Data Protection Policy

When Fortis accepts a personal injury case, we must process personal information and data relating to that person.

Fortis dutifully respects client confidentiality and is committed to ensuring the safety of all personal data collected and processed. We conduct all our work in accordance with Icelandic national laws and regulations and the Icelandic implementation of the General Data Protection Regulation enacted by the European Union in 2018.

Data that we must process and collect due to personal injury cases is for example: personal identification records and contact information (home address, phone number, email address etc.), health records and data, information on where the injured person works and which union they belong to. The purpose of our processing is to ensure that we can guard the injured person’s full interests by efficiently and correctly processing the case and ascertaining that we are collecting compensation from all parties that they are entitled to receive compensation from.

When processing a personal injury case, we must also share some of the collected personal data with third parties. Third parties in personal injury cases are for example: insurance companies, all levels of the court system, healthcare providers (general practitioners, the government hospital etc.), government institutions, companies, doctors and other healthcare workers, attorneys etc. Who we share the data with is dependent on each case and we never share information without due cause.

Private individuals have extensive legal rights according to the Icelandic Data Protection legislation and can as an example do the following: request access to their personal data, request for a correction of their personal data, request the destruction of their personal data, impose limits on the processing and/or transfer of their personal data.

Further information on our policy on data protection and processing may be found here.
See further: Our Data Protection Policy.