Privacy Notice
Valid from: 14.09.2022
Delivery of our service/product, Symblepay, and administration of customer-relations
Purpose
We process your personal information in connection with delivery of our service/product, Symblepay, including identification and approval of you as a customer via. NemID/MitID. Furthermore, to process money-transfers, produce statements, administrate the customer relations and to communicate information on the products and services you have requested as well as to handle any enquiries or questions that might result from your use of the product/service.
Categories of personal data processed
We process the following personal information on you:
Regular personal information
- Name, address, e-mail, phone-number
- Information on the products and services we deliver to you, including your usages and preferences in connection hereto
- Account number and payment information
- CPR-number (Social security number)
Sources
We collect your personal information from the following sources:
- Directly from you
- From the Danish CPR-register
- The Bank where you have the account you are using for the product/solution (Symblepay)
- Other companies and payments and/or services providers to which you have subscribed to
Legal basis
We process your personal information based on the following legal basis:
- Article 6.1.(b) (Necessary for the performance of a contract to which the data subject is party)
- Article 6.1.(f) (Necessary for the purposes of legitimate interests in delivery of our product/service, to identify you as a customer, produce statements, administer customer relation, and handle enquiries made by you. Furthermore, for the purpose of our legitimate interest to prevent fraud and losses which may arise in the conclusion of a payment).
- §11, section 2, nr. 2, I the Danish data protection act regarding information on CPR-numbers
Sharing
We can share your personal information with:
- Suppliers and retailers, including IT-suppliers, support and financial institution with whom we collaborate with when conducting our business
- Group affiliates
- Public authorities
- Recipients of payments from you
- Your bank/banks which is used by you to receive or send money from
- External partners of Symblepay (including corporate customers)
Storage
We will store your personal information as long as they are deemed necessary for the above-mentioned purposes.
Generally, we will store your personal information regarding transactions you have made for up to 5 years from the end of a fiscal year according to §10 of the Danish bookkeeping act.
Personal information will hereafter be deleted unless required otherwise by other legislation.
Business development and statistics
Purpose
We process your personal information in connection with further development of our products, service, and business in general by analysing data and statistics
Additionally, we use cookies and similar technology on our website, products, and App for analytic and statistical purposes. You can find out more about our use of cookies here.
Categories of personal information
We process the following personal information on you:
- Name, address, e-mail, phone-number
- Information on the products and services we are delivering to you including how you use them and your preferences
- Information on the device/devices you use, the operating system and your IP address including information on traffic, placement, behaviour, and other communication information
Sources
We collect your personal information from the following sources:
- Directly from you
- Other companies and payments and/or services providers to which you have subscribed to
Legal basis
We process your personal information based on the following legal basis:
- Article 6.1.(f) (Necessary for the purposes of legitimate interests in delivery of our product/service, to identify you as a customer, produce statements, administer customer relation, and handle enquiries made by you. Furthermore, for the purpose of our legitimate interest to prevent fraud and losses which may arise in the conclusion of a payment).
Storage
We will store your personal information for as long as you have and active user with SymblePay. If your user is deleted all personal information will be purged the following night. This does not include information required to continue sending newsletters provided you are still interested in receiving these.
Personal information will hereafter be deleted unless required otherwise by other legislation.
Marketing
Purpose
We process your personal information for marketing purposes including targeted communication with you based on your interests and focus areas as well as to send you relevant marketing such as newsletters etc.
Additionally, we use cookies and similar technologies on our website to market via digital media channels and on social media sites such as Facebook. You can find additional information on our use of cookies here.
Categories of personal information
We process the following personal information on you:
- Name, address, e-mail, phone-number
- Your use of our services, products, websites and apps
- Your preferences
- Information on the device/devices you use, the operating system and your IP address including information on traffic, placement, behaviour, and other communication information
Sources
We collect your personal information from the following sources:
- Directly from you
- Online sources such as social media
Legal basis
We process your personal information based on the following legal basis:
- Article 6.1.(a) (Consent)
- Article 6.1.(f) (Necessary for the purposes of legitimate interests to provide direct marketing to you and to target our communication with you based on your interest and focus areas.
