Let's rethink insurance

Endurgjald ehf. is the owner of Viss equipment insurance. Invoices and claims for equipment insurance are therefore in the name of Endurgjald ehf.   

Menu

Privacy Policy

Privacy Policy

In general

Endurgjald ehf (Viss), ID number 640725-0950, Síðumúli 17, 108 Reykjavík, cares about the privacy of individuals and takes privacy very seriously. Viss places great emphasis on ensuring that the processing of personal data is always in accordance with applicable privacy legislation. This notice explains what personal data the company collects about individuals for the purpose of its operations and for what purpose. Here you can also find information about other recipients of the information and how long the company stores it. In addition, here you can find information on the basis on which Viss collects personal data, what rights individuals enjoy and other important information related to the Act on the Protection of Personal Data and the Processing of Personal Data No. 90/2018 (hereinafter the Privacy Act).

Viss is an agent of the insurance company SJÓVÁ tryggingar hf. (hereinafter "SJÓVÁ"). SJÓVÁ is operated on the basis of an operating license from the Financial Supervisory Authority. The purpose of SJÓVÁ is to carry out all types of insurance and ancillary activities permitted by law. SJÓVÁ is responsible for the processing and handling of personal data processed in its operations. In connection with the implementation of an insurance contract, Viss, as an agent of SJÓVÁ, may process personal data, where SJÓVÁ is the controller of the processing and Viss is the processor. When processing personal data for Viss services that are not related to the implementation of the insurance contract, Viss is considered the controller.

What is personal data and the processing of personal data?

Personal information refers to all information that can be traced back to a specific individual, such as information about name, ID number, address, email address, telephone number, IP address and more. A more detailed definition of personal information can be found in Sections 2 and 3 of the 1st paragraph of Article 3 of the Personal Data Protection Act.

Sensitive personal information refers to personal information that enjoys special protection under data protection laws, such as information about ethnic origin or race, political and religious opinions, trade union membership, genetic data, health, sex or sexual orientation.

Processing of personal data refers to all handling and use of personal data, such as collection, registration, storage, modification or deletion. A more detailed definition of the processing of personal data can be found in Section 4, Paragraph 1, Article 3 of the Personal Data Protection Act.

Purpose of collecting personal information

The purpose of collecting the information is to:

  • Be able to fulfill contractual obligations, for example with employees and counterparties.
  • Be able to provide customers with requested services.
  • Protect the legitimate interests of the company.
  • Fulfill a legal obligation.

Legal basis for processing personal data

Viss collects and processes personal data on the following legal basis:

  • Based on the consent of individuals.
  • To fulfill a contractual obligation.
  • To fulfill a legal obligation.
  • To safeguard the legitimate interests of the company.
  • To be able to establish, exercise or defend a legal claim.

How does Vis process personal information?

At Viss, the processing of personal data is carried out on a lawful basis and in accordance with the Act on the Protection of Personal Data and the Processing of Personal Data No. 90/2018. The company also ensures that personal data is not further processed in a way that is incompatible with the original purpose of the processing.

The company ensures compliance with the following principles:

  1. That personal data is processed fairly.
  2. That personal information is only collected for clear purposes.
  3. That no more personal information is collected than is necessary.
  4. That personal information is accurate and updated when necessary.
  5. That personal information is not stored longer than necessary.
  6. That the security of personal information is ensured with appropriate precautions.

When designing the company's solutions, Viss has, among other things, strived to follow the design criteria of "the Good Data Institute".[2]  which aim, for example, to ensure that collection and processing is carried out only on the basis of informed customer consent; that it improves individuals' ability to make decisions; and, if possible, that the whole benefits from open access to useful non-personally identifiable information. 

More specifically, the company collects and processes personally identifiable data to:

    • Reduce customer risk 
    • Reduce potential losses that customers may suffer
    • Assess and price risk in a new and fairer way 
    • Automate and improve services
    • Ensure fair and faster payment of benefits
    • Improve customer relationships
    • Design new insurance and services that meet the ever-changing needs of customers

    Viss will also examine with its partners whether it is possible to open up access to non-personally identifiable traffic data, which could, for example, be used to analyze traffic nodes and the risk of accidents on specific road sections, which over time could lead to improved and safer road networks.    

    Viss will never sell customer data to third parties. Viss will also never use driving data collected by the company's app to generate driving scores for criminal assessments when customers have accidents.

Who does Viss collect personal information about?

In the company's operations, it is necessary to collect and process personal information about different groups of individuals. 

