Manymore Privacy Policy

Updated: 29.07.2025

1. Introduction

Manymore.com AS (org. no. 923 004 114) (“Manymore,” “we,” “us”) provides technological solutions for background checks and related services for businesses. This privacy policy explains how we process personal data about candidates, customers, and visitors to our websites. We clearly distinguish between these groups to show which types of data are processed for each category.

How this policy fits into our legal framework:

This policy is part of Manymore’s legal framework, which also includes the Terms of Use, Data Processing Agreement, and Service Level Agreement. Together, these documents govern the use of our services, how we handle data, and our service obligations. For questions about this framework, you can contact us at legal@manymore.com.

2. What Personal Data We Process

2.1 Candidate Data (Processor on behalf of customer)

We process the following data to carry out background checks:

  • Identity information (name, date of birth, contact details, ID documents)
  • Education and employment (educational institutions, degrees, previous employers, job titles, periods)
  • Business interests and open sources (company roles, bankruptcy information, editorial mentions)
  • Checks related to PEP/sanctions lists, credit checks, or criminal record certificates (where relevant and lawful)
  • Technical data (IP address, device information, login activity)

2.2 Customer Data

We process the following data about employers when they use our services:

  • Contact and account information (name, position, email, phone, login details)
  • Payment and invoicing information (address, payment history, purchased services)
  • Communication (customer service inquiries, agreement and contract correspondence)
  • Technical data (portal usage, IP address, device information)

2.3 Website Visitor Data

We may collect limited information about visitors to our websites, such as:

  • IP address and device information
  • Browser type and language settings
  • Usage patterns, page views, and clicks
  • Information via cookies and similar technologies (see separate section)

3. Purpose and Legal Basis

For candidates

  • Perform background checks on the instruction of the employer (basis: customer’s legitimate interest or legal requirement). Manymore acts as the data processor.

For customers

  • Manage customer relationships and deliver services (basis: contract)
  • Billing and fulfillment of legal obligations (basis: legal requirements)

For visitors and marketing

  • Analyze website usage and improve services (basis: consent via cookie banner)
  • Send marketing material (basis: consent or legitimate interest, with the right to opt out)

4. Sharing of Personal Data

We only share personal data when necessary to deliver services or fulfill legal obligations. This may include:

  • Customer ordering the background check (for candidates)
  • Public authorities where required by law
  • Sub-processors assisting with technical and administrative services, bound by data processing agreements

An updated list of sub-processors is available upon request.

5. Transfer to Third Countries

If personal data is transferred outside the EEA, we use EU standard contractual clauses and perform Transfer Impact Assessments (TIAs). We ensure equivalent protection levels through encryption and other measures.

6. Retention and Deletion

We store data from background checks for a maximum of 12 months after the check is completed, as also stated in our consent form. This period applies when Manymore itself is the data controller (e.g., for technical operations, support, and complaint handling).

When Manymore processes personal data as a data processor on behalf of the employer, we follow the employer’s instructions. Under our Data Processing Agreement (DPA), data is normally deleted within 90 days after the customer relationship ends, unless the employer requests shorter retention.

Our sub-processors may have their own technical deletion timelines but are contractually obligated to follow our instructions and applicable legal requirements.

Customer-related data (e.g., invoicing data) is retained as long as necessary for the contractual relationship and in line with statutory retention requirements. When data is deleted or anonymized, it is securely removed from our systems and the systems of sub-processors.

7. Children Under 15

Our services are normally aimed at adults. For criminal record certificates, we may process data about individuals as young as 15 in accordance with police guidelines. Additional security measures and parental consent are applied where required.

8. Your Rights

You have the following rights under the GDPR:

  • Access to the data we process about you
  • Rectification of incorrect or incomplete data
  • Erasure (“right to be forgotten”) when conditions are met
  • Restriction of processing
  • Data portability
  • Object to processing, including marketing
  • Withdraw consent at any time

To exercise your rights, contact legal@manymore.com. You can also file a complaint with the Norwegian Data Protection Authority (www.datatilsynet.no).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to improve the user experience, analyze traffic, and provide targeted marketing. You can manage consent via our cookie banner and change settings at any time.

Types of cookies we use

  • Necessary cookies: Required for the website to function properly (e.g., login and security).
  • Analytics cookies: Help us measure and improve website performance.
  • Marketing cookies: Used for targeted advertising and personalization (only with your consent).

Third-party cookies

We also use cookies from third parties for analytics and marketing:

  • Google Tag Manager: Manages marketing tags and tracks behavior.
  • Google Analytics: Measures traffic and user interactions.
  • Crisp: Manages customer dialogue and marketing activities.
  • Microsoft Clarity: Provides insights into user interaction and performance.

For more information, see the privacy policies of these services. You can also manage cookies through your browser settings.

10. Security

We use encryption, access controls, logging, and regular security audits to protect personal data. Measures are reviewed and updated regularly to address current threats.

11. Notification of Security Breaches

If we experience a security breach affecting your personal data, we will:

  • Notify you and relevant authorities without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with GDPR requirements.
  • Provide information about what happened, which types of data are affected, potential consequences, and which measures we have implemented to reduce the risk.
  • Take necessary actions to prevent recurrence and limit the extent of harm.

12. Changes to This Policy

We may update this policy as needed. Significant changes will be communicated via our website or directly to affected users. The date at the top shows the latest update.

13. Contact Information

Questions about privacy? Contact us at:legal@manymore.com