The Data Protection Policy of Ölgerðin Egill Skallagrímsson hf.

Ölgerðin Egill Skallagrímsson hf. (also referred to as the “company” and “us”) has committed itself to ensuring reliability, confidentiality and the security of personal information that is used within the company. This data protection policy applies to the personal information pertaining to individuals who are in business with the company, visitors to the Visitor Centre, contractors, contacts that represent legal entities in business with the company, consumers who contact the company, contacts at the company’s suppliers and other contacts (hereinafter jointly and collectively referred to as “you”).

This data protection policy is intended to inform you of which personal information the company collects, how the company uses such personal information and who is able to access the information.

If you have questions as to how this policy pertains to you, please contact the Managing Director of the Communications Department or send an e-mail to personuvernd@olgerdin.is for further information.

1. Purpose and legal requirement

Ölgerðin seeks to meet all aspects of the Data Protection Act, and this policy is based on Act No. 90/2018 on Data Protection and the Treatment of Personal Information (“the Data Protection Act”), with later amendments.

2. What is personal information?

Personal information as pertains to this policy includes any information on an identified or identifiable individual, i.e. information that can be traced directly or indirectly to a specific individual. Data that cannot be traced to a specific individual is not considered personal information.

3. Personal information of clients processed by Ölgerðin

We collect and store different types of personal information on our clients. The personal information collected on you may vary depending on whether you are in business with Ölgerðin yourself or whether you represent a legal entity in business with the company.  

The following are examples of personal information which Ölgerðin processes on individuals in business with the company:

Contact information, such as names, phone numbers and e-mail addresses;
National ID No.;
Credit rating information;
Information from communications;
Account information;
Business contracts; and
Information on collections activities.

The following are examples of personal information which Ölgerðin processes on individuals representing legal entities in business with the company:

Contact information, such as names, phone numbers and e-mails;
E-mail for service survey;
Communication history;
Information on surety; and
Information on the credit rating of the person authorised to sign for the company. 

In addition to the information above, Ölgerðin may also collect and process additional information that customers or representatives/contacts of customers provide the company as well as information necessary to its operations. The information is processed primarily in order to meet contractual obligations toward the company’s clients but also on the grounds of our legal interest in ensuring that the company’s customers receive good service, e.g. via the review of complaints and the conducting of customer surveys.

As a general policy, Ölgerðin acquires personal information directly from a customer or the customer’s contact. Information may, in some instances, come from a third party, i.e. Credit Info in cases where an individual requests credit account transactions from the company. If personal information is acquired from a third party in any other case, the company will seek to inform the customer of such.

Information on customers and the representatives/contacts of customers are kept for four years following the end of business. If it pertains to information subject to the Act on Accounting, the information is kept for seven years following the end of the respective fiscal year. Information from customer complaints may be kept longer, i.e. if the complaint indicates that a product had negative effects on health.

4. Personal information processed by Ölgerðin on visitors to the Visitor Centre

Upon registering for a workshop or other event at the Visitor Centre, we request information on you, including your name and contact information, for the purpose of managing registration. During registration, you may also choose whether your information will be included on a mailing list used to draw attention to new features at the Visitor Centre.

The information is processed, on the one hand, on the basis of your contract with Ölgerðin on participating in an event held by the Visitor Centre and on the other hand, based on consent.  

Information on names and contact information are kept no longer than four years from the date of the workshop. E-mail addresses are kept on the mailing list until approval is withdrawn, which can be done through the unregister button in the newsletter. You may always revoke your approval.

5. Personal information processed by Ölgerðin on suppliers’ contact information

The processing of personal information on supplier’s contacts may be necessary to meet the company’s contractual obligations toward the respective supplier, and the company has a legal interest in doing to so for the purpose of simplifying communications and improvement co-operation with suppliers. The information in this regard is as follows:

Contact information, including name, phone number and e-mail address;
Title of employment; and
Information from communications.

In addition to the information above, Ölgerðin may also collect and process additional information that contacts themselves provide the company. The information is generally acquired directly from the contact but may also be acquired directly from the supplier.

Information on contacts is deleted or updated when the company is notified that changes have been made to contact information. The aforementioned information is kept for no longer than four years after the end of the contract between the company and the supplier, unless the information is subject to the acts on accounting or customs.

6. Personal information processed by Ölgerðin on contractors

We collect personal information on contractors working for the company, and that information is processed in accordance with the nature of the projects the respective contractor is working on for the company.

