Privacy Policy

Payday ehf., id. 520417-2570, domiciled at Bæjarlind 14-16, 201 Kópavogi (hereinafter "Payday" or "we").

Payday places great emphasis on protecting individuals' personal information and respecting their rights. This policy provides information on how Payday processes personal information, for what purpose, how long they are stored, their dissemination, and how their security is maintained in Payday operations. All processing of personal data is carried out in accordance with applicable privacy laws at any given time.

Our services are not intended for children under 18 years of age. We do not process the personal information of children under the age of 18. If you have not reached the age of 18, please do not use our website without the permission and supervision of your guardian.

In this Payday Privacy Policy, we explain:

  • What information we collect and how,

  • How we use the information,

  • How long the information is stored,

  • Who has access to the information,

  • How we ensure the security of personal information,

  • User rights in connection with the processing of personal data

If anything is unclear, you can contact us at any time by emailing [email protected]

What information we collect and how

The collection and processing of personal information is a prerequisite for Payday to provide its services. Information that Payday processes is generally classified as general personal information, one of the sensitive personal information that Payday collects about its users, cf. privacy laws, are information on user union membership when applicable.

When a user signs up for Payday services, he directly provides Payday with personally identifiable information, such as his name, email address and telephone number. According to the Privacy Act, Payday is the controller of this information.

The user provides the information needed to enable Payday to provide the services provided by the business relationship. The information includes, for example, name, identification number, address, email address and bank account. In addition, users who choose to take advantage of Payday's payroll services provide information on salaries, pension fund membership, union membership, personal allowance and employment rates. According to the Privacy Act, Payday is considered the processor of this information.

The user also provides personal information indirectly, for example about an IP address, how he identifies himself and when he visits Payday websites where cookies are used and activity registration is done. More information about cookies can be found on the Payday website. The information is preserved for traceability and security.

Payday only accepts personal information from third parties, including companies or organizations that have personal information about a person, when the aforementioned parties are authorized to provide the Payday information. Examples of persons who submit Payday information about individuals are the National Registry of Iceland and the Director of Internal Revenue.

Payday reserves the right to process statistical information collected for use of the Service, for continued product development and / or to improve the functionality of the Service.

How we use the information

Payday uses the information collected to provide users with its services, in particular to enable users to access Payday and properly use Payday, among other things, to settle salary-related fees, issue invoices and pay public fees, for example for execution contract or to comply with legal rules applicable to the service or processing, cf. Regulation on electronic accounts and accounting law.

Payday uses information collected with cookies to improve the interface and overall quality of its services. For this purpose, Payday uses various third-party services, such as Google Analytics.

For more information on Payday Services, please refer to Payday's Terms of Service.

How long the information is stored

Data is stored for as long as necessary based on the purpose of processing, except when laws and regulations provide for longer storage times, cf. Regulation on electronic accounts and accounting law.

For example, if you decide to delete your access to the Payday system, we will store your personal information for an additional 30 days due to the possibility that you may decide to re-access, but after that time we will delete your personal information.

Who has access to the information

Payday places great emphasis on protecting your personal information and will never sell your third party personal information. We only disclose personal information to third parties for the purpose of providing the service on which Payday is based.

To the extent necessary to enforce our contractual obligations with you, Payday employees have access to personal information. In addition, Payday service providers who process personal information on our behalf have access to personal information. In particular, there are companies that provide information technology services, the treasury, pension funds, trade unions and commercial banks. In addition, Payday is required to provide public entities with access to personal information on the basis of legal obligations, such as tax authorities, regulators, police authorities, liquidators and courts.

How do we ensure the security of personal information

Payday emphasizes security in the processing of personal information. Payday promotes active safety awareness for employees, service and partners and customers. The obligation of confidentiality rests with all employees of Payday who have signed a confidential statement to that effect.

Payday measures to ensure security include:

  • implementation of technical and organizational measures designed to ensure lasting confidentiality, uptime, operational security and load-tolerance of processing systems and services

  • control of individuals' access to our work site and security

  • controlling access of employees and others to systems that contain personal information

  • to ensure that our service providers with access to user personal information have taken appropriate safeguards to ensure the security of personal information

  • encryption of user personal information

If a security breach occurs in the handling of personal data where it is confirmed or suspected that personal information has been handed over to an unauthorized person, the Data Protection Authority and, as the case may be, persons reported a security breach unless it poses a great risk to individuals.

Third Party Services

We may provide our affiliates with access to your personal information and other information about you in order to improve the quality and efficiency of our services. We share information about your use of the Payday system with third parties that provide us with services related to promotional and marketing services.

