Privacy policy

Privacy Policy

Scope of Privacy Policy at Stiki ehf.

Stiki ehf. and its affiliates (“Stiki, We, Us”) respects your privacy and is committed to protecting the privacy of our visitors and clients. We uphold the highest industry standards in privacy and permission marketing. This Privacy Policy explains what personal data we collect from you through our interaction with you on our websites, through provision of services and product resale transactions, and how we use that data.

Our websites within the scope:

Security and Privacy 

Our Information Security Management System (ISMS) is certified to ISO/IEC 27001:2013 by BSI (Cert. # IS-67387). We believe we are exercising appropriate security controls to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect to breaches that occur beyond our sphere of control.

Personal Data We Collect

We collect minimal data to operate effectively and to provide you the best experiences with our websites, our services, and our product resale transactions. When you visit our websites, cookies collect statistical data about your visit to our sites. This data provides us with general statistics regarding our sites, giving insight into how effective certain areas of our sites are to users and how we might improve user experience.

Types of personal information collected:

  • unique IDs such as a cookie ID on your browser;
  • IP addresses and information derived from IP addresses, such as geographic location;
  • information about your device (browser, device type, operating system, the presence or use of ‘apps’, screen resolution, or the preferred language);
  • the date and time you visited our websites;
  • Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.

We collect other personal data when you willingly provide it to us through e-mails; registering for product demonstrations, webinars or training’s; and when we process product resale transactions.

Please keep in mind that if you directly disclose personal data, personally identifiable information (PII), or personally sensitive data through Stiki’s public message boards (websites and social media platforms), this information may be collected and used by others.

How We Store Personal Data

We store the data collected in our secure onsite environment that is protected from unauthorized access, use, or disclosure through our ISMS. When personal data is transmitted within or outside of the EU, when appropriate we use encryption, such as the Secure Socket Layer (SSL) protocol.

Our websites are hosted by a third party we trust and they have their own Privacy Policy and Data Processing Agreement.

How We Use Personal Data

Stiki has implemented and strictly enforces an internal Data Protection Policy. Personal data submitted to us is used by approved employees managing this information for specific purposes only. These purposes include contacting you (via email, phone, etc.) in an effort to respond to a request or to provide a service or product, and to notify you of events and other activities such as training. We may also contact you with surveys in order to conduct research about your opinion of current services or of potential new services that may be offered.

Reasons We Share Personal Data

We share your personal data with your consent or as necessary to complete any transaction you have requested or authorized. We also share data with our partners and vendors working on our behalf to fulfill your requests; when required by law to respond to legal process; to protect our customers; to maintain the security of our services; and to protect the rights or property of Stiki.

Your Rights as a Data Subject

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email or use the information supplied in the Contact us section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

  • The right to be informed
    As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.
  • The right of access
    You may request a copy of the personal data we hold, but first we need to verify your identity and, if relevant, the authority of any third-party requester. After verification we will provide access to the personal data we hold about you as well as the following information:

    1. The purposes of the processing;
    2. The categories of personal data concerned;
    3. The recipients to whom the personal data has been disclosed
    4. The retention period or envisioned retention period for that personal data
    5. When personal data has been collected from a third party, the source of the personal data

If there are uncommon circumstances resulting in our refusal to provide the information, we will explain them. Frivolous or provoking requests will be refused, as that is our right. If answering requests are likely to require additional time or incur unreasonable expense,  we will inform you upfront and request your acceptance to pay the incurred costs.

  • The right to rectification
    Then you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
  • The right to erasure
    You may request that we delete the personal data, and we will comply, but only after we establish no overriding legal basis or legitimate reason for continuing processing personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
  • The right to restrict processing
    You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

    1. The accuracy of the personal data is contested.
    2. Processing of the personal data is unlawful.
    3. We no longer need the personal data for processing but the personal data is required for part of a legal process.
    4. The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
  • The right to data portability
    You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfillment of a contractual obligation.
  • The right to object
    You have the right to object to our processing of your data where:

    1. Processing is based on legitimate interest;
    2. Processing is for the purpose of direct marketing;
    3. Processing is for the purposes of scientific or historic research; or
    4. Processing involves automated decision-making and profiling.


We post customer testimonials on our website. These testimonials may contain personal data, such as the customer’s name. We obtain your consent prior to posting the testimonial, so that we can post your name along with the testimonial.

Cookies and Similar Technologies

Client-side cookies (small text files placed on your device) are used to verify the login status of customers using products or services linked directly with our website. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. You have a variety of tools to control cookies and similar technologies including browser controls to block and delete cookies, and controls from some third-party analytics service providers, to opt-out of data collection through web beacons and similar technologies.  If a user rejects the cookie, they may still use our sites; however, the user may not be able to access all areas of our sites.

Third Party Websites

Please be aware that other websites (our partners and vendors) that may be accessed through our site may collect your personal data. We do not share your personal data with those websites unless directed to by you in order to fulfill service requests. Please check the applicable Privacy Policy of those sites.

Children’s Privacy

Our websites are not intended for people under the age of 18. We don’t knowingly solicit or collect information from children or minors (under the age of 18).  Stiki complies with the EU-General Data Protection Regulation, the Children’s Online Privacy Protection Act (USA), The Personal Information Protection and Electronic Documents Act (Canada), and similar laws.

Policy Consent

By using our websites, you agree to this Privacy Policy. This policy appears in its completed form and supersedes any earlier version.

Notification of Changes

This Privacy Policy is subject to change without notice. If at any point, we decide to use personal data or personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email of the changes to our policy. Users will have a choice as to whether or not we use their information in this different manner. We reserve the right to modify this privacy policy at any time, so you have the option to review each time you visit our websites. If we make material changes to this policy, we will notify you by means of a notice on our websites.

Privacy Policy Effective Date: 2018 May 25 

We welcome your comments regarding this statement of privacy. If you believe that Stiki has not adhered to this statement, please contact us at: We will do our best to respond promptly to determine and remedy your concerns.

Contact Information

Please contact us if you need more information.
Stiki e.h.f.
Laugavegur 178, 4th Floor
IS-105 Reykjavík
Phone: +354.570.0600
Fax: +354.570.0601

Our telephone switchboard is open 9:00 am – 5:30 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.