The Social Insurance Administration places great emphasis on the protection of personal data, but the processing of personal data is an essential part of TR’s operations. In connection with the statutory role of the Administration, it is necessary to register and work with various personal and health information of applicants. All handling and preservation of identifiable information is in accordance with applicable laws and regulations on the handling of personal data.
Data protection shall be observed in the treatment of personal data in all activities of the institution and services provided by TR, whether it is in the course of work for themselves, statistical information or professional audits.
Data protection considerations shall be taken into account in all computer systems and software owned by or operated by TR.
Data protection shall be observed in the collection and dissemination of information to partners and professional bodies through secure electronic means.
The director, the personal data protection officer, the quality manager, the information security manager, the directors of departments and the district commissioners (as agents of TR) ensure that the personal data protection policy is followed.
TR staff and agents, contractors and service providers are required to work according to the Data Protection Policy.
The management of TR promotes the implementation of this policy through measures in accordance with the work and responsibilities of the relevant staff, contractors and service providers.
That personal data is only collected, stored and processed is considered necessary to meet the conditions of the law that TR is charged with enforcing.
To protect the personal data of TR customers in a structured manner.
To further protect sensitive health personal data, so that access to them is controlled by special access controls. Access controls are such that no one can access them except those who need it directly for their work.
Ensuring the protection, accuracy, transparency and accessibility of individuals to their own data and information held by TR
To ensure that personal data is not passed on to the unaccountable.
To promote active personal protection awareness of employees, colleagues, customers and guests.
Objectives
That personal data is only collected, stored and processed is considered necessary to meet the conditions of the law that TR is charged with enforcing.
To protect the personal data of TR customers in a structured manner.
To further protect sensitive health personal data, so that access to them is controlled by special access controls. Access controls are such that no one can access them except those who need it directly for their work.
To ensure the protection, accuracy, transparency and accessibility of individuals to their own data and information held by TR.
To ensure that personal data is not passed on to the unaccountable.
To promote active personal protection awareness of employees, colleagues, customers and guests.
More about the processing of personal data
TR is the controller of the processing of personal data by the institution.
TR works with various service providers, among other things, for its duty as the executor of social insurance, information security and the publication of data in the government's digital mailbox. Processing agreements are made with the relevant processors, if applicable. There are strong requirements for processors to meet the requirements of data protection rules and ensure the reliability of personal data through appropriate technical and organisational security measures.
The processing of personal data is a prerequisite for TR to fulfil its statutory role. In general, it is not possible to request exemption from such processing.
The main laws that TR operates by are:
Social Security Act, no. 100/2007.
Social assistance law, no. 99/2007.
Act on Additional Social Assistance for the Elderly, No. 74/2020.
Law on payments to parents of chronically ill and severely disabled children, no. 22/2006.
Law on the affairs of the elderly, no. 125/1999.
Act on the Protection of Privacy and the Processing of Personal Data, no. 90/2018.
Law on the rights of living donors to temporary financial assistance, no. 40/2009.
Law on the Rights and Obligations of State Employees, No. 70/1996.
Administrative Law, No. 37/1993.
According to the data protection legislation, individuals have certain rights, e.g. to know which personal data TR processes about them and to have access to them.
You can request to exercise the rights by sending a request to the email address or send a message to TR by other means.
TR has up to one month to respond to such matters but the deadline can be extended by two months if the request is particularly extensive.
If individuals believe that TR has not processed their personal data lawfully, a complaint can be sent to the Data Protection Authority.
TR ensures the protection of personal data through the information security management system in accordance with the rules no. 299/2001 on the security of personal data.
TR has established a information security policy (information security policy TR), has carried out a risk assessment and has implemented appropriate security measures to ensure the security of the institution's systems.
TR on Facebook
TR uses the communication tool Facebook for the purpose of facilitating information sharing to the public.
If individuals use the Facebook page of TR to submit suggestions to TR, it must be taken into account that this information is also shared with Facebook.
TR on Instagram
TR uses the social networking tool Instagram to facilitate information sharing to the public.
If individuals use the TR Instagram page to make suggestions to the TR, it must be taken into account that that information is also shared with Instagram.
TR on YouTube
TR uses YouTube to share educational videos to the public. You can register as a subscriber and TR can then see the username of the person but does not save it.
Questions and answers
TR has an obligation to collect personal information on the basis of the laws that the organization operates under. TR collects, for example, personal information from the following parties:
The data subject, e.g. when the person concerned submits an application, inquiry, suggestion or other message or participates in surveys conducted by TR.
Pension funds.
Other government agencies, such as tax authorities, the Directorate of Labour, Registers Iceland, Commissioners, Prison and Probation Service, Immigration Service, National Commissioner of Police, The Icelandic Transport Authority, medical institutions, residential and nursing homes, municipalities, recognized responsible parties for rehabilitation programs, the Student Education Fund, recognized educational institutions within the general education system, higher education schools and the Housing and Civil Engineering Institute.
TR's foreign sister institutions.
TR processes personal data solely for the purpose of fulfilling its statutory role. Personal data is collected digitally or otherwise from various parties, both private and public, for example when:
The person concerned applies for rights or payments, sends an inquiry or other communication.
The person concerned has requested access to data in accordance with the Administrative Procedure Act, the Information Act or the Privacy Act.
The person concerned has registered for a seminar/presentation organized by TR
The person concerned responds to surveys organized by TR.
The person concerned has applied for a job or internship at TR.
When visiting and agreeing to the use of cookies on the TR website at island.is.
TR collects and processes various types of personal information about customers and their agents, if an individual has entrusted others to communicate with the organization.
The processing of personal information may, for example, concern:
Identity of individuals, e.g. name, ID number, gender and citizenship.
Place of residence, postal address, home address, email address, telephone number and lease agreements.
Information about residence in Iceland and insurance period.
Relationships with others based on family number, e.g. close relatives/parents, marital status, spouse, former spouse and children.
Information related to children, e.g. residence, school attendance, adoption of a child and information about the death of a parent.
Financial information, e.g. income, assets and debts.
Sensitive personal information, e.g. health information, nationality, union membership.
Information on criminal records for job applications.
Information from the vehicle register, such as information on vehicle ownership.
Information on rulings and sentences, such as rulings on child support payments, paternity recognition cases and information on detention or criminal detention.
Further information can be found in the TR processing register.
TR also processes information on employees and job applicants:
Certain information is necessary to be able to pay salaries, such as contact information, salary category, time registrations, tax brackets, union membership, bank information, pension fund information and debts to the Treasury collector. The actions of employees in the agency's case register are also recorded in the action register. Other information is related to the employee's job description.
Certain information is necessary when assessing applications, such as contact information, CV, cover letter, educational information, interview results, third-party reviews and other communications with applicants.
The processing of personal data includes, among other things, TR collecting, recording, storing, deleting, transferring and merging information. TR strives to record only the personal data that is necessary for the processing of the tasks that TR is entrusted with by law.
Privacy officer
The Data Protection Officer of TR monitors compliance with applicable laws and regulations on personal data protection. Inquiries, comments or suggestions relating to the processing of personal data can be addressed to the Data Protection Officer by sending an email to the email address.
You can also send a letter and the envelope must then be marked to the data protection officer.
This policy is reviewed every 12 months or as appropriate
