1. Help Center
  2. Privacy and Compliance

US Privacy Policy

Privacy Policy for Customers and Users in the North American region

This Privacy Policy (the “Policy”) has been compiled to better serve those who are concerned with how and why their personal data is being collected and used, hereunder to inform you (“You” or “Your”) of Your rights as well as Our policies and procedures regarding processing of the personal data We may utilize from You through Our facilitation of Our Service, as defined below. Please read Our Policy carefully to get a clear understanding of how We collect, use, protect, or otherwise process Your personal data, also known as personal information, regardless of the country where You are located.

 

Where the words "We", "Us" or "Our" are used in this Policy, this refers to Legentic, a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 996 414 914.

For the purposes of this Policy, the term “Service” means the Legentic Platform, a software service delivered online to Our customers (“Customers”) primarily within the financial and insurance sectors and governmental bodies.

1. What is Personal Data

Personal data, as described in European privacy law, is information relating to an identified or identifiable natural individual, which is an individual who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity. While various U.S. laws define personal information, for purposes of this Policy, We define personal information to be synonymous with personal data. This Policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We determine appropriate. We may use non-personal data for any business purpose.

2. Controller

We are the controller, also a “business” under U.S. laws like the California Consumer Privacy Act of 2018 (“CCPA”), when We collect and collate personal data in order to develop, host, improve, monitor, and analyze the Service. We are also the controller with respect to personal data We collect in Our role as an employer.

3. Processor

We are a processor, also a “service provider” under U.S. laws like the CCPA, when We collect and process personal data in order to provide authorized access to our Service to Our Customers in their roles as controllers. When required, such as under European data protection laws, Our Customers have acquired a legal basis for their processing of Your personal data prior to utilizing the Service. 

When We provide a Customer with access to the Service or if We are otherwise collecting the personal data under the instructions of the same, We are processing Your personal data in the role of a processor and will enter into a data processing agreement with said Customer. The Customer will be the sole controller with respect to the processing of Your personal data contained in or generated by the Service and is obliged under mandatory law to have notified You of its processing and its use of Us as its processor. We strongly encourage You to read the privacy policy and any other terms and conditions of any such Customer who processes Your personal data.

4. What kind of personal data do we process 

When You use Our Service, We may collect two types of data: 

Personal data You knowingly choose to disclose that is collected on an individual basis such as: 

  • Communication
  • Details concerning Your use of the Solution, e.g. duration, connection information, chat logs and Your questions and answers.
  • E-mail address
  • Name
  • Telephone number
  • Unique identifiers such as IP addresses

Personal Data You Choose to Provide:

  • Email information.  If You choose to correspond with Us through email, We may retain the content of Your email messages together with Your email addresses and Our responses. 

Data Collected Through Automatic Data Collection Technologies

As You navigate through and interact with Our Service, We may use automatic data collection technologies to collect certain information about Your device, browsing actions, and patterns, including:

  • Details of Your visits to the Service, including traffic data, location data, logs, and other communication data and the resources that You access and use on the Service.
  • Information about Your device and internet connection, including Your IP address, operating system, and browser type.

Please visit Our Cookie Policy for more information. 

Under U.S. law, specifically by reference to the CCPA, in the preceding twelve (12) months, We have collected the following categories of personal data from consumers: identifiers, commercial information, internet or other similar network activity; geolocation data, and inferences drawn from other personal data. We have collected additional categories of personal data, such as professional or employment-related information or non-public education information, about our employees.

 

5. Legal basis for the processing of personal data/Use of personal data

Personal data is collected from third-party websites under the legal basis of Legitimate interest as stated in Article 6 (1) (f) in Regulation (EU) 2016/679 (GDPR).

The purpose of processing personal data from classified ads from third-party websites is to provide our Customers with a Service to detect and prevent fraud, corruption, and claims handling. Customers typically include insurance companies and governmental bodies. Preventing fraud, corruption and false claims will have a great effect on the society as users of the Customers’ services will be better protected against fraud and potentially experience a reduced cost on insurances and even make insurance available and affordable to more people.

To prevent fraud or other possible criminal acts in claims handling, it is important to the Customer that all data of an asset's life cycle is available to the investigation. Therefore, Legentic offers its Customers the possibility to search through classified ads, both current and historical.

