Privacy Notice

In short:

At Vipps (Vipps MobilePay AS), we care about your privacy. We strive to always keep our responsibility front and center when we process your personal data.

This Privacy Notice describes why and how we process your personal data, and how you can exercise your rights.

Girl with phone (1).png

1. Vipps products

The primary reason for processing your personal data is to deliver Vipps products to you. Below you can read more about each product. Remember that you can also get an overview of what we process in your Vipps app.

Why and how do we process your personal data?

In order to provide you with a Vipps profile, we process the following information:

  • Information about you (name, phone number, e-mail, postal address (as registered in Norway's National Population Register, as well as the address you provide) and national identification number)
  • Account and Card Details (bank account number, masked debit or credit card number and expiry date). Our acquirer also process additional card-related information.
  • Usage Data (views, time, frequency, and duration of activities in the app, search history and sign in/log out data)
  • Technical Data (internal IDs, IP address, mobile operating system, mobile device, browser, settings in app, log of technical events, etc.)

In addition, we collect the following information from various registers to ensure that we have the correct information:

  • Contact Details (name and address) and citizenship from Norway's National Population Register.
  • Ownership of the bank account from "Konto- og adresseregisteret" (KAR).
  • Business Roles registered in The Brønnøysund Register.

Remember: As a Vipps user, other Vipps users will be able to see your name by searching your mobile phone number in the Vipps app.

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Why and how do we process your personal data?

To send and receive money to persons or merchants, both online and in app and for recurring payments, we process the following information:

  • Transaction Data (date and time, name and phone number of recipient or merchant name and number, payment source, receiving account, amount, product/service, text/messages)

In addition, the counterparty (user or merchant) to a transaction will see the following information:

  • Transaction Data (date and time, name, partly masked or full phone number, amount, product/service, text/messages)

What allows us to do this? 

Contract we have with you, see Terms and Conditions

For donations to non-profit organisations

Why and how do we process your personal data?

When you donate a monetary gift to certain non-profit organisations, you can choose to share your national identification number and name with them so that you can receive a tax deduction for the monetary gift.

What allows us to do this? 

Your consent.

Why and how do we process your personal data?

To provide Vipps Log In, we process the following information:

  • Your preference (companies where you use Vipps Log In)

You can choose to continuously share the following information from your Vipps to other companies:

  • Information about you (name, telephone number, e-mail, registered address and address you provide, national identification number)

Did you know?

  • The company with access is the data controller, since they provide a separate service to you.
  • If the data you share is updated in our app, it will also be updated for the company with access.
  • You can find an overview of companies that you have consented to in the app: Profile > Personal information > Companies with access in the app. Here you can withdraw your consent at any time.
  • The consent is valid for one year. If you withdraw your consent we will stop sharing your data. Be aware that this does not end your agreement with the company with access. Reach out directly to the company if you want to end your agreement with them.   

What allows us to do this? 

Your consent.

Vipps Hurtigkasse or Vipps Checkout

Why and how do we process your personal data?

To deliver Vipps Hurtigkasse or Vipps Checkout, we process the same personal data that appears in section 1.2 (for payment) and section 1.3 (Vipps Log In). In addition, we process the following information:

  • Your preference (websites/merchant where you use Vipps Hurtigkasse and Vipps Checkout)

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Data Transfer to other merchants

Why and how do we process your personal data?

You can choose to share the following information from your Vipps profile to other merchants:

  • Information about you (name, telephone number, e-mail, registered address and address you provide, national identification number)

What allows us to do this? 

Your consent. 

Vipps eFaktura

Why and how do we process your personal data?

To show your invoices and pay eFaktura in Vipps, we collect the following information from the invoice issuer, service providers or banks:

  • Invoice information (the payee’s account number, KID number, amount, due date, invoice number)
  • eFaktura scheme data (contact information, national identity number, organisation number, link to invoice)

Did you know? You can turn on and off functions in the app. Go to Profile > Bills and eFaktura.

Remember that if you have chosen “Always Vipps eFaktura”, we will inform invoice issuers that they can send your eFaktura in Vipps.

What allows us to do this? 

Your consent.

Vipps scanner

Why and how do we process your personal data?

To scan and pay your bills and invoices, we process the following information:

  • Information from the scanned bill (the payee’s account number, KID number, amount, due date)
  • Image of the scanned bill

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Did you know? To use Vipps Bill Scanner, Vipps needs access to the camera and images on your phone, see 1.11.

