Privacy Policy

Effective Date: September 10, 2025

Kerberos (“we,” “our,” “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website www.kerberos.is, contact us, or use our services.

1. Who We Are

Kerberos is an Icelandic company providing cybersecurity and compliance services.

Contact Information:

2. What Information We Collect

When you use our website, we may collect the following categories of personal data:

  • Information you provide directly (e.g., via contact or inquiry forms):

    • Name

    • Email address

    • Phone number

    • Company/organization details

    • Any other information you choose to provide

  • Information collected automatically:

    • IP address

    • Browser type and version

    • Device type and operating system

    • Pages visited, time and date of visit, and other usage data

  • Cookies and tracking technologies:

    • Squarespace (our website host) uses cookies and analytics tools to ensure proper website functionality and performance.

    • You may manage cookie preferences through your browser settings.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To respond to inquiries and provide information about our services

  • To process and manage form submissions

  • To improve our website, services, and user experience

  • To send you marketing communications (such as newsletters, service updates, and promotional offers) if you have provided consent or where otherwise permitted by law

  • To comply with legal obligations and enforce our terms

We will never sell your personal data to third parties.

4. Marketing Communications

If you subscribe to our newsletter, fill out a form, or otherwise provide your contact details, we may send you marketing communications related to our services.

  • You can opt out of marketing at any time by clicking the unsubscribe link in our emails or contacting us directly at kerberos@kerberos.is.

  • We will not send you marketing communications without your consent where required by law.

5. Third-Party Services

We rely on trusted third-party providers to operate our website and services:

  • Squarespace – website hosting, design, analytics, and cookies

  • Tally – form collection and submission management

These providers may process your personal data on our behalf in accordance with their own privacy policies. We take steps to ensure that they only process your data as necessary and in compliance with applicable data protection laws.

We may contract additional third-party providers for further processing in accordance with this Policy and law.

6. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

  • Consent – when you submit information through forms or sign up for marketing communications

  • Legitimate interest – to operate, maintain, and improve our website and services, and in some cases to send relevant marketing information to existing and prospective clients

  • Legal obligation – where processing is required by law

7. Data Retention

We will retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

8. Your Rights

As an individual under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (“right to be forgotten”)

  • Object to or restrict processing, including for marketing purposes

  • Withdraw consent at any time (without affecting the lawfulness of prior processing)

  • Lodge a complaint with a data protection authority (in Iceland, this is Persónuvernd)

To exercise your rights, please contact us at kerberos@kerberos.is.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.

10. International Transfers

As our website uses international service providers (e.g., Squarespace and Tally), your personal data may be transferred outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any updates will be posted on this page with a revised “Effective Date.”

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Kerberos
Email: kerberos@kerberos.is
Address: Flugvallarvegur 3-3A, 102 Reykjavík, Iceland