Privacy Policy

This Privacy Policy informs you about the personal data we process in connection with our activities and operations, including our seagrowth.bio website. Here, we explain why, how, and where we process personal data. We also outline the rights of individuals whose data we process.


For specific activities and operations, additional privacy policies and other legal documents such as general terms and conditions or terms of use may apply.


We are subject to Icelandic data protection law and any applicable foreign data protection law, particularly the European General Data Protection Regulation (GDPR).

1. Contact Information

Responsibility for the processing of personal data:


Sea Growth ehf.

Brekkugerði 18
108 Reykjavík
Iceland

[email protected]

2. Definitions and Legal Bases


2.1 Definitions

  • Personal data is all information that relates to an identified or identifiable natural person.

  • Sensitive personal data includes data relating to philosophical, religious, political, or trade union-related views or activities, health, private life, ethnicity or race, genetic data, biometric data, administrative or criminal proceedings or sanctions, and social assistance measures.

  • Processing includes any handling of personal data, regardless of the means and procedures used.

  • Data subject is a natural person about whom we process personal data.

  • The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as Liechtenstein, Iceland, and Norway.

  • The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (art. 9 GDPR).

2.2 Legal Bases

We process personal data in accordance with Icelandic data protection law, particularly the Icelandic Data Protection Act. If and insofar as the GDPR is applicable, we process personal data in accordance with at least one of the following legal bases:

  • Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.

  • Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, except where such interests are overridden by the fundamental rights and freedoms of the data subject.

  • Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation.

  • Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.

  • Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.

  • Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process the personal data required to carry out our activities and operations in a permanent, reliable, secure, and user-friendly manner. Such personal data may include browser and device data, contact data, content data, contract and payment data, customer data, location data, marketing data, metadata, sales data, technical data, and usage data.


We process personal data for the duration required for the respective purpose or as required by law. Personal data that no longer needs to be processed is anonymized or deleted.


We may have personal data processed by third parties, process personal data jointly with third parties, or transfer it to third parties, particularly specialized providers whose services we use.


We generally process personal data with the consent of the data subjects. If processing is permitted for other legal reasons, we may refrain from obtaining consent, for example, to fulfill a contract, comply with legal obligations, or protect overriding interests.


We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during our activities and operations, if and to the extent that such processing is permitted for legal reasons.

4. Communication

We process personal data to communicate with third parties. This includes data transmitted when making contact, such as by postal mail or email, and storing such data in an address book, on a customer relation management (CRM) platform, or using comparable tools.


Third parties who transmit data about other persons are obliged to guarantee data protection for such data subjects.


We use selected services from suitable providers to communicate better with third parties.

5. Data Security

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we guarantee the availability, confidentiality, integrity, and reproducibility of processed personal data, though we cannot guarantee absolute data security.


Access to our website and our other online presence takes place using transport encryption (SSL/TLS, particularly HTTPS). Most browsers warn against visiting websites without transport encryption.


Our digital communication is subject to mass surveillance by security authorities in various countries. We cannot exert any direct influence on the corresponding processing of personal data by secret services, police forces, and other security authorities.

6. Personal Data Abroad

We process personal data primarily in Iceland and the EEA but may also export or transfer personal data to other countries. We may transfer personal data to countries whose laws guarantee adequate data protection or, exceptionally, to countries without adequate protection if special requirements under data protection law are met.

7. Rights of Data Subjects


7.1 Individual Data Protection Rights

We grant data subjects all rights in accordance with applicable data protection law. Data subjects have the following rights:

  • Information: Data subjects may request information about the personal data we process about them.

  • Correction and Restriction: Data subjects can have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.

  • Deletion and Objection: Data subjects can have personal data deleted and object to the processing of their data.

  • Data Disclosure and Data Transfer: Data subjects may request the disclosure or transfer of their personal data to another controller.

We may defer, restrict, or refuse the exercise of data subjects' rights to the extent permitted by law and may charge fees for the exercise of rights.

7.2 Legal Enforcement

Data subjects have the right to enforce their data protection rights through legal action or to lodge a complaint with a competent data protection authority.

8. Use of the Website

8.1 Cookies

We may use cookies to store data in the browser. Cookies can be session cookies (deleted when the browser is closed) or permanent cookies (stored for a specific period). Cookies can be completely or partially deactivated and deleted in the browser settings.

8.2 Logging

We may log information for each access to our website, including date and time, IP address, access status, operating system, browser, sub-page accessed, and referrer.

8.3 Tracking Pixels

We may integrate tracking pixels into our online presence to collect log files.

9. Notifications and Messages

We send notifications and messages by email and via other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and messages may contain web links or tracking pixels to record whether they have been opened and which web links have been clicked on.

9.2 Consent and Objection

You must consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. You can object to receiving notifications and communications at any time.

9.3 Service Providers for Notifications and Messages

We send notifications and messages with the help of specialized service providers.

10. Social Media

We are present on social media platforms to communicate with interested parties and provide information about our activities and operations. Personal data may be processed outside Iceland and the EEA.

11. Third-Party Services

We use services from specialized third parties to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. These services may collect IP addresses and process data for security, statistical, and technical purposes.

12. Success and Reach Measurement

We measure the success and reach of our online offering, which may involve storing IP addresses, using cookies, and creating user profiles in pseudonymized form.

13. Final Provisions

We may amend and supplement this Privacy Policy at any time and will provide information about such amendments in an appropriate form, particularly by publishing the current Privacy Policy on our website.

© Copyright 2024 Sea Growth ehf.