Customer Privacy Notice

Collection and use of personal data

mnemonic focuses on implementing fair information practices that are designed to protect your privacy.

mnemonic conducts all of our processes and services on the basis of our legitimate interests in operating our business and providing our customers with a state of the art information security service and our obligation to comply with laws.

For many of our services, mnemonic has no interest in collecting or processing personal data. However, as part of the service provided, mnemonic may occasionally get access to personal data. Handling of customer personal data in these services are regulated by the legal terms in the given service contract. This applies to the following services areas:

  • Risk Services
  • Product and support

mnemonic acts as an independent controller for these services. Any and all of the personal data mnemonic gains access to is provided by our customers. mnemonic does not collect data regarding data subjects from any other third parties. If you have an inquiry that concerns your personal data, mnemonic recommends that you contact our Data Protection Officer. Contact information is found in the privacy notice.

mnemonic managed services

Through mnemonic managed security services, mnemonic may collect or process a variety of information about users of the mnemonic services and associated devices and networks connected with the services. mnemonic processes personal data only to the extent necessary to meet its obligations under the Service Agreement. Handling of customer personal data is regulated by the legal terms in the given service contract and the corresponding Data Processor Agreement (DPA). For managed security services, mnemonic acts as a processor on behalf of the customer. Please contact our DPO for more information regarding processing of personal data in this service. Contact information is found in the privacy notice.


Securing your information

In order to comply with relevant the EU General Data Protection Agreement, mnemonic maintains an overview of all its processing activities of personal data ensuring that these are:

  • lawful, fair, transparent;
  • limited to specified, explicit and legitimate purposes; and
  • relevant and necessary for the purposes for which it was collected.

mnemonic maintains accurate and up to date personal data only as longs as necessary to fulfill the purpose for which the data is processed. The personal data are protected by design and by default using appropriate technical and organisational security measures as deemed necessary by our risk assessments in alignment with mnemonic’s ISO27001 certification requirements and data protection impact assessments (DPIA). 


Storing your information and retention period

Any data mnemonic receives from our customers is stored in datacenters in Norway. mnemonic will not retain the personal data for a longer period than is necessary to achieve the purpose for which the data was collected.

Retention periods for mnemonic managed security services are handled in the agreement with our customer. For other types of services, information accessed can be deleted upon request.


Our vendors and service providers

mnemonic Security Services does not share personal data with vendors or other third parties. However, your employer or contractor might have additional services that require transfer of data to external parties.

For more information on where and to whom your personal data is transferred, please contact the mnemonic account manager at your employer or contractor.



In addition to the purposes and parties described in the general privacy notice, and depending on the service provided, mnemonic uses and discloses the information described above for the following purposes:

  • To provide the requested mnemonic services and for improvements;
  • For other purposes requested or authorized by our customers.


Exercising data subject rights

mnemonic has no direct relationship with the data subjects whose personal information may be processed by our services. Data subjects who are in contract with our customers may exercise their rights by following their contractor’s specific routines.

mnemonic will support our customers in dealing with data subject’s exercise of rights and data breaches investigations.