Privacy Policy

The following Privacy Policy is valid from and last updated on May 2, 2022.


This Privacy Policy constitutes an agreement between the Service Provider and the Customer and is incorporated into and governed by the Terms of Service. Privacy Policy describes what information we collect and use about you and what information is shared with the third parties. Protecting the privacy and integrity of your personal data is our top priority.


1. Information we may collect about you


We collect different types of information in order to provide you with the Services in a reliable and secure manner.


1.1  Personal Data. Information relating to an identified or identifiable natural person. 


1.2 Your account information. When you use the Services and a reasonable period thereafter in case you decide to re-activate the Services. We collect and associate with your User Account the information you provide us like your first and last names, email address, mobile phone number, personal code, address, credit card and/or other billing information. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes and to enforce our agreements. We are acting as a Data Controller for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).


1.3  Your uploaded data (Customer Data). In order to provide the Services, we store, process and transmit your uploaded documents and information related to them. This data is processed solely in accordance with the directions provided by you. We are acting as a Data Processor for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).


1.4  Your usage information. We collect information related to how you use the Services. We may collect information like IP addresses, the type of browser, device, operating system you use, actions you take when using our Services. We use this information to improve our Services, develop new products, features, and functionality, and ensure the security of your account and your data. Should this purpose require us to process Customer Data, the data will only be used in anonymized or aggregated form. We are acting as a Data Controller for this information.


1.5  Other information. We may receive information about you, including your Personal Data, from third parties we are working closely with (like Qualified Trust Service Providers, other Service Providers integrated into our Services, business partners, subcontractors, payment service providers, credit rating agencies) on the basis of agreement or from cookies on the basis of consent. We will treat this information as Personal Data in accordance with this Privacy Policy. We are acting as a Data Controller for this information.


1.6  Contact information. Based on your consent and to answer your questions, we process personal data that you provide us when using contact forms on our website, such as name and surname, email address, phone number, organisation, message and other data that you provide. We are acting as a Data Controller for this information.



2. Disclosure of your information


We do not share any personal information with third parties unless one of the following circumstances applies:


2.1  With your consent. We will only share your personal information when we have your consent.


2.2  For internal processing. We shall ensure that the access to the Customer Data will be granted only to those employees or suppliers of Justikal which require such data for performing work functions or providing services to Customers.


2.3  For external processing. We may provide the Personal Data to our trusted business partners to process it for us, based on our instructions and in compliance with this Privacy Policy.


2.4  Lawful requests. We may disclose the Personal Data when we have a good belief that access, use, preservation or disclosure of such information is necessary to:


2.4.1   satisfy any applicable law, regulation, legal process or enforceable governmental request;


2.4.2  enforce our Terms of Service, including investigations of potential violations;


2.4.3  protect against imminent harm to our rights, property or safety, or that of our users or public as required or permitted by law.


2.5  Business transfers. We may share and/or transfer your Personal Data if we become involved in any merger, acquisition, reorganization, sale of assets, bankruptcy.

3. Retention Policy


3.1  Once you delete your User Account from the Services, your copy of the content (Customer Data) is deleted within 30 days of the date of closure. Your account information and billing information is retained for a period of 7 years in accordance with the Icelandic accounting and taxation laws.


3.2  We retain information about your activity and system logs (the actions you take when using our Services) to ensure our Services are provided in a reliable and secure manner. This information related to your activity may contain Customer Data and/or Personal Data. This information is not deleted.


4. Data Controller


4.1  You’re acting as a Data Controller for your uploaded data (Customer Data) that contains Personal Data. We are not responsible for any Personal Data stored at the discretion of our Customers, including but not limited to Access requests or Documents.

4.2  We are neither responsible for the manner in which our Customers collect, handle, disclose, distribute nor otherwise processes such data.

4.3  The terms for such data processing are defined in the Data Processing Agreement.


5. Analytics

5.1  We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.


5.2  We use Google Analytics to analyse the use of our website and APP solution.

For further details, please see the ‘About Hotjar’ section on Hotjar’s support site.

For more information about Google Analytics, see Google’s Privacy Policy.

6. Use of Cookies

6.1  Cookies are a small piece of information saved in your browser storage. They are used to improve the customer experience in pages and help third-party services to work properly. We use cookies in all our Services. We only store anonymous identifiers and other preferences, so your personal data is not stored. We inform you about the use of cookies when you visit our website. We ask you to consent to the use of all, except strictly necessary, cookies on our website.

6.2  We use three types of cookies:

6.2.1  Essential cookies — essential in provision of Services. These cookies ensure that information and services are delivered securely and optimally.

6.2.2  Performance cookies — to monitor visitor behaviour and help us improve our information and services.

6.2.3  Functionality cookies — to help improve your experience by providing a more personalised service. Those cookies remember choices, for example, language, preferred login option etc.

7. Your rights

7.1  Under the GDPR regulation, data subjects have the following rights:

7.1.1  the right to access personal data held about them;

7.1.2  the right to object to processing (for example, direct marketing);

7.1.3  the right to data portability;

7.1.4  the right to complain about processing carried out by the data controller;

7.1.5  the right to object to automated decision making;

7.1.6  the right for the personal data being updated;

7.1.7  the right to be forgotten.

7.2  You may exercise any of your rights in relation to your personal data by contacting our Data Protection Officer by email at

8. Changes and Updates

8.1  We may revise this Privacy Policy from time to time and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

9. Contact us


If you have any questions, concerns or complaints about this Privacy Policy, you may contact our Data Protection Officer by email at