Privacy Policy

1. General

1.1 This Privacy Policy (”Privacy Policy”) applies when Verisec Freja eID AB, Corp. ID. No. 559110-4806, c/o Verisec AB, Box 456, 194 04 UPPLANDS VÄSBY, Sweden, (”Verisec Freja eID”) provides an electronic identification service via the app Freja eID (”Service”).

1.2 You have registered as a user of the Service according to the Terms of Use for the Service. This Privacy Policy constitutes an integral part of the Terms of Use.

1.3 You should always feel secure when providing personal data to us. This Privacy Policy is designed to show you how your personal data is processed securely in accordance with applicable legislation.

1.4 When the Service is used, several parties can be involved. This Privacy Policy only applies in relation to the processing performed by Verisec Freja eID in its capacity as data controller. Therefore, Verisec Freja eID recommend that you also read the privacy policies of the other parties who may be involved in the use of the Service, for example, the parties who provide the services on which you can use your Freja eID.

1.5 In order to use the Service, you must, in addition to the requirements set forth in the Terms of Use for the Service, accept this Privacy Policy.

2. Personal data controller and Data Protection Officer

2.1 Verisec Freja eID is the data controller for Verisec Freja eID’s processing of your personal data and is responsible for ensuring that the processing takes place in accordance with applicable legislation.

2.2 Verisec Freja eID has appointed Mr. Anders Henrikson as the Data Privacy Officer (”Data Privacy Officer”). The Data Privacy Officer also has the duty of monitoring that Verisec Freja eID’s processes personal data in accordance with applicable legislation. Contact information for the Data Protection Officer is: anders.henrikson@verisec.com, 0733-458903

3. How we process your personal data

3.1 Verisec Freja eID will process your personal data for the following purposes and for the following legal reasons.

Freja eID Basic
(for access to services that do not require checking personal identification)

Purposes Legal basis Categories for personal data
For Service in general
Providing, administering, developing and adapting the Service and allowing for support and customer service for you as a user.
The processing is necessary to fulfil the agreement with you as a user. • Email address
For legal requirements
Fulfilling statutory requirements, for example security requirements.
The processing is necessary to fulfil Verisec Freja eID’s legal obligations. • Email address
For geographic location
Providing information about the nearest Freja eID agent / ATG affiliate.
Consent • Geographic location
For marketing
Enable targeted marketing of the Service and Verisec Freja eID’s similar services via regular mail, email, SMS or the app (including market and customer analyses and market research).
The processing is necessary to meet Verisec Freja eID’s legitimate interest to market its Service and other similar services to you as a user (a so-called weighing of interests). • Email address
For business development
Enable business follow-ups and developing businesses and methods.
The processing is necessary to meet Verisec Freja eID’s legitimate interest to market its Service and other similar services to you as a user (as so-called weighing of interests). • Email address

Freja eID+
(for access to services requiring ID vetting)

Purpose Legal basis Categories of personal data
For Service in general
Providing, administering, developing and adapting the Service and allowing for support and customer service for you as a user.
The processing is necessary to fulfil the agreement with you as a user. • Name, personal ID number and gender
• Address, telephone number and e-mail address
For legal requirements
Fulfilling constitutional requirements, for example security requirements.
The processing is necessary to fulfil Verisec Freja eID’s legal obligations. • Name, personal ID number and gender
• Address, telephone number and e-mail address
For geographic location
Providing information about the nearest Freja eID agent/ATG affiliate.
Consent • Geographic location
For marketing
Enable targeted marketing of the Service and Verisec Freja eID’s similar services via regular mail, email, SMS, or the app (including market and customer analyses and market research).
The processing is necessary to meet Verisec Freja eID’s legitimate interest to market its Service and other similar services to you as a user (a so-called weighing of interest). • Name, age and gender
• Address, telephone number and e-mail address
For business development
Enable business follow-up and for developing business and methods.
The processing is necessary to meet Verisec Freja eID’s legitimate interest to market its Service and other similar services to you as a user (a so-called weighing of interest). • Name, age and gender
• Address, telephone number and e-mail address
For biometric information
Implementing facial recognition when you want to start using a new mobile device.
Explicit consent. • Picture of your face

3.2 At any time you can withdraw the provided consent regarding Freja eID+ by providing written notification to Verisec Freja eID.

