Personal Data Protection Regulations


Norðurál (also referred to as “the company” and “we”) is determined to ensure the reliability, confidentiality and security of the personal data of applicants to jobs at the company. The following personal data regulations are intended to inform applicants about what personal data the company collects, in what way Norðurál uses these personal data and who is granted access to the data.

These personal data protection regulations apply to all those who apply for a job at Norðurál (hereafter collectively reffered to as “applicants” or “you”).

If you are in doubt regarding how these personal data protection regulations apply to you, please contact the company’s personnel manager for further information. The personnel manager’s contact information is found at the end of this document.

1. Purpose and legal obligation

Norðurál endeavors to adhere to the personal data protection regulations in every way. These regulations are based on Act no. 90/2018 on personal data protection and the handling of personal data (“The Personal Data Protection Regulations”).

2. What are personal data?

These regulations define personal data as any information regarding a personally identified or personally identifiable individual, i.e. information directly or indirectly traceable to a specific individual. Data that are not personally identifiable are not considered personal data.

3. Personal data collected and processed by Norðurál

We collect and store various personal data about our applicants. Different personal data may be collected on various applicants with the processing and collecting of personal data depending on the nature of the job applied for.
The following are examples of data collected by Norðurál on its applicants:

  • contact information such as name, ID number, phone number and email address;
  • job applications, references and information from job interviews;
  • information on education, training and work experience;
  • information on criminal record contents;

In addition to the above data, Norðurál may also collect and process other data supplied by the applicants themselves (e.g. on marital status).
In general Norðurál obtains personal data directly from the applicants. In case personal data are obtained from third parties the company will endeavor to inform the applicants thereof.

4. Why do we collect personal data and on what basis?

We collect personal data on applicants primarily for the purpose of assessing the applicant’s aptitude for a particular job and to estimate whether to hire that individual. Thus processing is done on the basis of the applicant’s request to be hired by Norðurál. As for processing criminal record data, it is done to protect Norðurál’s legitimate interests.

Í þeim tilvikum þar sem að söfnun og vinnsla persónuupplýsinga krefst samþykkis umsækjanda, er viðkomandi ávallt heimilt að afturkalla slíkt samþykki sitt. Öll samskipti í tengslum við slíka afturköllun eða breytingu á innihaldi samþykkis skal beina til deildarstjóra starfsmannaþjónustu.

All of Norðurál’s processing of personal data shall be in accordance with the personal data protection regulations, indcluding paragraphs 8-11 of the Personal Data Protection Act.
Norðurál is obliged to ensure that all processing of its applicants’ personal data is lawful, fair and transparent. Data will only be collected for specific, special and legitimate purposes and the collecting and data processing should not extend beyond what the processing purposes require. In all instances the processing of data must be sufficient, appropriate and limited to what is required for the data processing purposes.

5. Third-party sharing

Norðurál may share personal data of applicants with consultants in connection with their hiring-related work for the company. Personal data may also be shared with third parties that provide us with IT services and other processing services pertaining to the company’s operation.

6. How is personal data security ensured?

Norðurál endeavors to apply the appropriate technical and strategic measures to protect personal data, with a special regard to their nature. These measures are aimed at protecting personal data from being lost or accidentally altered as well as against illegal access, copying or sharing.

7. Storing of personal data

Norðurál will endeavor to only store personal data as long as the purpose of the processing requires, unless otherwise permitted or required law. Specific job applications are stored for 6 months from the end of the hiring process. General job applications are stored for 6 months since the last update of the application. If the applicant is hired the data will be stored in accordance with Norðurál’s data protection policy for its employees.

8. Personal data changes and corrections

It is importance that the personal data Norðurál processes are correct and relevant. It is therefore important that you notify Norðurál of all changes to the personal data you have provided us with that may occur during the hiring process.

Please forward all updates to Norðurál’s personnel manager.

9. Your rights regarding personal data processed by Norðurál

You have a right to access and in certain cases get a copy of your personal data being processed by Norðurál as well as to get information about the processing work.

Under certain conditions you may also be authorized to request the eradication of your personal data or to limit the processing thereof. You also have the right to have your personal data corrected in case these are incorrect or unreliable.

Additionally, you may have the right to a copy of the data you have digitally submitted to Norðurál or what we forward these data directly to a third party.

However, there is a limit to your above rights. Thus the law or regulations may authorize or require Norðurál to reject your request to take

10. Inquiries by applicants and filing a complaint to the Data Protection Authority

If the applicants have any questions regarding these data protection regulations or have concerns about the storing of their personal data they should contact the personnel manager who will endeavor to reply to inquiries and inform the applicants of their rights according to these personal data protection regulations.

If applicants are dissatisfied with the company’s processing of their personal data they can submit a request to The Data Protection Authority (

11. Contact information

We have appointed the personnel manager to oversee the implementation of these personal data protection regulations. Below is the contact information:

Email address:

The company’s contact information:
Norðurál ehf
Skógarhlíð 12
105 Reykjavík

Norðurál Grundartangi ehf
301 Akranes

12. Revision

Norðurál can at any time change these data protection regulations in accordance with amendments to the appropriate law or regulations or due to changes to the company’s personal data processing procedures. Should changes be made to these personal data protection regulations an updated version of the regulations or such will be issued on the company’s website.

All eventual changes to these regulations will take effect after the issuance of the updated version on Norðurál’s website.

These personal data protection regulations were installed on 4 July 2018.