Why and how do we process your personal data?

To display your personal memberships and all the benefits you have through selected loyalty programs in the app, we process the following information:

  • Phone number is shared with the merchant's data processor, to look up your memberships and benefits in loyalty programs.
  • Information received from the merchant regarding your memberships and benefits in loyalty program.

Did you know? The merchant is the data controller for the loyalty programs and benefits, and we are a data processor. Contact the merchant for questions regarding these.

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Settlement

Why and how do we process your personal data?

In order to calculate and distribute expenses in a group of users, we process the following information in addition to what is stated in point 1.1:

  • Self-selected image for the settlement
  • Name, burden distribution, and amount of expenses in the settlement
  • Name of participant, amount, and status of payment in the settlement

Did you know? All participants in the settlement can see the information listed above.

What allows us to do this?

Contract we have with you, see Terms and Conditions

Box

Why and how do we process your personal information?

In order to create a box where you can easily collect money for a specific purpose, we process the following information:

  • Self-selected name of the box and image
  • Chosen purpose for the box
  • Payments that have gone in and out of the box

Did you know? As the owner of a box, you can export all payments in and out. The owner of the box can give others access to read the information in the box.

What allows us to do this?

Contract we have with you, see Terms and Conditions

Why and how do we process your personal data?

In addition to your transaction data, see 1.2, we can display order line information regarding your purchases. For this we process the following information:

  • Order line information (Line items, amount, if relevant shipping price, VAT, tips and discount)

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Did you know? You can decide if you want to have order lines shown in your app or not. You can do that by going to Profile -> Settings and toggling on/off "Show digital receipts in Vipps".

Why and how do we process your personal data?

To deliver payment for a used car with NAF and Finn, we process the following information:

  • Information about the car (registration number and registered owner)
  • Purchase amount

What allows us to do this? 

Contract we have with you, see Terms and Conditions

For children

  • Your guardians (for most it means your parents, but it can also mean your foster parents or others who are responsible for you) have an overview of everything you see in the app. For example, they can see who you send and receive money to and from, who you chat with, and your full conversations.
  • Vipps saves all the activity on your profile, such as your name, mobile phone number of those who send you money, chats, the time you send and receive money.
  • For more information, see Vipps under 15 and remember that you can always contact us via chat at vipps.no, e-mail at privacy@vippsmobilepay.com or telephone on 24 24 05 10. 

For adults

In addition to the personal data that appears in section 1.2 (for payments between persons), we process the following information about both guardians and children:

  • Information about legal guardianship as registered in Norway's National Population Register.
  • If you have gone through the manual process: Documentation of registered legal guardianship.

What allows us to do this? 

To fulfill the agreement we have with your parents/guardians and you, see Terms and Conditions.

You can turn on and off the following functions in the app under Profile

  • Balance, for you to see your bank account balance in the app (we obtain this information from your bank).
  • Profile picture, so you can upload a profile picture that other users can see.
  • Chosen name for your accounts or cards, so you can easily differentiate them.
  • Blocked users, users that can no longer send you messages or money.
  • Suggestions and offers from Vipps, so that you can see tips and recommendations on the Vipps home screen.

What allows us to do this? 

Your consent.

Did you know? You can block a person in two ways. By selecting the person in your history. Tap the three dots in the right corner and select Block. You can also block by going to Personal information -> Blocked users and press Block and enter phone number.

You can unblock the person at any time. You will find a list of blocked people under Personal information.

You can turn on and off the following functionality under settings on your phone:

  • Location, so you can find a merchant near you.
  • Your contact list, so you can select recipients from your contacts. If you don't want the app to access your contacts, you can manually enter the recipients mobile phone number.
  • Pictures and camera, so you can have a profile picture in Vipps, scan invoice information, save receipts as pictures or add a picture to a settlement group.
  • Notifications, so that Vipps can send you push notifications.
  • Background updates, so you can receive push notifications from Vipps.
  • Mobile data, so you can use Vipps when you don't have wireless internet.
  • For Android, we ask for access to mobile phone status and ID, so that the mobile identifier can be saved and change/delete content on the SD card, and for you to upload a profile picture.

What allows us to do this? 

Your consent.

