The Icelandic Nurses‘ Association (INA) operates in every respect in accordance with Act no. 90/2018 on Data Protection and the Processing of Personal Data, cf. Regulation 2016/679 of the European Parliament and of the Council (EU).
The aim of the INA Data Protection Strategy is to explain the way in which the Association collects, records, processes, stores and releases personally identifiable information on its members and individuals who visit the Association’s website, www.hjukrun.is, regardless of whether such personal data is stored electronically, on paper, or by other means.
Personal data is defined as any information relating to an identified or identifiable individual, i.e. information that can be traced back directly or indirectly to a specific individual.
Processing and storage of personal data
All reception, collection, storage and processing of personal data by the INA is based on its lawful purpose and founded on legal authority. The processing of personal data is carried out in order to achieve the goal of fully safeguarding the rights of our members.
The INA strives to observe the principles of the Data Protection Act. Thus, for instance, every effort is made to collect only such personal information as is required for the purpose of the intended processing. Furthermore, every effort is made to keep personal information accurate and reliable and also to update all information as necessary.
The following is an example of information processed by the INA when registering a new member:
Name; gender; personal identification number; address; telephone number; e-mail address; place of employment; bank information; payslips, employment contract, and other documentation relevant to a member‘s employment relationship.
When a member applies for a grant from any of our funds, registers for a course, or buys a gift certificate, the INA collects personal information in order to process the application and provide service to the individual member.
The purpose of processing personal data is varied. However, it is above all that of ensuring our legal and contractual role by safeguarding the rights of our members and protecting their interests in every respect.
Other examples include:
- Calculating membership fees and individual rights.
- Providing the best available service to our members.
- Enabling payments, in accordance with the rules of each fund, of sick pay and grants from the INA Support Fund, selling gift certificates, allocating holiday accommodation and collecting rent for such accommodation, as well as making payments from the Science Fund.
- Enabling members to conduct surveys and process statistical data, for instance on wage development and for comparing pay and conditions in different sectors.
- Giving members the opportunity to participate in elections for the INA Governing Board and to vote on eventual pay agreements and strike actions.
- Meeting legal obligations, for instance concerning accounting and income tax.
- In order to fulfil our role, we may need to collect personal information from you, your employer, public authorities and pension funds. When members apply for grants, we may also require medical certificates and other relevant documentation.
The INA stores personal information for the duration of the period needed for processing the data as explained above unless a longer storage period is required by law.
The INA does not provide a third party with personal data unless such disclosure is authorised by law or a specific consent has been given.
A processor handling personal data for the INA may be provided with personal information for the purpose of carrying out a specific task on behalf of the Association. A processor can, for instance, be a service provider, lawyer, auditor or a contractor hired by the INA for a particular project. Disclosure of personal information is only made for a clearly defined purpose rising from the legal or contractual obligations of the Association and always based on a contract and legal provisions. The Association only employs processors who meet the requirements of the Data Protection Act and who can provide sufficient guarantees for their ability to comply with this legislation.
The INA Data Protection Strategy does not cover information or processing by a third party. Therefore, we encourage you to check out the data protection strategies of third parties, including Internet service providers who may provide access to our website.
Security in the handling of personal data is important to the INA and we have taken appropriate technical and organisational measures in order to ensure the protection of your personal information in line with our security policy. Only INA employees have access to information about Association members and this
access is controlled in such a manner that only those employees who need specific data to carry out their work duties are permitted to access the relevant information.
In the event of a personal data breach concerning information about you, and if such a breach is likely to result in a risk to your rights and freedoms, we will communicate this to you without undue delay. In this regard, a personal data breach is any incident which leads to the loss or deletion of your personal information, alteration or release of this information, or access without permission by unauthorised persons.
Here we would, however, like to point out that personal information shared with us on social media, e.g. the Association‘s Facebook page, counts as pubic information and does not come under the authority of the INA as the Association has no control over such information and is not responsible for its use or release. If you do not wish to share this information with other users or the social media provider, you are advised not to share such information on our social media.
The INA assists its members in reporting personal data breaches to the Data Protection Authority upon request. Requests to that effect should be made by telephoning 540-6400 or by e-mail to firstname.lastname@example.org.
So-called cookies* are used on our website to count visits and to recognise users revisiting the site.
The INA uses Google Analytics and Modernus for website monitoring. For every visit to our website a few details are recorded, such as date and time, search words, website of access, browser type and operating system. This information is useful for improving and developing our website, for example concerning the kind of material users are mostly looking for. No other information is collected and no attempt is made to link this information with other personally identifiable data.
* Cookies are special text files placed on a user‘s computer by a website for storing information about the visit.
On "My Pages" and in other places on our website it is possible to fill out forms, for instance fund applications and registrations for events. The INA website uses SSL certification, which means that all communication and data transfers are made more secure through encryption.
SSL certificates prevent unscrupulous persons from gaining access to online data such as passwords. This type of certification encrypts information transmitted between the users of different web servers so the data is safely transported to the appropriate destination.
You have the right to be informed about the type of personal data the INA has recorded about you, its origin, and how this data is used. You also have the right to be given access to whatever personal data is processed about you or request for it to be forwarded to a third party.
Furthermore, it is your right to request that your personal data is updated and corrected as needed, that the INA delete your personal data if there is not factual or legal obligation for its storage, and to raise an objection if you wish to limit or prevent the processing of your personal data. You have the right to be given information as to whether there is automated decision-taking, what grounds there are for such decision-taking, and about reviews of automated decision-taking.
We would like to point out that you are under no obligation to provide the personally identifiable information we request, but if you choose not do so there might be problems concerning the processing of your applications, the type of service available to you and responses to enquiries you might send to us.
If you wish to exercise your right, you may send a written enquiry to email@example.com. We will confirm receipt of your request and generally respond to it within a period not exceeding one month.
The INA is responsible for the processing of personal data and the handling of such information in all its activities.
The INA strives at all times to secure the protection of its members and keeps close tabs on all changes in the regulatory environment for data protection. For this reason, the Association‘s data protection strategy may need to be regularly reviewed and updated. Amendments to this strategy enter into effect upon publication on our website, www.hjukrun.is.
Last updated 31.08.2018.