Privacy policy

Last updated: March 1 2022 - 12:30 (GMT+1)

1. Introduction

This privacy policy describes how your personal information is collected and processed when using Firi, and your rights related to the processing of your personal information. Firi is owned and operated by Firi AS (org.no: 919 932 465). In this statement, Firi AS will be referred to as "Firi",  or "we". Firi is subject to Norwegian law and will process your personal information in accordance with the current privacy legislation.

2. Data controller

Firi is the data controller for your personal information. The data controller is the one who determines the purpose of processing personal information and the processes to be used. The data controller has the ultimate responsibility to ensure that all processing and handling of personal data is in accordance with applicable legislation.

Our full details are:

Full name of legal entity: Firi AS
Org. no:  919 932 465
Contact person: Trang Hoang
Email Address: [email protected]

Postal address: Grundingen 2
0250, OSLO
Norway

If you have questions regarding how we collect and use your data, you can contact us using the contact details above.

We wish to have the information we hold about you accurate and up to date. Please let us know if your personal information changes by emailing us at [email protected] or by updating your user profile.

3. What personal information we collect and reason for processing

When you use our website, create a user profile or contact Firi, we will process personal information about you. We collect and use your personal information for different purposes. Firi’s processing of personal data is subject to your consent or other legal requirements.

We process the following personal information for the purposes listed below:

Creation of user Profile: You can create a user profile on our website to buy and sell cryptocurrencies. The legal basis for processing is the fulfillment of the agreement.

When you create such a profile, we will process the following information:

  • Identification data such as name, title, date of birth and gender.
  • Contact data such as mailing address, email and phone number.
  • Financial data such as bank account and card information.
  • Transaction data such as time, amount and other information about transfers between you and us.
  • Profile data such as username, password, settings, and feedback on surveys.
  • Technical data such as login, IP addresses, browser information, language selection, time zone, referral id and digital fingerprints of devices.

  • When establishing a user profile, there will be several legal requirements that we must follow. Below is a description of various activities where Firi stores personal data:
    • Activity: Creation of user account.
      • Personal information: E-mail, IP addresses, geolocation data, referral id and fingerprints from devices.
      • Basis: Required for login to Firi, securing your account as well as complying with anti-money laundering regulations.
    • Activity: Upgrade of user profile.
      • Personal information: Full name, address, date of birth, nationality and 2-factor token.
      • Basis: Required to comply with anti-money laundering regulations. 2 factor is required to keep your account secure.
    • Activity: Identity verification.
      • Personal information: BankID, national identity number.
      • Basis: Required to comply with anti-money laundering regulations.
    • Activity: Submitting our KYC questionnaire.
      • Personal information: Information about job situation, purpose for creating an account, origin and ownership of funds, future deposits and withdrawals, income and possible political exposure.
      • Basis: Required to comply with anti-money laundering regulations.
    • Activity: Logging in to your account.
      • Personal information: IP addresses, geolocation data, referral id and fingerprints from devices.
      • Basis: Required for securing your account as well as complying with anti-money laundering regulations.
    • Activity: Deposit or withdrawal of fiat.
      • Personal information: Information about your bank account and transfers to us.
      • Basis: Required to comply with anti-money laundering regulations. You can only withdraw money from an account that you have ownership of.
    • Activity: Deposit or withdrawal of cryptocurrency.
      • Personal information: Information about your deposit and withdrawal addresses.
      • Basis: Required to comply with anti-money laundering regulations.

User data: When you use our website and our services, we store information about your use for use in statistics and analyzes. We do this to get a better understanding of how our services are used so that we can improve the quality of them. We process such personal information on the basis of an interest assessment. We have considered it necessary for us to do this so that we can customize the website for our users.

Marketing: We send out newsletters, marketing- and other information about our business by e-mail to you if you have given us your consent. You can withdraw this consent at any time by contacting us at [email protected] or by changing your settings for newsletters in your user profile. If you choose to not receive a newsletter from us, you will not receive information about any competitions and other interesting bonus programs. We will not share your personal information with third parties for use in marketing without your consent.

If you do not wish to provide us the required personal information, we cannot offer you services at Firi.

4. Disclosure of personal information to third parties

We will not disclose your personal information to third parties unless there is a legal basis for such disclosure or it is necessary for us to fulfill our agreement with you. Examples of such a basis will typically be when getting consent from you, if there is a legal basis requiring us to disclose the information (including suspicion of criminal activity), or if it is necessary as a part of the customer control our banking relationships are carrying out with us and/or as part of the customer control your banking relationship carry out of your customer relationship in connection with deposits to or withdrawals from us.

Personal data we process is stored in the EU / EEA area.

5. Data security

We always make adequate technical and organizational measures to ensure that the information is secure. We have security measures that prevent your personal information from being shared, modified, lost or misused otherwise. We only provide employees who need it, access to your personal information. Employees with such access will treat the information confidentially.

We are required by law to inform you if a data breach occurs or any of any other situations occurring where your personal information is at risk. We will do that as quickly as possible.

6. Data storage

We store your personal information as long as necessary for the purpose for which the personal information was collected. Personal data we process to fulfill an agreement with you will be deleted when the agreement is fulfilled, and all obligations arising from the agreement are fulfilled. Duties resulting from the contractual relationship may, for example, be data storage requirements due to accounting laws, anti-money laundering laws or other regulations.


In cases where we are not required by law to store information, we will save this as long as it is appropriate to provide our services in the best possible way. You can contact us to know what data we have stored about you and ask us to delete data about you.

7. Your rights

You have a number of legal rights in regards to your ownership of personal information we have stored about you and our use of this information.

You have the right to:

  • Receive the personal information we have stored about you.

  • Ask to have your personal information changed in case of errors.

  • Request to delete your personal information, as long as we are not required by law to store it.

  • Complain about the use of your personal information.

  • Require that we limit our use of your personal information.

  • Ask to transfer your personal information to another service.

  • Withdraw your consent regarding our use of your personal information.

You can read more about your rights on The Norwegian Data Protection Authority's homepage.

If you wish to make any of the requests described above, contact us at [email protected].

It is free for you to contact us and make requests regarding your personal information. If requests regarding your personal information are unfounded or excessive, including frequent repetition, we may require a reasonable fee to complete your request. It is also possible that we refuse to comply with your requests in such cases.

If you want access to information or to make changes to your personal information, we require you to identify yourself. You can, for example, identify yourself using Bank ID. In some cases, we may require you to provide additional information in order for us to identify you sufficiently.

We try to answer all such requests within 30 days. In all cases, we will inform you within 30 days that the request has been received and what the further proceedings will be.

8. Links to third parties

Firi’s website, firi.com, may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

9. Complaints

If you believe that our processing of personal information does not match what we have described here or in other ways violate privacy laws, you may appeal to The Norwegian Data Protection Authority.

You can contact The Norwegian Data Protection Authority here.

10. Cookies

You can set your browser to refuse all or some browser cookies or to alert you when websites place or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy.