[krád] consulting ehf (Hrund Gunnsteinsdóttir)

Last updated: 13. Janúar 2026

Krád consulting ehf (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, register for webinars or newsletters, or purchase and participate in our online programs.

This Privacy Policy is written in accordance with Icelandic law, including Act No. 90/2018 on Data Protection and the Processing of Personal Data, and the General Data Protection Regulation (GDPR).

 

1. Data Controller

The data controller responsible for your personal data is:

Krád consulting ehf
kt. 630608-0580
Meistaravellir 13, 107 Reykjavík, Iceland
Email: hallo@hrundgunnsteinsdottir.com

 

2. What personal data we collect

We may collect and process the following categories of personal data:

Information you provide to us

• Name
• Email address
• Home address (where relevant for billing and invoicing)
• Any information you submit through forms, registrations, surveys, or communication with us.
• We only collect and store home addresses when necessary for billing, invoicing, or customer administration.

 

Data collected when you use our website

• IP address
• Browser type and device information
• Pages visited and general usage data (analytics/cookies if used)

3. Why we collect your data (purposes)

We collect personal data to:

• Provide services, digital courses, and learning experiences (including InnSæi content and programs)
• Process registrations for webinars and events
• Provide customer support and participant communication
• Send newsletters and updates (when you have opted in)
• Process purchases, billing, and related administration
• Improve our website, services, and participant experience
• Comply with legal obligations (e.g. accounting and tax rules)

4. Legal basis for processing

We process personal data only when we have a valid legal basis under GDPR, including:

• Consent (e.g. newsletter sign-up)
• Contract (e.g. when you purchase a course or service)
• Legal obligation (e.g. accounting requirements)
• Legitimate interests (e.g. improving services, operating our website securely)

5. Services and tools we use (third-party processors)

We use trusted service providers to operate our business and deliver services. These providers may process personal data on our behalf as data processors, and they are required to protect your data and process it only according to applicable law.

Email newsletters and marketing
We use MailerLite to manage newsletter subscriptions and email communications.
Data stored may include your name, email address, signup time/date, and email engagement metrics (e.g. opens/clicks).

Payments
We use Teya to process payments securely.
When you make a purchase, payment details are handled directly by Teya.
We do not store or process your full payment card information.

Online course platform
We use LearnDash to deliver online course content and manage your course access when hosted on our website.
This may include name, email address, account login details, and course participation/progress data.

Website hosting
Our website is hosted with 1984.is (Iceland).
Like most hosting providers, server logs may collect technical information such as IP address, browser type, and timestamps for security and operational purposes.

6. What we do NOT do

• We do not sell your personal data.
• We do not store full payment card details on our website or systems.

7. How long we keep your data (retention)

We retain personal data only for as long as needed to fulfill the purposes described in this policy, including:

• Newsletter subscriber data: until you unsubscribe (or request deletion)
• Customer records (including address data where relevant): as long as required for contractual and legal obligations (including accounting)
• Course platform accounts: for the duration of your access, or until you request deletion (where legally possible)

8. How we protect your data

We take appropriate technical and organisational measures to protect personal data, including:

• Role-based access and limited permissions
• Secure passwords and administrator controls
• Using reputable service providers (MailerLite, Teya, LearnDash, 1984.is)
• Secure connections (HTTPS) on the website

9. International data transfers

Some of our service providers may process or store data outside Iceland/EEA. Where applicable, we ensure appropriate safeguards are in place under GDPR.

10. Your rights

Under GDPR, you have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion (where applicable)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time (where consent is the legal basis)

To exercise your rights, contact us at: hallo@hrundgunnsteinsdottir.com

11. Newsletter communications

If you subscribe to our newsletter, we may send you emails about InnSæi, leadership insights, upcoming webinars, and course opportunities.

You can unsubscribe at any time via the unsubscribe link included in every email.

12. Cookies

We may use cookies or similar technologies to improve functionality and understand how visitors use our website.

You can control cookies through your browser settings. Disabling cookies may affect parts of the website experience.

13. Complaints

If you have concerns about how we process personal data, you may contact us directly so we can resolve the matter.

You also have the right to lodge a complaint with Iceland’s Data Protection Authority (Persónuvernd).

14. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page, with the date of the last update shown at the top.