Where the words "We", "Us" or "Our" are used in this Policy, this refers to Legentic, a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 996 414 914
For the purposes of this Policy, the term “Service” means the Mohawk Portal including the Mohawk and the Sjerlok solution. These being software services delivered online to Our customers (“Customers”) primarily within the financial and insurance sector and governmental bodies.
Personal data as described in European privacy law is information relating to an identified or identifiable natural individual, which is an individual who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. This Policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We determine appropriate.
We are the data controller when We collect and collate the personal data in order to develop, host, improve, monitor and analyse the Service.
We are a data processor when We collect and process the personal data in order to provide authorized access to our Service to Our Customers in their roles as data controllers. Our Customers have acquired a legal basis for their processing of Your personal data prior to utilising the Service.
We keep Your personal data only as long as it is required for the reasons it was collected from You. The time period in which We store personal data varies, and will depend on whether it is processed in our role as a data controller or in Our role as a data processor on behalf of Our Customers.
Please note that while We may have ceased the processing of the personal data, a Customer may be entitled to process the same personal data in its role as a separate data controller.
When Your personal data is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.
As a data subject, You have the following rights:
Access: You may request a copy of Your personal data that We process.
Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer information about you to you or another data controller in a structured, commonly used and machine- readable format.
Erasure: You may demand that We erase all of Your personal data, unless We are required by law to keep the data for a certain period of time.
Information: You are entitled to receive information concerning which categories of Your personal data that We process and how they are processed.
Objection: You may in some cases object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision based solely on automated processing, including profiling, which produces legal effects that significantly affect You.
Rectification: You may require Your personal data to be rectified or supplemented.
Restriction: You may in some cases request that We restrict the processing of Your personal data.
Personal data is collected from third-party websites under the legal basis of Legitimate interest as stated in Article 6 (1) (f) in Regulation (EU) 2016/679 (GDPR).
The purpose of processing personal data from classified ads from third-party websites is to provide our Customers with a service to detect and prevent fraud, corruption and claims handling. Customers typically include insurance companies and governmental bodies. Preventing fraud, corruption and false claims will have a great effect on the society as users of the Customers services will be better protected against fraud and potentially experience a reduced cost on insurances and even make insurance available and affordable to more people.
To prevent fraud or other possible criminal acts in claims handling, it is important to the Customer that all data of an asset's life cycle is available to the investigation. Therefore, Legentic offers its customers the possibility to search through classified ads, both current and historical.
While you place a classified ad on a third-party website, We or Our service providers may collect Your personal data, including, but not limited to,
Details concerning Your classified ad
Asset identification number e.g. but not limited to:
VIN number, or
car registration number
We may disclose Your personal data to individuals or organisations who are Our service providers who are maintaining, reviewing and developing Our business systems and infrastructure, including testing or upgrading Our computer systems or otherwise facilitates Our Service. These third parties are Our data processors and have access to Your personal data only for the purposes of performing these tasks on Our behalf in our role as a data controller. If We were to disclose personal data to organisations that perform services on Our behalf, We will require those service providers to use such personal data solely for the purposes of providing services to Us and to have appropriate safeguards for the protection of that personal data.
We may also provide Your personal data to Our Customers through their use of the Service. These Customers are separate data controllers who are responsible for having acquired a lawful basis for their processing of Your personal data through Our Service. Such lawful basis may be consent where you have a relationship with said Customer.
Your personal data may be transferred to — and maintained on — computers located inside of the European Economic Area and other countries which the European Commission has considered to have an adequacy of protection of personal data on the basis of article 45 of Regulation (EU) 2016/679.
Safeguarding Your personal data is Our highest concern. As such, We endeavour to maintain and employ reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with Your personal data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of Your personal data. This also applies to Our disposal or destruction of Your personal data. Personal data can only be accessed by those of our employees who have a strict need for such access in order to perform their obligations.
Our website and Service are scanned, including malware scanning, on a regular basis for security holes and known vulnerabilities in order to make the use of Our Service as safe as possible. Your personal data is contained behind secured networks and We use computer systems with limited access housed in facilities using physical security measures.
If any employee of Us misuses personal data, this will be considered as a serious offence for which disciplinary will be taken, up to and including termination of employment. If any individual or organisation misuses personal data - provided for the purpose of providing services to or for Us - this will be considered a serious issue for which action will be taken, up to and including termination of any agreement between Us and that individual or organisation.
We will provide information from Our records in a form that is easy to understand. Where information or requests will not or cannot be disclosed or complied with, You will be provided with the reasons for nondisclosure.
To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorised.
If You have any questions or requests regarding this Policy, Our data collection or processing practices, or wish to bring a complaint to Our attention, You may contact us at firstname.lastname@example.org. The receiver of the request is the Legentic DPO.
We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue.
You are also entitled to file a complaint to the Data Protection Authority regarding our processing of your personal data. For information on how to contact the authority, visit its website at www.datatilsynet.no.