The personal information held by the company may include information about its employees, job applicants, business partners, prospective policyholders, i.e. individuals who request an insurance quote or if the company requests to provide them with an insurance quote. Customers such as the policyholder, the spouse and children of the policyholder or prospective policyholder and other third parties with whom it is necessary to communicate. These may include individuals who have suffered damage and are making a claim under the insured's liability insurance, drivers who are at the wheel of a motor vehicle subject to registration in a collision or other traffic accident, witnesses who provide information about an incident in a claim case or payers of insurance premiums. 

An individual may, if they so choose, grant another party a power of attorney or other lawful authority to act as an intermediary in communications with Viss, and identification and contact information about that individual may be recorded.

How long does Viss store personal information?

Viss retains data and information as required by law or for as long as there is a legitimate reason for retaining it. When there are no longer any legitimate reasons for retaining information, it is deleted or, as the case may be, made non-personally identifiable/encrypted.

Examples of retention periods for personal information are as follows:

  • Insurance applications, contract documents and claims data of individuals are preserved for the duration of the business relationship, provided that statutory statutes of limitations do not provide otherwise.
  • As an agent of SJÓVÁ, trade orders are stored at Viss for at least 5 years in accordance with the Central Bank of Iceland's guideline recommendation No. 1/2019 regarding risks in the operation of information systems of regulated entities.
  • Accounting data is retained by Viss for at least 7 years from the close of the financial year in accordance with the Accounting Act No. 145/1994.
  • Viss retains certain data about individuals indefinitely, for example information about what insurance coverage the individual has purchased, certain claims information, etc.
  • Marketing referral data, for example when you invite friends or family to do business with Viss, is stored for a maximum of 6 months if the person does not choose to purchase services from Viss within that time. 

Automated decision-making

Automated decision-making is the process of making decisions automatically without any human intervention. Such decisions can be based on personal profiles, i.e. when personal information is used to assess certain aspects of an individual’s situation, in particular to analyze or predict aspects of their job performance, financial situation, health, etc. Viss performs a risk assessment on each applicant and customer, which forms the basis for pricing insurance. The risk assessment is automatically based on factors such as age, engine size and power source of the vehicle, family circumstances, previous claims history, etc. Viss also uses the company’s app to assess the risks that customers take when driving to calculate a monthly driving score, which in turn can lead to a decrease or increase in the next month’s insurance premiums.

What personal information does Viss collect?

Viss collects different personal information about different groups of individuals depending on the company's activities. Under all circumstances, the company strives to collect only the personal information that is necessary for the purpose of the processing. 

In certain cases, the company needs to collect sensitive personal information, such as information about employees' health and union membership. Special care is taken when handling such information. 

Viss collects and processes the following categories of personal data:

Application process

Viss enables customers to purchase insurance through the company's mobile app. During the application process, Viss requests personally identifiable information including, but not limited to, ID number, name, address, email, telephone number, vehicle registration number, and payment card and bank details. This information is then used, with the customer's consent, to obtain further data from third parties (see the section below "Information Processing and Third Parties"). This information processing is necessary to enable Viss to assess and price the risk of insuring customers' vehicles, to assess customers' insurance needs, to send quotes to customers, to send terms and conditions, to sign an insurance contract with customers, to send insurance certificates to customers, and to prevent fraud.  

Viss is the processing agent of SJÓVÁ in connection with the above processing.   

Insurance administration and service

Viss collects various personally identifiable and non-personally identifiable data about customers when providing services to them. Depending on which services customers request or use from Viss, what data is stored in Viss' systems, how long it is stored, and how quickly the data can be deleted at the customer's request. The following data is stored in Viss' systems, among others:

  • Name, ID number, address, telephone number and email address.
  • Banking information, such as payment card information.
  • Information regarding a customer's demonstrated interest in a service or information about interests if the customer has disclosed such information or when Viss assesses it based on the customer's usage.
  • Customer communications with Viss, such as phone calls/emails/online communications to Viss representatives or other communications with the company or related parties. Calls made by Viss employees who are in direct contact with customers are recorded for the purpose of verifying verbal communications over the phone (such as business instructions). Viss records phone numbers and contact information such as email addresses along with the communications themselves. 
  • Information about a customer's transactions with Viss, such as type of service, product purchases, billing history, invoice amounts, debt status and other matters related to the customer's account.
  • Phone numbers and emails of those whom a customer invites to do business with Viss.
  • Customer usage of the website Certain, for example which pages the customer uses.
  • Damage data, including type of damage, date of damage, location of damage, damage cost.
  • Customer-related system information, such as technical signaling, failures/system incidents and their timing.

Viss is the processing agent of SJÓVÁ in connection with the above processing.

