SIGN UP

Privacy Policy and Data Protection Framework – Personlig investeringsplan

Version 3.2 – Last Updated: April 14, 2026

Article 1: Identification of the Data Controller

This Privacy Policy defines the rigorous data processing protocols maintained by Personlig investeringsplan ("the Platform", "we", "us", or "our"), headquartered at Tjuvholmen Allé 11, 0252 Oslo, Norway. We act as the Data Controller under the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven). To ensure absolute data integrity, we have appointed a dedicated Data Protection Officer (DPO) reachable at [email protected].

Article 2: Categories of Personal Data Processed

To deliver institutional-grade analytics and maintain a secure environment, we collect the following categories of data in accordance with the principle of data minimization:

  • Identity Metrics: Full legal name, date of birth, nationality, and official government-issued identification required for mandatory Know Your Customer (KYC) and Anti-Money Laundering (AML) verification.
  • Contact Credentials: Authenticated email address, active mobile number, and verified residential address.
  • Financial Telemetry: Information regarding source of wealth, digital asset wallet addresses (if applicable), investment horizons, and detailed investor risk profiles.
  • Digital Footprint & Analytical Interaction: IP addresses, device specifications, geographical routing data, and granular logs of interactions with our predictive interfaces.

Article 3: Legal Basis and Purposes of Processing

In compliance with Article 6 of the GDPR, our processing is founded on:

  • Contractual Necessity: Essential for managing your account and delivering our core analytical services.
  • Legal Obligations: Mandatory compliance with the Norwegian Anti-Money Laundering Act (Hvitvaskingsloven) and directives from Finanstilsynet.
  • Legitimate Interests: Required for proactive fraud prevention, network security enhancement, and the optimization of our technical models via anonymized data aggregates.
  • Explicit Consent: For the delivery of personalized market insights and the use of non-essential analytical cookies.

Article 4: Advanced Security and Encryption Standards

Personlig investeringsplan utilizes enterprise-grade security architecture:

  • AES-256 Encryption: All data at rest is stored using military-grade encryption protocols.
  • TLS 1.3 Protocols: All data transmission between the user and our servers is secured via end-to-end encryption.
  • Sovereign Hosting: Data is exclusively hosted on redundant, highly secure servers within the European Economic Area (EEA), featuring strict logical and physical access controls.

Article 5: Retention and Archiving

We retain your personal data only as long as strictly necessary:

  • Active Data: For the duration of the contractual relationship.
  • Statutory Archives: Identity and financial records are retained for a period of five (5) to seven (7) years after the termination of the relationship, in accordance with Norwegian archiving and AML statutory requirements.

Article 6: Your Inalienable Rights Under GDPR

European and Norwegian law grants you sovereign control over your data: the right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and the right to object. You may exercise these rights via [email protected]. You also have the right to lodge a formal complaint with the Norwegian Data Protection Authority (Datatilsynet).

🇬🇧 English
🇳🇴 Norwegian