top of page

Privacy policy

Personal information is, according to Article 3.Act no. 90/2018 on personal protection and processing of personal information: 

"Information about an identified or identifiable individual ("registered individual"); A person is considered personally identifiable if they can be identified, directly or indirectly, such as by reference to an identifier such as a name, social security number, location data, online ID or one or more factors that characterize them in a physical, physiological, genetic, mental, financial, cultural or socially."

Collection of personal information

Versa certification operates in the corporate market and does not work with the personal information of customers, or employees, that is acquired and therefore does not need to specify a separate privacy representative.

The website www.versavottun.is does not use cookies from third parties (e.g.third-party cookies) and only those first-party cookies that are necessary for the website to function. Information obtained from first-party cookies is not used for personal identification in any way.

Web cookies (e.cookies) are small text files that are saved on the computer, tablet or phone of the person visiting the website. Cookies from the first party (e.first-party cookies) come from the page that is visited (such as Versa certification's website), but cookies from third parties are cookies that come from other websites or domains.

Personally Identifiable Customer Data

Personally identifiable information about individuals on the payroll of customers of Versa Certification is never recorded in audit data by an employee of Versa Certification for audits or further processing for the purpose of an audit.

An exception to this rule is the following personally identifiable information:

  • The names and contact information of the client's employees who will work with the auditor on a particular audit;

  • Name and contact information of person making complaint​.

Versa Certification shall ensure that no personally identifiable data is recorded about persons working for Versa Certification's customers. Personally identifiable data must always be changed to non-personally identifiable data when registering at an audit site.

Strict monitoring is carried out to ensure that the personal information of customers that Versa certification employees have or work with is always in accordance with the authorizations of the task that the employee is performing at the time. The frequency of monitoring and its scope is determined according to the project's risk assessment.

Recipients of information

Data collected by Versa Certification may be stored in paper or electronic form, but strict measures are taken to ensure the security of the information and that it is only accessible to those employees who absolutely need that access to perform their tasks. Employees are not permitted to search for information about customers of Versa certification in data processing systems unless they are working on a project that requires that information.

To ensure the security of personal information obtained through Versa Certification, the following actions are taken:

  • Employees are educated about their obligations when it comes to security measures and the responsibilities they bear to ensure the appropriate handling and processing of personal data;

  • Employee access to the personal information of Versa Certification customers is controlled by assigning access and passwords.

Confidentiality Agreement

Versa Certification employees must sign a non-disclosure agreement that binds them to the confidentiality of all information they have access to regarding Versa Certification customers, and this confidentiality also applies after their employment.

Employees are absolutely not allowed to provide third parties with information about customers of Versa certification except on the basis of a legal authorization, in which case the customer must be made aware of the information covered by the authorization,   to whom the information is shared and its purpose.

When Versa Certification is required by law or permitted by contract (for example, with an accreditation body) to disclose confidential information, the trustee or other person concerned will be notified unless prohibited by law.

Data retention

Versa Certification stores all of its customer information in a secure cloud solution to ensure that the information remains confidential. Documents or other customer data are kept for the duration of the certification program and which amounts to an additional certification cycle.

The public's right to information

Versa Certification provides the following information if specifically requested, and Versa Certification may display this information publicly:

  • Information about the areas in which Versa Certification works

  • The status of a particular certification

  • The name, associated standards, scope and geographic location of the specific client with the certification.

In exceptional cases, the customer may request that access to certain information be restricted, for example due to security measures.

bottom of page