Damage information

The nature of Viss' service means that the company receives claims reports and claims data from customers and the police.

Customers can report a claim through the Viss website. In the claim reporting process, customers are asked for the following information, among other things:

  • Which device was damaged?
  • Name and ID number of the device owner,
  • Owner's phone number and email address.
  • What day did the damage occur?
  • Where the damage occurred.
  • A description of what happened.

Viss is the processing agent of SJÓVÁ in connection with the above processing.

Email communication and online chat

We use email to communicate with customers and other contacts, and for that purpose we collect contact information along with the communications themselves. Viss also offers online chat with customers on the company's website, and Viss collects contact information and the communications themselves. 

Certain may be either a processor of SJÓVÁ or a controller in connection with the aforementioned processing, depending on whether the communication relates to the execution of an insurance contract or not.

Contracts 

For the purpose of entering into agreements with counterparties, we collect basic information about them. 

Certain may be either a processor of SJÓVÁ or a controller in connection with the aforementioned processing, depending on whether it is an insurance contract or not.

Invoicing

For the purpose of sending out invoices and collecting payments, we collect basic customer information along with the invoice amount. 

SJÓVÁ may be either a processor or a controller in connection with the aforementioned processing, depending on whether it relates to the performance of an insurance contract or not.

Customer register

For the purpose of maintaining a record of our current and former customers, along with their transaction history, we collect basic information about them.

SJÓVÁ may be either a processor or a controller in connection with the aforementioned processing, depending on whether it relates to the performance of an insurance contract or not.

From whom does Viss collect information about you?

Viss primarily collects personal information directly from the individuals concerned, such as when taking out insurance and reporting a claim. Viss uses the following data services:

National Registry

When making an offer, Viss obtains information from the national registry to verify the name and ID number of the customer in question. 

Confidentiality and protection of information

Viss strives to maintain the utmost security in the handling of personal information. Viss employees sign a confidentiality statement due to their work at the company and are bound by confidentiality regarding their knowledge and work at Viss. The obligation of confidentiality rests on employees even if they leave Viss. Violations of confidentiality are subject to dismissal and such cases may be referred to the police. Viss is responsible for the handling of your personal information and is committed to enforcing rules on the protection and security of information. Viss experts monitor that Viss customers' data is securely protected and does not fall into the hands of others than those who need to work with it. Access to data is specifically controlled so that employees only have access to the data that is necessary for them to perform their jobs at Viss.

When does Viss share your personal information with third parties and why?

Viss shares personal information with third parties hired by the company to perform specific work, such as service providers, agents or contractors. In such cases, Viss enters into a processing agreement with the party in question. Such an agreement stipulates, among other things, that Viss is obliged to follow the company's instructions regarding the processing of personal information and that Viss is not permitted to use it for any other purpose. Viss is also obliged to ensure the security of the information in an appropriate manner.

In other cases, it may also be necessary for the company to share personal information with third parties, for example when required to do so by law.

Transfer of personal data outside the European Economic Area

Viss is aware that strict conditions apply to the transfer of personal data to countries located outside the European Economic Area. Viss will not do so under any circumstances unless there is sufficient authorization to do so under the Act on the Protection of Personal Data and the Processing of Personal Data No. 90/2018.

Rights of individuals

If individuals have given consent to the processing of certain personal data, they have the right, under the Act on the Protection of Personal Data and the Processing of Personal Data No. 90/2018, to withdraw their consent at any time. However, this right does not affect the lawfulness of the processing that took place before the consent was withdrawn. They also have other rights, such as the right to be informed about the processing, the right to access data, the right to have incorrect or misleading information corrected, the right to have personal data erased, the right to prevent personal data about them from being processed, and the right to transfer their own information. It should be borne in mind that the rights of individuals are not always absolute and may be subject to various conditions.

Contact information Verna 

Name: Endurgjald ehf.

Address: Síðumúli 17, 108 Reykjavík.

Email: [email protected] 

Phone: 420 4020 

Right to file a complaint with the Data Protection Authority

If you doubt that Viss processes your personal data in accordance with the Act on the Protection of Personal Data and the Processing of Personal Data No. 90/2018, you have the right to file a complaint with Privacy Policy

Review of this Privacy Statement

This Privacy Policy may change from time to time in accordance with changes in applicable laws and regulations or if changes are made to how Viss processes personal information. If changes are made to this Privacy Policy, notice will be posted on the company's website www.Viss.is

After changes have been made to the Privacy Statement, they will become effective when an updated version has been published.

Last updated in November 2025

Scroll to Top