Policies

Quality Policy

Scope

The Quality Policy covers all the operations of 1912 ehf. and its subsidiaries Nathan & Olsen hf. and Ekran ehf. All employees are responsible for occupational health and safety in their fields.

The Quality Policy ensures that the operation is in accord with the company’s values, other policies and goals.

Policy

1912 always endeavours to fulfil the laws and regulations applicable to the company’s operation.

1912 operates a quality system which is based on the ISO-9001:2015 standard and the HACCP quality system. Considerable importance is placed on continuous improvements.

1912 sets itself goals and standards to ensure that the quality of its products fulfils the most stringent requirements made each time and will respond speedily to any non-conformities.

1912 ensures that customer expectations as regards the services and products provided by the company are met and are of an added value to them.

1912 focuses on organised and disciplined working practices in the handling of products to ensure the best quality to customers.

Equal wage policy

Scope

The Equal Wage Policy applies to 1912 ehf. and its subsidiaries Nathan & Olsen hf. and Ekran ehf. The Equal Wage Policy is an integral part of the companies’ Wage Policy.

 

 

Policy

The company focuses on ensuring that its employs are satisfied and are performance-driven employees who have clear responsibilities and good professional knowledge. In light of this principal goal, the company’s policy is to ensure equality in all respects and to pay equal wages for equally valuable work irrespective of gender, race, age, ethnicity, religious beliefs or residency. Management does, however, have flexibility in rewarding employees according to their performance in accordance with the Equal Wage Policy of the company. In its efforts to fulfil legal requirements and other obligations undertaken by the company as regards equal wages for the same or equally valuable work, the company undertakes to:

Comply with the requirements of ÍST 85:2012 on equal wage management systems.

Ensure that the company’s equal wage policy is apparent and made known to all employees.

Seek to ensure that the gender ratio among management is the same as the gender ratio within the company.

Provide employees with the opportunity of continuous learning and training to improve themselves in their work.

Work on continuous improvements of the equal wage system with e.g. establishing measurable goals for improvements using annual wage analyses and reviews by the implementation team.

HR policy

Scope

The Human Resources Policy covers all the operations of 1912 ehf. and its subsidiaries Nathan & Olsen hf. and Ekran ehf.

The Group’s Human Resources Policy describes how the company views the development of human resources issues within the company. It has the purpose of defining our path so that the position of the company as regards important issues is clear cut. It sends a strong message to employees, managers, the Board and society.

 

 

Main focal points

  • Importance is placed on the varied composition of employees as regards gender, education, experience, age and length of service.
  • When recruiting, we select the most competent individuals for the position and are guided by our values: Initiative, Team Spirit, Reliability, Passion.
  • New recruits are welcomed and provided with the appropriate training.
  • Managers instruct employees as appropriate with regular feedback which is based on the goals and standard established each time.
  • Each and every employee, in consultation with an immediate superior, is responsible for his/her own career development and for seeking out the education and training necessary to properly undertake his/her work.
  • All employees comply with safety rules and notify any non-conformities that may pose a risk of accidents.
  • Any form of discrimination and harassment in the workplace, including bullying and sexual harassment, is taken very seriously at 1912, and the company closely examines all complaints of discrimination and harassment. Employees work together to eliminate any discrimination and/or harassment in the workplace.
  • Any form of mental or physical violence in the workplace is not tolerated by 1912. This applies to threats, terrorisation and physical violence.
  • Particular attention is paid to ensuring that the working environment supports the wellbeing of employees.
  • Employees work as a team to resolve matters in a positive manner.
  • The emphasis is on flexibility within the workplace wherever possible and encouraging a beneficial balance between work and private life.
  • Managers are to ensure good corporate governance and be role models in word and deed.
  • The focus is on ensuring the equality of employees and that the same wages are paid for the same responsibilities and competences without consideration to gender, race, age, nationality, religion or residency.
  • Emphasis is placed on employees taking a rest from work and using their accrued holiday time each year.
  • Employees have access to a range of benefits in the form of physical fitness centre access, discounts on the products of the company and access to healthy lunches at good prices.
  • End of employment is at age 67. However, in consultation with a superior and keeping the interests of the company in mind, end of employment can be flexible.

