Protection of personal data
The Directorate of Fisheries has, in accordance with European legislation in the field of data protection and the processing of personal data, appointed a data protection officer.
The Data Protection Officer receives information of security failures, as well as receiving and responding to requests from those individuals who request information on the processing and collection of personal data.
Information and requests must be sent by e-mail to personuvernd@fiskistofa.is
The Directorate of Fisheries Data Protection Policy
The Directorate of Fisheries activity is based on trust, commitment and respect. The Directorate of Fisheries emphasizes that all processing of personal data is lawful, fair and transparent in accordance with the Act on the Protection of Privacy as well as the Processing of Personal Data, as with Regulation (EU) 2016/679 of the European Parliament and of the Council, Act No 77/2014 on Public Archives and other laws governing the activities of the Directorate of Fisheries.
The data protection policy of the Directorate of Fisheries seeks to explain how data is collected, stored and processed, whether this is personal data of employees, customers or other individuals, as appropriate in each case, whether the Directorate of Fisheries acts as a controller or a processor.
The Directorate of Fisheries emphasizes that the preservation of personal data is optimal and that the security of the data is guaranteed.
All information provided by customers or employees to the Directorate of Fisheries or that is sought with their permission from a third party is sought only for the purpose of the Directorate of Fisheries performing its legal obligations.
The Directorate of Fisheries emphasizes that the agency's personal data are obtained for specified, clear and lawful purposes or according to informed consent when appropriate and that this information is processed in accordance with that purpose.
The Directorate of Fisheries does not use personal data for any other purpose than that for which it is collected.
Information on the controller
The Directorate of Fisheries is an independent monitoring authority, operating under, inter alia, the Fisheries Act, No. 36/1992. The Directorate of Fisheries handles administrative tasks in the fields of fisheries, salmon and trout fishing, whaling, etc. The role of the Directorate of Fisheries is also to collect and disseminate information on the above-mentioned policy areas.
The Directorate of Fisheries is a controller of personal data in accordance with the Regulation of the European Union and the Act on the Protection of Privacy as regards the Processing of Personal Data. This means that the controller is the party who decides, alone or in collaboration with others, the purposes and methods of processing personal data.
The Directorate of Fisheries is also a processor for the Fisheries Fund, which is housed at the Institute, cf. Act no. 72/2008 on the Fisheries Fund. The Processor is the party who processes personal data on behalf of the controller.
Further information on the operations of the Directorate of Fisheries can be found on the website of the directorate.
Lawfulness and purpose of the collection and use of personal data
The Directorate of Fisheries emphasizes that the agency's personal data is obtained for specified, clear and lawful purposes. They are adequate, appropriate and limited to what is necessary in relation to the purpose of the processing in each case.
In order for the Directorate of Fisheries to perform its legal functions, it is necessary to receive various personal data such as name, ID number, address, postal address, e-mail address, telephone number and other necessary information. The aim is always to limit the collection of personal data to information necessary to fulfil the legal role of the Directorate of Fisheries.
The processing of personal data may be based on consent, agreement, law, public interest or authorisation to exercise public authority. The main part of the Directorates privat data processing is based on law.
Provision of information and data to the Directorate of Fisheries
The Directorate of Fisheries does not pass on personal data to third parties unless this is mandatory, after approval or in accordance with commercial agreements. The Directorate of Fisheries may communicate personal data to a third party, a processor, who is a service provider or contractor on behalf of the Directorate of Fisheries. In such cases, the Directorate of Fisheries only delivers the personal data necessary to provide the service that has been agreed upon. If a third party is engaged in a specific task for the Directorate of Fisheries that involves the handling of personal data, a processing agreement is concluded with the party setting conditions for the handling and security of data.
Statistical summaries and disclosures
The Directorate of Fisheries reserves the right to prepare non-personal statistical summaries and publish on its website in accordance with the tasks of the directorate under law. Furthermore, disclosing personally identifiable information in cases where this is the legal role of the agency. However, care will always be taken not to publish more detailed personal information than is necessary to fulfil a legal role in the dissemination of information.
Web behaviour
Everyone can visit the Directorate of Fisheries website, without having to log in personal data. However, when using service pages such as Gafli, UGGA etc., the service pages and apps of the Directorate of Fisheries, personal information is required, as these pages are only for customers with a log-on, e.g. user name and password.
When users visit the website of the Directorate of Fisheries and the agency's specialist websites, the Directorate of Fisheries may collect technical information on their use, e.g. on the type of browsers, which websites users visit on the Directorate of Fisheries website, the time that users spend on the website, etc. This information is used only to improve the user experience of the service, e.g. by improving the design of the service or informing users of possible technical problems with their equipment.
Storage and deletion of personal data
The Directorate of Fisheries stores personal data for as long as necessary, based on the purpose of processing and the provisions of contracts, except when law and regulations provide for longer storage periods. Under Act No. 77/2014 on Public Archives, the Directorate of Fisheries is required to keep data, including data containing personal data, for 30 years, after which the Directorate is required to return it to the National Archives of Iceland for safekeeping. Electronic data is, however, returned for storage every 5 years. Only in exceptional circumstances is data deleted and after obtaining a special approval from the National Archives of Iceland.
The Directorate of Fisheries emphasizes that personal data storage is secure and ensures that appropriate technical and organisational security measures are taken to ensure the best possible security of data at any given time.
Right of access to personal data
Individuals can request a confirmation as to whether their personal information is being processed at the Directorate. If so and if law provisions do not prevent it, access to the information is granted and information is given on the purpose of the processing, the time for storage of the information, its origin and whether automated decision-making is carried out. Individuals may request rectification, amendment or deletion of data where this is permitted. However, the Directorate of Fisheries will not hand over copies of personal data that are included in employees' work records, such as monitoring reports, e-mails, notes, etc., except in accordance with a court order. Individuals have the right to object to processing of their personal data and to lodge a complaint to the Data Protection Authority.
If an individual requests access to personal data, the request must be clearly presented and limited so that it is clear which information is requested. Such a request may be sent by e-mail to the e-mail address: personuvernd@fiskistofa.is
The request must include:
name
ID number
address
post code
e-mail address
telephone number
a description of what information is requested
as well as copies of valid identification
The request can also be sent to:
Fiskistofa
Borgum v/Norðurslóð
600 Akureyri
The answer to the request is only delivered upon presentation of a valid identity document at the premises of the Directorate of Fisheries or sent by registered mail to the domicile of the party in question.
If a user believes his or her personal data has been compromised, the Directorate of Fisheries will request information on this so that appropriate measures can be taken if deemed necessary.
The Data Protection Officer
The Directorate of Fisheries has an on-the-job Data Protection Officer. Its role is to monitor compliance with laws and regulations when processing personal data, as well as to provide advice and work with the Data Protection Authority in case such cases arise.
If further information is requested regarding the Directorate of Fisheries' privacy policy or if you need to give information, you can send a message to:
Persónuverndarfulltrúa Fiskistofu
Borglum v/Norðurslóð
600 Akureyri
You can also send an e-mail to the e-mail address: personuvernd@fiskistofa.is
This privacy policy may be subject to change due to new legal regulations or the interpretation of regulatory bodies on the implementation of the law on personal protection. The Directorate of Fisheries therefore recommends that users regularly familiarize themselves with The Directorate of Fisheries privacy policy.