Processed Personal Data, Purposes, and Legal Basis
Below is an overview of the typical purposes for which we process personal data, the legal basis for processing, and the types of personal data we typically collect:
Newsletter
We send newsletters to email addresses that have requested to receive our newsletters. The processing is based on GDPR Article 6(1)(a) (consent). Information will be stored with our newsletter provider, Mailchimp (Mailchimp’s privacy statement: https://www.intuit.com/privacy/statement/).
Events
When registering for events, we store contact information, allergies, and dietary preferences if we provide food, pictures of participants if we take photos or videos, and compile a participant list if necessary. The purpose of processing is to manage registration and participation. Checkin is used for event registration (Checkin’s privacy statement: https://www.checkin.no/personvernerklaering). The legal basis for event registration is GDPR Article 6(1)(f) (legitimate interest). Regarding the publication of photos and videos, we will request consent if a person, and not just the event itself, is the main focus. The same applies to information about dietary preferences and the distribution of participant lists. Processing in these cases is based on GDPR Article 6(1)(a).
IT Operations and Security
Personal data stored in our IT systems may be accessible to us or our suppliers for system updates, security measures implementation or monitoring, error correction, or other maintenance. The legal basis is GDPR Article 6(1)(c), GDPR Article 32, and GDPR Article 6(1)(f).
Investment
Activities In connection with investment and management of invested capital, it is necessary for us to register and process personal data (name and contact information) of contact persons at companies we consider investing in or have invested in. Such processing of personal data is based on GDPR Article 6(1)(f) (legitimate interest).
Knowledge Management
To improve and develop our business, we sometimes create templates and refer to past investment cases in our investment activities. Normally, there will be no personal data in reused documents, but if it does exist, all personal data will be anonymized. Processing of personal data in this context is based on GDPR Article 6(1)(f).
Supplier and Collaborator Management
In connection with our investment activities, we use suppliers and collaborators. For these, we record relevant contact information. We use this information where necessary to enter into and execute agreements with suppliers and other business relationships and to communicate and manage the business relationship. Processing of personal data in this context is based on GDPR Article 6(1)(f).
Our Website and Applications
In our Cookie Policy, we provide more information about the use of cookies on our website.
Who We Share Personal Data With
Access to personal data is generally limited to personnel who need access to perform their tasks. We do not disclose personal data in other cases or in other ways than those described in this privacy statement unless you explicitly request or consent to it, or disclosure is required by law.
Our IT suppliers may have access to personal data if personal data is stored with the supplier or is otherwise accessible to them according to the contract with us. Suppliers act in accordance with a data processing agreement and under our instructions. Suppliers can only use personal data for the purposes we have determined and as described in this privacy statement. You can always request information about which data processors we use.
We may use suppliers or process personal data outside the EEA. In such cases, the transfer and processing outside the EEA (third countries) will take place in countries approved by the EU Commission or in accordance with a valid legal basis for the transfer of personal data under GDPR Chapter V. If the transfer to countries approved by the EU Commission does not occur, the transfer will only take place based on the safeguards provided in GDPR Article 46(2). You can inquire about the legal basis used for the transfer by contacting us. The transfer agreement can be obtained by contacting us.
How Long Does Investinor Retain Personal Data?
We routinely delete personal data when it is no longer needed for the purposes for which it was collected. Information that we are required to keep by law will not be deleted until the legally mandated retention periods have expired. Personal data processed based on your consent will be deleted if you withdraw your consent.
Your Rights
You have rights related to your personal data. The specific rights you have depend on the circumstances.
Request Access
You have the right to receive information about the personal data we have registered about you. To ensure that personal data is disclosed to the right person, we may request you to submit a written request.
Withdraw Consent Personal data processed based on your consent will be deleted if you send a request to us and withdraw your consent.
Request Correction or Deletion
You can ask us to correct inaccurate information we have about you or to delete personal data. We will, as far as possible, comply with a request to delete personal data, but we cannot do so if there are compelling reasons not to delete, such as the need to retain the information for documentation purposes.
Data Portability
You have the right to have personal data we have registered about you transferred to you or another data controller in a machine-readable format.
Objections
We hope you will inform us if you disagree with the way we process your personal data. You can also lodge a complaint with the Data Protection Authority.
Security
We have established procedures to handle personal data in a secure manner. The measures are of a technical, formal (contractual), and organizational nature. We regularly assess the security of all central systems used for handling personal data, and we have agreements in place with system providers to ensure satisfactory information security.
We have internal guidelines related to information security, and we regularly train employees in security and the use of IT systems.
Changes
We may make minor changes to this privacy statement. You will always find the latest version on www.investinor.no. In case of significant changes, we will notify you.
Contact Us
If you have any questions about how we handle personal data, you can contact us at post@investinor.no or use the contact form.