Privacy policy (customers)

Scope

1912 ehf. (“1912”) and its subsidiaries, Ekran ehf. (“Ekran”) and Nathan og Olsen hf. (“Nathan og Olsen”) (collectively referred to as “the companies”), are determined to ensure the reliability, confidentiality and security of personal information that the companies collect about you. This Data Protection Policy aims to inform you of what type of personal data is collected, how the companies use such data and who has access.

The Personal Privacy Policy covers personal information relating to the customers and suppliers of 1912, Ekran and Nathan og Olsen, as well as other parties with whom the companies interact. This personal privacy policy, moreover, refers to customers as “your” and the companies as “our”.

If you are in doubt as to how the personal privacy policy relates to you, please call the contact person referred to in Article 11 of the policy for further information.

  1. Purpose and legal obligation

The companies seek to fulfil privacy protection legislation in all respects. This personal privacy policy is based on Act No. 90/2018 on Data Protection and the Processing of Personal Data (“personal data legislation”).

  1. What is personal information?

Personal data under this policy means any personally identified or personally identifiable information, i.e. information that can be traced directly or indirectly back to a particular individual. Any data which is not personally identifiable or is anonymous is not deemed to be personal data.

  1. Personal information collected and processed by the companies

We may have to collect personal information about you in connection with our communications and, as appropriate, collaboration. Different personal information may be collected on different parties, and the collection and processing of personal information may be dependent on the nature of your relationship with us.

In most cases, our customers are legal entities, although there may also be private persons. When customers and suppliers are legal entities, they are represented by directors and employees whose personal information we may process. Such personal information first and foremost involves:

  • communications information such as name, e-mail address, telephone and
  • communications history.
  • If our customers are private persons, the following information will be processed:
  • communications information such as name, e-mail address, telephone and address;
  • ID No.;
  • communications history
  • transaction history.

In addition, Nathan og Olsen uses communications information of individuals who are not customers to send direct marketing by mail. The communications information is obtained from the telecommunications companies.

As well as the above, we may also collect and use other types of information provided by you, as well as information needed by the company for its operations.

As a rule, we collect the personal information directly from you. In cases where personal information is obtained from a third party, we will endeavour to inform you of such action, such as when contact person information of individuals is obtained from a target group list from the mail companies.

  1. Why do we collect and process personal information and on what basis?

The personal information about you that we process is first and foremost done on the basis of an agreement between the companies and you or the company for which you work. This applies e.g. to your communications information so that we can contact you and can forward invoices to the correct addresses. If you do not provide the necessary information, this can mean that we cannot enter into agreements with you or the legal entity that you represent for the services requested and/or that we will be unable to fulfil our duties as provided for in agreements.

In addition, your personal information is processed on the basis of our legitimate interests, from direct marketing, such as when your e-mail or address is used to send targeted mail. It should be noted that targeted mail lists obtained from post companies are compared with Registers Iceland’s registry of restrictions before any targeted mail is sent.

In addition, we base the processing of personal information given in suggestions sent to us on the legitimate interests of the companies to ensure quality and better services.

  1. Electronic surveillance in the premises of the companies

On the basis of our legitimate interests, we use electronic surveillance in our premises for the purpose of security and property protection. The appropriate signs have been installed to give notification of the use of security cameras.

Information collected through electronic surveillance is not kept for longer than 90 days.

  1. Disclosure to third parties

The companies may disclose your personal information to contractors, consultants and suppliers due to their work for the companies. Thus, your personal information may e.g. be disclosed to external parties who provide us with IT services.

The third parties that provide us with services according to the above may be located outside Iceland. If you e.g. contact Nathan og Olsen on Facebook, your personal information may be shared overseas. The companies will not, however, disclose personal data outside of the European Economic Area unless authorised to do so under the relevant data protection legislation.

Finally, your personal information may be provided to third parties to the extent permitted or required by applicable laws or regulations or to respond to legitimate actions such as searches of premises, summons or court rulings. Disclosure may also be necessary in emergencies or to ensure the safety of our employees or a third party.

