Information about the processing of personal data

25.09.2019

1. GENERAL INFORMATION
This document informs about the methods of processing and protecting personal data of users of the MULTINOR FINANS Website.

2. INFORMATION ABOUT THE DATA CONTROLLER
The controller of the personal data is Inventive Logic sp. z o. o. sp. k. in Gdańsk (80-393) at ul. Krynicka 1, KRS (National Court Register): 0000709320, NIP (Tax Identification Number): 9570936720, e-mail: epost@multinorfinans.no, tel. +47 21 984 119 (Hereinafter referred to as: iLogic or Data Controller).

3. SCOPE OF PERSONAL DATA PROCESSED
Users' personal data is processed for the purpose and scope that is:

1) necessary for their use of the Website (Art. 6 Paragraph 1 (b) of the GDPR);
2) dependent on the consent given voluntarily, in order to send marketing information by means of remote communication (Art. 6 Paragraph 1 (a) of the GDPR);
3) depending on the consent given voluntarily (which is necessary to provide the service), in order to make it available to cooperating entities, e.g. financial intermediaries that assess creditworthiness (Art. 6 Paragraph 1 (a) of the GDPR);
4) on the basis of a legitimate interest (Art. 6 Paragraph 1 (f) of the GDPR), in order to:

1. conduct research and analysis of clients' expectations and needs as well as improvement and introduction of new services, as well as for statistical purposes,
2. provide commercial information and marketing content regarding products or services,
3. match advertising and marketing communication channels to user's interests – based on the provided data, your account settings and content you are browsing, and like many other providers, depending on your consent or browser settings, we can use cookies and other similar technology to find out how you learned about our services or which websites you browsed before or after visiting the Website, so that we can better understand your needs and improve our services,
4. organise or co-organise promotional campaigns or loyalty programs,
5. maintain payment services and other auxiliary services of third parties, which we use to provide services for you,
6. ensure safe usage of our websites and databases, enforce terms of service, prevent frauds and abuses, and maintain the correctness and continuity of our systems, including by creating backup copies,
7. determine, pursue or defend iLogic's claims and demonstrate compliance with iLogic's obligations under the law,
8. defence against abuse and fraud in order to ensure legal and physical security of the data controller,
9. answer queries and requests submitted via the form on the website or by e-mail.

5) fulfil the legal obligation to process your data, in particular for tax and accounting purposes (Art. 6 Paragraph 1 (c) of the GDPR).

4. RESTRICTIONS ON DATA PROCESSING
1) If we process your data based on your consent – e.g. for sending marketing information by means of remote communication – you can always withdraw your consent. Consent may be revoked at any time by sending an email to epost@multinorfinans.no. Withdrawal of consent does not result in unlawful processing of personal data that took place before its withdrawal.
2) We will process your personal data for the period necessary to achieve the above-mentioned purposes, i.e.

1. in particular for the duration of the service provided to you, and also after that:
2. for the period and to the extent required by law or
3. for the implementation by (iLogic) of legitimate interests of the data controller to the extent outlined above, i.e. to the extent necessary for the pursuit and defence of claims by iLogic – during the limitation period of any claims between the parties,
4. if we process your data based on your consent, we will continue to process it until content is withdrawn.

3) Providing your personal data is always voluntary, but is in some cases necessary to conclude and perform a contract for the provision of services to you. We always mark the fields and information that is required for us to make a deal with you and execute the contract, or for performing legal obligations.

5. TRANSFER OF PERSONAL DATA AND PROFILING
1) Your personal data may be transferred:

1. to public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that in our reasonable belief result from legal provisions,
2. based on a separate consent – to selected Norwegian financial institutions, institutions preparing loan assessments, loan and insurance intermediaries,
3. based on the contract, required by law, of entrusting personal data for processing – to entities that provide us with ancillary services, such as customer service, payment services, professional advisers and companies providing hosting and analytical services.

2) Your data will be transferred outside the European Economic Area to our service providers in countries that ensure an adequate level of protection in accordance with the decision of the European Commission, including entities based in the United States participating in the Privacy Shield programme, or on the basis of the specific contract for the processing of personal data – the so-called Standard Contractual Clauses for data transfers between EU and non-EU approved by the European Commission. You will be able to obtain a copy of the transferred data by contacting us.
3) By providing services to you on the Website, we will process your data automatically, including profiling by using some of the information you share with us to analyse or predict your personal preferences, interests or needs, but we will do it only in order to personalise the usage of the Website or to better match ads and commercial information to your needs. Therefore, it will never produce any legal effects or significantly affect your situation in a similar manner.

