Netfriður - Þitt Net, Þitt Öryggi

Privacy Policy & GDPR Statement

Netfriður vinnur eftir ströngum öryggisreglum fyrir gagnavernd - við staðfestum sérstaklega, viðhöfum fullt gagnsæi og gefum þér fulla stjórn á gögnum fjölskyldunnar.

GDPR samræmi
Hámarks gagnsæi
Norræn gagnageymsla

Netfriður ehf.

Last Updated: 4. desember 2025

1. Inngangur og öryggisskuldbinding okkar

Netfriður ehf. ("Netfriður," "við," "okkar") er mesti stuðningsaðili þinn fyrir stafræna vellíðan fjölskyldunnar. Við erum skuldbundin til að vernda friðhelgi þína með sömu öryggisreglum og við notum fyrir netöryggi heimilisins. Þetta þýðir:

Sannreyna sérstaklega

Við staðfestum hverja aðgangsbeiðni að gögnum og gerum aldrei ráð fyrir trausti.

Lágmarks aðgangur

Aðgangur að gögnum þínum er aðeins þegar nauðsynlegt er fyrir þjónustuafhendingu.

Fullt gagnsæi

Þú veist alltaf hvaða gögn við söfnum og hvers vegna.

Gera ráð fyrir brotum

Við dulkóðum og aðgreinum gögn eins og brot hafi átt sér stað.

Þessi persónuverndarstefna útskýrir hvernig við söfnum, notum, geymum og verndumupplýsingar þínar í samræmi við persónuverndarreglugerð ESB (GDPR), íslensk persónuverndarl og strangar öryggisreglur.

2. Data Controller Information

  • Company Name: Netfriður ehf.
  • Address: Reykjavík, Iceland
  • Email: privacy@kindra.is
  • Phone: +354 8571140
  • Data Protection Officer: Andri Pétur Hafþórsson

3. What Data We Collect

3.1 Customer Account Information

  • Full name, email address, phone number
  • Home address and installation location
  • Billing information and payment details
  • Service subscription details

3.2 Technical & Network Data

  • Device information (MAC addresses, device types, hostnames)
  • Network usage statistics and patterns
  • Internet connection metadata
  • IP addresses and DNS queries
  • Security threat logs and incident reports
  • System performance metrics

3.3 Parental Control Data

  • Children's device identifiers (non-personal)
  • Content filtering rules and configurations
  • Screen time settings and usage reports
  • Website categories accessed (aggregated)
  • Application usage patterns

3.4 Communication Data

  • Support tickets and correspondence
  • Installation appointment details
  • Customer feedback and survey responses

Important Note on Children's Data: We collect minimal data necessary for parental control functionality. We do NOT collect children's names, personal identifiers, or detailed browsing history. All monitoring data belongs to the parent/guardian account holder.

4. Legal Basis for Processing

We process your personal data under the following legal grounds:

  • Contract Performance (GDPR Art. 6(1)(b)): Processing necessary to deliver our managed network services
  • Legitimate Interests (GDPR Art. 6(1)(f)): Network security monitoring, fraud prevention, service improvement
  • Consent (GDPR Art. 6(1)(a)): Marketing communications, optional analytics
  • Legal Obligation (GDPR Art. 6(1)(c)): Accounting, tax compliance, law enforcement requests

For children's data processed through parental controls, we rely on parental consent as the legal basis (GDPR Art. 8).

5. How We Use Your Data

5.1 Service Delivery

  • Configure and manage your Firewalla and Unifi equipment
  • Monitor network security and block threats
  • Enforce parental control policies
  • Provide technical support and troubleshooting
  • Send service notifications and usage reports

5.2 Billing & Administration

  • Process payments and manage subscriptions
  • Send invoices and payment reminders
  • Maintain accurate accounting records

5.3 Communication

  • Respond to your inquiries
  • Send important service updates
  • Provide installation scheduling
  • Marketing communications (with consent only)

5.4 Service Improvement

  • Analyze aggregate usage patterns
  • Improve our products and services
  • Develop new features
  • Conduct customer satisfaction research

6. Data Sharing & Third Parties

We share your data only when necessary:

6.1 Service Providers

  • Payment Processors: [e.g., Valitor, Teya] for payment processing
  • Cloud Hosting: [e.g., AWS, Hetzner] for secure data storage
  • Equipment Manufacturers: Firewalla and Ubiquiti for warranty/support (minimal data)
  • IT Support: Trusted partners for installation and maintenance

