The General Data Protection Regulation and the Norwegian Personal Data Act (GDPR) regarding personal data entered into force on 1. July 2018. MIRIS AS (MIRIS or we) takes your privacy seriously which means that it is safe for you to use the services we offer.
MIRIS is the data controller. We have a duty of confidentiality and will handle your personal data in accordance with prevailing data protection legislation.
Why do we need your personal data
We need your personal data in several relations:
1: Customer relationship management
To offer you a qualified service, information such as name, address, phone number, contact information and account number is required. This data is collected from you at the establishment of our customer relationship and processed if we need to communicate with you or process your data in relation to our service.
The data is used to provide you with information about our offers and products, as well as to send our newsletters. MIRIS is entitled to process personal data for marketing purposes when this is necessary to pursue a legitimate interest that exceeds your right to protection of personal privacy. Your consent is required if we market products and services in categories other than those agreed with MIRIS if this involves using customer data that may identify you as user.
3: Statutory public law requirement
In some cases, your data is necessary for us to comply with our obligations to public authorities., e.g. to comply with our obligation on anti-money laundering, reporting to the tax authorities, etc.
What information we have about you
Information provided by you. When you use our services, like creating an account, ordering services and making purchases, you typically provide the following information:
Contact information, such as name, age, address, email, phone number and social security number.
Payment information, such as payment method (e.g. card number), bank account and personal wallet address (if applicable).
Communication, other personal data you might expose when you contact us or have a dialogue with us.
Information collected about you
By using our services, we typically collect the following information:
Technical information, such as PC/mobile- type, internet connection, operating system, browser and IP address. This information is collected by using cookies. Cookie-policy.
User information, such as when you log in and out of your MIRIS-account, purchase and ordering details, and navigation on our platform. This information is collected by using cookies. Cookie-policy.
Location information, such as information about your location. This information is collected by using cookies. Cookie-policy.
Purchase and investment history such as information about purchases and investments you have made with us. This information is collected by storing the purchases and investments you make with us.
Preferences, such as information about which products and services you are interested in. This information is provided by specifying interests and by analyzing your use of our website, our platform and your purchases and investments (profiling).
How we use the information
Main purposes we use your information for:
1) Verify your identity: For this purpose, we use contact information and payment information.
2) Provide our services: For this purpose, we use technical information, as well as location information if you have agreed to this.
3) Manage your customer relationship: For this purpose we use contact information, user information and communication.
4) Accounting purpose: For this purpose, we use payment information and purchase and investment history.
5) Improve your user experience on our platforms: For this purpose, we use technical information and user information.
6) Provide you with customized marketing and content on our platforms: For this purpose, we use technical information, user information, location information, purchase and investment history and preferences.
7) Improve our goods and services: For this purpose, we use user information and technical information.
The legal basis for purposes 1, 2 and 3 is that this is necessary to fulfill our agreement with you and to fulfill our legal obligations (such as the Norwegian Money Laundering Regulations and the Norwegian Accounting Regulations).
The legal basis for purpose 4 is our legal obligations under the Norwegian Bookkeeping Legislation (NBL).
The legal basis for purposes 5 and 7 is our legitimate interest in managing product development.
The legal basis for purpose 6 is our legitimate interest in providing you with customized content and marketing. We have the right to market equivalent products and services if we have an existing customer relationship with you. If we do not have an existing customer relationship with you, the legal basis will be your consent if you have given us this. Legal basis for first time contact will be our legitimate interest.
You may withdraw your consent at any time.
Who we share the information with
We share information with our suppliers to the extent necessary to provide service to you.
We also share the information with other MIRIS group companies to the extent necessary for internal administrative purposes.
We transfer information outside the EEA area, partly because some of our suppliers and group companies are located there. We ensure that information about you is secured in a proper manner, either by agreements with recipients or by recipient’s subject to certification schemes approved in the EU. You can get more information about such agreements and arrangements by contacting us.
How long do we store the data
We only store your data as long as it is necessary. This typically means that personal data related to customer relationship is deleted after 3 years of inactivity on your MIRIS account.
We may, however, be bound by legal obligations which requires us to store the information for a longer period than 3 years after the customer account is inactive. This may occur if we are subject to complaints or claims directed against us or by us.
Your privacy rights
You have a number of privacy rights. You can use these rights by signing into your user account, if you have one, or by contacting us. These rights include:
Information. Further information on how we process information about you.
Access. Copy of information we have about you.
Correction. Correct and supplement information we have about you.
Deletion. Request deletion of information that we no longer have rights to store.
Limiting. Request that we limit the use of your information.
Data portability. Request that your information can be transferred to you or to another business in a structured, commonly used and machine-readable format.
Objection. Oppose our use of your personal information for direct marketing, including profiling. You can also oppose to be a part of individual judicial decisions which are solely automated.
Please note that these rights are subject to limitation by law. We will reply to your inquiries as soon as possible, and no later than within a month.
If you believe that we process personal information improperly, you have the right to appeal to the Data Protection Authority. We hope you will contact us first, so that we can review your objections and clarify any misunderstandings.
Please contact us if you have any questions, comments or wish to make use of your rights. You can use the following contact information:
Contact person: Vanja K. Ignjatic, Compliance & Legal
Phone number: + 47 355 25 550
E-mail address: firstname.lastname@example.org
Address: Dronning Eufemias gate 16, 0190 Oslo