Chat with us, powered by LiveChat Fara á efnissvæði
My Pages Register for electricity

How can we help?

HS Orka service center is open every working day from 8:30 a.m. to 3:30 p.m

Privacy Policy of HS Orka hf.

HS Orka (hereinafter referred to as “HS Orka” or “the company”) emphasizes privacy and is committed to ensuring the reliability, confidentiality, and security of personal data processed within the company. The purpose of this privacy policy is to inform how the company collects and processes personal data. 

  • Purpose of the Privacy Policy This policy is based on Act No. 90/2018 on Data Protection and the Processing of Personal Data (hereinafter referred to as the “Data Protection Act”) and applies to the collection and processing of personal data by HS Orka in connection with the company’s interactions with customers, stakeholders, contractors, consultants, suppliers, and other individuals who may have business relationships or communications with the company. Personal data refers to any data that can identify specific individuals directly or indirectly as further defined in Article 3, Item 2 of the Data Protection Act. 
  • Processing of Personal Data 2.1. Customers and Potential Customers To establish business relationships or provide services and based on the company’s agreements with customers, it may be necessary to process personal data about customers and their representatives acting on behalf of legal entities in business with the company. The company also processes various personal data about prospective or potential customers to establish business relationships. Examples of personal data processing include information about names, identification numbers, addresses, email addresses, phone numbers, electricity usage information, financial information such as payment capacity including information about defaults, and other information from the customer’s business and communication history. 

2.2. Stakeholders HS Orka strives to maintain close communication with the company’s stakeholders. Stakeholders include landowners, residents in specific areas, municipalities, and associations. To ensure effective communication, the company processes various personal data about stakeholders and their representatives, such as contact information and communication history. This processing is based on the company’s legitimate interests. 

2.3. Contractors, Consultants, and Suppliers Based on contractual relationships with contractors, consultants, and suppliers, the company needs to collect contact information of those representing these legal entities. The company processes personal data about contacts and retains information from their communication history with the company. The company has established rules to ensure that all individuals working for the company directly or indirectly, in contracting, subcontracting, or through staffing agencies, enjoy rights and benefits in accordance with Icelandic laws and collective agreements. For this purpose, the company may request information about the employment terms of those with whom the company has contractual relationships. This is done based on the company’s legitimate interests. Due to legal obligations and the company’s safety policy at project sites, the company collects information about accidents and other incidents occurring there. After analyzing such information, appropriate corrective actions are taken if necessary. Additionally, it may be necessary to record the presence or location of individuals at the company’s operational sites. This is done based on the company’s legitimate interests. 

2.4. Others To ensure effective communication with various institutions, authorities, associations, and other entities, HS Orka collects contact information when necessary. This collection is based on agreements and legitimate interests. Generally, HS Orka obtains personal data directly from all the aforementioned parties or their contacts. However, information may also come from third parties, and the company strives to inform individuals about such instances. 

  • Electronic Surveillance In the company’s buildings and operational areas, the company has installed video surveillance to ensure the safety and security of property based on legitimate interests. Appropriate signage is placed in areas where such surveillance occurs. If individuals move through these areas, information about their movements may be collected through such surveillance. The company has also implemented access control systems in its buildings and operational areas that record personal data about individuals’ movements. Such information is generally retained for 30 days unless otherwise permitted by law or justified by other legitimate interests. 
  • Disclosure of Personal Data to Third Parties The company may need to disclose personal data to third parties based on their contractual relationships with the company. Examples include collection agencies, auditors, consulting firms, and entities providing IT services to the company. In such cases, third parties have access to personal data solely for the purpose of performing specific tasks on behalf of the company. They are strictly prohibited from disclosing the information and using it for other purposes. Additionally, the company may be required to disclose personal data to authorities, courts, or other entities based on applicable laws and regulations. 
  • Security of Personal Data To ensure the security of personal data against unauthorized access, use, or disclosure, the company employs various technical and organizational measures such as access controls in the company’s systems. 
  • Retention Period The retention period for personal data depends on the type of information. Information about customers, contractors, consultants, suppliers, stakeholders, and their contacts is generally retained for 4 years from the end of the business relationship. However, information may be retained longer based on legal claims, or it may be deleted earlier for operational efficiency. This policy does not constitute an independent obligation of the company to retain information for the maximum period allowed under the policy. Personal data subject to accounting laws is retained for 7 years from the end of the relevant fiscal year in accordance with applicable laws. The company strives to retain personal data no longer than necessary in accordance with the purpose of the processing as stated above. However, the company may be required to retain personal data longer based on legal obligations, at the request of authorities, or due to disputes. 
  • Right to Access, Object, Delete, and Correct Personal Data According to the Data Protection Act, all individuals have the right to obtain confirmation of whether personal data about them is being processed. The company responds to inquiries requesting information about the processing of personal data and, where applicable, access to such data. Under certain conditions, individuals have the right to object to the processing of personal data by the company and may request its permanent deletion. Individuals also have the right to have inaccurate personal data about them corrected and updated. It is important to the company that the personal data it holds is accurate and reliable. Therefore, the company requests that all changes to personal data be reported to the company. Inquiries and notifications regarding privacy can be directed to the company at the email address personuvernd@hsorka.is. HS Orka points out that individuals can file a complaint with the relevant authority, such as the Data Protection Authority, if they believe that the company’s processing of personal data does not comply with applicable data protection regulations. 
  • Changes and Effective Date HS Orka reserves the right to update this privacy policy as needed. Upon such updates, the company will notify and inform about changes by publishing the updated policy on this page. Changes to the policy take effect upon publication on the page. This privacy policy takes effect upon its publication.