Igloo uses cookies.

Read our cookie policy for more information.

Igloo Privacy Policy

Welcome to Igloo's Privacy Policy page, herein referred to as "the Policy". This document outlines the principles and procedures concerning the collection, usage, and protection of personal data by Igloo. By accessing and utilizing the services offered by Igloo, you acknowledge and agree to be bound by the terms of this Policy. Our commitment to transparency, security, and confidentiality is paramount, and we appreciate your trust in entrusting us with your personal information.

Igloo's Commitment to Privacy Protection and Personal Data Processing in Compliance with Act No. 90/2018

Safeguarding personal information constitutes a fundamental principle of Igloo. The company accords significant weight to the privacy interests of its clientele, emphasizing the necessity of processing personal data in a manner that is lawful, equitable, and transparent. The privacy policy encompasses, inter alia, elucidations pertaining to the categories of personal information collected by Igloo, the rationale and timeframe for such collection, the projected duration of data retention, the potential recipients of the data, and the measures implemented to ensure data security. Furthermore, the policy furnishes pertinent details about clients' rights in relation to the personal information processed by Igloo. The handling and processing of clients' personal information by Igloo are conducted in strict compliance with Act No. 90/2018, governing privacy protection and personal information processing.

Igloo's Privacy Policy regarding personal data protection is in effect as of 1 January 2020 and represents its initial version.

1. Who are we?

Igloo's responsible entity and data controller on all marketing territories, whether within or outside the European Economic Area ("EEA"), within or outside the United Kingdom, Switzerland or Japan, is the following company:

Leiguskjól ehf.
kt. 510906-1520
Bjargargata 1
102 Reykjavík
Iceland

Link to this entity in the company registry of Iceland Revenue and Customs

The data controller is Igloo, Leiguskjól ehf., with the registration number 510906-1520. Igloo operates as a rental platform, delivering services to lessees and lessors alike. As a fintech company, Igloo offers its customers a wide range of insurance and financial products in collaboration with banks and insurance companies. Stringent requirements for the protection of personal information between Igloo and its cooperating partners are set forth in processing agreements between the parties.

2. Where This Privacy Policy Applies

This privacy policy pertains to Igloo's website, mobile application ("app"), and other services falling under the Igloo brand or Leiguskjól. For the sake of simplicity, we shall collectively refer to these as the "Services" in this privacy policy.

In exceptional cases, specific privacy policies may apply to the products or services offered by the company, such as financial products offered to users.

3. Igloo's Personal Data Classification and Sources of Acquisition

Igloo amasses personal data from clients to furnish them with tailored products and services. This typically encompasses general personal data, including name, identification number, residential address, phone number, IP address, geographical location, and particulars concerning products and services previously or currently utilized by the client via Igloo. Moreover, Igloo accrues personal data about clients when they engage with Igloo for service provision, through staff phone calls, electronic mail, online chat, visits to Igloo's premises, on Igloo's website, or within the Igloo application. In addition, Igloo obtains personal data from authorized third-party sources when deemed requisite, such as the National Registry of Iceland or Creditinfo.

Igloo classifies personal data by category to attain comprehensive insight into the types of personal data managed by the organization. The principal categories of personal data are delineated as follows:

  • Identification data: Any credentials substantiating a client's identity, such as a passport copy, driver's license, or digital identification.
  • Basic data: Name, identification number, residential address, phone number, email address, and other rudimentary data, encompassing information pertaining to a legal guardian for an individual, details about affiliated legal entities, and an individual's role within a legal entity, for instance, a power of attorney holder or estate administrator.
  • Financial data: Transactional history, direct debit authorizations, revenue, financial commitments, defaults, credit assessments, payment evaluations, among others.
  • Contractual data: Particulars pertaining to agreements executed between the client and Igloo, and information regarding products and services rendered to the client, facilitating adherence to contractual stipulations.
  • Reliability assessment data: Information empowering Igloo to undertake reliability appraisals in line with Act No. 140/2018 on counteracting money laundering and terrorist financing, and ensuring compliance with international sanctions, encompassing verification of the business relationship's purpose and nature, and ascertaining whether the client is part of a risk group due to political affiliations. Data provided in response to mandatory government inquiries: This encapsulates information furnished to tax authorities concerning tax filings or withholding tax submissions, and data shared with tax investigation directors and public prosecutors for case investigations, which may comprise details about income, debt status, claims, among other factors.
  • Communicative data: Information procured by Igloo from clients through correspondence, such as letters or electronic mail, and/or dialogues with clients, whether in person, via Igloo's communication infrastructure, or on social media platforms.
  • Technical data: Details regarding the client's device employed to access the Igloo application, with derived data from said connection encompassing IP address, operating system version, and executed operations.
  • Behavioral and utilization data: Information relating to a client's/user's engagement with Igloo's services, including service usage frequency.
  • Public data: Information derived from the National Registry of Iceland, real estate registries, vehicle registries, corporate registries, and other public repositories, as well as data accessible from financial information providers like Creditinfo and publicly available online information.
  • Call recordings: Telephonic conversations are documented by Igloo to assure service quality.
  • Consent: Specific consents, such as those granted for cookie usage.

