Privacy Policy and Data Protection Framework – Ren Sparevoll

Version 3.2 – Last Updated: April 9, 2026

Article 1: Identification of the Data Controller

This Privacy Policy defines the rigorous data processing protocols maintained by Ren Sparevoll ("the Platform", "we", "us", or "our'), headquartered at Aker Tech House, Fornebuveien 42, 1366 Lysaker, Norway. We act as the Data Controller under the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).

Given the advanced nature of our financial data structures, we have appointed a dedicated Data Protection Officer (DPO) reachable directly at [email protected].

Article 2: Categories of Personal Data Processed

To ensure institutional-grade security and absolute precision in our services, we collect the following categories of data in accordance with the principle of data minimization:

Identity Metrics

Full legal name, date of birth, nationality, and official government-issued identification required for mandatory Know Your Customer (KYC) verification.

Contact Credentials

Authenticated email address, active mobile number, and verified official residential address.

Financial Telemetry

Information regarding source of funds, digital asset wallet addresses, transaction history, and detailed investor risk profiles.

Digital Footprint & System Interaction

IP addresses, device specifications, geographical routing data, and granular logs of your interactions with our analytical interfaces.

Article 3: Legal Basis and Purposes of Processing

In compliance with Article 6 of the GDPR, our processing of your personal data is strictly founded on the following legal bases:

Contractual Necessity: Essential for managing your account, executing platform features, and delivering our core analytical services.
Legal Obligations: Mandatory compliance with the Norwegian Anti-Money Laundering Act (Hvitvaskingsloven) and directives from the Financial Supervisory Authority of Norway (Finanstilsynet).
Legitimate Interests: Required for proactive fraud prevention, network security enhancement, and the continual optimization of our algorithms via anonymized data aggregation.
Explicit Consent: For the delivery of personalized market reports, marketing communications, and the deployment of non-essential analytical cookies.

Article 4: Advanced Security and Encryption Standards

Ren Sparevoll deploys enterprise-grade security architecture:

Data at Rest (AES-256): All sensitive databases and user records are stored utilizing military-grade AES-256 encryption.
Data in Transit (TLS 1.3): All data transmission between the user's client and our servers is secured via end-to-end TLS 1.3 cryptographic protocols.
Sovereign Hosting: Data is exclusively hosted on redundant, highly secure servers located within the European Economic Area (EEA), featuring strict logical and physical access controls.

Article 5: Retention and Archiving Policy

We retain your personal data only for as long as strictly necessary to fulfill the purposes outlined:

Active Data: Retained for the full duration of your active contractual relationship with the Platform.
Statutory Archives: Personal identity and financial transaction records are retained in a secure, immutable archive for a period of five (5) to seven (7) years following account closure, strictly to satisfy Norwegian financial archiving and AML statutory requirements.

Article 6: Your Inalienable Rights Under GDPR

European and Norwegian laws grant you sovereign control over your personal information. You possess the right to access, rectification, erasure ("right to be forgotten'), restriction of processing, data portability, and the right to object.

You may exercise these rights at any time by contacting our DPO at [email protected]. Furthermore, you retain the fundamental right to lodge a formal complaint with the Norwegian Data Protection Authority (Datatilsynet).