Privacy Policy – Langisjór ehf.
Employees
Langisjo r ehf. (“Langisjo r” or the “Company”) is committed to ensure reliability, confidentiality, and security of personal data of employees of the Company and its subsidiaries (Alma í bu ðafe lag hf., Freyja ehf., Mata hf., Matfugl ehf., Salathu sið ehf., Sí ld og fiskur ehf. and Verkgarðar ehf. Collectively the “Subsidiaries”). This privacy policy aims to inform employees about which personal data the Company collects and how such data is utilized.
This privacy policy applies to personal data relating to all current and former employees of Langisjo r and its subsidiaries. In this policy, employees are referred to as “you,” and Langisjo r and its subsidiaries as “we” .
1. Purpose and Legal obligations
Langisjo r and its subsidiaries strive to fully comply with data protection legislation, and this policy is based on Act No. 90/2018 on Data Protection and the Processing of Personal Data (the “Data Protection Act”).
2. What is Personal Data?
For the purposes of this policy, personal data refers to any information about an identified or identifiable individual, i.e., information that can be directly or indirectly linked to a specific person. Non-identifiable or anonymized data is not considered personal data.
3. Personal Data Collected and Processed by the Company
We collect and store various personal data about our employees. The types of personal data collected may vary depending on the nature of the job.
Examples of personal data collected by the Company include:
Contact information, such as name, ID number, address, phone number, and email address;
Job applications, CVs, references, and interview notes;
Educational background, training, and work experience;
Employment contracts;
Information on union membership and pension fund details;
Salary and benefits information, including bank account details, purchases, reimbursements, etc.;
Notes from performance reviews;
Workplace accident information;
Disciplinary records;
Attendance records;
Information about sick leave and vacation;
Website information;
In certain cases, particularly related to specific roles, criminal background data may be collected.
In addition, the Company may collect other information provided by employees or, in exceptional cases, other data required for business purposes.
In general, the Company obtains personal data directly from employees. When personal data is collected from a third party, the Company will seek to inform employees accordingly.
More details regarding electronic surveillance (e.g., access logs) can be found in the Company's policy on electronic monitoring. Details about email and internet use are also available in the relevant policy.
4. Why We Collect and Process Personal Data and On What Grounds
We collect personal data primarily to meet our obligations under employment agreements, comply with legal requirements, or serve the legitimate interests of the Company.
Data processed under employment agreements is necessary to meet our obligations towards employees, and vice-versa, such as for salary payments or to assess suitability for specific roles. Failure to provide necessary data may prevent the Company from fulfilling its obligations or necessitate the re-evaluation of the employee’s role and position within the Company.
We may also process data based on legitimate interests, such as for security and asset protection. An example would be processing access logs.
We may publish your contact details and job title on our website based on legitimate interests to facilitate communication with customers and stakeholders. We may also request your consent to publish personal information, e.g., your birthday, on the internal site. Your photo may also be displayed internally or in the email system based on legitimate interests to enhance communication and security.
Some processing of personal data is based on legal obligations, e.g., labour and tax laws. For example, information on workplace accidents or union and pension memberships.
Processing of criminal records, where applicable, is based on legitimate interests and legal obligations of the Company.
Where processing is based on your consent, you may withdraw it at any time by contacting the HR department. All communications pertaining to such withdrawals or amendments is to be directed to the Company’s HR department.
5. Disclosure to Third Parties
The Company may disclose personal data to contractors and third parties involved in employment matters. Data may also be shared with IT service providers and other vendors involved in servicing the Company and supporting our operations.
Such third parties may be located outside Iceland. The Company will not transfer data outside the European Economic Area unless legally permitted. Currently, no such transfer takes place.
Personal data may also be disclosed if required or permitted by law, e.g., to the Administration of Occupational Safety and Health following a workplace accident, to unions, customs authorities, pension funds, or insurance companies. Disclosure may also occur in legal proceedings, court orders, or emergencies to protect the safety of employees or others.
6. How Is Data Security Ensured?
The Company implements appropriate technical and organizational measures to protect your personal data from loss, accidental alteration, and unauthorized access, copying, use, or disclosure.
7. Retention of Personal Data
The Company will retain your personal data only as long as necessary for the applicable processing purpose, unless otherwise required by law.
In some cases, personal data may be anonymized instead of deleted, in order to ascertain that data cannot be traced to a specific individual.
Generally, personal data is deleted upon termination of employment or within four years thereafter. Data subject to accounting laws is retained for seven years in order to fulfil legal obligations. Certain salary-related information may be stored for 14 years after the collection of such data.
8. Your Rights Regarding Personal Data Collected and Processed by the Company
You have the right to access and, in some cases, receive a copy of the personal data we process about you, as well as information on the purpose of the processing.
Under certain conditions, you may request that data be deleted or processing restricted. You may also request correction of inaccurate or outdated information. As such, it is important that you inform us of any changes to personal data that you have provided us with in a timely manner.
You may object to the Company‘s processing of your personal data based on the Company‘s legitimate interests. However, these rights are not absolute and may be restricted by laws or regulations.
9. Inquiries and Complaints to the Data Protection
If you wish to exercise your rights described in Articles 8 and/or 9 of this policy, or if you have questions about the Company’s privacy policy or how it processes your personal data, please contact the HR department.
If you are dissatisfied with how the Company processes your data, you may file a complaint with the Icelandic Data Protection Authority (www.personuvernd.is).
10. Contact Information
The HR department of the Company oversees the implementation of this policy. Contact details are as follows:
HR Department of Langisjo r ehf.: mannaudur@langisjor.com
Company Contact Information:
Langisjo r ehf. ID No. 691205-2070 Sundagarðar 8 104 Reykjaví k
11. Review
The Company may revise this privacy policy in line with changes in legislation or data processing practices. The updated version will be published on the job application website or otherwise communicated in a verifiable manner.
This policy shall be reviewed every two years or more frequently if needed.
Approved by the Board of Langisjór ehf., 26 November 2025
Guðný Edda Gísladóttir
Eggert Árni Gíslason
Gunnar Þór Gíslason
Halldór Páll Gíslason
This Privacy Policy is an English translation of the original Icelandic version. In the event of any discrepancies or inconsistencies between the English and Icelandic versions, the Icelandic version shall prevail.