At the inception of a business relationship, Igloo acquires foundational and identification data. Following this, an individual furnishes the requisite financial and ancillary information, enabling the provision of the sought-after product or service, encompassing payment details such as the amount, category, and beneficiary. Furthermore, individuals applying for a guarantee from Igloo submit financial data needed to assess their creditworthiness and payment capacity, including an overview of wage payments and asset-liability status. Igloo amasses data on individuals' conduct and utilization of the company's platform. In compliance with pertinent legislation, Igloo's regulations, and this statement, Igloo documents and preserves communications between the individual and the company. Should an individual opt against providing indispensable personal data to Igloo or oppose their processing, it may influence the manner or feasibility of Igloo offering services to the individual. In the course of delivering contractual services or executing legally mandated oversight, Igloo generates personal information about clients. This encompasses data such as the products and services a client holds with Igloo, their login instances for Igloo's system and application, IP address and identification data, their mode of communication with Igloo, and transaction history. In adherence to electronic surveillance regulations, Igloo maintains call recordings. Calls constitute a component of Igloo's security infrastructure and seek legal basis in data protection legislation. The retention period spans two years for specific service requests or credit assessments concerning rental guarantees, and 90 days otherwise. The objective of processing is to assure security and curtail the likelihood of fraudulent activity.

Igloo obtains personal information from third-party sources to mitigate potential fraudulent activities. Notable third parties that supply information pertaining to individuals to Igloo encompass the National Registry of Iceland (Þjóðskrá Íslands), the Property Registry, the Corporate Registry, Creditinfo, the Directorate of Internal Revenue, and the Customs Authorities. These third-party entities furnish Igloo with requisite data that they are legally authorized to disseminate. The underlying legal premise for such disclosure may differ; in certain instances, the third parties possess independent legal prerogatives to divulge the information, while in other circumstances, the client may have granted their explicit consent for the sharing of their data.

4. Legal Basis and Legitimate Interests for Personal Data Processing

Igloo must always possess a lawful basis for processing the personal data it retains about its clients. In order to execute a service or fulfill a contractual obligation, it may be necessary for Igloo to process a client's personal data to provide the service or adhere to the terms of an agreement between the client and Igloo. The legal basis for such processing can be found, for instance, within the terms of service or contractual provisions.

Igloo holds a legitimate interest in processing clients' personal data to refine its products and services in order to optimally address the needs and expectations of its clients. Such processing will not be conducted if the client's fundamental rights and freedoms concerning data protection take precedence over the interests of processing. Igloo also maintains a legitimate interest in processing personal data for direct marketing purposes, enabling clients to be acquainted with the tailored products and services that Igloo can offer. Various methods are employed for this purpose, including messages through the company's system, the Igloo app, social media platforms, and the Igloo website (leiguskjol.is), as well as by sending emails to the address supplied by the client. Clients reserve the right to opt out of such communications.

Igloo may process a client's personal data based on their explicit consent in specific instances, such as with cookies on the Igloo and Leiguskjól websites, as detailed in the applicable rules and terms concerning cookies. Furthermore, Igloo will obtain the client's consent if it is expected that personal data will be utilized for purposes divergent from the original intentions when the data was collected. Clients retain the ability to revoke their consent at any time by notifying Igloo. The revocation of consent will not impact the processing of personal data conducted prior to Igloo's receipt of the notification.

