Contact

Data Privacy

Effective from: 15.01.2026
Data Controller: RR Consulting. Owner: Rúni Rasmussen.
Contact: info@rrc.fo.
Website: www.rrc.fo.
Content: This policy explains how RR Consulting collects, processes, stores, and protects personal data. It also sets out your rights.

1) Scope and categories of personal data 

RR Consulting provides consultancy, analysis, project management, and assistance in connection with recruitment and HR processes. This means that we process personal data relating to:

·       Clients and contact persons (for example name, email address, workplace, and communication history).

·       Participants in courses/workshops (for example participant lists and evaluations).

·       Applicants/applications (where we assist with recruitment – either as data controller for our own recruitment or as data processor for the client).

2) Purpose and legal basis for processing

We process personal data only where necessary and on a lawful basis, for example:

·       Contract and service delivery (consultancy, projects, recruitment processes).

·       Legal obligations (for example accounting requirements).

·        Operations and business activities (for example developing services, ensuring operational reliability, and maintaining communication).

·       Consent, where required (for example marketing/newsletters and cookies). Consent must be clear, freely given, specific to each purpose, and easy to withdraw; and we must be able to document it.

3) Recruitment and processing activities

When we assist a client with recruitment:

·       We process data only on the client’s instructions and enter into a written data processing agreement with the client, setting out, among other things, security, purpose, retention period, and subprocessors.

·       The client is normally the data controller, and RR Consulting acts as the data processor.

4) Recipients, data processors, and transfers

We may use service providers (data processors) for, for example, email, communication, and data storage. RR Consulting uses, among other things, Office 365, OneDrive, Dropbox, and other work tools.

·      We enter into data processing agreements with data processors where required.

·       We monitor processing security, as the data controller must be able to demonstrate compliance with legal requirements.

If data processors/subprocessors are located in other countries, we ensure that transfers are lawful and that security and documentation requirements are properly met.

5) Oversight of data processors 

Oversight is organised according to risk (low/medium/high). Where the risk is low, oversight may be simpler; where the risk is high, oversight must be more detailed and more frequent.

Oversight may, among other things, include:

·       written confirmation/documentation from the provider,

·       review of security measures,

·       or, where necessary, a specific inspection/audit.

If a data processor uses subprocessors, the same requirements must apply, and we must ensure that oversight also covers subprocessors.

6) Security of processing (technical and organisational measures)

We take a risk-based approach: we assess risks and implement measures so that the level of security is appropriate. Examples of measures include:

·       access control (only necessary access rights),

·       logs/monitoring of access,

·       secure storage and backups,

·       procedures for handling personal data breaches.

7) Retention period and deletion

We retain personal data only for as long as necessary for the relevant purpose, or as long as required by law. Once the purpose has been fulfilled, the data will be securely deleted/restricted (for example in accordance with the agreement with the client and the data processing agreement).

8) Your rights

You have, among other things, the right to:

·       access your personal data,

·       rectification

·       erasure (in certain cases),

·       restriction

·       objection (in certain cases),

·       data portability (in certain cases),

·       and to withdraw consent where processing is based on consent.

How to exercise your rights: send an email to info@rrc.fo. We may ask for proof of identity. We will respond as quickly as possible.

Complaint: You may lodge a complaint with the Data Protection Authority, see below. 

9) Cookie policy

What are cookies?

Cookies/tracking technologies are small data files that may be stored on your device when you visit our website. They may include necessary cookies, analytics cookies, and marketing cookies.

Which cookies do we use?

Our website may use:

·       Necessary cookies (to make the site function, security, and basic features).

·       Analytics cookies (to understand usage patterns and improve the site).

·      Marketing cookies (for example for social media or to measure advertising campaigns).

If you view content from, for example, social media platforms (such as LinkedIn or Facebook), those platforms may set cookies in accordance with their own terms.

Consent for cookies

We do not place analytics or marketing cookies without consent. Consent:

·       must be active (for example by clicking), not based on pre-ticked boxes,

·       must be granular (you must be able to choose each category separately),

·       and must be easy to withdraw.

You can change/withdraw your consent in the cookie settings on the website (or by deleting/blocking cookies in your browser).

Review: This policy will be updated when changes are made to services, tools, or legal requirements.

10) Complaint to the Data Protection Authority (Dátueftirlitið)

You have the right to lodge a complaint regarding RR Consulting’s processing of your personal data with the Faroese Data Protection Authority:

Dátueftirlitið
Heiðavegur 25

FO-600 Saltangará
+298 309100
dat@dat.fo