Privacy policy
Controller and Contact Information
Controller: Merkjaklöpp
Address: Kirkjubraut 40, 300 Akranes
Phone: 419 0440
Email: info@merkjaklopp.is
What data do we collect?
- Identity and contact information: name, email address, phone number, mailing address.
- Order and billing information: products/services, delivery and payment information (we do not store full card details).
- Communications: content of inquiries, service requests, and survey responses.
- Usage data: browser and technical data, IP address, cookies, page views, referrer.
- Marketing preferences: consent/opt-out for newsletters and email tracking.
Data Sources
- Directly from you: when you order, create an account, or contact us.
- Automatically: via cookies and similar technologies.
- From our service providers: e.g., payment processing, hosting, email services, and analytics.
Purposes and Legal Basis for Processing
| Purpose | Data | Legal Basis |
|---|---|---|
| Processing and fulfilling orders, customer service | Identity, order, communications | Contract performance and execution (GDPR 6(1)(b)); legal obligation (6(1)(c)) |
| Accounting and tax returns | Financial and order data | Legal obligation (6(1)(c)) |
| Service relations and answering inquiries | Communications, identity | Legitimate interests (6(1)(f)) |
| Marketing and newsletters | Email, marketing preferences | Consent (6(1)(a)); withdrawable at any time |
| Analytics, web improvements, and performance | Usage data, cookies | Consent (6(1)(a)) or legitimate interests (6(1)(f)) with appropriate safeguards |
| Security, abuse, and fraud prevention | Technical data, incident logs | Legitimate interests (6(1)(f)) |
Cookies and Settings
We use cookies and similar technologies to operate the website, remember settings, analyze traffic, and offer personalized content. Essential cookies are always active. Other categories are managed with your consent.
- Essential: basic functionality, security, and order processes.
- Functional: remembers settings and user experience.
- Analytics: understanding usage to improve services.
- Marketing: measuring campaigns and interests.
You can change cookie settings at any time by pressing the fingerprint button at the bottom left of the page. Wherever consent is the basis for processing, you can withdraw it in the same way without affecting the lawfulness of prior processing.
Recipients and Processors
We share data only as necessary and with appropriate safeguards:
- Hosting and infrastructure (storage, security, and operation of websites/systems).
- Payment services (processing payments; receiving only necessary data).
- Email and notification services (sending messages and newsletters).
- Analytics and performance tools (statistics and improvements).
- Consultants/lawyers if necessary due to disputes or legal obligations.
All such parties operate under data processing agreements and may not use the data for their own purposes.
Transfers Outside the EEA
If data is transferred outside the European Economic Area (EEA), we ensure protection through appropriate measures, such as the EU Commission’s Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures (encryption, data minimization). Information on appropriate safeguards is available from us upon request.
Retention Period
- Billing and order data: in accordance with accounting and tax laws, generally up to 7 years.
- Service communications: up to 3 years from the last communication, unless longer is required due to claims.
- Marketing and consent: until you withdraw consent or based on the nature and validity period of the consent.
- Analytics and cookies: according to the lifespan of each cookie or until you clear/change settings.
We minimize and anonymize data whenever possible and remove personally identifiable data when it is no longer needed.
Your Rights
- Access: receive a copy of your data and information on processing.
- Rectification: correct inaccurate or incomplete data.
- Erasure: “right to be forgotten” when conditions are met.
- Restriction of processing: when accuracy is disputed or required by law.
- Data portability: receive data in a machine-readable format and/or transfer to another party.
- Objection: against processing based on legitimate interests and marketing.
- Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.
- Complaint: to Persónuvernd (Data Protection Authority) if you believe processing violates the law.
To exercise your rights, contact us: info@merkjaklopp.is or phone 419 0440. We will respond within statutory time limits.
Information Security
We apply technical and organizational security measures to protect data, including access control, encryption in transit, minimal access, logging, and regular maintenance monitoring. However, no method is 100% secure; we assess risk regularly and improve procedures as needed.
Children
The service is not intended for children under the legal age of consent according to applicable laws. We do not knowingly collect personal information from children. If you believe a child has provided information, please contact us immediately so we can take appropriate action.
