PRIVACY POLICY OF TÍMATAL EHF.

We at Tímatal ehf. (hereinafter referred to as „Tímatal“ or „we“) take privacy very seriously. 

In connection with customers‘ use of the scheduling and service system Tímatal and the use of the booking system Noona (hereinafter referred to as the „Systems“) Tímatal processes personal data. 

Tímatal ehf. both acts as a data processor and as a data controller, within the meaning of the data protection legislation, in relation to different data processing activities. 

Where Tímatal acts as a data processor we have concluded a special processing agreement with our customers.

This privacy policy however applies in relation to Tímatal’s processing as a data controller. 

This privacy policy describes what personal data Tímatal processes, to whom that data belongs, for what purpose the processing takes place, for how long the data is stored etc.

All processing of personal data is carried out in accordance with applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") and the Icelandic Data Protection Act No. 90/2018 on Data Protection and the Processing of Personal Data. 

  1. What personal data do we collect and why?


  1. Customers and representatives of customers, Tímatal and Noona

Our customers are in most cases legal entities but in order to communicate and provide our services we need to be in contact with our customers’ representatives. The data we process about our customers ‘representatives is: 

  • contact information, e.g., name, position, email address and telephone number,
  • communication history, e.g., copies of e-mail communications and service requests

Where our customers are individuals, we also process data about the customer's ID number and address as well as copies of invoices.

This processing is carried out on the basis of our agreement with the customers.

If a person requests a trial subscription to Tímatal, we also process data about that person's name and e-mail address in order to be able to create access to the system. This processing is necessary in order to comply with the request and provide the requested access.

  1. Noona’s users 

When users book services through the Noona scheduling system, we process the user's contact information and information about the requested services as a so-called data processor for the company from which the user requests services from („service provider“). The same applies to users ordering services from Tímatal's customers who use the Tímatal scheduling system to manage appointments. For information on how the service providers process the user’s data, please see the privacy policies of the service providers in question. Tímatal only processes this data on the basis of instructions from the service providers. 

In order to be able to provide users with additional services, e.g. keep track of all appointments with different service providers in one place, propose new products and services that users may be interested in and send users discounts and offers on different products and services, we may request users’ consent for processing that is necessary in order for us to be able to provide users with this service.

If you provide us with such a consent, we will process the following data:

  • your contact information, e.g. name, ID number, address, telephone number and e-mail address,
  • photo if you choose to add it to your profile,
  • transaction history, e.g. information about your appointments with different service providers, and
  • selection of your favourite service providers

This processing is carried out on the basis of your consent. You have the right, at any time, to revoke your consent which then applies to processing that has not already taken place.

In addition to the above, we may process information about your communication history with Tímatal, e.g. service requests. Such processing is necessary so that we can provide you with our service and answer inquiries and requests for assistance.

We may also invite you to sign up for our mailing list so that we can send you news and offers. Such processing is also subject to your consent, and you may unsubscribe from such mailing list at any time. 

  1. The website of Tímatal and Noona – cookies 

The websites www.timatal.is and www.noona.use cookies. The cookies that can be found on Noona's website are only statistical cookies and their use is carried out on the basis of our legitimate interests. We do thus not request a specific consent for the use of such cookies. On Tímatal's website, however, you can find both statistical cookies and marketing cookies. Use of marketing cookies is subject to users’ consent.

Additional information about Tímatal’s use of cookies can be found in the company's cookie policy.

  1. Inquires

If you contact us and request information about our services or our assistance, we need to process your contact information and other information you send us so that we can answer your inquiry. Such processing is therefore carried out on the basis of your request.

  1. Disclosure of data to third parties 

Tímatal may use the services of external service providers, e.g. in terms of hosting and technical support. Such parties then act as data processors on behalf of the company and the company concludes agreements with such parties that ensure the security of the personal data processed. Only authorized hosts with a number of security certificates are used.

If Noona’s users select their favourite service providers, Tímatal may share the fact that a user has selected a specific service provider with that service provider in question. 

In connection with a possible acquisition and/or merger, the company may disclose limited data on users to possible investors. The company may also share limited data to advisers of the company, e.g. auditors and / or lawyers, to the extent necessary.

A part from that the company does not disclose any data to third parties, unless legally required to do so on the basis of a legal obligation or a court ruling.

  1. Retention period 

Tímatal retains your data as long as it is necessary and legitimate, but generally no longer than for a year after a request has been processed. Accounting documents are stored for seven years in accordance with legal obligation. 

  1. Security measures

The company seeks to take appropriate technical and regulatory measures to protect personal data, with special regard to the nature of such data. Examples of such security measures are access controls to the Systems where data is stored and the use of firewalls.

These measures are intended to protect personal data from being accidentally lost or altered and from unauthorized access, duplication, use or disclosure.

  1. Your rights

You have the right to access and, in certain instances, to get a copy of the personal data we process about you, as well as information about the processing.  

In certain instances, you may also have the right to have your personal data erased, or to have us restrict the processing. You also have the right to have your personal data rectified if the data is wrong or inaccurate. It is therefore important that you keep us informed of changes of the personal data, you have provided to us, as applicable. In most instances, the users can change their personal data in the System themselves.

In addition, you may also have the right to receive your personal data, which you have provided to us in a machine-readable format, or have the data transmitted directly to a third party. 

When we process your personal data on the basis of our legitimate interests, you may always object to such processing. In the instances where we process your data on the basis of a consent, you also always have the right to revoke such a consent.

These rights are however not absolute. Thus, laws or regulations may authorize or oblige the company to reject your request to exercise the rights in question. However, your right to object to the processing of your personal data for direct marketing is unconditional.

If you wish to send an inquiry directly to the Data Protection Authority, or in the event of a dispute regarding the processing of your personal data, you may always send a complaint to the Data Protection Authority. By sending an e-mail to postur@personuvernd.is or by sending a letter to:

Data Protection Authority
Rauðarárstígur 10
105 Reykjavík
Iceland

  1. Contact information and our data protection officer 

If you wish to exercise your rights described in article 5 in this policy, or if you have any questions regarding how we process your personal data, please contact the company that will seek to answer your questions and guide you on your rights according to this privacy policy.

The company has also appointed a special data protection officer, Kjartan Þórisson, who oversees the company's processing of personal data.

The contact information of the company and the data protection officer is as follows:

Tímatal ehf.
Skipholti 11-13
105 Reykjavík
General email address; timatal@timatal.is
Email address of the data protection officer; kjartan@timatal.is 

  1. Revisions to this privacy policy 

The Company may from time to time make changes to this Privacy Policy in accordance with changes in applicable laws or regulations or due to changes in how the company processes personal data. If changes are made to this privacy policy, a revised version will be published on the company's website.

Any changes to this privacy policy will be effective from the time the revised version has been published.