IDkollen identisure Privacy Policy

Valid from 2018-05-23

Table of contents

  1. Introduction
  2. The Services
  3. Registration for use of the Services
  4. Availability, security and accuracy of the Services
  5. Protection of your personal data
  6. Respect for the rights of others
  7. Respect for IDkollen
  8. Links to third-party websites
  9. Responsibility
  10. Change of terms
  11. Close account
  12. Miscellaneous
  13. Contact and support

1. Introduction

Thank you for choosing IDkollen and an extra big thank you for taking the time to carefully read through this Privacy Policy. We would like to start by briefly explaining why we have created this policy. Our fundamental goal is to clearly and easily

  • explain the role that You and We have in this context
  • explain how we use the information that you share with us so that we can deliver and continue to develop Sweden’s best online identification service;
  • ensure that you understand what information we collect and what we actually do with it;
  • show how we work to protect your rights and your privacy.

Our goal is that, after reading this policy, you should feel confident that your personal privacy is respected and that your personal data is processed correctly. We therefore also work continuously to ensure that our processing of personal data is fully in accordance with applicable legislation, primarily the new General Data Protection Regulation (GDPR) which applies from May 25, 2018.

2. What is personal data and what does the processing of personal data entail?

2.1 Personal data is any information that can be directly or indirectly, in combination with other data, linked to a living natural person. A non-exhaustive list of examples of personal data includes:

  • Name
  • Personal identification number
  • Email address
  • Credit card number
  • IP address
  • Images
  • User data

2.2 Processing of personal data includes any operation which is performed on personal data, whether or not by automated means. This includes, among others, the following operations:

  • Collection
  • Registration
  • Use
  • Combination
  • Transfer
  • Erase

3. Who does the policy apply to?

This Privacy Policy is primarily applicable to individuals who are users of our Services (the “data subject”). Different parts of this Privacy Policy may also be relevant to you depending on your relationship with IDkollen, for example if you are a visitor to our website or a reseller of our Services. By accepting this Privacy Policy, you consent to IDkollen processing your personal data in accordance with this Privacy Policy.

4. What about the policy?

This Privacy Policy regulates how IDkollen collects and processes personal data in order to deliver and continue to develop our Services.

5. What does it mean to be a Data Controller?

A data controller is a natural or legal person or other body which determines the purposes and means of the processing of personal data. A company is a data controller with respect to personal data it holds on its own behalf about its employees, customers, suppliers and others.

6. IDkollen as Data Controller

IDkollen AB (559000-0948) is the data controller for the processing of your personal data within the framework of IDkollen’s Services and is responsible for ensuring that such processing is carried out in accordance with applicable legislation.

7. Why are we allowed to process personal data?

7.1 In order for personal data to be permitted to be processed, there must always be support in the GDPR, a so-called legal basis. Such a legal basis is, among other things:

  • consent from the data subject
  • that the processing of personal data is necessary to fulfill an agreement with the data subject, such as an agreement on the use of the Services
  • to fulfill a legal obligation, such as regarding saving data due to accounting obligations
  • to make the assessment after a balance of interests that IDkollen’s interest in processing personal data is greater than the data subject’s interest in protecting it.

7.2 IDkollen always processes your personal data in accordance with applicable legislation. Our primary basis for processing your personal data is that it is necessary to fulfill our agreement with you regarding the use of our Services.

7.3 There are also situations where we have a legitimate interest in processing your personal data, e.g. in the interest of being able to market ourselves to visitors in our digital channels or in the interest of developing our Services. If we at IDkollen were to process your personal data for any purpose that requires your consent under applicable law, we will obtain your consent in advance.

7.4 It may happen that the same personal data is processed both on the basis of the fulfillment of an agreement, specifically on the basis of consent, or on the basis that the data is necessary to fulfill other legal obligations. This means that even if you withdraw your consent and the processing based on consent ceases, the personal data may still remain with us for other purposes. In principle, however, we only process your data to fulfill an agreement to which you are a party.

8. What personal data do we collect?

8.1 When you visit IDkollen’s website and when you communicate with us in our digital channels, we may collect information about you such as name, address, username, postal address, email address, telephone number, information about your use of Our Services and associated transaction history. In connection with the use of BankID, personal identification numbers are also processed.

8.2 IDkollen also collects data related to your use of Our Services. Such data includes, for example,

  • information about your type of subscription and your interactions with the Services and its associated applications, such as BankID.
  • technical data, which may include URL information, cookie data, your IP address, network information and the types of devices you use to access Our Services

9. What personal data is processed when making a payment?

9.1 If you register on our website (as defined in the Terms of Use), purchase any of our Subscriptions (as defined in the Terms of Use), or make other purchases through the Services, your credit or debit card information (e.g. card type and expiration date) and other information that we need to process your payment may be collected and stored by us and/or the payment solution service providers we work with. In addition, the payment solution service providers may provide us with other limited information about you, including your card type, expiration date and certain digits in your credit card number. The service providers may also provide an access token in this context that enables you to make further purchases using the information they have stored.

9.2 If you choose to pay by invoice, IDkollen may need to collect and store additional information, such as your name, date of birth and telephone number, and provide it to payment solution service providers that we collaborate with in order to enable credit checks and issue and send you invoices.

