Privacy Policy

This Privacy Policy applies to collection, use and processing of personal data in connection with the services we offer (the "Services"). You find information about the Services under the heading "our services" at our homepage.

Njord Securities AS ("Njord") is responsible for the processing of personal data according to this Privacy Policy, acting in the role as data controller under applicable data protection law. Applicable data protection law is Regulation (EU) 2016/679 as implemented into Norwegian law (hereafter referred to as the "GDPR").

If you have any questions to this policy, please contact us on post@njordsec.no or +47 23 00 32 40.

1. PURPOSES OF PROCESSING

Njord processes personal data for the following purposes:

• Entering into or performing contracts with customers in relation to the Services

• Administration of customer relationships

• Compliance with legal obligations

• Marketing the Services

2. LEGAL BASIS FOR PROCESSING

Processing of personal data in connection with the entering into or performance of a contract towards customers acting as a private person (not on behalf of a company), has its legal basis in the GDPR article 6 nr. 1 b). Processing of personal data for the same purpose, but where the data subject is an employee acting on behalf of a company, has its legal basis in the GDPR article 6 nr. 1 f); such processing is necessary for the legitimate interest of both Njord and the contracting company, and the privacy interest of the data subject is taken care of through the employment contract between the contracting company and the employee as well as through the guarantees placed by Njord in this Privacy Policy.

Administration of customer relationships has the same legal basis as the previous activities, since this processing is also necessary for the performance of the Services / serves legitimate interests, which are not overridden by the interest of the data subject.

Njord processes some personal data about customers for the sake of complying with legal obligations, such as routines for prevention of money laundering and compliance with the Norwegian Book Keeping Act, which requires certain information to be stored for specific periods.

Marketing of Services is based on a freely given, specific and informed consent from a customer or potential customer, cf. the GDPR article 6 nr. 1 a).

3. COLLECTION OF PERSONAL DATA

We collect personal data primarily directly from our customers. This information may however be supplemented with information available through public registries, such as the Brønnøysund registries and information from other sources, such as for example banks or other relevant financial institutions when this is necessary in order to perform the Services to the customer. We may also collect information from public sources, such as by use of google, from media etc.

4. CATEGORIES OF PERSONAL DATA

Njord processes the types of personal data necessary to fulfil the purposes listed in chapter 1. Depending on the Services we perform, we register the following categories of personal data:

• Name and if relevant, company name, work position and other information relating to the company, hereunder information about shareholders

• Telephone number

• Address

• E-mail address

• Personal Identification Number

• Bank account(s)

• VPS account(s)

• KYC ("Know Your Customer": education, experience and knowledge with respect to investments, the origin of money etc.)

• PEP ("Political Exposed Person": information necessary to comply with legal requirements in the Norwegian Money Laundering Act)

• Former investments (information collected from the Brønnøysund registries, aksjeeier.no or other relevant public register).

• Other supplementary information collected from public sources and thereafter analyzed, e.g. (assumed) preferences with respect to asset types, contract period and object size.

• Recorded phone calls (Njord is under a legal obligation to record certain phone calls, cf. the Norwegian Securities Trading Act section 10-17.)

Processing of the above categories of personal data is more or less always necessary for performance of the Services and administration of customer relationships, hereunder compliance with requirements in the Norwegian Money Laundering Act. There might however be some variation depending on the Services performed and the customer in question.

The same information might be processed subsequently for the purpose of compliance with legal obligations and if the customer has consented to it, for marketing purposes, cf. chapter 1 above.

5. RECIPIENTS OF PERSONAL DATA

Njord sometimes share personal data with third parties when such disclosure is necessary for the performance of the Services and/or if instructed to do so by the customer, e.g. when performance of the Services require cooperation with such third party, typically a bank or another financial undertaking.

Suppliers of IT-solutions utilized by Njord for the processing of personal data may have access to personal data for purposes specifically stated in a data processing agreement, e.g. maintenance and support services relating to the IT-system. The data processing agreement commits the supplier to comply with applicable data protection law when performing the relevant services to Njord.

Personal data may be disclosed to national authorities if required under Norwegian law, e.g. for compliance with obligations following the Norwegian Money Laundering Act.

If personal data is to be transferred to a location outside of the EEA which is not providing sufficient guarantees for data protection, Njord will enter into EU standard data protection clauses with the relevant contractor or another legal mechanism, making the transfer legal (according to the GDPR chapter V).

6. DATA SECURITY

Njord is commited to prevent unauthorized access, disclosure or other deviant processing of personal data. We utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard personal data, including principles of data protection by default and by design:

• Transactions are encrypted by use of industry-standard technology.

• Personal data is stored in secure operating environments that are only accessible to Njord employees and sub-contractors on a need-to-know basis.

All our employees are subject to a strict obligation of confidentiality set out in the Norwegian Financial Undertakings Act section 9-6.

7. DELETION

Njord has established routines for storage and deletion of personal data in order to make sure information is kept only for the period necessary to fulfill the purpose of processing. Note that although personal data was collected for one purpose, e.g. for the purpose of performing the Services, another purpose might require us to store the same information for a longer period, e.g. legal obligations arising out of the Norwegian Book Keeping Act or the Money Laundering Act. You may also give your consent to further processing of your personal data, e.g. to let us contact you with respect to Services we think may be of interest to you or the company you are representing.

8. DATA SUBJECT'S RIGHTS

You may at any time request a copy of your personal data that we have registered with us and/or request that we correct any inaccuracies in your personal data. If technically feasible, we can transfer personal data you have provided us with directly to another company.

You have the right at any time to opt-out of receiving market communications from us. Please contact us at post@njordsec.no or +47 23 00 32 40. You may as well contact us if you object to processing which is based on the legitimate interests of Njord or another third party.

If you disagree with anything in this Privacy Policy or otherwise with the way we process personal data, you may file a complaint with the Data Protection Authority.

9. USE OF COOKIES

We use cookies on our websites. A cookie is a small text file that is stored on your computer when you visit our websites. Cookies help us identify your computer so that we can tailor your user experience. On www.njordsecurities.no we use third party cookies and third party requests.

Third party cookies are set by third parties, mainly advertising networks. These cookies get re-read during a visit on other sites if they do business with these companies as well. www.njordsecurities.no uses Google Analytics - a common tool for website analysis - to observe the number of visitors to our homepage and how you entered it; e.g. by entering the address, searching for it or by clicking a link. The information is available to us on an aggregated level only. The information enable us to design more usable pages and useful content.

Third party requests are made from a user to an external service. Despite the fact that these requests do not set any cookies, they can still transfer information to third parties. www.njordsecurities.no uses Google Analytics and Google Maps, which both work through third party requests.

You may block or manage cookies in the settings of your web browser. Note that blocking cookies might stop our website from functioning properly.

10. CHANGES

We may modify this Privacy Policy from time to time. The applicable version will always be found here. If we make changes that significantly alter our privacy practices, we will notify you by email or post a notice on our websites prior to the changes taking effect.