Version 1 - 7/6/2019 Privacy protection policy BankID app
Data Controlling
For the BankID app, Vipps AS acts as a data processor on behalf of the Norwegian banks. This Privacy Statement for the BankID app service is an addition to the data controlling bank’s own privacy statement.
Vipps AS is a company that operates and manages the products of Vipps, BankAxept and BankID. It is your issuing bank for the service BankID who is the data controller, Vipps AS has a role as data processor who performs tasks on behalf of the banks and has entered into a specific data processing agreement with the Norwegian banks for this service.
The general terms and conditions between you and your bank for BankID apply when using BankID with the BankID app.
Responsibility for your personal information
You should always feel secure when you give your personal information to Vipps AS. We do everything we can to protect the information, prevent unauthorized people from access, ensure the information is correct, only processed for the purposes for which the information has been collected, and deleted when the information no longer needs to be stored for the purpose, for security reasons or by regulatory requirement.
Purpose of the data processing
Vipps only processes your personal information in accordance with the data processing agreements, the Personal Data Act and other relevant regulatory requirements.
The purpose of the processing of the service is primarily to fulfill the obligations Vipps AS has undertaken for the implementation of the contract terms that apply between you and your bank for the use of BankID.
What information is being processed?
Personal information processed at Vipps AS for the BankID app service is:
- Your name, national identity number and userID as well as the latter's state
- Information about the mobile device, including manufacturer, operating system version, network type, IP address, time zone, preferred language and deviceID, and the latter's state
- Information about the date, time, type of transaction and the location for issuance and use of the app
Basis for processing
The processing of your personal information in the BankID app takes place on the basis of your and our agreement with the bank responsible as a data controller for the service.
Transfer to third parties and extradition
Your personal information may be processed by a data processor who processes your personal information as a subcontractor for Vipps AS. Vipps AS always enters into a data processing agreement with its data processors, and any data processors will only process the information in accordance with instructions from Vipps AS, which in turn have received instructions from the bank and for the purposes for which your personal information has been collected. Personal data may also be disclosed to the tax authority, police authority or other authority if there is a legal basis for it. Vipps AS will not transfer or disclose your personal data to any other third parties.
Storage
Vipps AS will store your information as long as the responsible bank decides and to fulfill the purpose of the service. Further, the information will be stored if necessary to meet certain legal requirements, such as the Accounting Act and the Money Laundering Act. Once that time has passed, your personal information will be deleted.
Data Protection Officer
Vipps AS has appointed a Data Protection Officer. You can always contact the Data Protection Officer if you have any questions about Vipps AS’ processing personal data. The Privacy Officer can be reached by email: personvern@vipps.no.
Information / correction
You have the right to receive information about which personal information is processed about you in Vipps AS' business. Please send a request to Vipps AS' Data Protection Officer at personvern@vipps.no.
If any of your personal information is erroneous, you should contact your bank, and us through the following email: personvern@vipps.no
Other
This text can be updated. The latest version is always available through the BankID app.