10. For what purposes is personal data processed?

The personal data about you that is collected in connection with your use of IDkollen’s Services will be processed by IDkollen, or our partners, for the following purposes:

  • To provide, personalize and improve your experience of the Services and administer our agreement with you.
  • So that we can communicate with you, for example to enable customer care and customer service, when contacting you by phone, email, notifications and through our social media accounts.
  • For marketing purposes, including for marketing via email, which you can of course unsubscribe from via a link in each separate mailing.
  • To process your payment and prevent or detect fraud.
  • To produce statistics on the use of our digital channels and the Services.
  • To maintain, develop, test and improve our digital channels and the technical platforms on which they are provided.

11. How long do we store personal data?

11.1 Your personal data will only be stored for as long as is necessary to fulfill the purposes for which the data was collected in accordance with this Privacy Policy. IDkollen may store the data for longer if necessary to comply with legal requirements or to safeguard IDkollen’s legal interests, e.g. if legal proceedings are ongoing.

11. 2 IDkollen stores data about the data subject for a maximum of 24 months after the person last made a purchase or otherwise integrated with IDkollen.

12. Our measures to protect your personal data

12.1 We at IDkollen have ensured that we have taken appropriate technical and organizational measures to protect your personal data against, among other things, loss, misuse and unauthorized access.

12.2 In order to technically ensure that personal data is processed in a secure and confidential manner, we use digital networks that are protected against intrusion using, for example, encryption, firewalls and password protection. Furthermore, systems have been developed to manage and, if necessary, through authorization control, limit access to various personal data, based on their nature and sensitivity. In the event that an intrusion occurs, IDkollen has created good procedures for identification, damage minimization and reporting. Finally, IDkollen has also developed a well-functioning method to satisfy the rights of the data subject, including the right to be forgotten.

12.3 IDkollen has organizationally ensured that all employees, consultants and suppliers that IDkollen uses to provide the Services are bound by confidentiality agreements and are obliged to follow IDkollen’s rules for information and IT security and this Privacy Policy. In order to ensure a good level of knowledge regarding the processing of personal data, ongoing training is arranged, both for IDkollen’s employees and the consultants who are hired from time to time to carry out assignments for the company.

13. When do we share personal data?

13.1 IDkollen will not sell, disclose or distribute personal data to third parties, except as stated in this Privacy Policy. Within the framework of the Services, personal data may be disclosed to, for example, subcontractors and partners, if necessary for the performance and provision of the Services. In cases where we choose to share personal data, we enter into a so-called personal data processing agreement to ensure that the recipient of the personal data processes this data in accordance with applicable legislation and that the recipient has taken the necessary technical and organizational measures in accordance with the GDPR to adequately protect the rights and freedoms of the data subject.

13.2 Furthermore, we may disclose personal data if we are obliged to do so under applicable law, court order or if such disclosure is otherwise necessary to participate in a legal investigation.

14. Your rights

14.1 IDkollen is responsible for ensuring that your personal data is processed in accordance with applicable legislation.

14.2 IDkollen will, at your request or on its own initiative, correct, de-identify, delete or supplement information that is found to be incorrect, incomplete or misleading.

14.3 You have the right to request access to your personal data. This means that you have the right to request a register extract of the processing that we carry out regarding your personal data. You also have the right to receive a copy of the personal data that is processed. You have the right to receive a register extract free of charge once per calendar year, through a written signed application, from which personal data is registered about you, the purposes of the processing and to which recipients the data has been provided or will be provided. You also have the right to receive information in the register extract about the anticipated period during which the data will be stored or the criteria used to determine this period.

14.4 You have the right to rectification of your personal data. We will, at your request, correct any incorrect or incomplete data we process about you as soon as possible.

14.5 You have the right to erasure of your personal data. This means that you have the right to request that your personal data be deleted if it is no longer necessary for the purpose for which it was collected. However, there may be legal requirements that prevent us from immediately deleting your personal data, for example in accounting and tax legislation. We will then terminate the processing that is carried out for purposes other than compliance with the law.

14.6 You have the right to object to personal data processing carried out on the basis of a balancing of interests. If you object to such processing, we will only continue the processing if there are legitimate reasons for the processing that outweigh your interests.

14.7 If you do not want your personal data to be processed for direct marketing, you always have the right to object to such processing by either unsubscribing directly in each specific email, or sending an email to support@idkollen.se. Once we have received your objection, we will cease processing the personal data for such marketing purposes.

15. Changes to this policy

IDkollen reserves the right to revise this Privacy Policy from time to time. The date of the most recent change is stated at the end of the Privacy Policy. If we make any changes to the Privacy Policy, we will publish these changes on the website. You are therefore advised to read this Privacy Policy regularly to be aware of any changes. If we change the Privacy Policy in a way that is significantly different from what was stated when your consent was collected, we will notify you of these changes and, if necessary, ask you to consent again to IDkollen’s processing of your personal data.

16. Contact

Please do not hesitate to contact us if you have any questions about this Privacy Policy, the processing of your personal data or if you would like to request a register extract. Our contact information can be found below.

IDkollen i Sverige AB
Box 55693
102 15 Stockholm
info@idkollen.se