  1. How is the security of personal information guaranteed?

The companies seek to take the appropriate technological and organisational measures to protect personal information, taking specific account of their nature. Examples of such security measures are access controls to systems where your information is stored. These measures are intended to protect personal data against unlawful destruction, against accidental loss or alteration and against unauthorised access, copying, use or disclosure.

  1. Preservation of personal information

The companies strive to store personal information only for as long as is necessary for the purpose of the processing, unless otherwise permitted or required by law.

Information about customers and suppliers and customer representatives/contacts is preserved for 4 years from the end of the transaction. In the case of information subject to accounting legislation, the information is kept for 7 years from the end of the relevant fiscal year. Information from customer suggestions may need to be kept longer, e.g. if the suggestion is in the form of a complaint that indicates the occurrence of loss of health.

Information from the target group list of Nathan og Olsen, moreover, is deleted once the target mail has been sent.

  1. Your rights regarding the personal information processed by the companies

You are entitled to have access to, and in certain cases obtain a copy of, your personal information processed by us as well as information on the processing methods used.

Under certain circumstances, you may also be authorised to request that your personal information be deleted or that its processing be limited. You are entitled to have your personal information corrected in the event that such information is wrong or unreliable. As a result, it is important that you notify us of any changes that may occur as regards the personal information that you have provided to us, at the appropriate time.

In addition, you may be entitled to a copy of the information you have provided to us in computer format or that we send such information directly to a third party.

When we process your personal information on the basis of our legitimate interest, you may object to such processing.

Your above rights, however, are not unequivocal. Thus, laws or regulations may authorise or obligate us to reject your request to exercises the said rights. Your right to object to the processing of your personal rights, however, is unequivocal.

  1. Enquiries and complaints to the Icelandic Data Protection Authority

If you wish to take advantage of the rights described in Article 9 in this Policy, or if you have any questions regarding this Data Protection Policy or the manner in which we process your personal information, please contact the Group’s Human Resources Manager, who will endeavour to respond to enquiries and provide you with guidance on your rights according to this Data Protection Policy.

If you are dissatisfied with the companies’ processing of your personal information, you can send a complaint to the Icelandic Data Protection Authority (personuvernd.is).

  1. Communications with the companies

At 1912, Nathan & Olsen and Ekran, the Group’s Human Resources Manager is responsible for the fulfilment of this Data Protection Policy. Below is the contact information for the Human Resources Manager and the companies:

Name: Hildur Erla Björgvinsdóttir, E-mail: hildur.bjorgvinsdottir@1912.is, Tel.: 530 8435

  1. Revision

The companies may, from time to time, amend this Data Protection Policy in line with changes to the relevant legislation and regulations or in light of changes to how the companies handle personal data. If content changes are made to this Data Protection Policy, you will be notified of the updated version in same manner as this Policy was presented.

All changes that may be made to the Policy shall enter into effect once the updated version has been issued to you.

This Data Protection Policy entered into effect on 21 May 2019.

Data Protection Policy (applicants)

Applicants:

1912 ehf. (“1912”) and its subsidiaries, Ekran ehf. (“Ekran”) and Nathan og Olsen hf. (“Nathan og Olsen) (collectively referred to as “the Group”), are determined to ensure the reliability, confidentiality and security of personal information collected about job applicants.

1912 manages the recruitment process of new employees from beginning to end, irrespective of which company within the Group the applicant is applying to. Applicants, however, are always recruited in consultation with the company in question. As a result, 1912 and the company in question present themselves as joint responsible parties as regards the processing of the personal information of the applicant, and this Data Protection Policy aims to inform you of what types of personal data is collected, how the companies use it and who has access.

This Data Protection Policy covers the personal information of anyone who applies for a position at Ekran, Nathan og Olsen and 1912. This Policy, moreover, refers to customers as “your” and the companies as “ours”.

  1. Purpose and legal obligation

The Group seeks to fulfil privacy protection legislation in all respects. This Data Protection Policy is based on Act No. 90/2018 on Data Protection and the Processing of Personal Data (“personal data legislation”).