5. Automated Decision-Making and Personalized Profiles at Igloo

In certain circumstances, Igloo may engage in automated decision-making with respect to the provision of services based on an individual's profile, which is derived from the information Igloo has about the individual. This automated decision-making process entails the utilization of software that processes personal data pertaining to the individual autonomously, generating a tailored profile. Thereafter, an automated decision is rendered without human input or judgment. An illustration of such a decision is the provision of a rental guarantee to tenants. The formation of the personalized profile relies on, among other factors, the individual's creditworthiness assessment and information from their transaction history. An algorithm is then employed to compute and determine whether the guarantee should be granted.

Automated decision-making is conducted solely with the individual's express consent if it is a prerequisite for entering into or performing a contract between the individual and Igloo, or if it is authorized by law. Other forms of automated decisions that do not directly impact individuals, such as Igloo's marketing initiatives based on legitimate interests, may be executed without consent. Individuals retain the right to raise concerns or object to an automated decision that affects their interests, as well as request a human review and reevaluation of the outcome by contacting Igloo at samband@leiguskjol.is or by phone.

6. Disclosure of Personal Data and Third-Party Sharing

Igloo refrains from divulging personal information pertaining to its clientele unless mandated by law or necessary for the execution of contractual responsibilities. Nonetheless, clients may authorize Igloo to disseminate their personal data to third parties by granting explicit consent. Examples of entities possessing legal entitlement to demand the disclosure of personal information encompass regulatory bodies such as the Financial Supervisory Authority, the Central Bank of Iceland, the District Prosecutor's Office, the Director of Internal Revenue, customs authorities, and law enforcement agencies. Additionally, Igloo is obligated to disclose personal data in compliance with judicial orders.

In certain instances, personal data may be transmitted to parties executing their legally stipulated functions or to data processors operating on behalf of Igloo under contractual arrangements. Among these parties are financial information bureaus like Creditinfo, and information technology firms responsible for managing and hosting information systems. Instances of such information sharing encompass debt registration, debt collection, client approval for sharing information with data processors, case management before arbitration committees or courts, and scenarios in which legislation necessitates the disclosure of information, among others.

The management of data and the stipulations Igloo imposes on data processors are delineated in data processing agreements that Igloo establishes with its collaborative partners and service providers.

7. Data Retention Periods and Legal Compliance

Personal data shall be retained throughout the duration of the customer relationship with Igloo or for such period as is required in view of the processing purpose, contractual provisions, Igloo's policies, and justifiable grounds. Justifiable grounds arise when the information continues to be processed in line with the original collection purpose or due to Igloo's commercial interests, e.g., to establish or defend against legal claims, which may warrant retention of data beyond the termination of the customer relationship. Igloo endeavors to retain personal data in an identifiable form no longer than is necessary. As a result, different retention periods may apply based on the type and nature of the personal data. Legislation may prescribe data retention periods, such as the Accounting Act No. 145/1994.

Igloo is obliged to retain data and information in compliance with the legal provisions governing its activities, specifically addressing the data retention periods.

8. Data Subject Rights and Limitations

The Data Protection Act confers various rights upon customers, though these rights may be subject to certain restrictions. For example, a customer's request for data deletion might be denied due to legally mandated retention periods. If Igloo is unable to comply with such requests, the customer will be duly informed. Customers are entitled to know whether Igloo processes their personal data, access said data, and receive pertinent information about the purpose of processing, categories of recipients, data origin, the involvement of automated decision-making, and their associated rights.

Customers have the right to request rectification of any inaccurate information held by Igloo. Additionally, customers may request deletion of their personal data if deemed unnecessary for the original collection purpose or if consent is withdrawn and no alternative legal basis for processing exists. Customers reserve the right to object to their personal data processing and usage for direct marketing purposes, including profiling, and may request Igloo to restrict processing if the data accuracy is contested, processing is unlawful, or Igloo no longer requires the data but the customer needs it for legal claims. Customers can opt out of personal data processing for marketing purposes; however, Igloo will continue sending crucial information regarding terms or contractual obligations.

9. How to Contact Us?

Should you have any inquiries regarding this privacy policy, we provide the following means of contacting us:

By Post

Leiguskjól ehf.
kt. 510906-1520
Bjargargata 1
102 Reykjavík
Iceland

By Email

samband@leiguskjol.is
Subject line: Privacy Policy

️© 2025 Leiguskjól (Igloo)

Sitemapsamband@leiguskjol.is519-1518

Open weekdays 9-16