Welcome to the Moya content management system

Terms of Use for the Moya content management system

You are responsible for keeping your username and password confidential. You are responsible for the use of your account, whether you have given permission for its use or not. Stefna is not responsible for stolen, lost or hacked passwords. For security reasons, Stefna has no access to passwords and can therefore only reset a password if it is lost. Stefna employees will never ask for your password. After resetting or creating a new user, he is always obliged to change his password. The administrator supervises users and can block user access if necessary.

Access control or rights to units

Moya stores the following personal and user information for the purpose of identifying and securing user access to the system:

Name

Username

Email address

Password

Rights to system units

To ensure security, prevent misuse and monitor the insertion of legitimate content, event logging is used. Moya records actions performed within the system, such as creating content pages, inserting images and news. User information and IP addresses are recorded with event logs. To ensure normal functionality, quality and security in Moya, event entries are recorded for debugging and updates. If an error occurs on the website, user information, IP addresses or other information related to the action performed by the user is sent to Stefna employees as diagnostic data. Error messages are sent via software from Bugsnag, but they are only used to maintain and improve the system and are never forwarded to third parties.

Security

Stefna ensures secure storage of data and information. The specification is based on the ÍST ISO/IEC17799 standard on information protection. The handling of systems, information and data is subject to Stefna's standard operating procedures for data handling. The Moya web management system automatically collects only necessary personal information for the purpose of ensuring the quality and security of the service. The Moya web management system is owned by Stefna and third parties are never given access to its database. Stefna does not collect information for use for marketing purposes, either for its own use or for third parties. Standard operating procedures apply to the backup process. Data and databases are backed up daily. Immediately after backup, copies are transferred to a secondary server in another system space located in another building. Copies are stored for 80 days and, in addition to general precautions and automatic error messages, regular checks are carried out. Backup tests are carried out at least once a month and are carried out by Stefna's system administrator and technical manager. This ensures that data is not lost. Appropriate security measures are taken against the most common hacker attacks of all time.

Quality

Stefna undertakes to use its best efforts to maintain 24/7 access to Moya's websites, excluding pre-planned downtime, and to ensure that upload times are acceptable. Stefna cannot be held responsible for unforeseen events beyond the company's control, such as political events, fire, earthquake, war, third-party technical failures or DDOS attacks (Denial of service). Stefna will only use its access to the systems of the hosting provider when a work order has been received from the service buyer or in the event of necessary system updates.

Material warranty

Users are responsible for all content they post to Moya. Content posted to the system must be in accordance with both Icelandic and European law and obtained legally. If forms, surveys, any kind of add-ons and/or links are posted that collect personal information about users, there must be a legitimate reason for such collection, such as informed consent. If connections to third-party systems are added, e.g. Google analytics, Siteimprove or Facebook pixel, the privacy policy must be updated and the cookie banner must be activated/updated, which can be found under settings. All content posted to Moya is owned and responsible by the administrator. The policy does not provide for any specific monitoring of posted content.

Access to Stefna's service desk

Stefna uses Project Management software from Atlassian: Jira, Jira service desk and confluence are used to manage and store work orders, project descriptions, communication with supervisors and supervisor contacts. It is the responsibility of the supervisor to inform Stefna of any changes that may occur to the supervisor's contacts and their rights. Work orders are not accepted unless a user with the appropriate rights gives written permission for them. All error reports or suggestions regarding the website are accepted.

List of Processors

Required:

Amazon AWS cloud hosting (Privacy Shield certified).

Bugsnag (Privacy Shield certified).

New Relic (Privacy Shield certified).

Non-exhaustive list of processors that can be activated through the system and under the user's responsibility:

Google Analytics

Google Tag Manager

Facebook Pixel

AddThis

System property

Moya is wholly owned by Stefna and all of its code, functionality and modules are owned by Stefna. The content and appearance of the website are owned and responsible by the administrator.

Spending from a system

Stefna takes no responsibility for content deleted from Moya, whether by users or parties who have hacked into their account. If requested by the administrator's contact, Stefna can retrieve content from backups. Stefna does not automatically delete any information or content from Moya.

Changing user

Users can change their password and user information in the access settings. Annually or when the password is reset by the administrator, a user must change their password.

Quit as a user

If you decide to terminate your Moya user account, event logs and error messages from your previous use will remain even if your account is deleted. In the rare event that databases are restored from backup, such as due to an attack or failure, deleted accounts can be restored. You must ask the website administrator to delete you as a user.

Changes

If updates are made to these terms, notice will be given immediately upon your next login. The new terms are deemed accepted as soon as that login occurs.

Reporting abuse

If there is a suspicion that users are abusing the system, spreading hate speech, using ill-gotten material, processing personal information unlawfully or using the system in other questionable ways, reports of this should be sent to both Stefna (hjalp@stefna.is) and the administrator. If there is a suspicion of a security breach or unlawful processing through Moya's core processing, this should be reported to Stefna (hjalp@stefna.is). If there is a suspicion of a violation of data protection laws, this should be reported to the administrator, it can also be reported to the data protection authority or to the courts.

Approval

I, the undersigned, hereby declare that I have given my unconditional, specific, informed and unambiguous consent to the processing of personal data concerning me. I am also aware of the purpose of the processing for which the personal data is intended. I am informed that I can withdraw this consent in the system.

All information will be treated as confidential.