Privacy Policy

Privacy Policy

Legentic AS ("We", "Us" or "Our"), a limited liability company incorporated under the laws of Norway, bearing the Norwegian organisation no. 996 414 914, operates a closed, Service Delivered Online (SaaS) called the Legentic Platform (the “Solution”), which automatically collects and processes publicly available data and information on the internet. The Solution will also process data provided by our Customers. Such data and information may include personal data.

The Solution is used to collect material to detect and prevent fraud and corruption and conduct claims handling, In addition our Customers may use the Solution to locate things of interest also in order to detect and prevent fraud and financial crime . The Solution is provided to Our customers (“Customers”), primarily within the financial and insurance sector and governmental bodies.

This privacy notice (the “Notice”) has been compiled to inform data subjects about their rights and to let them know how to receive information from Us on whether We process their personal data. To find out whether We have collected such personal data from You, You may contact Us as prescribed in Section 12.

1. What is Personal Data

  1. 1. Personal data as described in European privacy law is information relating to an identified or identifiable natural individual, which is an individual who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

  1. 2. This Notice does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We determine appropriate.

2. Data controller

  1. 1. We are the data controller when We collect and collate the personal data in order to develop, host, improve, monitor, provide and analyse the use of the Solution.

  1. 2. Please note that We do not actively process any personal data in the role of a data controller. We process personal data tacitly by collecting and collating the personal data in the Solution.

3. Data Processor

  1. 1. We are a data processor when We collect and process the personal data in order to provide access to Our Solution to Our Customers in their roles as data controllers. Likewise, we are the data processor for data provided to Us from Our Customers in order to support their goal of locating things of interest in order to detect and prevent fraud or financial crime.

  1. 2. We enter into data processing agreements with Our Customers and contractually require them to acquire a legal basis for their processing of Your personal data and inform you thereof, prior to utilising the Solution.

4. What kind of personal data do we process?

  1. 1. We use personal data We obtain from You through Your placement of a classified ad by technical means, such as the automatic recording performed by Our servers, in order to develop, host, improve, monitor, provide and analyse the Solution. While You place a classified ad on a public third-party website, We or Our service providers may collect Your personal data, including, but not limited to:

a) Address

b) Asset information (e.g. VIN number and registration number)

c) Details concerning Your classified ad

d) E-mail address

e) Phone number

f) Username

g) Your name

  1. 2. When data is data provided to us by Our Customers, we may process Your personal data, including, but not limited to:

a) Address

b) Details concerning the asset (e.g. VIN number and registration number)

c) E-mail address

d) Phone number

e) Theft report number

f) Your name

  1. 3. We will not knowingly collect special categories of personal data about You (e.g. health information). When we discover that We have tacitly collected such data, it will be immediately deleted.

  1. 4. We will not knowingly collect personal data from any children.

5. Legal basis

  1. 1. Personal data is collected from third-party websites under the legal basis of legitimate interest as stated in Article 6 (1) (f) in Regulation (EU) 2016/679 (GDPR). We emphasise that, as highlighted in GDPR recital 47, the processing of personal data that is strictly necessary for the purposes of preventing fraud, will in itself constitute a legitimate interest.

  1. 2. The purpose of Our processing of Your personal data is to provide our Customers with a service to provide material to detect and prevent fraud, corruption and claims handling and locating things of interest. Preventing fraud, corruption and false claims is considered to benefit society. Users of the Customer’s services will be better protected against fraud and potentially experience a reduced cost on insurances and even make insurance available and affordable to more people.

  1. 3. We will make historical data available to Our Customers as they were at the time the classified ad was first published to the market. Historical data of an asset might show previous owners of an asset not being a suspect of any potential crime. However, the data subject may be able to provide valuable insight to Our Customers on the assets historical path by virtue of its role as the previous owner. As such, it is important to the Customer that all data of an asset's life cycle is available to the investigation in order to prevent fraud or other possible criminal acts in claims handling. Therefore, Legentic offers its customers the possibility to search through classified ads, both current and historical.

  1. 4. The vast majority of data subjects affected by Our processing through its development and provision of the Solution are not made aware of such processing. As a main rule, the GDPR article 14 (1)–(3) provides a duty to inform the data subject when the processing is based on legitimate interest as a lawful ground in accordance with article 6 (1 (f). There are, however, exceptions to this principle. GDPR article 23 allows each member state to limit the scope of the obligations and rights stipulated in article 14. This applies, among other things, to “the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security”, cf. article 23 (1) (d). Norway has allowed for such restrictions in Section 16 (b) of the Norwegian Personal Data Act, which allows for limiting the right to information in GDPR article 14 if it is “required to keep secret for reasons of prevention, investigation, disclosure and prosecution of criminal offences”. That is why We have chosen to inform the public through this Notice about Our data processing in a transparent manner.

