As a company processing personal data about European citizens, mnemonic complies to the provisions of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR").

This Privacy Notice governs Personal Information mnemonic collects from our customers and during recruitment. It also governs information provided directly by online visitors on our website, as well as information automatically collected from cookies.

In this notice, you will find information about the different activities where mnemonic may process personal data. Personal data in this context means data that relates to an individual and that identifies that individual, either directly or indirectly, such as your name or your contact information.

Roles and scope

mnemonic as ("mnemonic") is considered the data controller for the processes Marketing (including our website), Recruitment and Security Services.

However, mnemonic is considered as data processor when delivering Managed Security Services.

For more details on how and why we process personal data for a specific process, see the following notices:

For more information, contact our Data Protection Officer (DPO).

Our vendors and service providers

mnemonic uses vendors for some of our processes. For more information on which, who, and why, please see the specific notice listed above.

Securing your information

mnemonic has focused on implementing fair information practices that are designed to protect your privacy. mnemonic takes precautions to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. mnemonic has implemented appropriate technical and organisational measures to protect the information systems on which your personal information is stored. mnemonic require our suppliers and service providers to protect your personal information by contractual means. mnemonic has been ISO/IEC 27001 certified since 2005.

Storing your information and retention period

Your personal data is stored in data centers in Norway. mnemonic will not retain the personal data for a longer period than is necessary to achieve the purpose for which the data was collected.

Information collected from visitors on our website for marketing and recruitment purposes will be destroyed in accordance with mnemonic's data retention policies for those processes. Please see the specific notices above for more information.

Disclosing your information

mnemonic may disclose your personal information to:

  • Public authorities, if mnemonic is required to do so i.e. by applicable court order or law; or
  • Any recipient, with your consent, such as for employment verification or background check; or
  • Any recipient when reasonably necessary such as in the event of a life-threatening emergency.

For more specific disclosures, please see the specific process notices.

In the event mnemonic goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users' personal information will, in most instances, be part of the assets transferred.

Exercising your privacy rights

According to GDPR, the data subject has the right to:

  1. obtain from mnemonic confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
  2. obtain from mnemonic the rectification of inaccurate personal data concerning you;
  3. obtain from mnemonic the erasure of your personal data;
  4. obtain from mnemonic restriction of processing regarding your personal data;
  5. obtain from mnemonic a copy of personal data concerning you, which you actively provided, in a structured, commonly used and machine-readable format and to request from mnemonic that we transmit those data to another recipient selected by you;
  6. object, on grounds relating to your particular situation, to processing of personal data concerning you;
  7. withdraw your consent to the processing at any time; and
  8. lodge a complaint with a supervisory authority (in Norway: Datatilsynet).

Should you require to exercise one or more of the above rights, please contact our Data Protection Officer (as described below) outlining your request and requirements.

The consequence if you don't provide us with the necessary information, or require that such information is deleted, is that mnemonic may not be able to provide its services to you.

If your company/employer uses mnemonic services

mnemonic has no direct relationship with the data subjects whose personal information may be processed by our managed security services. Data subjects who are in contract with our customers may exercise their rights by following their company/employer specific routines.

Cookies

For information regarding cookies on our website, please see our Cookie Notice.

Changes to the policy

mnemonic reserves the right to change this Privacy Notice at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Your continued use of the services following the posting of changes to this policy will mean you accept those changes.

How can you contact us

If you have any questions or other reasons for contacting mnemonic in regards to your data privacy, please contact our Data Protection Officer at [email protected]

Marketing Notice

Collection and use of personal data

As part of our B2B marketing activities, mnemonic has published a website with descriptions of our services and other useful information about us. mnemonic do not require you to register to use our site. If your only aim is to visit our site, no personal data will be collected, except data which is captured by cookies as detailed below.

However, if you have a specific purpose for visiting our site, you may register for receiving on-going updates and other relevant information. If you, the “visitor”, choose to do so, the information you provide us with will be added to the relevant mailing lists in our marketing systems, and mnemonic will process this information to maintain, manage and improve our relationship with you. The legal basis for such processing is your consent given at point of registration. If your enquiry concerns your personal data, mnemonic recommend that you contact our Data Protection Officer

If you have opted out of receiving specific communications, mnemonic will keep your contact information in a separate overview to ensure that you do not receive unnecessary communication from us. mnemonic will also delete your data if you exercise your right to be forgotten.