To know who you are

To fulfill our obligations under anti-money laundering regulations, we process the following personal data relating to merchants:

  • Business roles at merchants (CEO, chairman, board members, deputy, accountant, auditor)
    • Information about the person (name, phone number, email address, date of birth, social security number)
    • Signatory rights
  • Beneficial owner
    • Information about the person (name, date of birth, country, nationality, address)
    • Information from registers
  • Politically exposed persons (PEP) and sanctions lists
    • Information you provide
    • Information from registers

What allows us to do this?

Our legal obligation.

Credit rating

When establishing the customer relationship and continuously afterwards, Vipps conducts credit checks of the merchant you are part of. For some forms of organization, for example, where the person is personally responsible for the merchant, we also carry out a credit assessment of persons with a role within the merchant. After this is done, you will receive a copy of that information.

What allows us to do this?

Our legitimate interest.

Onboarding and administration of the customer relationship

For onboarding, administration of customer relationships, communication, and security for your merchant, we process the following personal data:

  • Role as user and admin in Vipps Portal and Merchant App
    • Information about you (name, telephone number, e-mail address, national identity number)
    • Usage Data (views, time, frequency, and duration of activities in the app, search history and sign in/log out data)
    • Technical data (internal IDs, IP address, mobile operating system, mobile device, browser, in-app settings, history of technical events, etc.)
    • eID authentication with BankID
  • Contact points at merchants
    • Information about you (name, telephone number, e-mail address, national identity number)
    • Communication between Vipps and the contact point

What allows us to do this?

The agreement we have between Vipps and your user site.

Wish List

Why and how do we process your personal data?

When you create a wish list, we process the information you enter. If you add a link, we will display a picture of the content, name of the product and similar details from the link to provide you with a clear representation of the wish list item.

  • Your first name and profile picture
  • Wish list details (list name, content picture, content price, description of list and content)

Remember: You can share your wish list with any user, including users from other locations. Please note that users can further share the link to other users. Users you have blocked in the app cannot see your wish lists, even with the link. We discourage users from entering sensitive information in the wish list.

What allows us to do this?

The agreement we have between Vipps and your user site.

Recommendations and Inspirational lists

Why and how do we process your personal data?

Wish list is designed to help you find content that fits your needs and interests. We therefore provide recommendations and inspirational lists in the Wish list space. For that purpose, we segment users based on basic demographics, or if you consent to it we may profile you to provide you with tailor-made recommendations and offers. See section 2.3 to see how segmentation and profiling works.

Remember: The recommendations and inspirational lists may include sponsored content. You can read our terms for more information about sponsored links. If you click on a sponsored link and proceed to the third-party website, there might be further data collection and tracking in connection to your visit and purchases. Third-party data collection and tracking will, in some cases, be carried out by the site you visit and/or the Adtraction affiliate network, according to their terms and conditions that you can read here.

What allows us to do this?

Basic segmentation is based on our legitimate interest.

Profiling is based on your consent, and can be withdrawn in the app -> Profile -> Privacy Setting tab.

2. Across Vipps services

Some processing is not necessarily linked to a single product. You can read more about it below.

To fulfill our obligations according to laws and regulations, Vipps must process some personal data.

  • Bookkeeping: Accounting material, which may also contain personal data, is processed, and stored in accordance with the requirements in the Bookkeeping Act.
  • Prevention and detection of criminal activities: Vipps must process some personal data for the purpose of preventing, detecting, investigating and handling fraud and other criminal activities. This includes the duty to examine and report suspicious activities and transactions under the Anti-Money Laundering Act. Vipps also obtains information from various registers to fulfill legal requirements, for example related to politically exposed persons and sanctions.
  • Disclosure of personal data to public authorities: We must disclose personal data when there is a court order, law enforcement request or otherwise to fulfill legal requirements, such as The Penal Code, The Statistics Act, The Taxation Act or The Labour and Welfare Administration Act.
  • Disclosure of personal data to banks and other financial institutions: We also disclose personal data to comply with The Anti-Money Laundering Act when it is part of conducting due diligence of suspicious activities or transactions, and in accordance with the Financial Institutions Act regarding fraud.
  • Security monitoring: To detect and resolve suspicious activities and security incidents, Vipps processes personal data when logging and monitoring Vipps' services. Ensuring information security is, among other things, anchored in the Personal Data Act and the ICT Regulation.

What allows us to do this? 

Our legal obligation.

Why and how do we process your personal data?

Vipps processes personal data to help you if you have issues with our services, such as:

  • Information about you (name, telephone number, e-mail, registered address and address you provide, national identification number)
  • Information about your issue
  • Information about the customer relationship (which services you use, for how long, etc.)