The following are examples on information that Ölgerðin may collect on you as a contractor so that the company can meet its obligations on the basis of the contractor agreement:

Contact information, such as name, national ID No., phone number and e-mail address;
Information on education, training and experience; and
Account information.

In addition to the information above, Ölgerðin may also collect and process additional information that contractors themselves provide to the company, as well as information that is necessary to its operation, i.e. information from the security systems of Ölgerðin’s buildings.

If you work for the company in a role of influence, the company also uses personal information from your social media accounts and conducts performance reviews following campaigns based on the company’s legal interests.  

The information is generally acquired directly from you but may also be acquired directly from a third party, e.g. a consulting firm that analyses the effectiveness of social media campaigns. The company may also provide personal information to comparable consulting firms for the purpose of analysing co-operation efforts.

Information on contractors is kept for no longer than four years after the end of a project unless the information is subject to the act on accounting, in which case information is kept for seven years following the end of the respective fiscal year. Should the company decide to keep the information for longer on contractors that have worked for the company, approval is sought.

7. Personal information processed by Ölgerðin on consumers

Ölgerðin receives various queries and comments from consumers, e.g. through e-mail and the company’s Facebook page, that contain personal information. Should you send the company a complaint, we may have a legal interest in holding your contact information, i.e. name, phone number and e-mail address, in order to follow up on your notification and in some instances provide compensation for damages or faulty products.

Information provided to the company from consumers is kept by the company for no longer than four years after the notification was made unless the correspondence indicated that health damages were caused, which provides reasoning to keep the information for longer.

8. Personal information processed by Ölgerðin on other contacts

In its operations, the company also collects communications from various contacts, e.g. from the institutions and authorities with which the company has regular communications. This is done on the basis of the company’s legal interests in simplifying communications, and the information is either updated or deleted as is called for at any given time.

9. Electronic surveillance on Ölgerðin premises

For the purpose of security and asset protection and based on the legal interests of Ölgerðin, security cameras are used to conduct surveillance on company premises. The use of security cameras is indicated through the appropriate signage.

Should you, as a contractor, have access to secure areas of the company’s buildings, information on your movements through the building may also be collected in the interest of security and asset protection.

Information collected through electronic surveillance is kept no longer than 90 days.

10. Submission to third parties

Ölgerðin may submit your personal information to third parties in connection with their contractual relationship with the company. As an example, information on you may be provided to a consulting firm relating to a customer survey, to a collections service relating to past-due invoices or to a transport company relating to the distribution of products.

Your personal information may also be provided to a third party to the extent permitted or required by the relevant laws or rules, i.e. to the Customs Authority or the Tax Directorate relating to their monitoring obligations pertaining to alcohol production and import.

Personal information may also be provided to a third party that provides us with information technology services or other services relating to production and is a part of the company’s operations. These parties may be located outside of Iceland. Ölgerðin will not, however, submit information outside the European Economic Area unless it is permitted on the basis of the relevant personal information laws, i.e. on the basis of standard contract terms, your approval or the Data Protection Agency’s register of states that provide adequate protection of personal information.

In closing, your personal information may also be handed over to the extent permitted or required by the relevant laws or rules or in response to legal actions such as searches, subpoenas or court rulings.

11. How is the security of personal information guaranteed?

Ölgerðin aims at taking the relevant technical or organisational action to protect personal information, with particular consideration for its nature. These actions are intended to protect personal information from being lost or accidentally altered or from unauthorised access, copying, use or distribution. Examples of security measures taken by Ölgerðin are controlled access to the company’s systems.

12. Changes and corrections to personal information

It is important that the information used by Ölgerðin is both correct and relevant. Therefore, it is important that the company is notified of any changes that may occur to your personal information.

You have the right to the correction of your unreliable personal information. In consideration of the purpose of processing of personal information, you also have the right to have incomplete information on you completed, including through the provision of further information.

Please direct any updates to the Managing Director of the Communications Department or send an e-mail to personuvernd@olgerdin.is for further information.

13. Your rights pertaining to the personal information processed by the company

You have the right to receive confirmation as to whether or not we process your personal information, and if so, you may request access to your information and information on how the processing takes place. You may also have the right to receive a copy of the information. Under certain circumstances, you may request that the company send information that you yourself have provided, or which has come from you, directly to a third party.

