use three types of cookies:

Essential cookies — essential in provision of Services. These cookies ensure that information and services are delivered securely and optimally.

Performance cookies — to monitor visitor behaviour and help us improve our information and services.

Functionality cookies — to help improve your experience by providing a more personalised service. Those cookies remember choices, for example, language, preferred login option etc.

Under the GDPR regulation, data subjects have the following rights:

the right to access personal data held about them;

the right to object to processing (for example, direct marketing);

the right to data portability;

the right to complain about processing carried out by the data controller;

the right to object to automated decision making;

the right for the personal data being updated;

the right to be forgotten;

the right to lodge a complaint with the Icelandic Data Protection Authority (https://www.personuvernd.is/).

We provide you with a convenient way to exercise these rights. You can do this by contacting our Data Protection Officer at dpo@justikal.com.

If you believe that your rights or freedoms have been violated, we encourage you to contact us first. We will endeavour to answer all your questions and resolve any problems as far as legally possible so that you can be sure of the lawfulness and security of the processing of your personal data. In such cases, we will respond to you without undue delay, but in any case no later than within one month after receipt of your request.

We may not allow you to exercise the above rights where, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of criminal offences, breaches of official or professional ethics, or the protection of the rights and freedoms of other persons.