Depending on the issue, it may also include:

  • Transaction Data
  • Account and card details (bank account number, masked debit or credit card number and expiry date)
  • Usage data (views in the app, time and clicks in our surfaces, searches, logins and logouts)
  • Technical data (internal IDs, IP address, operating system, mobile device, browser, settings in app, log of technical events, etc.)

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Recording of phone calls with customer service

Vipps processes personal data when we record phone calls for quality assurance and training of our employees. We only do this if you consent to it.


The recording will include all personal data that is in your conversation with customer service. For more details, see the categories of personal data in section 2.2.


The recording will be kept for 30 days. If a recording is relevant in a legal dispute or a security incident, it may be kept for a longer period based on another legal basis.


Remember! You can always withdraw your consent by sending an email to privacy@vippsmobilepay.com. In that case, the recording will be permanently deleted.

What gives us permission to do this?

Your consent.

Chat with Customer Service

When you chat with customer service on our website or portal, Vipps processes the following information to ensure good customer service and follow-up:

  • Information about you (name and phone number)
  • Information about your issue (content of the chat)
  • Authentication data (if you need to receive certain types of data from us, we require BankID identification)

Remember! Customer chat information will as a rule be stored for 30 days, but this can be extended if a case requires it.

What allows us to do this? 

Contract we have with you, see Terms and Conditions

Basic segmentation

We carry out basic segmentation to provide you with relevant recommendations and offers. For this purpose, we process the following data:

  • Age
  • Gender (based on your National Identity Number)
  • Geographic area (based on postal code)
  • Use of our products and services (e.g. if you have certain products activated or not, or the items you added to your wish list)

What allows us to do this? 

Our legitimate interest. You have the right object to it, see section 3.6.

Personalised marketing

If you consent to it, we will personalise our marketing across our app and channels like email, SMS or push messages. The purpose is to provide you with the most relevant and tailor-made offers, recommendations and discounts from us and third-parties.

Personalised marketing is based on analysis of the following information about you:

  • Transactions and purchases (all transactions including your receipts and basket details when available)
  • Profile details (such as your name, address and the cards you’ve added)
  • Your use of our products and services (such as how, when and how often you use them)
  • Your use of the app (such as visited pages in the app, app settings e.g. language etc.)

What allows us to do this? 

Your consent.

Marketing via e-mail, SMS and Push Messages

If you consent, we may send you suggestions and offers based on, via e-mail SMS or Push Messages. For this, we process:

  • Contact Information (name, phone number and e-mail)

What allows us to do this? 

Your consent.

Remember: You can see an overview of your consents to marketing activities in the app under Profile > Settings. You can withdraw your consent at any time. Please note that it may take some time to technically implement consent withdrawal due to the frequency of system updates.

Internal development of our services

We process personal data for service development, maintenance and to improve customer experience. To do this, we analyse how our products and services are used. For this type of processing, we do not identify the end users, but use aggregated, pseudonymized or anonymized data. The following information may be processed to generate such analyses:

  • Demographic data (age, gender, geographic area)
  • Which Vipps services/products you use
  • Technical data (Customer ID, Cookies, user agent, etc.)
  • Usage data (views in the app, time and clicks in our platforms, search history, logins, and logouts)
  • Aggregated or pseudonymised Transaction Data
  • Profile information (number of payment cards and bank accounts)
  • Usage of Accessibility features

What allows us to do this? 

Our legitimate interest.

Statistics

We further process this information to develop user surveys, user analyses, market analyses, and reports based on usage patterns and demographics. We use statistical data to group users into similar usage patterns and this helps us understand how our services are used. The results cannot be linked back to you as we use aggregated data for this purpose. In some situations, we forward the results of the analyses to merchants that use Vipps. This information cannot be linked back to you. Vipps shares aggregated statistics with certain partners, such as banks and the Ministry of Finance. 

What allows us to do this? 

Our legitimate interest.