  1. What is personal information?

Personal data under this Policy means any personally identified or personally identifiable information, i.e. information that can be traced directly or indirectly back to a particular individual. Data that is not personally identifiable is not deemed to be personal data.

  1. What personal information on applicants do we process?

We collect and preserve a range of information on applicants, and their processing and collection depends to some extent on the nature of the position applied for.

The following are examples of applicant information that the Group collects:

  • communications information, i.e. name, ID No., address, telephone number and e-mail address;
  • job applications;
  • CV and information on education, training, competency and experience;
  • references; and
  • information from employment interviews.

As well as the above, we may also collect and use other types of information provided by you during the application process, such as health information.

As a rule, we collect the personal information directly from you, although we may seek information from parties providing you with references.

  1. Why do we collect personal information and on what basis?

We collect personal information on applicants for the sole purpose of evaluating the competency of the applicant to undertake the position in question.

The personal information about you that we process is processed in connection with your application for employment with us, i.e. on the basis of your request to enter into a contract with one of the companies of the Group.

In certain cases, we may request your permission to preserve your application for longer than 6 months after the expiry of the application deadline. In such cases, you are always entitled to withdraw your acceptance.

It should be noted that if you do not provide us with the requested information during the recruitment process, this may mean that we cannot employ you.

  1. Access to personal information and disclosure to third parties

Access to information on applicants is limited to the Group’s Human Resources Manager, an employee of 1912, as well as the managers and overseers of the position applied for in the company in question.

We may disclose your personal information to persons providing references in connection with the recruitment process. It should be noted that we take advantage of the assistance of processors in connection with IT services where your personal information may be preserved or made accessible due to such services.

We will not, however, disclose personal data outside of the European Economic Area unless authorised to do so under the relevant data protection legislation.

  1. How is the security of personal information guaranteed?

The Group seeks to take the appropriate technological and organisational measures to protect your personal information. These measures are intended to protect personal data against unlawful destruction, against accidental loss or alteration and against unauthorised access, copying, use or disclosure.

Applications and other data relating to the application process that are preserved in electronic format are stored in the Group’s recruitment system, which is access controlled, and hard-copy (paper) data is stored in locked storage.

  1. Preservation of personal information

Six months after the application deadline of for the position applied for has expired, or from the time that you sent in a general application, the Group will delete your personal information if you have not been hired. We may, however, request your approval to keep your information for longer.

In the event you are employed, 1912 will transfer your personal information into the electronic employee file in the human resources system of the Group company that you applied to. Such processing is discussed in a separate policy paper issued by the Group.

  1. Amending and correcting personal data

It is important that the personal data that we process is both correct and appropriate. During the application, it is important that you notify us of any changes that may occur as regards the personal information that you have provided to us.

You can update your personal data on “Mínar síður” (My pages) on the company’s application site during the application process.

  1. Your rights regarding the personal information processed by the Group

You are entitled to have access to, and in certain cases obtain a copy of, your personal information processed by the Group as well as information on the processing methods used.

Under certain circumstances, you may also be authorised to request that your personal information be deleted or that its processing be limited. You are entitled to have your personal information corrected in the event that such information is incorrect.

In addition, you may be entitled to a copy of the information you have provided to us in computer format or that we send such information directly to a third party.

Your above rights, however, are not unequivocal. Thus, laws or regulations may authorise or obligate the Group to reject your request to exercises the said rights.

  1. Enquiries from applicants and complaints to the Icelandic Data Protection Authority

If you wish to take advantage of the rights described in Article 9 in this Policy, or if you have any questions regarding this Data Protection Policy or the manner in which the Group processes your personal information, please contact the Group’s Human Resources Manager.

If you are dissatisfied with the Group’s processing of your personal information, you can send a complaint to the Icelandic Data Protection Authority (personuvernd.is).

