As a company processing personal data about European citizens, mnemonic complies to the provisions of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR").
This Privacy Notice governs personal data mnemonic collects from our customers and during recruitment. It also governs information provided directly by online visitors on our website, as well as information automatically collected from cookies.
In this notice, you will find information about the different activities where mnemonic may process personal data. Personal data in this context means data that relates to an individual and that identifies that individual, either directly or indirectly, such as your name or your contact information.
Collection and use of personal data
mnemonic AS ("mnemonic") is considered the data controller for the processes Marketing (including our website), Recruitment and Security Services.
However, mnemonic is considered as data processor when delivering Managed Security Services.
Marketing (including our website)
As part of our B2B marketing activities, mnemonic has published a website with descriptions of our services and other useful information about us. mnemonic do not require you to register to use our site.
If you only browse our site, no personal data will be collected, except data which is captured by cookies as detailed in the Cookie Notice.
However, if you actively complete a form on the website, such as registering for an event, subscribing to a newsletter, or complete a ‘contact us’ form, you the “visitor” will be providing mnemonic with personal data. At the time when you submit the personal data you will be asked to and required to accept the terms of our Privacy Notice (this document). Your personal data will be processed and stored in our marketing systems for the purpose of which the information was submitted and collected. When registering for an event, personal data may be shared with the venue, event organisers and/or explicitly named co-sponsors of the event for the purposes of executing the event. You will only be added to mailing lists that you subscribe to and explicitly opt-in to. You can opt-out of receiving marketing-related communications at any time through opt-out instructions included in all relevant marketing communications.
If you have opted out of receiving specific communications, mnemonic will keep your contact information in a separate overview to ensure that you do not receive unnecessary communication from us. mnemonic will also delete your data if you exercise your right to be forgotten.
By sending an application to mnemonic you approve that mnemonic stores and processes the provided information for as long as the recruitment process is in progress.
mnemonic will keep results from ability tests, and reserves the right to perform background checks, and store related information for as long the recruitment process is in progress. If you give consent to it, mnemonic may store the recruitment-related information for 3 years to consider future employment at mnemonic.
mnemonic processes the personal information you send, results from ability tests and background checks to consider future employment at mnemonic. The legal basis for the processing is mainly to perform a contract with you or take steps at your request prior to entering into a contract, and in some cases also based on your consent.
mnemonic has focused on implementing fair information practices that are designed to protect your privacy.
mnemonic conduct all of our processes and services on the basis of our legitimate interests in operating our business and providing our customer with a state of the art information security service and our obligation to comply with laws.
For many of our services, mnemonic have no interest in collecting or processing personal data. However, as part of the service provided, mnemonic may occasionally get access to personal data. Handling of customer personal data in these services are regulated by the legal terms in the given service contract. This applies to the following services areas:
- Product resale
Managed Security Services
Through mnemonic Managed Security Services, including Managed Detection and Response (MDR) services, mnemonic may collect or process a variety of information about users of the mnemonic services and associated devices and networks connected with the services. mnemonic processes personal data only to the extent necessary to meet its obligations under the service agreement. Handling of customer personal data is regulated by the legal terms in the given service contract and the corresponding Data Processor Agreement (DPA). For managed security services, mnemonic acts as a processor on behalf of the customer.
mnemonic processes and uses user submitted data to deliver, analyse, support and improve the SecureDNS service and as otherwise permitted in the SecureDNS Terms of Service and this Privacy Notice. With the exception of any personal identifiable data submitted to mnemonic as part of Your use and/or access to the SecureDNS service, data will be treated as non-confidential by mnemonic. mnemonic may further process Telemetry Data (here as non-identifiable information) to deliver, enhance, improve, customize, support, and/or analyse the SecureDNS service and otherwise freely use Telemetry Data that does not identify You.