We may also use and disclose the personal data we collect for one or more of the following purposes:

  • To fulfill or meet the reason You provided the data. 
  • To provide, support, personalize, and develop Our Service.
  • To create, maintain, customize, and secure Customer accounts with us.
  • To process requests, transactions, and prevent transactional fraud.
  • To provide You with support and to respond to Your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To carry out Our obligations and enforce Our rights arising from any contracts entered into between You and Us, including for billing and collection.
  • To provide You with notices about Your account or newsletter subscriptions.
  • To help maintain the safety, security, and integrity of Our products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve Our products, and services.
  • In any other way We may describe when You provide the information.

Unless otherwise provided, the legal basis for Our processing is Our Legitimate interest as stated in Article 6 (1) (f) in Regulation (EU) 2016/679 (GDPR, hereunder to improve Our Services or other solutions or to monitor or improve our Our security posture).

Any personal data processed as part of sales or contract negotiations, billing and customer is processed on the basis of such processing being necessary for Us to enter into and perform and agreement with You, cf. Article 6 no. 1 (b) of the GDPR.

For certain processing operations, You will be asked to confirm that You have read and consented to the contents of this Policy and to Our processing of Your personal data in accordance with Article 6 no. 1 (a) of the GDPR. For instance, if You wish to receive offers or newsletters from Us, You may consent to having Your personal data processed for the purpose of marketing. Such consent is not required in order to use the Services and You may at any time withdraw Your consent by contacting Us.

6. Do we disclose personal data to service providers

We may disclose Your personal data to individuals or organizations who are Our service providers who are maintaining, reviewing and developing Our business systems and infrastructure, including testing or upgrading Our computer systems or otherwise facilitates Our Service. Sometimes these third parties are Our processors and have access to Your personal data only for the purposes of performing these tasks on Our behalf in our role as a controller. Other times, these third parties are Our sub-processors or subcontractors and have access to Your personal data only for the purposes of performing these tasks on Our behalf in our role as a processor. If We were to disclose personal data to organizations that perform services on Our behalf as a processor or sub-processor, We will require those service providers to use such personal data solely for the purposes of providing services to Us and to have appropriate safeguards for the protection of that personal data.

We may also provide Your personal data to Our Customers through their use of the Service. These Customers are separate controllers who are responsible for having acquired a lawful basis for their processing of Your personal data through Our Service. 

We do not sell personal data. We will not share, rent, lease or sell your personal data with any third party for their independent use or benefit.  

We may disclose aggregated data that does not identify any specific individual, without restriction.

Other Disclosures:

We may also disclose Your personal data:

  • To comply with any court order, law, subpoena or other legal process, including to respond to any government or regulatory request.
  • To enforce or apply any agreements between Us and You, if applicable. 
  • To protect and defend Our rights and property, Our Services, the users of Our Service, and/or Our affiliated parties.
  • As We believe is necessary to protect Our safety, users of Our Service, Our Customers, or others. 
  • In the event of sale (of some or all of Our assets), transfer, merger, reorganization, dissolution, or similar event involving Our business (including in contemplation of such transactions), Your information may be among the shared or transferred business assets.  If such transfer is subject to any mandatory restrictions under applicable laws, We will comply with those restrictions.
  • To fulfill the purpose for which You provide it. 
  • For any other purpose disclosed by Us when You provide the information.
  • With Your consent.

We may also provide aggregated information (consisting of combined information elements of a number of individuals) to third parties, who may use such information to analyze patterns or statistics regarding use of Our services.  

Under U.S. law, specifically by reference to the CCPA, in the preceding 12 months, We have disclosed personal data for a business purpose to the categories of third parties indicated in the chart below.

We do not sell Personal data in general, however, the CCPA defines selling broadly. If We begin to share Personal data in a manner that would qualify as a sale under the CCPA, we will update this Policy accordingly. If You believe that We currently share information in a manner that qualifies as a sale under the CCPA or other U.S. laws, please contact us via the contact information listed in Section 14. 

For more information on how we may share information collected through cookies, please visit Our Cookie Policy.

7. For how long do we keep your personal data

We keep Your personal data only as long as it is required for the reasons it was collected. The time period in which We store personal data varies, and will depend on whether it is processed in Our role as a controller or in Our role as a processor on behalf of Our Customers.

Please note that while We may have ceased the processing of the personal data, a Customer may be entitled to process the same personal data in its role as a separate controller.

When Your personal data is no longer required for Our purposes, We have procedures to securely destroy, delete, erase or convert it into an anonymous form.