6.2 Legal Requirements

We may disclose data when required by:

  • Court orders or legal processes
  • Law enforcement requests (with valid legal authority)
  • Protection of our legal rights
  • Emergency situations involving safety

We do NOT:

  • Sell your personal data to anyone
  • Share data with advertisers
  • Use your data for purposes unrelated to our services
  • Transfer data outside the EEA without appropriate safeguards

7. Data Retention

Data TypeRetention PeriodReason
Account InformationDuration of service + 5 yearsLegal/accounting requirements
Network Usage Logs90 daysSecurity monitoring
Security Incident Logs1 yearThreat analysis
Payment Records7 yearsTax law compliance
Support Communications3 yearsService quality
Marketing Consent RecordsUntil withdrawn + 1 yearCompliance documentation

After retention periods expire, data is securely deleted or anonymized.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access (Art. 15)

Request a copy of all personal data we hold about you.

8.2 Right to Rectification (Art. 16)

Correct inaccurate or incomplete data.

8.3 Right to Erasure (Art. 17)

Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.

8.4 Right to Restriction (Art. 18)

Limit how we process your data in certain circumstances.

8.5 Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

8.6 Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

8.7 Right to Withdraw Consent

Withdraw consent at any time for processing based on consent.

8.8 Right to Lodge a Complaint

File a complaint with the Icelandic Data Protection Authority (Persónuvernd):

  • Website: www.personuvernd.is
  • Email: postur@personuvernd.is
  • Phone: +354 510 9600

To exercise your rights, contact us at: privacy@homie.is

9. Data Security Measures

We implement industry-standard security practices:

Technical Measures

  • End-to-end encryption for data transmission (TLS 1.3)
  • Encrypted data storage at rest (AES-256)
  • Secure authentication and access controls
  • Regular security audits and penetration testing
  • Automated threat detection and monitoring

Organizational Measures

  • Staff training on data protection
  • Strict access controls (need-to-know basis)
  • Confidentiality agreements with all personnel
  • Incident response procedures
  • Regular GDPR compliance reviews

Physical Security

  • Equipment stored in secure facilities
  • Controlled access to customer premises during installation
  • Secure disposal of decommissioned hardware

10. Remote Access & Cloud Services

Our managed service requires remote access to your network equipment:

  • Access is encrypted and logged for security
  • Access is strictly limited to necessary maintenance and monitoring
  • You can revoke access at any time (affects service delivery)
  • Cloud dashboards use Firewalla and Ubiquiti's secure infrastructure
  • Data centers are located within the EEA or have appropriate safeguards

11. International Data Transfers

We primarily process data within Iceland and the EEA. If data is transferred outside the EEA (e.g., to equipment manufacturers in the USA), we ensure:

  • Standard Contractual Clauses (EU-approved)
  • Adequacy decisions where applicable
  • Additional safeguards as required by GDPR

12. Cookies & Website Tracking

Our website uses:

  • Essential cookies: Required for website functionality (no consent needed)
  • Analytics cookies: Google Analytics (anonymized IP) - consent required
  • Marketing cookies: Used only with your explicit consent

You can manage cookie preferences at any time through our cookie banner.

13. Children's Privacy

While our service involves monitoring children's internet usage:

  • Parental authority: Only parents/legal guardians can set up accounts
  • Minimal data: We collect only device identifiers, not personal information
  • No profiling: We do not create profiles of individual children
  • Education: We provide guidance on age-appropriate settings

Parents have full control and can request deletion of all monitoring data.

14. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our services
  • Legal or regulatory requirements
  • Industry best practices

Significant changes will be communicated via:

  • Email notification
  • Prominent website notice
  • In-app notification (if applicable)

Continued use of our services after changes indicates acceptance.

15. Contact Us

For privacy-related inquiries:

  • Email: privacy@homie.is
  • Phone: +354 8571140
  • Mail: Homie.is ehf. , Reykjavík, Iceland

For general support:

  • Email: support@homie.is
  • Phone: +354 8571140

Data Protection Authority:

  • Persónuvernd (Icelandic DPA)
  • Rauðarárstígur 10, 105 Reykjavík
  • postur@personuvernd.is | +354 510 9600

16. Consent for Marketing

☐ I consent to receive promotional emails about Homie.is services, tips, and special offers. I understand I can unsubscribe at any time.

☐ I consent to the use of analytics cookies to help improve website experience.

By using Homie.is services, you acknowledge that you have read and understood this Privacy Policy.