Under certain circumstances, you may request your personal information be deleted without delay, for example when the storing of information is no longer necessary to fulfil the purpose of the procedure or because you revoke your approval for the processing of personal information, provided no other permission provides the basis of such processing.

Should you not want your information deleted, i.e. because you need it to defend yourself in a claim, but nevertheless want it to be processed no further by the company, you may request that its processing is restricted.

If the processing of your personal information is based on the legal interests of the company, you also have a right to object to that processing.

The aforementioned rights are, however, not implicit. There may be laws in place that oblige the company to deny your request to delete or access data. The company may reject your request based on the rights of the company, i.e. on the basis of copyrights, or the rights of other parties, i.e. on the right to privacy, should the company find that those rights take precedent.

Should a situation arise where the company cannot meet your request, the company will seek to explain why the request was denied, with consideration, however, for restrictions based in legal obligations.

14. Queries and complaints to the Data Protection Agency

If you seek to exercise your rights as described in Article 13 of this policy or if you have questions regarding this data protection policy or how the company treats your personal information, please contact the Managing Director of the Communications Department or send an e-mail to personuvernd@olgerdin.is.

If you are dissatisfied with the company’s processing of personal information, you may notify the Data Protection Agency (www.personuvernd.is).

15. Communications information

We have appointed the Managing Director of the Communications Department to monitor the execution of this data protection policy.

Contact information for the company:

Ölgerðin Egill Skallagríms ehf.
Grjótháls 7-11
110 Reykjavík

16. Review

Ölgerðin may change this data protection policy in accordance  changes to the relevant law or regulation or in accordance with changes in how the company uses personal information.

Any changes that may be made to the policy take effect after the updated version has been published on the company’s website.  

This data protection policy was enacted on [●].

The Data Protection Policy of Ölgerðin Egill Skallagrímsson hf.

Job Applicants

Ölgerðin Egill Skallagrímsson hf. has committed itself to ensuring the reliability, confidentiality and security of the personal information of those applying for jobs at the company. This data protection policy is intended to inform applicants which personal information the company collects and how the company uses such personal information.

This data protection policy applies to the personal information of all those applying for work at Ölgerðin. The policy refers to applicants as “you” and the company as “us”.

1. Purpose and legal requirement

Ölgerðin seeks to meet all aspects of the Data Protection Act, and this policy is based on Act No. 90/2018 on Data Protection and the Treatment of Personal Information (“the Data Protection Act”).

2. What is personal information?

Personal information as pertains to this policy includes any information on an identified or identifiable individual, i.e. information that can be traced directly or indirectly to a particular individual. Data that cannot be traced to a specific individual is not considered personal information.

3. Personal information collected and processed by Ölgerðin

We collect and store various types of personal information on applicants, and processing and collection is partly determined by the type of job applied for.

The following are examples of personal information which Ölgerðin processes on applicants:

Contact information, such as name, national ID No., address, phone number and e-mail address;
Job applications;
Resumes and information on education, training and work experience;
Information from references and staffing agencies in some cases;
Information from job interviews.

In addition to the information above, Ölgerðin may also collect and process additional information with which you provide the company during the application process.

As a general policy, Ölgerðin acquires personal information directly from you. In instances where personal information is acquired from a third party, the company will seek to inform you of such.

If you are offered a position with the company, the company may request a copy of or information from your criminal record, a copy of your driver’s licence, lift truck licence and your licence relating to further specified work, prior to finalising the employment contract.

4. Why do we collect personal information and on what grounds?

We collect information on applicants first and foremost to assess whether qualifications of applicants meet the requirements of the respective position.

The personal information we process on you is done in relation to your application for work at the company, i.e. on the grounds of your request to enter a contract with the company.

In specific instances, we may acquire your approval to use further specified information, in connection with the storage period of the information you provide us with or relating to the submission of your application to Ölgerðin subsidiaries. In such cases, you may always revoke your approval.

It should be noted that if you decide against providing Ölgerðin with requested information during the application process, that may lead to the company being unable to hire you.

5. Access to personal information and submission to third parties

Access to information on applicants is limited to the human resource department of Ölgerðin and the executives and managers of the job that is applied for.

Ölgerðin may submit personal information on applicants to references or staffing agencies in connection with application process. It should be noted that Ölgerðin utilises processing firms in connection with its information technology services, where your personal information may be stored or made available due to such services.

Ölgerðin will not, however, submit information outside the European Economic Area unless it is permitted on the basis of the relevant personal information laws.

