PRIVACY POLICY
1. GENERAL
1.1 This privacy policy (“Privacy Policy”) applies when Freja eID Group AB, Corp. ID. No. 556587-4376, Box 456, 194 04 UPPLANDS VÄSBY, Sweden (“Freja eID Group”) provides an electronic identification service via the Freja eID mobile application (“Service”).
1.2 You have registered as a user of the Service according to the Terms of Use for the Service. This Privacy Policy constitutes an integral part of the Terms of Use.
1.3 You should always feel secure when providing personal data to us. This Privacy Policy is designed to show you how your personal data is processed securely in accordance with applicable legislation.
1.4 When the Service is used, several parties can be involved. This Privacy Policy only applies in relation to the processing performed by Freja eID Group in its capacity as data controller. Therefore, Freja eID Group recommends that you also read the privacy policies of the other parties who may be involved in the use of the Service, for example, the parties who provide the services on which you can use your Freja eID.
1.5 In addition to the requirements set forth in the Terms of Use, you must also accept this Privacy Policy in order to use the Service. When we process your data based on your consent, you always have the right to withdraw your consent without this affecting your options to use the Service in other ways.
2. PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER
2.1 Freja eID Group is the data controller for Freja eID Group’s processing of your personal data, and is responsible for ensuring that the processing is performed in accordance with applicable legislation.
2.2 To the extent that the Service relates to an employment ID or Organisation eID, the organisation is the personal data controller for the data they are responsible for about you in your role. For example, this can be in your role as an employee, customer or as member in an organisation. In these cases, Freja eID is the personal data processor.
2.3 Freja eID Group has appointed Mr. Tony Buss as the Data Privacy Officer (“Data Privacy Officer”). The Data Privacy Officer’s duty is also to monitor that Freja eID Group processes personal data in accordance with applicable legislation. Contact information for the Data Protection Officer is gdpr@frejaeid.se. +46 8 5272 7984.
3. HOW WE PROCESS YOUR PERSONAL DATA
3.1 Freja eID Group will process your personal data for the following purposes and for the following legal reasons.
3.2 You can withdraw your consent regarding Freja at any time, in accordance with point 1.5, by notifying Freja eID Group in written form.
3.3 Freja eID Group shall not process your personal information for automated decision-making or profiling.
3.4 In addition to accepting the Terms of Use and this Privacy Policy, you can choose to give consent for certain personal data processing as described below. The legal basis for us to process this data will be your explicit consent.
In other cases, where for example you are expected by an employer to use your Freja eID as a work tool, we will instead process your personal data as a personal data processor on behalf your employer, and the legal basis for processing will then be your employment contract with the employer. The legal basis for certain processing in the service is shown in the table below.
If you start with only using Freja as an Organisation ID or employee ID and later start using Freja for other purposes, then Freja will be both a personal data processor and a personal data controller, depending on if you are using a service connected to your employer or a private service. For the private services, the legal basis applies as shown in the table below.
3.5 Freja is available at different trust levels (Basic, Added ID document and Plus). You will be able to see what trust level you are in the mobile application. If you try to access a service at a higher level than you have, you will need to upgrade to the corresponding level in order to access that service.
Freja eID Basic
For access to services that do not require your identity to be verified and only requires an email address.
Freja eID with an added ID document and Freja eID+
Some services require that your identity be verified when you use Freja to access their services or when you make electronic signatures with them.
In addition to the information processed for Freja Basic, the sections “Freja with an added ID document” and “Freja eID+” apply. Freja eID+ is issued get after you have done an extra validation of your identity through a physical ID check at an Freja eID agent, or have had your identity verified by using a biometric ID document during registration.
3.6 The table shows which personal data we process at different trust levels, from lowest (Basic) to highest (Plus). Information collected at a lower trust level is also processed at a higher trust level.
Purpose | Legal Basis | Categories of Personal Data (Basic) | Categories of Personal Data (Added Document and Plus) |
---|---|---|---|
For the Service in general | |||
Providing, administering, developing and adapting the Service and allowing for support and customer service for you as a user | The processing is necessary to fulfil the agreement with you as a user |
|
|
To be able to identify yourself physically and to other individuals with your eID | The processing is necessary to fulfil the agreement with you as a user |
| |
We provide a transaction history for you, so you can monitor where and when your eID was used | The processing is necessary to fulfil the agreement with you as a user | Transaction history from when you identified yourself or signed with your eID, which service it was, at what time and which data you agreed to share | |
For secure verification of your identity | |||
| The processing is necessary to fulfil the agreement with you as a user |
| |
For sharing personal data to a third party | |||
Identifying yourself means you need to share some personal data to a third party. You will always approve this in the app before sharing. If you decline, no data is shared | Explicit consent from you as a user. You are informed about what data will be shared with the third party and you need to consent to sharing | Email address |
|
About the Covid Certificate | |||
This is only applicable if you choose to add your Covid Certificate in order to manage it in Freja eID. The Covid Certificate is a digital service that you can use to store information about your Covid-19 status (on vaccines, tests, recovery) from t |