PRIVACY POLICY

This privacy policy explains how Arcticbit ehf. collects and uses your personal data when you interact with our website or use Spkwith. It covers the types of data we gather, how we process it, and the rights you have in relation to your information.

Spkwith is not designed for children, and we do not knowingly collect information about anyone under 18.

You may come across additional privacy notices from us in specific situations. Those notices give you more detail about how we use your information in that context. This policy should be read together with them. It adds to, rather than replaces, those other notices.

The company responsible for your personal data is:

In this privacy policy, when we say “Arcticbit”, “we”, “us” or “our”, we are referring to Arcticbit ehf.

We have a data privacy manager who looks after questions about this policy and how your information is handled. If you would like to know more or if you want to exercise your legal rights, you can reach out using the contact details below.

If you have questions about this privacy policy or how we handle your information, you can reach our data privacy manager here:

You always have the right to raise a complaint with Persónuvernd, the Icelandic Data Protection Authority. That said, we would value the chance to address your concerns directly first, so please contact us before reaching out to them.

Our website may contain links to third-party websites, plug-ins, or applications. If you click on those links, the third party may collect or share data about you.

We do not control those websites and are not responsible for how they handle your information. When you leave Spkwith, we encourage you to review the privacy policy of any site you visit.

Personal data (or personal information) means any information that can identify you as an individual. This does not include data where the identity has been removed, which is considered anonymous.

We may collect, use, store, and share the following types of information:

• Contact Data: your name, job title, email address, and phone number
• Company Data: information about the company you represent or work for, such as its name, address, city, state, country, postal code, industry, services, and company size
• Technical Data: details like your IP address, login information, browser type and version, time zone and location, browser plug-in types and versions, operating system, platform, and the devices you use to access Spkwith
• Usage Data: information about how you use our website, products, and services

We also collect and use Aggregated Data, such as statistical or demographic information. For example, we may use aggregated usage data to understand how many people use a specific feature. Aggregated data is not considered personal because it does not reveal your identity. If we combine aggregated data with personal data in a way that could identify you, we treat the result as personal data and protect it accordingly.

We do not collect any special category data (such as race, ethnicity, religion, health information, sexual orientation, or political views), and we do not collect information about criminal convictions or offences.

Sometimes we are required by law, or by the terms of a contract, to collect certain personal information from you. If you do not provide that information when asked, we may not be able to deliver the service you requested or enter into a contract with you.

In rare cases, this could mean we need to cancel a product or service you have with us. If that happens, we will let you know at the time.

We collect information about you in a few different ways:

• Direct interactions: You may share your contact or company details with us by filling out forms, or by getting in touch by post, phone, or email.
• Automated technologies: When you use our website, we automatically collect technical information about your device, browsing actions, and patterns. This happens through cookies, server logs, and similar technologies. If you visit other sites that use our cookies, we may receive some technical data from those as well. See our Cookie Policy for more details.
• Analytics services: We also receive technical data from third-party providers, which may be based outside of Iceland.

We only use your personal information when we have a lawful reason to do so. The most common reasons are:

• To carry out a contract we have with you, or to take steps before entering into one
• When it is necessary for our legitimate interests (or those of a third party) and your rights and freedoms do not override those interests
• When we need to comply with a legal obligation

In some cases, we may rely on your consent. For example, we will always ask for your permission before sending marketing messages from third parties. You can withdraw your consent to marketing at any time by contacting us.

We do not sell your personal data. We use it only for the purposes listed below, and always in line with the law.

Spkwith uses cookies and similar technologies to make our website work smoothly and to help us understand how people use it.

You can set your browser to block some or all cookies, or to notify you when a site tries to use them. If you choose to disable cookies, please be aware that parts of the website may not work properly. For EU and Iceland users, we only place non-essential cookies (like analytics) if you give consent.

For more details about the types of cookies we use and how you can manage them, see our Cookie Policy.

We only use your personal data for the reasons we collected it in the first place. If we ever need to use it for something different, we will make sure the new purpose is compatible with the original one.

If you would like more detail about how a new use relates to the original purpose, you can always contact us and we’ll explain.