Vipps uses several suppliers who process personal data on our behalf (Data Processors). In these cases, Vipps enters into a Data Processing Agreement with the supplier to ensure that the processing is carried out in accordance with the GDPR. Relevant data processors we use are:

  • Cloud service providers (Microsoft Azure, Salesforce, Splunk, Mixpanel, Slack, Signant, Puzzel, Link Mobility, Twilio Sendgrid, Strise, Jobylon)
  • Software providers (Microsoft 365)
  • Service providers (Nets, TietoEvry, DNB, Adyen)
  • Consulting firms
  • Banks

When we transfer personal data outside the European Union (EU) or the European Economic Area (EEA)

In some cases, Vipps may transfer personal data to Data Processors in countries outside the EEA. Such transfers can only be made if the Data Processor has provided assurance that your privacy and rights are protected. This may be a transfer basis approved by the European Commission e.g., to an approved country, through Standard Contractual Clauses, or through valid Binding Corporate Rules. In special situations, another valid transfer basis, such as agreement or consent, may be used if the level of protection corresponds to the level in the EEA.

Information security is fundamental to delivering safe and simple solutions. Through effective security measures and processes, we therefore ensure that your personal data is protected against unauthorized access and alterations and is available when needed. For this, we have implemented measures such as:

  • Identity and Access Management
  • Secure Software Development and Security Testing
  • Encryption
  • Network Security
  • Security Monitoring and Incident Management
  • Safety training and knowledge sharing among employees
  • Security requirements and follow-up of Data Processor and suppliers

Security measures are implemented, monitored, and continuously improved based on a risk-based approach to ensure that personal data is adequately protected over time.

Personal data will not be stored longer than is necessary and according to the following rules:

  • The main rule is that we store personal data for as long as your customer relationship is ongoing. This allows you to have an overview of your history that you can see in the app.
  • When you terminate your customer relationship, certain information will be stored by Vipps for another 3 and half years, 5 or 10 years in accordance with the Money Laundering Act or the Bookkeeping Act.
  • Personal data that we process based upon your consent will be deleted if you withdraw your consent, unless there is another legal basis for further processing.
  • In some situations, we may have a legitimate interest in retaining the information for a longer period, for example for back-up.

Vipps and merchants are independent data controller for most of our services. Vipps has an agreements with all our end users. This means that Vipps is responsible for its own processing activities of personal data that are necessary to provide the payment solutions. Similarly, merchants have their own agreements with their customers, and are themselves responsible for their own processing activities of personal data in order to provide their services e.g. being able to carry out a sale. We have therefor not entered into a data processor agreement in the case where Vipps and the merchants are independent data controllers. 

For the following services, Vipps is the data processor on behalf of the merchant or partner:

  • eFaktura/eInvoices
  • Vipps benefits
  • Loyalty at checkout/delegated consent

3. Your rights

If you wish to exercise your rights, you can send your request to our Data Protection Officer in privacy@vippsmobilepay.com.

You have the right to access the information stored about you. Remember that you can find most of this information about you in your profile and your history in the Vipps app.

You have the right to demand that incorrect information about you be corrected. You can change your e-mail, address, picture, account, and card information in the app.

You have the right to demand to delete information about you if Vipps does not have a legal basis for storing it further. Do you want to delete your profile? See Hvordan sletter jeg alt om meg og min profil? (vipps.no)

You may withdraw your consents at any time.

  • If you have shared your information in Vipps with companies, you can withdraw this consent: under Profile > Personal information > Companies with access and Browsers that remember you
  • Vipps Regninger and eFaktura: under Profile > Bills and eFaktura
  • Marketing: under Profile > Settings
  • Settings on your phone: under settings on your phone
  • Settings in the app: for example under Profile > Settings or Profile > Accounts and cards

You have the right to be informed about how we process your personal data. We do this in this Privacy Notice, in our Terms and Conditions, and when obtaining consent.

If we process information about you based on our legitimate interest, you have the right to object to our processing of information about you. This can be for example for analysis purposes or for compiling personal data across our services.

In special situations, you have the right to request a restriction of the processing of personal data.

You have the right to have your data transferred in a machine-readable format to a new Data Controller.

You also have the right to complain to the Norwegian Data Protection Authority.

Changes in this Privacy Notice

Vipps continuously works to improve and develop our services. We will change information in this Privacy Notice, some might refer to it as a Privacy Policy, in the event of any changes in the law, services we provide or in our own personal data processing practices. If Vipps makes major changes that may affect your privacy or rights, you will be notified in the app or by email

Version 1.21. Updated 28.10.2024

Vipps Confirm.png

Do you have any questions?

If you have questions about privacy, contact us on our chat here at vipps.no or send an e-mail to privacy@vippsmobilepay.com

You will also find some answers under help: Privacy and security - questions and answers (this is in Norwegian).

Hjelp_2x.png