How does GDPR affect me?

The General Data Protection Regulation (GDPR) represents one of the most comprehensive regulations concerning data protection adopted in the EU.

The purpose of the regulation is to give you more power over what organisations do with your personal data. According to GDPR, you have the right to find out whether your personal data is being processed, which data, the purpose of the processing, the category of the data, where your data is stored, who the data will be disclosed to, the existence of any automated decision making based on the data and the period for which the data is expected to be stored. You also have the right to be forgotten, meaning the right to demand the erasure of data for which you no longer consent to data processing or which are no longer necessary to process, as well as the right to data portability, meaning that you should be allowed to receive, in machine-readable format, the personal data concerning yourself at any time.

This aligns perfectly with Freja eID’s philosophy of giving control back to you – the user. Freja eID is fully compliant with GDPR and the information we do store about you is done so with complete transparency and your security in mind. Our Privacy Policy is designed to show you how your personal data is processed securely in accordance with GDPR.

What we store about you

Due to the nature of Freja eID services, we must store some of your personal data in our database and this differs according to the level of Freja eID you are registered to.
If you are a basic user, we store:

 

  • Your email address(es);
  • History of your actions (logins and signatures);
  • The model of the mobile device(s) you use your Freja eID on and its operating system version (Android and iOS);
  • The services in Freja eID you are subscribed to.
If you are a Freja eID+ user, we store:

 

  • Your email address(es);
  • Your name and surname, gender and date of birth;
  • Personal identity number;
  • Residential address registered in SPAR (and special postal address should you have one);
  • A photo of the ID document you used to register for Freja eID+;
  • Data from the ID document you used to register for Freja eID+, including its serial number and expiry date;
  • Face photo taken during the registration process;
  • History of your actions;
  • The model of the mobile device(s) you use your Freja eID on and its operating system version (Android and iOS);
  • The services in Freja eID you are subscribed to.

Apart from the photos of your face and ID document, the rest of the data is available for you to see on the My Pages web portal and the Freja eID app. Given the sensitive nature of this data, we will not share it with anyone over an open channel. If you would like a copy of what we store about you, please contact our support team and we will provide you with it in a secure way free of charge.

We store all the data within the EU.

Your right to be forgotten

Should you wish, you have the right to ask us to delete the personal data that we store about you. Get in touch with our support team via email or phone, every day from 8-22h.

Please bear in mind that due to legal reasons some information cannot be deleted within a certain time frame. The reason is that you in some instances are using your Freja eID to sign transactions or agreements. If you – for example – sign a loan agreement with a bank, we cannot delete the data related to this signature until you and the bank have ended that agreement.

This means that we must keep some of your action history, including the user ID related information you used to initiate and sign actions with Freja eID.

For more information, please read Freja eID Privacy Policy.