Our vendors and service providers
mnemonic uses Questback for our customer surveys and to register and collect consent from our data subjects. More information on how Questback secures personal data can be found here: https://www.questback.com/information-security/
For our recruitment activities we use the following service providers:
- AON: Administer ability tests
- SEMAC: To perform background checks
Securing your information
mnemonic has focused on implementing fair information practices that are designed to protect your privacy. mnemonic takes precautions to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. mnemonic has implemented appropriate technical and organisational measures to protect the information systems on which your personal information is stored. mnemonic require our suppliers and service providers to protect your personal information by contractual means. mnemonic has been ISO/IEC 27001 certified since 2005, and maintains a SOC2 Type 2 accreditation.
In compliance with GDPR, mnemonic maintains an overview of all its processing activities of personal data ensuring that these are:
- lawful, fair, transparent;
- limited to specified, explicit and legitimate purposes; and
- relevant and necessary for the purposes for which it was collected.
mnemonic maintains accurate and up to date personal data only as long as necessary to fulfill the purpose for which the data is processed. The personal data are protected by design and by default using appropriate technical and organisational security measures as deemed necessary by our risk assessments in alignment with mnemonic’s ISMS, and data protection impact assessments (DPIA).
Storing your information and retention period
Your personal data is stored in data centers in Norway, with the exception of data collected by those mentioned in “Our vendors and service providers” in this Privacy Notice or otherwise agreed in any given service contract and/or the corresponding Data Processor Agreement (DPA). mnemonic will not retain the personal data for a longer period than is necessary to achieve the purpose for which the data was collected.
Information collected from visitors on our website for marketing and recruitment purposes will be destroyed in accordance with mnemonic's data retention policies for those processes.
Retention periods for mnemonic managed security services are handled in the agreement with our customer. For other types of services, information accessed can be deleted upon request.
For recruitment your personal data will be retained for as long as the recruitment process lasts, unless the consent form is signed. If you become employed, mnemonic reserves the right to keep all relevant records related to the recruitment process according to the retention guidelines in our Employee Privacy Notice.
Disclosing your information
mnemonic may disclose your personal information to:
- Public authorities, if mnemonic is required to do so i.e. by applicable court order or law; or
- Any recipient, with your consent, such as for employment verification or background check; or
- Any recipient when reasonably necessary such as in the event of a life-threatening emergency.
In the event mnemonic goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users' personal information will, in most instances, be part of the assets transferred.
Exercising your privacy rights
According to GDPR, the data subject has the right to:
- obtain from mnemonic confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
- obtain from mnemonic the rectification of inaccurate personal data concerning you;
- obtain from mnemonic the erasure of your personal data;
- obtain from mnemonic restriction of processing regarding your personal data;
- obtain from mnemonic a copy of personal data concerning you, which you actively provided, in a structured, commonly used and machine-readable format and to request from mnemonic that we transmit those data to another recipient selected by you;
- object, on grounds relating to your particular situation, to processing of personal data concerning you;
- withdraw your consent to the processing at any time; and
- lodge a complaint with a supervisory authority (in Norway: Datatilsynet).
Should you require to exercise one or more of the above rights, please contact our Data Protection Officer (as described below) outlining your request and requirements.
The consequence if you don't provide us with the necessary information, or require that such information is deleted, is that mnemonic may not be able to provide its services to you.
Please note that mnemonic is not required to delete or hand out internal documents regarding the process for employment.
mnemonic has no direct relationship with the data subjects whose personal information may be processed by our services. Data subjects who are in contract with our customers may exercise their rights by following their contractor’s specific routines.
mnemonic will support our customers in dealing with data subject’s exercise of rights and data breaches investigations.
For information regarding cookies on our website, please see our Cookie Notice.
Changes to the policy
mnemonic reserves the right to change this Privacy Notice at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Your continued use of the services following the posting of changes to this policy will mean you accept those changes.
How can you contact us
If you have any questions or other reasons for contacting mnemonic in regards to your data privacy, please contact our Data Protection Officer at [email protected]