6. TRANSFERRING PERSONAL DATA
1) All persons whose personal data is processed by iLogic have a number of rights arising from the processing of their personal data, including:

1. the right to access personal data, including the right to obtain a copy of such data,
2. the right to request correction (rectification) of personal data – when you notice that the data is incorrect or incomplete,
3. the right to request the deletion of personal data (the so-called "right to be forgotten") – provided, however, that the data is no longer necessary for the purposes for which it was collected or otherwise processed (eg under the condition of removing the account) or if you object to data processing or withdraw the consent on which the processing is based and there is no other legal ground for processing, or if the data is processed illegally or must be removed in order to comply with a legal obligation,
4. the right to request limitation of personal data processing – if you indicate that your data is incorrect, when data processing is unlawful but you do not want to delete it or when your data is no longer required, but you need it to determine, defend or pursue claims, or when you object to the processing of data – until it is determined whether the legitimate grounds for the processing of data by us take precedence over the basis of your objection,
5. the right to transfer personal data – if the processing is carried out automatically on the basis of a contract concluded with you or based on your consent,
6. the right to object to the processing of personal data, including profiling – if we process your data based on a legitimate interest and the opposition is justified by your special situation and when we process your data for direct marketing purposes and profile your data for marketing purposes.

2) All requests regarding the above rights can be submitted in writing or sent by e-mail to the iLogic's addresses indicated above. We will do our best to respond to your requests promptly, no later than one month after we have received them, unless they prove to be numerous or complicated. In this case, we will inform you about the deadline for replying. All requests are free of charge, but should they be found evidently unreasonable or excessive, we will be able to charge a reasonable fee, including communication fees or costs related to the performance of the requested actions, or refuse to take action on the request.
3) If you believe that iLogic has violated the law by processing your personal data, please write to us at the following e-mail address: epost@multinorfinans.no. You have the right to lodge a complaint with the supervisory body, i.e. the President of the Personal Data Protection Office.

7. ACCESS TO THIRD PARTY DATA
Personal data is processed only by authorised employees or associates of iLogic or cooperating entities on the basis of a lawful contract of entrusting personal data for processing, who are both trained and authorised to do so.

8. SECURITY AND PROTECTION OF PERSONAL DATA
iLogic declares that it makes use of technical and organisational measures to ensure the protection of processed data according to their categories and possible threats, and protects in particular users' personal data against disclosure to unauthorised persons, loss, or damage.

9. USE OF COOKIES
1) iLogic uses so-called own cookies and other similar technologies for the following purposes:

1. Website configuration,
2. adjusting the content of the Website to user's preferences and optimising the use of the Website,
3. recognition of the Website user's device and its location, as well as displaying the website per user's individual needs,
4. remembering the settings selected by the user and personalising the user interface,
5. remembering the history of visited pages on the website in order to recommend relevant content,
6. font size, website appearance, etc.
7. user authentication on the website and providing user sessions,
8. maintenance of the Website user's session (after logging in) to allow the user to use the Website without re-typing their login and password,
9. correct configuration of selected Website functions, allowing, in particular, verification of the authenticity of the browser session,
10. optimising and improvement of the performance of services provided by the Data Controller,
11. implementation of the processes necessary for the full functionality of the websites,
12. adjusting the content of the Website to user's preferences and optimising the use of the Website. In particular, these files allow us to understand the basic parameters of the User's device and to properly display the Webpage tailored to their individual needs,
13. remembering the user's location,
14. the correct configuration of the selected functions of the Website, allowing, in particular, the adjustment of the information provided to the user, taking into account their location,
15. analysis and testing, as well as internet audience measurement,
16. creating anonymous statistics to help us understand how the users utilise the Website, which can improve its structure and content,
17. ensuring the safety and reliability of service.

2) Data Controller uses external cookies and other technologies for the following purposes:

1. presenting multimedia content downloaded from external websites (including vimeo.com, youtube.com, wrzuta.pl)
2. collecting general and anonymous static data via analytical tools (incl. Google Analytics),
3. presenting ads tailored to the user's preferences by using the online advertising tool.

3) The user has the right to decide whether they want to allow the use of cookies on their computer; this setting can be turned on or off in the browser. Below are instructions on how to manage cookies – instructions from browser manufacturers:
1. Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
2. Internet Explorer: https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
4. Safari: https://support.apple.com/en-euro/guide/safari/sfri11471/mac
5. Opera: http://help.opera.com/Linux/9.22/pl/cookies.html

10. PRECLUSION OF LIABILITY
1) This Information about the processing of personal data does not cover any forms of personal data processing by other entities to whom personal data are disclosed on the basis of the user's consent, and which constitute separate Data Controllers (within the meaning of the General Data Protection Regulation – GDPR). All obligations related to the Data Controller status apply directly to these entities.
2) The Data Controller reserves the right to introduce changes, withdrawals or modifications of the functions or properties of the Website, as well as to cease operations, transfer rights to the Website and perform any legal actions permitted by applicable laws. All actions carried out by iLogic may not violate user's rights.

11. CONTACT WITH THE DATA CONTROLLER
Please send any additional questions related to the Information about the processing of personal data or processing of your personal data to the iLogic's address indicated above.

12. AMENDMENTS TO THE INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
1) Data Controller reserves the right to make amendments to the Information about the processing of personal data. All changes to the Information about the processing of personal data apply from the date of their publication on the Website. iLogic shall inform active users about amendments to the Information about the processing of personal data via email address they have provided.
2) The date specified below is the date of application of the latest version of the Information about the processing of personal data.

25/09/2019