Privacy Policy

This Privacy Policy Overview provides information on how Treble Technologies handles the processing of personal data. It is based on the Data Processing Agreement made according to the Icelandic Data Protection Act and the EU General Data Protection Regulation (GDPR).

1. Purpose and Scope

This Privacy Policy governs the processing of personal data by Treble Technologies as a Data Processor (hereinafter "Treble") on behalf of its clients (hereinafter "Customers") under our Software as a Service (SaaS) Agreement. This policy applies alongside the SaaS Agreement, and in case of any conflict, this Privacy Policy will prevail.

2. Data Processing

Treble processes personal data on behalf of the Customer only to provide the services as described in the SaaS Agreement. The types of personal data and categories of data subjects depend on the data instructed by the Customer.

3. Customer Obligations

The Customer is responsible for fulfilling their obligations under the Data Protection Legislation and ensuring the legitimacy of data processing under this policy.

3. Treble Obligations

Treble will process personal data only as instructed by the Customer and will notify the Customer of any legal obligations that may require processing personal data differently. Treble will also assist the Customer in enforcing data protection laws and responding to data subjects' inquiries.

4. Data Subjects' Rights

The Customer is responsible for responding to data subjects' inquiries and informing them about their rights under the GDPR. Treble will assist the Customer in fulfilling these obligations when necessary.

5. Data Security

Treble will implement and maintain appropriate technical and organizational security measures to protect personal data from unauthorized access or processing. All employees of Treble are bound by a duty of confidentiality regarding the personal data they process.

6. Sub-Data Processors

Treble may engage sub-processors to perform certain tasks related to the services provided. The same obligations regarding data protection apply to sub-processors as to Treble.

7. Data Transfer to Third Countries or International Organizations

Treble may transfer personal data to third countries or international organizations, provided that appropriate safeguards are in place, and the transfer complies with the GDPR.

8. Accountability and Audits

Treble will provide the Customer with the necessary information to demonstrate compliance with data protection obligations upon request. The Customer or a third party on its behalf may conduct an audit of Treble's data processing activities.

9. Termination

This Privacy Policy will automatically come to an end upon the termination of the SaaS Agreement between Treble and the Customer.

10. Data Retention and Deletion

Upon termination of the services, Treble will delete or return all personal data processed on behalf of the Customer, unless legally required to preserve such data.

11. Governing Law and Disputes

This Privacy Policy is governed by Icelandic law, and any disputes arising from it will be referred to the District Court of Reykjavík.