We only share your personal information when it’s necessary and for the purposes described in this policy. This may include sharing with:

• Service providers and partners who help us run Spkwith (for example, hosting, analytics, or customer support tools)
• Other third parties listed under Purposes for which we use your personal data
• Business transfers: if we sell, merge, or restructure parts of our business, your data may transfer to the new owner, who must continue to use it in line with this privacy policy

If we ever need to use your data for a purpose not covered here, we will let you know and explain the legal basis for doing so.

In some cases, the law may require us to process or share your data without your knowledge or consent. We only do this where it is legally permitted.

When we share your personal information with trusted third parties, we make sure they treat it securely and in line with the law.

We only allow these partners to use your data for the specific tasks we’ve asked them to do, and they must follow our instructions. They are not allowed to use your personal data for their own purposes.

In some cases, your data may also be shared as described under Purposes for which we use your personal data or if our business is sold, merged, or reorganized. If that happens, the new owner must continue to use your data in line with this privacy policy.

Some of our service providers and partners are located outside Iceland and the European Economic Area (EEA), including in the United States. This means your personal data may be transferred internationally.

Whenever this happens, we ensure your data has the same level of protection it receives in Iceland and the EEA. We do this by:

• Transferring data only to countries officially recognized by the European Commission as providing adequate protection, or
• Using Standard Contractual Clauses (SCCs) approved by the European Commission, including supplementary safeguards where required by the EU/EEA regulator

If you are based in the United States, we may also share data in line with US privacy laws such as the CCPA/CPRA.

If you would like more detail about the safeguards we use, please contact us.

We take the security of your personal information seriously. To protect it, we use appropriate technical and organizational measures to prevent it from being lost, misused, accessed without authorization, altered, or disclosed.

Access to your personal data is limited to employees, contractors, and trusted partners who need it to do their jobs. They can only process your data following our instructions and must keep it confidential.

We also have procedures in place to handle any suspected data breaches. If a breach occurs, we will notify you and the relevant authorities when the law requires it.

We keep your personal data only for as long as necessary to meet the purposes for which it was collected. This includes meeting legal, regulatory, tax, accounting, or reporting obligations.

In some cases, we may keep your data for longer. For example, if there is a complaint or if we believe there is a chance of a legal dispute connected to our relationship with you.

When deciding how long to keep data, we look at factors such as:

• the type and sensitivity of the data
• the potential risk of harm from unauthorized use or disclosure
• the purposes for which we process the data and whether those purposes can be met in another way
• legal, regulatory, or other official requirements

You can ask us to delete your personal data in certain situations (see Your legal rights below).

We may also anonymize data so it can no longer be linked to you. In that case, we may use the anonymized information indefinitely without further notice.

Depending on where you are located, you have rights under data protection law. These include the right to:

• Access your data: ask for a copy of the personal data we hold about you
• Correct your data: ask us to fix or update inaccurate or incomplete information
• Delete your data: request deletion where there is no good reason for us to keep it, or where required by law
• Object to processing: object if we rely on legitimate interests or if we use your data for direct marketing
• Restrict processing: ask us to limit how we use your data in certain situations
• Transfer your data: request to receive your data in a machine-readable format or transfer it to another provider (data portability)
• Withdraw consent: withdraw your consent at any time where we rely on it
• Opt out of sale or sharing (US/California only) – if you are a California resident, you may have the right to opt out of the sale or sharing of your personal information under the CCPA/CPRA

We may need to verify your identity before responding to a request. We aim to reply within one month (or within the timeframe required by law). If your request is complex or if you make multiple requests, we will let you know if it takes longer.

You may also have additional rights under the laws of your state or country.

You will not have to pay to access your personal data or to exercise any of your rights.

In rare cases, if a request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to act on the request. If that happens, we will explain why.

To protect your privacy, we may ask you for specific information to confirm your identity before we share personal data or act on a rights request. This helps us make sure your data is not disclosed to anyone who is not entitled to it.

We may also get in touch to ask for a bit more detail about your request, which can help us respond more quickly.

We aim to respond to all valid requests within one month. If your request is complex or if you have made several requests, it may take a little longer. In that case, we will let you know and keep you updated.

We may share your personal data with trusted third parties, including:

• Service providers based in the EEA and North America who help us with IT infrastructure, hosting, and system administration
• Professional advisers such as lawyers, bankers, auditors, and insurers, who may act as processors or joint controllers when providing services like consultancy, legal, insurance, banking, and accounting