  1. Contact information

At 1912, Nathan & Olsen and Ekran, the Group’s Human Resources Manager is responsible for the fulfilment of this Data Protection Policy. Below is the contact information for the Human Resources Manager and the companies:

Name: Hildur Erla Björgvinsdóttir, E-mail: hildur.bjorgvinsdottir@1912.is, Tel.: 530 8435

  1. Revision

We may, from time to time, amend this Data Protection Policy in line with changes to the relevant legislation and regulations or in light of changes to how we handle personal data. An updated version of the Policy will be published on the website of the companies or presented in another verifiable manner.

All changes that may be made to the Policy shall enter into effect once the updated version has been posted on the website of the companies of the Group.

This Data Protection Policy entered into effect on 21 May 2019.

Information security policy

Object and scope

The object of the Information Security Policy of 1912 and its subsidiaries is to ensure honest working practices, work in accordance with the company’s Data Protection Policy and the Data Protection Regulation together with ensuring security in the treatment and storage of information, while at the same time ensuring the continuous operation and services of the company.

Scope

The Information Security Policy applies to 1912 ehf. and its subsidiaries (Nathan & Olsen hf. and Ekran ehf.) (hereinafter referred to as 1912). The Policy applies to the operating centres of these companies and to all the employees working therein, as well as IT equipment and data owned by the company. In addition, the Policy applies to data owned by the company and which is handled by service entities.

Responsibility

The development, execution and maintenance of the Policy is in the hands of the following parties:

  • The Financial Manager and IT Manager of 1912 ehf. are responsible for ensuring that this Policy is complied with.
  • The executive management of the company confirms the Policy every three years at least.
  • Managers are responsible for informing employees about the rules that apply to information security. Managers are also responsible for maintaining security awareness among employees.
  • All employees are to follow the Policy and issued rules of procedure and instructions that ensure the execution of the Policy. This means, i.a. that they are under obligation to notify all deviations from the Policy to their immediate superior, the Quality Manager or the IT Manager.

Policy

The development, execution and maintenance of the Policy is the responsibility of the following parties:

  1. 1912 takes care to ensure, as best it can, information security within the Group at all times.
  2. 1912 always complies with the laws and regulation in effect each time as regards the management of information security and the treatment of personal information.
  3. This Policy is binding for all employees, as well as the parties and their employees that provide 1912 with services or monitor the operation. All these parties are under obligation to protect the information and information systems of 1912 in accordance with the rules that 1912 sets itself.
  4. 1912 strives to promote safety awareness among its employees, service providers, customers and guests through education and guidance.
  5. 1912 performs, on an annual basis, a risk assessment that covers this Policy and follows up on deviations from it.
  6. Past and present employees and service providers may not disclose information on the internal affairs of 1912 of which they may become aware in their work for the Group.
  7. 1912 endeavours in all respects to ensure to the extent possible the secrecy, correctness and accessibility of the data and information systems of 1912.
  8. 1912 will review this Policy as often as considered necessary and never more seldom than every second year.

Means

  1. 1912 ensures that its employees receive the requisite training and education as regards information security in such a manner that everyone is aware of their responsibilities. See the rules on 1912 Access Controls and provisions No. 9 on the monitoring, Internet use and e-mails contained in the employment contract of employees.
  2. 1912 ensures that agents, contractors and service partners are informed about the rules on the access rules of 1912 and that a service agreement and processing agreement, where appropriate, is reached with such parties.
  3. 1912 assesses information security by means of an annual assessment and ensures the responsible parties will work on resolving non-conformities.
  4. 1912 operates efficient access security systems to the company’s premises and information systems with the goal of protecting data and equipment from operational disruptions, abuse, theft and vandalism. For further information, see the rules on 1912 Access Controls.
  5. 1912 prepares plans for continuous operation, maintains them and tests them according to plans.
  6. 1912 notifies of deviations from the Policy on Information Security, investigates such deviations and follows up on them.
  7. 1912 appoints a responsible party to all information systems to ensure the accuracy of all data and processes, see document on system monitors.
  8. 1912 makes copies of defined data according to pre-determined processes, see Computer Issues – Data Back-up, LS-0008 (Tölvumál afritun gagna, LS-0008).
  9. 1912 seeks to use encryption where appropriate.
  10. 1912 complies with laws, regulations and agreements to which the company is party and which relate to information security and the Data Protection Regulation.