yfir seinni sýnatöku
Privacy Statement – Infection Control Measures upon arrival to Iceland
Icelandic Authorities have imposed infection control measures for all travelers travelling to Iceland. Travelers are subject to different measures depending on where they are travelling from, if they have proof of previous COVID-19 infection, have been fully vaccinated, age at the time of travelling etc.
Further information regarding applicable infection control measures at the borders at any given time can be found here: https://www.covid.is/categories/travel-to-and-within-iceland
All travelers subject to undergo a PCR test upon arrival and shall quarantine until they are have received confirmation of a negative test result. Some travelers are subject to two PCR-test, one upon arrival and another 5-6 days later. Those individuals shall remain in quarantine until a negative test result from the second test has been confirmed.
Those who test positive will be contacted by the COVID-19 team at the National Hospital of Iceland and the contact tracing team of the Department of Civil Protection and Emergency Management. Those who test positive will have to be isolated.
Rules on Quarantine and Isolation can be found here: https://www.covid.is/english.
Passengers are required to fill out a pre-registration form before departure to Iceland. This requires passengers to provide their personal details and contact information, flight information, travel dates and address during quarantine upon arrival.
The purpose of this privacy statement is to inform passenger travelling to Iceland about the processing of personal data taking place in relation the infection control measures.
The data controller is the Directorate of Health, Katrínartún 2, 105, Reykjavik, Iceland.
All data will be processed in accordance with the EU´s General Data Protection Regulation, GDPR, which has been transposed into Icelandic law.
Which data do we process?
Passengers must fill out a pre-registration form before departure to Iceland. The pre-registration form includes the following information.
Type of transport:
Icelandic notation ID number: (Where applicable)
Date of birth:
Country of residence:
Place(s) of residence for the duration of quarantine in Iceland:
Confirmation of a negative PCR-test:
The registration form will be kept for 21 days in a database only accessible by a selected group of personnel working at border stations. All access to the data is strictly limited to what is necessary for the functioning of the border control measures.
When you get tested for COVID-19 upon arrival, and again 5-6 later where applicable, your sample will be analyzed by the National hospital of Iceland or contractors that the National hospital have engaged to perform such analysis. The sample will only be identified by a sample number, no other personal data will be available for those performing the analysis. All negative samples will be destroyed after the analysis has been performed and only used for diagnosing COVID-19, as stipulated in the Regulation on Quarantine, Isolation and Testing at the Icelandic Border in response to COVID-19, nr. 375/2021. Positive samples may be kept for further analysis to assess which measures will be taken in regards to individuals who test positive for COVID-19, after which they will be destroyed.
Negative test results will be communicated by a notification in the Rakning C-19 app or by a text message to the phone number you provided in the registration form if you do not wish to download the app. If you have provided an Icelandic social security number the results will be communicated through the website Heilsuvera.is.
Anonymized test results will be used for statistical purposes.
Positive test results will be communicated by a phone call by health care professionals at the National Hospital and/or members of the contact tracing team of the Department of Civil Protection and Emergency Management. Further processing of personal data relating to infected individuals is regulated by Icelandic laws on health records and laws regarding patient rights.
Information on where you quarantine will be kept for the duration of the quarantine period and accessible for members of Department of Civil Protection and Emergency Management who are responsible for the enforcement of rules relating to quarantining.
Information relating to your stay in a quarantine hotel will be kept for the 14 days.
What is the purpose of the processing?
The purpose of the processing is infection control during a pandemic. The processing is necessary for effective infection control for persons entering Iceland.
Your data will only be disclosed for personnel involved in enforcing infection control measures.
Selected information from the pre-registration form will be accessible for border control agents and personnel involved in testing at the border.
Positive test results will be shared with health-care personnel at the National Hospital of Iceland and members of the contact tracing team of the Department of Civil Protection and Emergency Management.
Negative test results will be made available to you and further processed for statistical purposes anonymously.
Necessary personal data will be shared with quarantine hotels for persons required to stay there during the 5-6 day quarantine period.
In other cases, we only disclose your personal information if we are required to by law.
We do not transfer personal data to anyone outside the EU/EEA area.
What is our legal basis for processing your data?
The processing of personal data is processing is based on the authority vested in the Chief Epidemiologist of Iceland by the Act on Health Security and Communicable Diseases, No. 19/1997, and the Regulation on Quarantine, Isolation and Testing at the Icelandic Border in response to COVID-19.
We take care of your personal data in a secure way to ensure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
All communication of personal data is encrypted or routed through encrypted communication channels.
All databases are encrypted and secured by firewalls. Automated threat detection and response mechanisms are used to prevent any unauthorized access or attempts to breach databases.
Access to databases is logged and access is only granted to pre-defined personnel. Access is granted based on certified electronic ID with assurance level high as defined in the eIDAS regulation.
We are committed to respecting the data subjects’ rights. You have the right to access all data we may process regarding you. You also have the right to ask us to correct your personal information. You also have the right to demand amendment or deletion of personal information we have about you as well as the right to data portability restriction of processing of your personal data, to object to the processing and to file a complaint with the Icelandic Data Protection Authority, Persónuvernd.
If you intend to exercise your rights or if you need any further information, please contact us at: firstname.lastname@example.org.