If we transfer your personal information to a third party, we will always do so on the basis of a sufficient agreement with that person to monitor their processing of your personal information.

We use the following third-party services:

  • Microsoft Azure: This service provider hosts Payday services and databases. Microsoft complies with the Privacy Act and we have signed a DPA agreement with them.

  • MailChimp: Mailchimp is a tool that allows us to send you newsletters about our services. Mailchimp complies with the Privacy Act and we have signed a DPA agreement with them.

  • SendGrid: This service allows us to send you important emails in connection with providing our services. This service is used to complete registration in the Payday system by verifying an email address, requesting a new password, accounts, payments etc. Sendgrid complies with the Privacy Act and we have signed a DPA agreement with them.

  • Gist: This service provider creates a chat window in Payday that you can use to ask us for help if you feel like something. Gist complies with the Privacy Act and we have signed a DPA agreement with them.

  • Google Analytics: This service provider allows us to analyze the behavior of those who visit our website and our customers in the Payday system. Google Analytics complies with the Privacy Act and we have signed a DPA agreement with them.

  • Google Ads: his service allows us to display text ads and web pages in Google's search and display system based on user activity on our website. Google Ads complies with the Privacy Act and we have signed a DPA agreement with them.

  • Facebook Analytics: Similar to Google Analytics, this service provider allows us to analyze the behavior of those who visit our website and our customers in the Payday system. More information about Facebook Analytics can be found on the Facebook Analytics information page.

  • Facebook Pixel: This service allows us to show ads on Facebook based on user activity on our website. More information about Pixel can be found on the Pixel information page.

  • Facebook Ads: This service allows us to show ads on Facebook social media and in Facebook partner programs (such as Messenger or Instagram). For more information on how Facebook Ads works, visit the Facebook Ads information page.

Your rights

An individual has the right to request access to his or her personal information and, in certain circumstances, to have it corrected, deleted or restricted. He also has the right to object to the processing and request that his data be transferred. In addition, an individual has the right to submit a complaint to the Data Protection Authority.

You have the following rights related to the processing of your personal information:

  • the right to access personal information

  • the right to redress

  • the right to delete data ("the right to be forgotten")

  • the right to restrict processing

  • the right to object to processing ("the right to object")

  • the right to file a complaint regarding the processing of personal data

The right of access means that you may at any time ask us to confirm whether your personal information is being processed. If so, you have the right to access all information pertaining to and for what purposes, to what extent and to whom they are made available, how long we will work with them, whether you have the right to be corrected, deleted, their processing is restricted or counterproductive, you also have the right to know where we got your personal information

The right to redress means that you may at any time ask us to correct or add to your personal information if it is incorrect or incomplete.

The right to delete data means that we must delete your personal information if

  • it is no longer necessary to store them for the purpose for which they were acquired or worked on

  • processing is illegal

  • you object to the processing and there are no legitimate reasons for the processing that goes beyond your rights

  • we are required by law

  • you have withdrawn your consent to our processing of your personal information

The right to restrict processing means that, until a conclusion is reached regarding the issues related to the processing of your personal information, we must restrict their processing.

The right to object means that you may object to the processing of your personal information that we work with for the purpose of our legitimate interests, in particular for direct marketing purposes. If you object to direct marketing processing, your personal information will no longer be processed for this purpose.

You can exercise all your rights by contacting us at [email protected], cf. Article. 8 in these terms.

Communication with Payday and Data Protection Authority

Payday ehf., Bæjarlind 14-16, 201 Kópavogi, Id. 520417-2570 is the guarantor or processor, where applicable, the personal information of users under the Privacy Act.

Payday's privacy officer monitors compliance with current laws and regulations on privacy in Payday's operations. Inquiries, comments and suggestions regarding personal information and privacy can be sent to the email address [email protected] or by sending an mail to:

Payday Data Protection Officer
Bæjarlind 14-16
201 Kópavogi
Ísland

In the event of a dispute regarding the processing of personal data, a complaint can be sent to the Data Protection Authority by sending an e-mail to the address: [email protected] or by sending an e-mail to:

Persónuvernd
Rauðarárstígur 10
105 Reykjavík
Ísland

Changes

Payday may change and add to this Privacy Policy at any time and make such changes effective immediately. Such changes may, for example, be made to align the privacy policy with current laws and regulations relating to privacy at any given time. Changes to this policy come into effect when posting an updated policy on the Payday website, payday.is.