Privacy Policy

privacy policy of efling

Privacy Policy Efling


1. General

Efling trade union (hereafter “Efling” or “the trade union”) is committed to ensuring the security of personal data of its members and others related to its activities in order to protect their human rights and privacy. With this privacy policy, it is explained how Efling trade union Ltd., ID 701298-2259, Guðrúnartúni 1, 105 Reykjavík is responsible for the collection, registration, processing, storage and dissemination of personal data about its members and individuals who visit the union’s website, www.efling.is, whether the personal data are stored electronically, on paper or by other means.


All processing of personal data within the trade union must be in accordance with law no. 90/2018 on privacy and processing of personal data. For this purpose, the staff of the trade union have received training on privacy and handling of personal data.

If you have questions about the processing Efling of personal data or this privacy policy, please contact us at the email address personuvernd@efling.is.

2. What personal data does Efling collect and for what purpose?

Efling emphasizes working only with personal data that are necessary in accordance with the purpose behind the collection of information. If other data than those specified in the privacy policy, or for another purpose, are processed, Efling will try to inform the member about it.

a. Efling collects the following personal data:

  • Basic information: name, kennitala, address, phone number, email, workplace, marital status, family number, dues.
  • Contact information: all your communications with the trade union which, among other things, take place via email, in writing, orally or through social media.
  • Data related to members who use the services of the labor rights department Efling: bank information, payslips, employment contracts and other data related to members' employment relationships.
  • Data related to members who use services due to the health fund and grant fund: medical certificates and salary information.
  • Grants from the vocational training fund.
  • Information about holiday house rentals.
  • Purchased gift cards and/or cards.
  • Complaints due to inadequate handling in holiday homes and related imagery.
  • Digital footprints, e.g., online behavior on website Efling.
  • Technical information, e.g., IP number.
  • Image and audio material from security cameras at Guðrúnartúni 1.


b. Efling also collects the following personal data classified as sensitive personal data:

  • Membership in a trade union, nationality and information related to the activities of the aforementioned funds and due to services to members.


c. Purpose of registration, storage and processing of personal data

Efling processes personal data in a clear and transparent purpose in accordance with data protection laws, the union's statutes and this policy. The reasons why Efling processes personal data are varied, among other things so that it is possible to:


  • Calculate the membership fee and rights of each member.
  • Protect the interests of the members.
  • Conduct surveys and statistical processing, for example for salary development and to be able to make salary comparisons by occupation for public publication.
  • Be able to engage in appropriate communications with members by phone, email and/or postal mail.
  • Comply with accounting laws and provide statements to tax authorities.
  • Be able to pay out sickness benefits and grants from the funds Efling according to the applicable rules.
  • Be able to sell gift vouchers (accommodation, flights etc.) and allocate holiday homes and collect rent for them, according to the rules of the holiday fund.
  • Can withdraw grants from the funds Efling and update the status of members according to the fund's rules.
  • Prevent repeated bad interactions in holiday houses/accommodations.
  • Ensure the safety of members and the union's assets.
  • Enable staff Efling to claim the contractual right of a union member to what is agreed upon in the collective bargaining agreement.
  • Give members the opportunity to vote for the board Efling and also to facilitate candidates reaching members for elections.
  • Make it possible for members to vote when there are elections on collective agreements and strike action.


3. Legal authority for the use of personal data

According to Icelandic law, Efling has authority to process personal data provided that such processing is based on the provisions of the law. Additionally, Efling must inform individuals about the basis of the processing. Efling collects and processes personal data based on the following authorizations:

  • To fulfill contractual obligations (e.g., rent of a holiday house).
  • To fulfill the legal obligation.
  • To protect the urgent interests of union members.
  • Due to the legitimate interests of the trade union.


These actions are necessary to manage the activities of the trade union and involve the need to collect and process personal data.


In certain cases, the trade union requests a mandate and informed consent for the processing of personal data. In those cases, the individual may withdraw consent at any time, and the processing to which the consent applies then ceases.

4. Collection of personal data about children

There is policy Efling to neither register, nor collect, process and store personal data about children under 13 years old except in cases where such is necessary to be able to pay benefits due to death, illness or accident. Efling requires special consent from guardians for processing before a child who has not reached 16 years of age is offered service.

5. Automated decision-making

At Efling, automatic decision-making does not take place in the processing of personal data.

6. Rights of individuals

Personal data protection laws provide individuals with certain rights, including education and information about whether Efling processes personal data about them and how their handling is carried out in the activities of Efling. However, the mentioned rights are not absolute and may be overridden by legal obligations or stronger interests Efling or third parties to prevent Efling from complying with a request from an individual who incorrectly exercises their rights based on the personal data protection laws. Efling strives to respond to all requests from individuals who wish to exercise their rights based on the personal data protection laws within 30 days and if Efling for any reason cannot comply with such a request, whether in whole or in part, Efling will attempt to justify such a decision.