3.3 Verisec Freja eID will not process your personal information for automated decision-making or profiling.

4. For how long do we store your personal data?

4.1 Your personal data is stored as long as is needed to fulfil the objectives that require the data to be collected in accordance with this Privacy Policy.

4.2 At any time, you may cancel use of the Service by selecting “Deregister account” or a similar function in the Service and block the Service according to the instructions provided by Verisec Freja eID. Verisec Freja eID does not retain your personal data after you have cancelled use of the Service according to this section 4.2, unless it is required by law or to protect Verisec Freja eID’s legitimate interests, for example, in case of a legal proceeding.

5. Who do we share your personal data with?

Verisec Freja eID may share your personal data with a third party, as well as to Trusting Parties (as defined in the Terms of Use), companies who provide services and support related to the Service as well as group companies, in order to be used by the recipient to fulfil the purposes for processing your personal data specified in item 3.1 above.

6. Transfer of personal data to third countries

Verisec Freja eID will not transfer your personal data to any country outside the EU/EEA.

7. Your rights

7.1 Verisec Freja eID, in its capacity as the data controller, is responsible for ensuring that your personal data is processed in accordance with applicable law.

7.2 Verisec Freja eID will, at your request or on its own initiative, correct, de-identify, delete or complete information that is determined to be incorrect, incomplete or misleading.

7.3 You have the right to require from Verisec Freja eID access, correction or deletion of your personal data (for example, if deletion is required according to applicable legislation), request restrictions on continued processing of your personal data as well as the right to object to the processing (for example, if you question whether the personal data is correct or if the processing is legal). Verisec Freja eID will notify each recipient regarding which personal data has been removed according to item 5 above if any corrections or deletions to the information as well as restrictions on further processing of the information occur according to item 7.

7.4 You are entitled to data portability, in other words, the right under certain circumstances to receive and transfer your personal data to another data controller in a structured, generally usable and machine-readable format.

7.5 If you do not want Verisec Freja eID to use your personal data for direct marketing, you have the right to provide written notification of this to Verisec Freja eID at any time. Once Verisec Freja eID has received your notification, Verisec Freja eID will cease processing your personal data for marketing purposes.

7.6 Once per calendar year, you are entitled to obtain an extract from the registry from Verisec Freja eID, free of charge with a signed, written request, indicating which personal data about you has been recorded, the purposes of processing the data and the recipients who have received the data or will receive the data. You are also entitled to receive information in the extract from the registry regarding where the data was collected, if the personal data was not collected from you directly, the occurrence of automated decision-making (including profiling) as well as the anticipated period during which the data will be stored or the criteria that are used to determine this period. Furthermore, you are also in titled with the abstract from the registry to receive information about your other rights as specified in section 7.

7.7 You are entitled to submit complaints regarding Verisec Freja eID’s processing of your personal data to The Swedish Data Protection Authority.

8. Protection of your personal data

You should always feel secure when providing personal data to us. Therefore, Verisec Freja eID has taken the necessary safety precautions to protect your personal data regarding unauthorised access, modification and deletion.

9. Cookies

Verisec Freja eID uses techniques similar to cookies to provide certain functions in the app. The information is stored in the form of a file containing the users encrypted session status (during an ongoing session) as well as the user settings that improve the user experience before a user is authenticated for the app (which are saved between sessions). For example, the information is used to remember the selected language for the app. This information is not provided to third parties. If you no longer want Verisec Freja eID to store or collect the information, you must cancel your use of the Service according to section 4.2 above. cookies policy

10. Changes to this Privacy Policy

Verisec Freja eID has the right to modify this Privacy Policy at any time. Verisec Freja eID will provide reasonable advance warning of changes to the Privacy Policy. If you do not approve of the modified terms, you have the right to cancel the agreement with Verisec Freja eID before the modified Privacy Policy take effect. You can terminate the agreement by following the instructions in item 4.2 above.

11. Contact information

Please do not hesitate to contact Verisec Freja eID if you have any questions about this Privacy Policy, the processing of your personal information or if you would like an extract from the registry. Verisec Freja eID’s contact information can be found under section 1 above.