Effective: May 25th 2018
In addition, separate agreements governs delivery, access and use of the Services (the “Customer Agreement”).
We collect, receive, use, disclose, transfer and store Personal Data when needed to provide our Services and for operational and business purposes described in this policy.
If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of Infront’s business.
Infront may process your Personal Data as data controller or on behalf of another data controller, i.e. as data processor. In the latter situation, Infront's processing is based on a data processing agreement with the data controller.
What types of Personal Data Do We Collect
Personal Data is data related to you or that can identify you as a person. For example your name, email address, phone number etc.
Personal Data we collect includes username, name and contact information, usage logs, trade logs, payment details, lists you create and notifications you set up and settings created as part of using the Services, as well as certain information collected in our application log (cf. below).
How Do We Collect And Receive Personal Data
Infront may collect and receive Personal Data in a variety of ways:
- When you register for a trial period
- When you register to receive newsletter, IR information and similar
- When you order one of our products online or on manual order form
- When your broker registers your subscription to an Infront product in the Infront entitlement system
- When you login and use the Infront applications (usage logs and trade logs)
- When you set up custom workspace, create personal lists, set up notifications, trade etc.
- Our servers automatically collect certain information in an application log to help us administer and protect the Services, troubleshoot technical issues and improve users’ experience. The information collected includes: IP address and browser type, device information such as SID (Security Identifier) and similar identifiers, device operating system and technical facts.
How We Use Personal Data and the legal basis for processing
Personal Data will be used by Infront in accordance with any applicable terms in the Customer Agreement, End User License Agreement, Customer’s use of Services functionality, and as required by applicable law.
Infront uses Personal Data:
- To conduct sales and contract process
- To provide requested offers on our Services;
- To deliver in accordance with Customer Agreements
- To enable users to access and use the Services
- To offer technical and other support to users of our Services
- To update, maintain, improve and protect our Services, Websites and business. This includes use of Personal Data to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues and analyze usage
- As required by applicable law, legal process or regulation, or other legal obligations imposed by publich authorities
- To communicate with you by responding to your requests, comments and questions
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and important Services-related notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails with promotional communications or other news about Infront. These are marketing messages so you can control whether you receive them.
To process orders, invoicing, payments and other financial follow-up
- To investigate and help prevent security issues and misuse of data from vendors (this e.g. includes exchanges and news vendors)
- To ensure Infront's or third parties' rights in the establishment, exercise and defence of legal claims that Infront believes to have, or directed against Infront from users, third parties or public authorities.
The legal basis for Infront's processing of Personal Data is i) the necessity for entering into or the performance of the Customer Agreement and/or End User License Agreement, e.g. to enable access to the Services, offer technical support to users, communicate with users regarding the Services and perform financial follow-up of the Services; ii) Infront's or a third party's legitimate interest, e.g. to update, maintain, improve and protect our Services or business interests, to investigate and prevent security issues and misuse and to ensure Infront's or third parties' rights in the establishment, exercise and defence of legal claims; iii) consent, e.g. in relation to processing for marketing purposes; and iv) compliance with statutory requirements, or other legal obligations imposed by public authorities.
Please note that Infront, in order to be able to fulfil our obligations according to the Customer Agreement and/or End User License Agreement, depend on receiving certain Personal Data about the users. The consequences of not providing such information is that Infront cannot fulfil the Customer Agreement and/or End User License Agreement.
How Long Do We Store Your Data
How We Share And Disclose Personal Data
Within the Infront Group. Our businesses around Europe and South Africa are supported by teams and functions. Personal data will be made available to the teams based in Europe if necessary for the provision of the Services, account administration, customer and technical support, and business and product development for example.
Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Personal Data on our behalf and support our business. These third parties may, for example, provide storage services. Additional information about the sub-processors we use to support delivery of our Services is set forth at http://infrontfinance.com/company/gdpr/subvendors. The relationship to such sub-processors will be governed by a data processing agreement, which among other things ensures information security for the Personal Data.
Third Party Content Providers. In order to provide our Products and Services, Infront receives content from third parties such as stock exchanges. Such vendors of market data or other third party content providers may require that Infront disclose certain information about you and your use of the Services for compliance and invoicing reasons. Such disclosure will be based on consent or other legal basis.
During a Change to Infront’s Business. If Infront engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Infront’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Personal Data may be shared or transferred, subject to standard confidentiality arrangements.
Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose.
To Comply with Laws. If we receive a request for information, we may disclose Personal Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Infront or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
With Consent. Infront may share Personal Data with third parties when we have consent from the data subject to do so.
Infront takes security of data very seriously. Infront works hard to protect your Personal Data you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the data we collect, process and store, and the current state of technology. Personal Data is sent in encrypted format between the front ends and our Services. The Services are hosted in secured data centers, and we place appropriate restrictions on access to Personal Data. We have Business Continuity and Disaster Recovery plans to protect the continuity of our Services
To the extent prohibited by applicable law, Infront does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please contact us and we will takes steps to delete such Personal Data.
Where Do We Store and Process Personal Data
Infront has offices in many countries and your Personal Data may be stored and processed outside your home country. We have networks, databases, servers, systems, support, and help desks located at many of our offices.
We use third parties for cloud storage and support and sales tools and take appropriate steps to ensure that Personal Data is processed, secured and transferred according to applicable law. When we transfer Personal Data from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection, for example by using EUs standard contractual clauses.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to your Personal Data, as well as to seek to update, delete or correct this Personal Data. You can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact Infront for additional access and assistance.
You may also request restriction of processing, object to the processing and under some circumstances require data portability. If the processing is based on your consent, you may at any time withdraw your consent. If you wish to exercise your rights, please refer to the contact information below.
Infront ASA, Munkedamsveien 45, 0250 Oslo, Norway.
Data Protection Authority
Subject to applicable law, you also have the right to lodge a complaint with your local data protection authority or The Norwegian Data Protection Authority (DPA), which is Infront’s lead supervisory authority. You may direct questions or complaints to our lead supervisory authority by sending them an email firstname.lastname@example.org:
The Norwegian Data Protection Authority (DPA), P.O. Box 8177 Dep., 0152 Oslo, Norway