Sharing
We can share your personal information with:
- Suppliers and retailers, including IT-suppliers, support, and financial institution with whom we collaborate with when conducting our business
- Group affiliates
- Public authorities
Storage
We will store your personal information as long as you are subscribing to our newsletter. If you cancel your subscription your personal data will be deleted the following night.
Personal information will hereafter be deleted unless required otherwise by other legislation.
Anti-Money Laundering and Know Your Customer (KYC)
Purpose
We process your personal information in accordance with our obligations under the Danish Anti-money laundering act. Including the rules around know your customer procedures, reporting to SØIK (Hvidvasksekretariatet), etc.
Categories of personal information
We process the following personal information on you:
Regular personal information
- Name, address, e-mail, phone-number
- CPR-number
- Date of birth, picture
- Other forms of ID-documentation such as copies of passport, drivers license or birth certificate
Sources
We collect your personal information from the following sources:
- Directly from you
- Debtors
- Online sources such as CVR which is public available
- Public authorities such as the Danish tax authority and the CPR register
Legal basis
We process your personal information on the following legal basis:
- Article 6.1.(c) and article 9.2.(g) (Necessary to comply with our legal obligations according to the Danish AML act to collect and pass on information on you in order to prevent money laundering and terror financing)
- § 11 section 2. Nr. 1 & 4 in the Danish data protection act regarding information on CPR-number
Sharing
We can share your personal information with:
- Suppliers and retailers, including IT-suppliers, support, and financial institution with whom we collaborate with when conducting our business
- Group affiliates
- Public authorities
Storage
We will store your personal information as long as they are deemed necessary for the above-mentioned purposes.
Generally we will store your personal information for a minimum of 5 years by the conclusion of an agreement or the conclusion of a transaction in accordance with § 30 section 2 in the Danish AML Act.
Personal information will hereafter be deleted unless required otherwise by other legislation.
Transfer of data to countries outside of EU/EEA
As a general rule we do not transfer personal information outside of EU/EEA. If we were to transfer personal information to a 3rd party country, we would do so only after securing the transfer in accordance with appropriate security measures including adopting the EU Standard Contractual Clauses in our agreements with the receiving party.
Symblepay utilizes Microsoft Services, however, this usage is limited to services out of EU. For more on how Microstoft handles personal data please see this link: https://privacy.microsoft.com/da-dk/privacystatement
Your Rights
You have the following rights
- You have the right to requests access to, correction of or deletion of your personal information
- You have the right to have the processing of your personal information limited
- If processing of personal information is based on your consent, you have the right to recall said consent at any time. You recall of consent will not affect the legality of any processing activity conducted before you recall your consent. Consent can be recalled as described below.
- You have the right of data portability that is to receive your personal information, provided by you, in a structured, commonly used and machine-readable format.
- You have the right to submit a complaint to the Danish Data protection Authority i.e., Datatilsynet: https://www.datatilsynet.dk/borger/klage/-saadan-klager-du
Additionally, you have the right to lodge a dispute on our handling of your personal information in case of the following:
- If our processing of your personal information is based on article 6.1.(e) (public interest) or article 6.1.(f) (our legitimate interest), see above under legal basis, you have the right to dispute our processing activity regarding your specific situation.
- Likewise, you have an unlimited right to dispute our processing if the processing activity concerns direct marketing.
You can always contact us if you have any questions regarding your rights, if you wish exercise them, or if you wish to know more about how we collect or process your personal data. You can do so by sending an e-mail to [email protected] There can be limitation or restrictions to these rights. It is therefore not a certainty that you can fully exercise your right to data portability as it depends on the concrete circumstances of the processing activity.
Updates
We update this information on how we process personal information regularly. In case of changes, the “valid from” date at the top of this document will change. Changes to this document on how we process personal information applies directly and instantly to you and your personal information. If we make a change to the way we process your personal information we will notify you of these changes.