  • Access to personal data: Members have the right to know whether Efling is processing personal data about them and to receive information about the processing, e.g., purpose, where it is transferred, origin, whether automated decision-making takes place and information about their rights. They may also have the right to obtain a copy of the personal data that Efling processes about the individual.
  • Leiðrétting persónuupplýsinga og eyðing: Telji félagsmaður að þær persónuupplýsingar sem Efling vinnur um hann séu óáreiðanlegar eða rangar á viðkomandi rétt á því að fá þær leiðréttar.
  • Right to erasure: In certain cases an individual has the right to request Efling to delete personal data about them, e.g., if the individual considers the data no longer necessary for the purpose for which they were collected. The same applies if the individual withdraws consent for processing personal data and there is no other legal basis for the processing or if the processing of the data proves unlawful.
  • Flutningsréttur: í in specified cases, the processing is based on á contract or consent, a member who has provided Efling personal data about themselves electronically has the right to receive a copy of such information in an organized, common and machine-readable format. The member can also request that Efling send the relevant information directly to a third party.
  • Withdrawal of consent: In cases where Efling's processing is based on consent, an individual who gave Efling consent may withdraw it at any time. Withdrawal of consent does not affect the legality of processing based on the consent up to the withdrawal.
  • Complaint to the Data Protection Authority: The Data Protection Authority oversees the implementation of laws concerning data protection and the processing of personal data and rulings in disputes in the field of data protection. Further information about the agency can be found on its website, personuvernd.is. If an individual is not satisfied with the union's processing of personal data about them, they may file a complaint with the Data Protection Authority by sending send a letter to the Data Protection Authority, Rauðarárstígur 10, 105 Reykjavík or at postur@personuvernd.is



7. Retention period of personal data

Personal data are retained as long as necessary with regard to the purpose of processing, and provided that legitimate reasons exist. The union member’s contribution story, including information about payments from the union’s health funds, as well as information about assistance in wage matters, are exceptions and such information will be retained longer, but in such a way that the information is not personally identifiable when it is advantageous. All information collected in connection with such matters, e.g., payslips and time sheets, must nevertheless be deleted in accordance with the principle. Efling may be necessary to retain information on the basis of a legal obligation. Thus accounting records are retained for seven years from the acquisition of that information.

8. Information to third parties

Efling does not disclose, sell or rent personal data about individuals to third parties under any circumstances, except when the trade union is required to do so by law, or when it concerns a service provider, representative or contractor hired by Efling to carry out certain work. In such cases, Efling enters into a processing agreement with the relevant parties who receive the personal data. The agreements, among other things, stipulate the processor's obligation to keep the personal data secure and not to use it for other purposes.


Efling also shares personal data with third parties when necessary to protect the urgent interests of union members, such as in the collection of arrears claims. Efling has entered into an agreement with the union's lawyer that covers the collection of wage claims on behalf of union members and takes into account the new data protection legislation, law no. 90/2018.

Privacy policy Efling does not cover information or processing of third parties that Efling has no control over, nor does the trade union bear responsibility for their use, publication or other works. We therefore encourage you to become familiar with the third parties' privacy policy, e.g., web hosting providers that can refer to our website.


9. Web behavior and mailing list registration

When users visit the website Efling the union may collect technical information about their usage. This information that is stored when users visit a website is called cookies (e. cookies). The purpose of using cookies is to adapt the website to your needs, e.g. to ensure the page works perfectly and as expected, and also to make your experience as good as possible when you visit our site. The purpose is also to process information for statistical purposes, analyze traffic on our website or for marketing purposes.

Cookies make it easier for users to log in to My Pages. In some cases, cookies can collect information such as IP addresses, browser type, device type. Some of this information may be considered personal data, but privacy and the handling of personal data are discussed elsewhere in this policy. Information obtained in this way is never used to identify you.

Consent is not required for the use of essential cookies but consent is required for the use of other types. By checking “allow cookies“ you consent to their use or reject them altogether.


10. Security of personal data and reporting of security breaches

Security in processing personal data is Efling important and we have taken appropriate technical and organizational security measures to ensure protection of members' personal data in line with our security policy. Only employees Efling have access to members' data and the union has active access control where only those employees who work with the relevant data as part of their job have access to it.

If a security breach occurs concerning personal data, and such a breach is considered to entail a great risk to the rights of the member, we will notify the member about it without undue delay. In this sense, a security breach is an event that leads to personal data being lost or destroyed, altered, disclosed, or accessed by an unauthorized party without permission. Here we would like to draw attention to the fact that personal data that a member shares with us on social media, e.g., the Facebook page of Efling, are considered public information and not under the authority of Efling, as Efling has no control over such information nor does the union bear responsibility for its use or publication. If the member does not wish to share that information with other users or the provider of the social media service, they must not share the information on our social media. 

In addition, Efling promotes increased awareness among staff through training and education on how to protect personal data security.

11. Further information

Efling Trade Union Ltd., ID no. 701298-2259, Guðrúnartúni 1, 105 Reykjavík, is responsible for ensuring that all processing of personal data complies with data protection laws and regulations and is considered the data controller for the processing of personal data.

Data protection officer Efling has oversight of activities and processes to ensure compliance with this policy and applicable laws and regulations concerning data protection in the activities of the union. Inquiries, comments and suggestions regarding the processing and handling of personal data may be directed to the data protection officer Efling at the email address personuvernd@efling.is.

12. Review of the Privacy Policy Efling

Efling will update this policy regularly, in order to reflect as best as possible the processing that takes place each time.


If changes are made to the policy, they will appear immediately on the website Efling and the changes will take effect upon publication, unless otherwise specified. The policy was last updated on March 13, 2024.