Privacy Policy

Føroya Bjór Privacy Policy (Data Protection Information)

As the data controller, Føroya Bjór is responsible for ensuring that the processing of personal data complies with the rules set out in the Data Protection Act, and that the data subject is informed of what is being registered about them, as required by the provisions of the Act.

We take your data protection seriously and have therefore adopted this privacy policy, which explains how we handle your personal data.

1. We Are the Data Controller

Føroya Bjór is the data controller for the processing of the personal data we have received about you. If you have questions about the processing of personal data, data security, or potential security breaches, you are welcome to contact us:

Føroya Bjór
Klakksvíksvegur 19
700 Klaksvík
fb@foroyabjor.fo
VAT No. 314803

You can view our products and services on our website: www.bjor.fo

2. When Does Føroya Bjór Process Your Personal Data?

Føroya Bjór processes your personal data in connection with the sale of goods and services. For example, if you have purchased a product or service from us, you have entered into an agreement, and it is necessary for us to collect and process your personal data.

This also applies if you have sent us an inquiry, an order, a complaint, a job application, etc. In these cases, we must process the information you send, which involves the processing of your personal data.

Føroya Bjór has both a Facebook and an Instagram page. If you like, comment, or share a post from us, we may process your personal data. We also process personal data if you message us directly through these platforms.

3. Purpose and Legal Basis for Processing

We aim to provide good customer service, which necessitates processing your personal data. This includes handling your orders, sending products, facilitating event participation, answering inquiries, and sending invoices – in short, managing our customer relationships.

If you apply for a job with us, we process your data to respond to your application. If not hired, we retain your data for 2 years, after which it is deleted.

3.1 Legal Basis

Depending on the type of data, the legal basis for processing varies. For ordinary personal data, the basis is Section 8, subsections 1, nos. 1-4 and 6 of the Data Protection Act.

We generally do not process sensitive data, but if necessary, it will be under Sections 11(2) and 12(1), nos. 1–4, and 6–7.

For statistical purposes, the basis is Section 7(3).

4. Types of Personal Data

When you purchase from us, we typically process:

• First and last name, address, postal code, town, email, country, business name (optional), phone number, and account information (from providers).
• Purchase history and communication.

For job applications:

• First and last name, address, postal code, town, email, country, CV, education, references, and similar info.

On social media platforms like Facebook/Instagram/Twitter, we process:

• Name, images, and shared or liked content on our profiles.

5. Recipients or Categories of Recipients

We generally do not share your personal data. However, we use data processors for services like accounting, shipping, IT hosting, development, and consulting, who help us handle data securely.

6. Transfers to Third Countries or International Organizations

We do not typically use providers outside the EU/EEA. In cases where we do (e.g., social media platforms like Facebook or Instagram), we ensure appropriate safeguards and legal basis for the transfer.

6.1 Use of Facebook, Instagram, and Twitter

We use Facebook, Instagram, and Twitter for information and advertisements. These platforms collect data about you using cookies when you interact with our profiles. This data helps tailor ads and content to your profile.

You can read more about the respective cookie and privacy policies on their websites.

7. Source of Personal Data

As mentioned, we primarily collect your data directly from you, or in some cases, from others (e.g., someone ordering on your behalf). You always have the right to know the source of your data.

8. Retention Period

We are obligated to ensure that personal data is only stored as long as necessary and in a way that does not allow identification longer than needed for the processing purpose.

9. Automated Decision-Making

We do not use automated decisions, including profiling.

10. Your Rights

Under the Data Protection Act, you have several rights regarding your personal data. These are outlined in Chapter 4 of the Act. Your rights depend on your specific case and request.

To exercise your rights, contact us (see section 1).

10.1 Right to Information (§§ 23–25)

You have the right to be informed about the processing of your personal data.

10.2 Right of Access (§ 26)

You can request access to your data processed by us.

10.3 Right to Rectification (§ 27)

You can request correction of incorrect data.

10.4 Right to Erasure (§ 28)

In some cases, you may request that your data be deleted. This is not absolute – other laws or agreements may require us to retain your data.

10.5 Right to Restriction of Processing (§ 29)

You can request that we restrict the processing of your data. If granted, we may only store your data going forward.

10.6 Right to Data Portability (§ 31)

You may request your data in a structured, commonly used, and machine-readable format and have it transferred to another controller.

10.7 Right to Object (§ 32)

You may object to our processing, especially for direct marketing purposes.

10.8 Right to Withdraw Consent

You may withdraw your consent at any time. Withdrawal only applies moving forward and does not affect processing already completed.

You can withdraw consent by contacting us at fb@foroyabjor.fo

10.9 Complaint to the Data Protection Authority

You can file a complaint with the Faroese Data Protection Authority if you believe we are not complying with data protection laws:

Email: dat@dat.fo
Phone: +298 309100
Hours: Weekdays 9:00–15:00
Website: www.dat.fo

This privacy policy was last updated on March 14, 2022.