8. What are your rights

As a data subject, Your personal data rights may depend on the jurisdiction in which You reside.  Depending on Your jurisdiction, You may have the following rights:

  1. Access: You may request a copy of Your personal data that We process.
  2. Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer information about you to you or another controller in a structured, commonly used and machine- readable format.
  3. Erasure: You may demand that We erase all of Your personal data, unless We are required by law to keep the data for a certain period of time. 
  4. Information: You are entitled to receive information concerning which categories of Your personal data that We process and how they are processed.
  5. Objection: You may in some cases object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision-making based solely on automated processing, including profiling, which produces legal effects that significantly affect You.  This is also known as the right to opt out under U.S. laws. We do not use personal data from the Use of our Service for direct marketing purposes and do not make decisions based solely on automated processing, including profiling, that produces legal effects.
  6. Rectification: You may request Your personal data to be rectified or supplemented.

Restriction: You may in some cases request that We restrict the processing of Your personal data.

Under most laws worldwide, it is the responsibility of the controller to respond to data subject requests. As described above, most of our activities fall under the role of processor. If We receive a data subject request In Our role as a processor, We either act on behalf of a controller or we will inform the person submitting the request that the request cannot be acted upon because the request has been sent to a processor.

To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorized.

When applicable, We will provide information from Our records in a form that is easy to understand. Where information or requests will not or cannot be disclosed or complied with, You will be provided with the reasons for nondisclosure.

Tracking Technologies and Advertising.  Please visit Our Cookie Policy for more information on how to manage cookies. 

Promotional Offers from Us. If You do not wish to have Your contact information used by Us to promote Our own products or services, You can opt-out in the mail we sent You. . If We have sent You a promotional email, You may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to Us as a result of a Service purchase or other similar transactions.

9. International transfer

We maintain Customer data in the region where the Customer is based  For Customers in the European Economic Area, Your personal data may be transferred to — and maintained on — computers located inside of the European Economic Area and other countries which the European Commission has considered to have an adequacy of protection of personal data on the basis of article 45 of Regulation (EU) 2016/679. For Customers in countries in North America, We maintain and may transfer personal data to computers located in North America, and Norway and other other countries within the European Economic Area.

10. Security

Safeguarding Your personal data is one of Our highest concerns. As such, We endeavor to maintain and employ reasonable measures for the physical, procedural, and technical security with respect to the offices and information storage facilities involved with Your personal data, so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Your personal data. This also applies to Our disposal or destruction of Your personal data. Personal data can only be accessed by those of our employees who have a strict need for such access in order to perform their obligations.

The Service is scanned, including malware scanning, on a regular basis for security holes and known vulnerabilities in order to make the use of Our Service as safe as possible. Your personal data is contained behind secured networks and We use computer systems with limited access housed in facilities using physical security measures.

If any employee of Us misuses personal data, this will be considered as a serious offense for which disciplinary action will be taken, up to and including termination of employment. If any individual or organization misuses personal data - provided for the purpose of providing services to or for Us - this will be considered a serious issue for which action will be taken, up to and including termination of any agreement between Us and that individual or organization.

The safety and security of Your information also depends on You. Where we have given You (or where You have chosen) a password for access to certain parts of our Service, You are responsible for keeping this password confidential. We ask You not to share your password with anyone. 

Unfortunately, the transmission of information via the internet is not completely secure. Although We do Our best to protect Your personal data, We cannot guarantee the security of Your personal data transmitted to our Service. Any transmission of personal data is at Your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Service.

11. Children's Online Privacy

We do not direct Our service to minors and we do not knowingly collect personal data from children under 16 or as defined by local legal requirements. If we learn we have mistakenly or unintentionally collected or received personal data from a child without appropriate consent, we will delete it. If you believe we mistakenly or unintentionally collected any information from or about a child, please contact us at gdpr@legentic.com.

12. Changes to our Privacy Notice

We will post any changes we may make to Our Privacy Policy on this page. If the changes materially alter how we use or treat Your personal data in Our role as a controller we will notify You. Please check back frequently to see any updates or changes to Our privacy notice.

13. Contact & Complaint

If You have any questions or requests regarding this Policy, Our data collection or processing practices, or wish to bring a complaint to Our attention, You may contact us at gdpr@legentic.com. The receiver of the request is the Legentic DPO.

We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue.

You are also entitled to file a complaint to the Data Protection Authority regarding our processing of your personal data. For information on how to contact the authority, visit its website at www.datatilsynet.no.