Harpa receives a large number of guests every year. The company handles the personal data of its guests and has established the following personal data protection policy.
Harpa’s function is to provide a venue for musical and cultural activities, as well as conferences, meetings and gatherings, both at domestic and international level.
The house's function is also to act as a social centre for all Icelanders in the centre of Reykjavík and a destination for both domestic and foreign tourists who want to explore the building, its services, architecture, and the art it hosts.
Harpa primarily fulfils this function by renting out halls and spaces for musical events, conferences, meetings, and related activities at competitive prices and by organising collaborative projects and initiatives of its own, as the company's operations allow.
Harpa is owned by the State (54%) and the City of Reykjavík (46%) and is a public limited company.
This policy applies to all personal data Harpa collects, whether gathered and stored electronically or on paper.
The policy is always accessible on Harpa’s website, www.harpa.is, and can also be viewed when buying a ticket. Every effort has been made to explain the processing of personal data in a simple and concise manner.
This policy is based on Act no. 90/2018 on Data Protection and the Handling of Personal Information.
Liability
Harpa bears responsibility for handling all personal data, which individuals supply to Harpa and undertakes to ensure that the handling of this data complies with the laws in force at any given time.
Collection and handling of personal data
Harpa collects the following personal information about individuals when they buy tickets to Harpa events:
Full name, address, national ID number, email address and telephone number.
Harpa uses this information to:
Individuals can also register for Harpa’s mailing list and obtain information on various events hosted in Harpa. Customers can request to be removed from these mailing lists at any time.
Harpa uses cookies to determine which events and news may be of interest to individuals who use the www.harpa.is website. Cookies are small packets of data and text filesthat are stored in a person's browser or device when browsing web pages. Cookies do not store personal data such as names, email addresses, phone numbers, and national ID numbers.
Individuals can delete cookies that are saved on their devices.
Google Analytics and Facebook pixel cookies are used to share data with partners, who may use them to advertise events and gather information on where the individual accessed the website from. This information can be used to display information to individualsthat Harpa considers might be of interest to them and to tailor the messages that Harpa displays to individuals. Harpa does not share any personal data with these entities or third-party websites that post information on Harpa’s behalf.
Dissemination
Harpa emphasises ensuring that personal information is always handled in accordance with the Data Protection Act and that its security is guaranteed appropriately. None of the information individuals provide to Harpa is disseminated to anyone but the employees who need to process this data as part of their work. Harpa’s staff undertake to maintain full confidentiality regarding any information they handle about individuals and guests at Harpa.
Harpa undertakes not to sell, rent, or share individuals' personal data. However, Harpa reserves the right to pass on the personal data of individuals required by service providers or contractors working on Harpa’s behalf for the sole purpose of providing the service Harpa has undertaken to supply or for statutory tasks. In disseminating personal data, care shall always be taken to ensure that no more data thanthe processing agent requires is passed on.
Third parties
Content on Harpa's website contains links to the sites of parties operating within Harpa. Harpa does not manage these sites and different personal data protection policies might be in place for them. Harpa encourages you to examine the personal data protection policy of each party individually, since Harpa’s personal data protection policy does not extend to these third parties and their handling of personal information.
Harpa’s main data processing agent is tix.is, which is the box office service for events held in Harpa. When individuals buy tickets through the Harpa website, they are referred to www.tix.is which manages the ticket sales. All of the data which individuals supply in the ticket buying process are stored in a private Harpa space, which Tix protects with the appropriate security measures.
The hosting of the personal data of individuals is in Iceland.
Preservation
Harpa is obliged to operate in compliance with Public Archives Act no. 77/2014 and is therefore not allowed to delete any files or data it works with unless with the permission of the National Archives. This obligation means, among other things, that Harpa must deliver all of the data it receives, in addition to the data created by the company, to the National Archives for preservation.
Electronic surveillance
Harpa’s premises are monitored by surveillance cameras. This surveillance is motivated by the company's legitimate interests in order to ensure security and protect Harpa's property.
Data is not processed or delivered to others, except with the approval of those registered and in accordance with data protection. In the event of an accident or alleged criminal act, the data may be handed over to the police. In such cases, all other copies are deleted by Harpa.
Rights of individuals
Harpa places an emphasis on respecting the rights of individuals, who trust the company with their personal data, and in this regard it endeavours to make it easier for individuals to enforce their rights vis-à-vis the company by directing the following inquiries to Harpa:
Access rights
Individuals can submit a request for confirmation of whether Harpa processes personal data about them and, if so, what the purpose of the processing is, as well as the category of personal information involved, its recipients and, if applicable, how long the data will be kept for.
Right to transfer personal data
Individuals have the right to receive the personal information they have provided to Harpa in an accessible readable digital format or, if an individual requests it, for this data to be handed over to another person, whom the individual designates as the recipient.
Right to make corrections or deletions
Harpa endeavours to ensure the data which the company works with is accurate and reliable. Harpa therefore asks individuals to update them on all changes that occur in their circumstances concerning the processing of personal information. This can be information on an email address, telephone number and address. An individual may also request that any personal data regarding them, which Harpa does not have a legal obligation to preserve, be deleted.
Right to protest or restrict processing
Individuals have to right to object to the processing of personal data. An individual may also request that the processing of his or her personal information be restricted for a certain period of time if he/she considers that the information is incorrect.
Children
Harpa does not collect the personal data of children under the age of 13 without the approval of their guardians.
Amendments to Harpa’s personal data protection policy
Harpa regularly revises its personal data protection policy and may amend it. Therefore, Harpa encourages individuals to familiarise themselves with the policy regularly. In the event of significant material changes that may affect individuals' rights, Harpa will specifically notify its customers of these amendments.
Approved at a meeting of the Board of Directors in February 2022.