6.  How is the security of personal information guaranteed?

Ölgerðin aims at taking the relevant technical or organisational action to protect your personal information. These actions are intended to protect personal information from being lost or accidentally altered or from unauthorised access, copying, use or distribution.

Applications and other data relating to the application process that are stored electronically are saved in Ölgerðin’s computer system, which has restricted access. Printed information is stored in locked cabinets.

7. Storage of personal information

If six months have passed since the application deadline for the job applied for or since you submitted a general application, Ölgerðin will delete you personal information if you were not hired. Ölgerðin may, however, seek your approval to extend the storage period.

If you are hired, Ölgerðin moves your personal information into an electronic employee file, which is processed according to a specific company policy.

8. Changes and corrections to personal information

It is important that the information used by Ölgerðin is both correct and relevant. While the application process is ongoing, it is important that you notify the company of any changes that may occur to your personal information.

Please direct any updates to the company’s human resource department.

9. Your rights pertaining to the personal information processed by the company

In some instances copies, you are entitled to access the personal information that Ölgerðin processes on you, as well as information on the process itself.

Under certain circumstances, you may also be authorised to request that your personal information be deleted or its processing restricted. You are entitled to have your personal information corrected if it is inaccurate.

In addition, you may have a right to a copy of the information you have submitted electronically to Ölgerðin or for us to send it directly to a third party.

The aforementioned rights are, however, not implicit. There may be laws and regulations in place that either require or allow the company to reject your request to utilise said rights.

10. Applicant queries and complaints to the Data Protection Agency

If you seek to exercise your rights as described in Article 9 of this policy or you have questions regarding this data protection policy or how the company treats your personal information, please contact the Managing Director of the Communications Department or send an e-mail to personuvernd@olgerdin.is.

If you are dissatisfied with the company’s processing of personal information, you may notify the Data Protection Agency (www.personuvernd.is).

11. Communications information

We have appointed the Managing Director of the Communications Department to monitor the execution of this data protection policy.

Contact information for the company:

Ölgerðin Egill Skallagríms ehf.
Grjótháls 7-11
110 Reykjavík

12. Review

Ölgerðin may change this data protection policy in accordance with changes to the relevant law or regulation or due to changes in how the company uses personal information. An updated version of the policy will be published on Ölgerðin's job application website or advertised in another demonstrable manner.

Any changes that may be made to the policy take effect after the updated version has been published on the company’s job application website.

This data protection policy was enacted on [●].

Company policies

Quality policy

Quality is vital and should be a consideration in everything we do. To maintain and improve the image Ölgerðin has created over the years, we ensure that:

  • All our products are first class, a standard that will never be compromised
  • All product handling is in a line with the best known procedures each time.
  • Our costumers’ experience of dealing with us exceeds expectations every time.
  • All our actions are in accordance with laws and regulations, and that we fulfil the demands of our costumers and other interest groups.
  • We continue to seek ways to improve, that we learn from our mistakes and that we think without limitations.

Environmental policy

Ölgerðin’s main objective is to develop and sell products that are better for the consumer. As the natural environment is an important part of every consumer’s quality of life, it is vital that we are as environmentally friendly as possible in all our activities. We can do this by:

  • Fulfilling laws and regulations regarding the environment and making sure that all employees are aware of the importance of protecting the environment.
  • Avoiding all waste during handling and use of raw materials and packaging,- reusing and recycling material whenever possible and disposing of waste in the proper manner.
  • Trying to use environmentally friendly packaging and materials, as long as they do not jeopardize product safety.
  • Keeping the company's pollution controls up to date with laws and regulations, and by making sure that all changes and new housing are likely to meet future expectations in the field.
  • Continuously seeking ways to reduce the use of packaging and energy during the production, sales and distribution of the company’s products.

Responsible advertising towards children

Special precautions should be taken when advertising or marketing towards children and adolescents.

  • Adverts aimed at children under the age of 12 should not be made or distributed, as children of that age are not mature enough to understand and evaluate the message of advertising.
  • The trust that children have towards their parents, teachers or sport coaches should not be used to impose a message in advertising.
  • The message of advertisements should not undermine the authority of parents and children should not, in any way, be encouraged to pressure their parents into buying certain products.
  • Adverts that affect children should not be broadcasted at times when children are likely to be watching alone, e.g. during children’s programming in the morning.
  • All promotional material should first be directed at the parent, who can then decide whether the child should receive it.
  • Promotional material should not depict children in dangerous situations.