Storing your information and retention period

For information regarding storage location and retention policies, please see our privacy notice.

Our vendors and service providers

mnemonic uses Questback for our customer surveys and to register and collecting consent from our data subjects. More information on how Questback secures personal data can be found here: https://www.questback.com/information-security/

mnemonic uses Cisco WebEx Events for conducting webinars and attendee registration. More information on Cisco WebEx's privacy policy can be found here: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-webex-privacy-data-sheet.pdf

Recruitment Notice

Collection and use of personal data

By sending an application to mnemonic you approve that mnemonic stores and processes the provided information for as long as the recruitment process is in progress.

mnemonic will keep results from ability tests, and reserves the right to perform background checks, and store related information for as long the recruitment process is in progress. If you give consent to it, mnemonic may store the recruitment-related information for 3 years to consider future employment at mnemonic AS.

mnemonic processes the personal information you send, results from ability tests and background checks to consider future employment at mnemonic AS. The legal basis for the processing is mainly to perform a contract with you or take steps at your request prior to entering into a contract, and in some cases also based on your consent. If your enquiry concerns your personal data, we recommend that you contact our Data Protection Officer

Storing your information and retention period

Your personal data will be retained for as long as the recruitment prosess lasts, unless the consent form is signed. If you get employed, mnemonic reserves the right to keep all relevant records related to the recruitment process according to the retention guidelines in our employee privacy notice.

Our vendors and service providers

For our recruitment activities we use the following service providers:

  • AON: Administer ability tests
  • SEMAC: To perform background checks

Exercising data subject rights

To exercise your rights, please see our Privacy Notice.

Please note that mnemonic is not required to delete or hand out internal documents regarding the process for employment.

Customer Notice

Collection and use of personal data

mnemonic has focused on implementing fair information practices that are designed to protect your privacy.

mnemonic conduct all of our processes and services on the basis of our legitimate interests in operating our business and providing our customer with a state of the art information security service and our obligation to comply with laws.

For many of our services, mnemonic have no interest in collecting or processing personal data. However, as part of the service provided, mnemonic may occasionally get access to personal data. Handling of customer personal data in these services are regulated by the legal terms in the given service contract. This applies to the following services areas:

  • Consulting
  • Product resale

Managed Security Services

Through mnemonic Managed Security Services, including Managed Detection and Response (MDR) services, mnemonic may collect or process a variety of information about users of the mnemonic services and associated devices and networks connected with the services. mnemonic processes personal data only to the extent necessary to meet its obligations under the service agreement. Handling of customer personal data is regulated by the legal terms in the given service contract and the corresponding Data Processor Agreement (DPA). For managed security services, mnemonic acts as a processor on behalf of the customer. Please contact our DPO for more information regarding processing of personal data in this service.

Securing your information

In order to comply with relevant the EU General Data Protection Agreement, mnemonic maintains an overview of all its processing activities of personal data ensuring that these are:

  • lawful, fair, transparent;
  • limited to specified, explicit and legitimate purposes; and
  • relevant and necessary for the purposes for which it was collected.

mnemonic maintains accurate and up to date personal data only as long as necessary to fulfill the purpose for which the data is processed. The personal data are protected by design and by default using appropriate technical and organisational security measures as deemed necessary by our risk assessments in alignment with mnemonic’s ISO 27001 certification requirements, and data protection impact assessments (DPIA).

Storing your information and retention period

Any data mnemonic receive from our customers is stored in data centers in Norway. mnemonic will not retain the personal data for a longer period than is necessary to achieve the purpose for which the data was collected.

Retention periods for mnemonic managed security services are handled in the agreement with our customer. For other types of services, information accessed can be deleted upon request.

Our vendors and service providers

mnemonic managed security services do not share personal data with vendors or other third parties. However, your employer or contractor might have additional services that require transfer of data to external parties.

For more information on where and to whom your personal data is transferred, please contact the mnemonic account manager at your employer or contractor.

Disclosure

In addition to the purposes and parties described in the general Privacy Notice, and depending on the service provided, mnemonic use and disclose the information described above for the following purposes:

  • To provide the requested mnemonic services and for improvements;
  • For other purposes requested or authorised by our customers.

Exercising data subject rights

mnemonic has no direct relationship with the data subjects whose personal information may be processed by our services. Data subjects who are in contract with our customers may exercise their rights by following their contractor’s specific routines.

mnemonic will support our customers in dealing with data subject’s exercise of rights and data breaches investigations.