We at Tímatal ehf. (hereinafter referred to as „Tímatal“ or „we“) take privacy very seriously.
In connection with customers‘ use of the scheduling and service system Tímatal and the use of the booking system Noona (hereinafter referred to as the „Systems“) Tímatal processes personal data.
Tímatal ehf. both acts as a data processor and as a data controller, within the meaning of the data protection legislation, in relation to different data processing activities.
Where Tímatal acts as a data processor we have concluded a special processing agreement with our customers.
All processing of personal data is carried out in accordance with applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") and the Icelandic Data Protection Act No. 90/2018 on Data Protection and the Processing of Personal Data.
Our customers are in most cases legal entities but in order to communicate and provide our services we need to be in contact with our customers’ representatives. The data we process about our customers ‘representatives is:
Where our customers are individuals, we also process data about the customer's ID number and address as well as copies of invoices.
This processing is carried out on the basis of our agreement with the customers.
If a person requests a trial subscription to Tímatal, we also process data about that person's name and e-mail address in order to be able to create access to the system. This processing is necessary in order to comply with the request and provide the requested access.
When users book services through the Noona scheduling system, we process the user's contact information and information about the requested services as a so-called data processor for the company from which the user requests services from („service provider“). The same applies to users ordering services from Tímatal's customers who use the Tímatal scheduling system to manage appointments. For information on how the service providers process the user’s data, please see the privacy policies of the service providers in question. Tímatal only processes this data on the basis of instructions from the service providers.
In order to be able to provide users with additional services, e.g. keep track of all appointments with different service providers in one place, propose new products and services that users may be interested in and send users discounts and offers on different products and services, we may request users’ consent for processing that is necessary in order for us to be able to provide users with this service.
If you provide us with such a consent, we will process the following data:
This processing is carried out on the basis of your consent. You have the right, at any time, to revoke your consent which then applies to processing that has not already taken place.
In addition to the above, we may process information about your communication history with Tímatal, e.g. service requests. Such processing is necessary so that we can provide you with our service and answer inquiries and requests for assistance.
We may also invite you to sign up for our mailing list so that we can send you news and offers. Such processing is also subject to your consent, and you may unsubscribe from such mailing list at any time.
If you contact us and request information about our services or our assistance, we need to process your contact information and other information you send us so that we can answer your inquiry. Such processing is therefore carried out on the basis of your request.
Tímatal may use the services of external service providers, e.g. in terms of hosting and technical support. Such parties then act as data processors on behalf of the company and the company concludes agreements with such parties that ensure the security of the personal data processed. Only authorized hosts with a number of security certificates are used.
If Noona’s users select their favourite service providers, Tímatal may share the fact that a user has selected a specific service provider with that service provider in question.
In connection with a possible acquisition and/or merger, the company may disclose limited data on users to possible investors. The company may also share limited data to advisers of the company, e.g. auditors and / or lawyers, to the extent necessary.
A part from that the company does not disclose any data to third parties, unless legally required to do so on the basis of a legal obligation or a court ruling.
Tímatal retains your data as long as it is necessary and legitimate, but generally no longer than for a year after a request has been processed. Accounting documents are stored for seven years in accordance with legal obligation.
The company seeks to take appropriate technical and regulatory measures to protect personal data, with special regard to the nature of such data. Examples of such security measures are access controls to the Systems where data is stored and the use of firewalls.
These measures are intended to protect personal data from being accidentally lost or altered and from unauthorized access, duplication, use or disclosure.
You have the right to access and, in certain instances, to get a copy of the personal data we process about you, as well as information about the processing.
In certain instances, you may also have the right to have your personal data erased, or to have us restrict the processing. You also have the right to have your personal data rectified if the data is wrong or inaccurate. It is therefore important that you keep us informed of changes of the personal data, you have provided to us, as applicable. In most instances, the users can change their personal data in the System themselves.
In addition, you may also have the right to receive your personal data, which you have provided to us in a machine-readable format, or have the data transmitted directly to a third party.
When we process your personal data on the basis of our legitimate interests, you may always object to such processing. In the instances where we process your data on the basis of a consent, you also always have the right to revoke such a consent.
These rights are however not absolute. Thus, laws or regulations may authorize or oblige the company to reject your request to exercise the rights in question. However, your right to object to the processing of your personal data for direct marketing is unconditional.
If you wish to send an inquiry directly to the Data Protection Authority, or in the event of a dispute regarding the processing of your personal data, you may always send a complaint to the Data Protection Authority. By sending an e-mail to firstname.lastname@example.org or by sending a letter to:
Data Protection Authority
The company has also appointed a special data protection officer, Kjartan Þórisson, who oversees the company's processing of personal data.
The contact information of the company and the data protection officer is as follows: