Privacy Policy

General

Advise implements appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure.
 These include encryption, access control, data minimization, and regular security reviews.

Advise is committed to protecting privacy, ensuring data protection, and maintaining the security of personal data. This Privacy Policy explains how we collect, use, and protect personal data, and describes the rights of employees, customers, contractors, and other individuals whose data we process.

This policy applies to all processing of personal data by Advise ehf., including through our websites, products, and related services. It is designed in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Icelandic Data Protection Act.

If a personal data breach occurs that may affect your rights or freedoms, Advise will notify the Icelandic Data Protection Authority (Persónuvernd) and affected individuals as required by law.

Data Controller

Advise ehf.
 Reg. no. 590320-1370
 Hlíðarsmári 6, 201 Kópavogur, Iceland
 Contact: advise@advise.is

For certain services, Advise may act as a data processor on behalf of its clients. In such cases, the client remains the data controller and is responsible for ensuring that personal data is processed lawfully.

Personal Data Processed by Advise

Advise processes personal data in accordance with applicable laws and principles of necessity and proportionality.
 We collect and process personal data for the following purposes:

  1. Service delivery: to provide access to and operate our services, in accordance with our general terms or customer agreements.
  2. Service personalization: to ensure our services are tailored to user needs and preferences.
  3. Communication: to contact customers and prospects for legitimate business or marketing purposes.

We may also process personal data as required by law or to fulfill our contractual or legitimate business obligations.

Lawful Basis for Processing

Processing is carried out under one or more of the following legal bases (Article 6 GDPR):

  • Performance of a contract with the data subject (Article 6(1)(b));
  • Compliance with a legal obligation (Article 6(1)(c));
  • Legitimate interests pursued by Advise (Article 6(1)(f));
  • Consent of the data subject where required (Article 6(1)(a)).

Cookies and Analytics

Our website, advise.is, uses cookies and similar technologies to analyze traffic, improve performance, and personalize content.
 Details about how we use cookies can be found in our Cookie Policy.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws, contractual obligations, or legitimate interests. Once data is no longer needed, it is securely deleted or anonymized.

Disclosure to Third Parties

Advise does not sell or rent personal data. We only share personal data with third parties when:

  • It is necessary to fulfill our contractual obligations;
  • We have obtained consent from the data subject;
  • It is required by law or a court order.

Where personal data is shared with external service providers, they act as data processors under written Data Processing Agreements (DPAs) that require them to process data only on our instructions, maintain confidentiality, and implement appropriate security measures.

All third-party data processing is performed in accordance with the General Data Protection Regulation (GDPR) and, where applicable, is subject to Standard Contractual Clauses (SCCs) or equivalent safeguards for international transfers.

Categories of Third Party Processors

To operate, secure, and improve our services, Advise engages a limited number of trusted third-party providers.


 These processors may include, but are not limited to, the following categories:

  • Cloud hosting and infrastructure providers – for application hosting, data storage, and system operation.
  • Authentication and identity providers – for secure user login and access management.
  • Customer relationship management (CRM) and marketing providers – for managing communications, customer engagement, and marketing automation.
  • Analytics and performance monitoring providers – for measuring and improving service performance.
  • Artificial intelligence (AI) service providers – for enabling automated features such as content generation, summarization, or responses within our products.
  • Communication and support providers – for customer service and internal communications.

All such providers process data solely on Advise’s behalf and in accordance with contractual and legal requirements.

International Data Transfers:
Some of these providers may process data in countries outside the European Economic Area (EEA), including the United States.
When such transfers occur, Advise ensures that appropriate safeguards are in place, including the European Commission’s Standard Contractual Clauses (SCCs) or other recognized transfer mechanisms that ensure an adequate level of protection.

Security of Personal Data

Advise implements appropriate security measures to prevent personal data from being lost, altered, disclosed, or accessed without authorization. Access to the data is also restricted to individuals who require it and are bound by confidentiality obligations.

If a security breach occurs that affects personal data, we will report it to the Icelandic Data Protection Authority (Persónuvernd) and, where applicable, notify other relevant parties as required by law.

Your rights

You have the following rights under the GDPR:

  • Right of access – to obtain confirmation and a copy of your personal data.
  • Right to rectification – to correct inaccurate or incomplete information.
  • Right to erasure – to request deletion of your personal data where applicable.
  • Right to restriction of processing – to limit how your data is used.
  • Right to data portability – to receive your data in a structured, machine-readable format.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on your consent.

To exercise these rights, please contact us at advise@advise.is.
If you are unsatisfied with our response, you may file a complaint with the Icelandic Data Protection Authority (Persónuvernd) at www.personuvernd.is.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any material changes will be announced on our website or, where appropriate, notified directly before taking effect. The most current version will always be available at advise.is/privacy.

Other

If you have any inquiries or concerns regarding the processing of personal data, you may contact us in writing at advise@advise.is. If you feel that Advise has not adequately addressed your concerns, you may file a complaint with the Icelandic Data Protection Authority (www.personuvernd.is).

This Privacy Policy was approved on Novermber 7th 2025.

Our privacy policy is subject to continuous review, and changes may be made. Any such updates will be published on our website.