  1. 5. We have considered that Our processing of personal data from classified ads will not have any negative effect on the individuals’ rights and freedom, as these data subjects willingly put down the information in the ads themselves. Ads are open to the public through third party websites. Furthermore, the personal data will only be actively processed by Customers, who are contractually required to have a lawful basis for such processing and to have duly informed any data subject affected thereof.

6. No profiling

  1. 1. Profiling is the automated processing of personal data that consists of evaluating, analysing, or predicting certain personal factors, such as health or personal preferences. Rest assured that We do not utilise automated decision-making (including profiling) that legally affect You or similarly significantly affect You.

7. For how long do we keep your personal data

  1. 1. We keep Your personal data only as long as it is required for the reasons it was collected from You. The time period in which We store personal data varies, and will depend on whether it is processed in Our role as a data controller or in Our role as a data processor on behalf of Our Customers.

  1. 2. When your personal data is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.

  1. 3. Please note that while We may have ceased the processing of the personal data, a Customer may be entitled to process the same personal data in its role as a separate data controller.

8. Do we disclose personal data

  1. 1. Your personal data will be disclosed to Our employees and legal and financial representatives, as well as Our data processors, hereunder service providers that facilitates Our Solution or are developing and maintaining Our business systems and infrastructure. These third parties are Our data processors and have access to Your personal data only for the purposes of performing these tasks on Our behalf.

  1. 2. We may also provide Your personal data to Our Customers through their use of the Solution. These Customers are separate data controllers who are responsible for having acquired a lawful basis for their processing of Your personal data through Our Solution and for informing You thereof (e.g. through their privacy policies).

9. What are your rights

As a data subject, You have the following rights:

  1. Access: You may request a copy of Your personal data that We process.

  2. Data portability: If we process information about you on the basis of consent or a contract, you can ask us to transfer information about you to you or another data controller in a structured, commonly used and machine-readable format.

  3. Erasure: You may demand that We erase all of Your personal data, unless We are required by law to keep the data for a certain period of time.

  4. Information: You are entitled to receive information concerning which categories of Your personal data that We process and how they are processed.

  5. Objection: You may in some cases object to Our use of Your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision based solely on automated processing, including profiling, which produces legal effects that significantly affect You.

  6. Rectification: You may require Your personal data to be rectified or supplemented.

Restriction: You may in some cases request that We restrict the processing of Your personal data.

10. International transfer

  1. 1. Your personal data may be transferred to — and maintained on — computers located inside of the European Economic Area and other countries which the European Commission has considered to have an adequacy of protection of personal data on the basis of article 45 of Regulation (EU) 2016/679.

11. Security

  1. 1. Safeguarding Your personal data is Our highest concern. As such, We endeavour to adhere to the generally accepted industry standards and internal procedures to protect data submitted to Us and otherwise employ and maintain and reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with Your personal data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of Your personal data. This also applies to Our disposal or destruction of Your personal data.

  1. 2. Our website and Solution are scanned, including malware scanning, on a regular basis for security holes and known vulnerabilities in order to make the use of Our Solution as safe as possible. Your personal data is contained behind secured networks and We use computer systems with limited access housed in facilities using physical security measures.

  1. 3. If any employee of Us misuses personal data, this will be considered as a serious offence for which disciplinary action will be taken, up to and including termination of employment. If any individual or organisation misuses personal data – provided for the purpose of providing services to or for Us – this will be considered a serious issue for which action will be taken, up to and including termination of any agreement between Us and that individual or organisation.

13. Contact & Complaint

  1. 1. If You have any questions or requests regarding this Notice, Our data collection or processing practices, or wish to bring a complaint to Our attention, You may contact Legentic’s data protection officer at gdpr@legentic.com. To guard against fraudulent requests, We may require sufficient information to allow Us to confirm that the individual making the request is authorised.

  1. 2. We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue. 

  1. 3. You are also entitled to file a complaint to the Data Protection Authority regarding our processing of your personal data. For information on how to contact the authority, visit its website at www.datatilsynet.no.