PRIVACY POLICY

1. GENERAL

1.1 This privacy policy (“Privacy Policy”) applies when Freja eID Group AB, Corp. ID. No. 556587-4376, Box 456, 194 04 UPPLANDS VÄSBY, Sweden (“Freja eID Group”) provides an electronic identification service via the Freja eID mobile application (“Service”).

1.2 You have registered as a user of the Service according to the Terms of Use for the Service. This Privacy Policy constitutes an integral part of the Terms of Use.

1.3 You should always feel secure when providing personal data to us. This Privacy Policy is designed to show you how your personal data is processed securely in accordance with applicable legislation.

1.4 When the Service is used, several parties can be involved. This Privacy Policy only applies in relation to the processing performed by Freja eID Group in its capacity as data controller. Therefore, Freja eID Group recommends that you also read the privacy policies of the other parties who may be involved in the use of the Service, for example, the parties who provide the services on which you can use your Freja eID.

1.5 In addition to the requirements set forth in the Terms of Use, you must also accept this Privacy Policy in order to use the Service. When we process your data based on your consent, you always have the right to withdraw your consent without this affecting your options to use the Service in other ways.

2. PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER

2.1 Freja eID Group is the data controller for Freja eID Group’s processing of your personal data, and is responsible for ensuring that the processing is performed in accordance with applicable legislation.

2.2 To the extent that the Service relates to an employment ID or Organisation eID, the organisation is the personal data controller for the data they are responsible for about you in your role. For example, this can be in your role as an employee, customer or as member in an organisation. In these cases, Freja eID is the personal data processor.

2.3 Freja eID Group has appointed Mr. Tony Buss as the Data Privacy Officer (“Data Privacy Officer”). The Data Privacy Officer’s duty is also to monitor that Freja eID Group processes personal data in accordance with applicable legislation. Contact information for the Data Protection Officer is gdpr@frejaeid.se. +46 8 5272 7984.

3. HOW WE PROCESS YOUR PERSONAL DATA

3.1 Freja eID Group will process your personal data for the following purposes and for the following legal reasons.

3.2 You can withdraw your consent regarding Freja eID at any time, in accordance with point 1.5, by notifying Freja eID Group in written form.

3.3 Freja eID Group shall not process your personal information for automated decision-making or profiling.

3.4 In addition to accepting the Terms of Use and this Privacy Policy, you can choose to give consent for certain personal data processing as described below. The legal basis for us to process this data will be your explicit consent.

In other cases, where for example you are expected by an employer to use your Freja eID as a work tool, we will instead process your personal data as a personal data processor on behalf your employer, and the legal basis for processing will then be your employment contract with the employer. The legal basis for certain processing in the service is shown in the table below.

If you start with only using Freja eID as an Organisation eID or employee ID and later starts using Freja eID for other purposes, then Freja eID will be both a personal data processor and a personal data controller, depending on if you are using a service connected to your employer or a private service. For the private services, the legal basis applies as shown in the table below.

3.5 Freja eID is available at different trust levels (Basic, Added ID document and Plus). You will be able to see what trust level you are in the mobile application. If you try to access a service at a higher level than you have, you will need to upgrade to the corresponding level in order to access that service.

Freja eID Basic

For access to services that do not require your identity to be verified and only requires an email address.

Freja eID with an added ID document and Freja eID+

Some services require that your identity be verified when you use Freja eID to access their services or when you make electronic signatures with them.

In addition to the information processed for Freja eID Basic, the sections “Freja eID with an added ID document” and “Freja eID+” apply. Freja eID+ is issued get after you have done an extra validation of your identity through a physical ID check at an Freja eID agent.

3.6 The table shows which personal data we process at different trust levels, from lowest (Basic) to highest (Plus). Information collected at a lower trust level is also processed at a higher trust level.

PurposeLegal BasisCategories of Personal Data (Basic)Categories of Personal Data (Added Document and Plus)
For the Service in general
Providing, administering, developing and adapting the Service and allowing for support and customer service for you as a userThe processing is necessary to fulfil the agreement with you as a user
  • Email address(es) (one mandatory, two optional)
  • Information about your device, manufacturer, model and OS version
  • Name and gender
  • Country
  • Civil registration number (only countries that have one)
  • Address (for Sweden and Norway)
  • Image of your ID document
  • ID document number
  • ID document expiry date
  • High resolution image of your passport (if you registered with one)
  • Where, when, and by whom you were vetted physically (only for Freja eID Plus)
To be able to identify yourself physically and to other individuals with your eIDThe processing is necessary to fulfil the agreement with you as a user
  • Image of your face
We provide a transaction history for you, so you can monitor where and when your eID was usedThe processing is necessary to fulfil the agreement with you as a userTransaction history from when you identified yourself or signed with your eID, which service it was, at what time and which data you agreed to share
For secure verification of your identity
  • To ensure that the person who registered in the Freja eID mobile application is a living person and is the same person as the ID document holder
  • To enable you to restore your eID in the event of a loss of the device where Freja eID is installed
  • To enable an extra step of verification when identifying yourself
The processing is necessary to fulfil the agreement with you as a user
  • Image of your face
  • Video capture of face during taking of the ID photo
  • Where, when, and by whom you were vetted physically (only for Freja eID Plus)
For sharing personal data to a third party
Identifying yourself means you need to share some personal data to a third party. You will always approve this in the app before sharing. If you decline, no data is sharedExplicit consent from you as a user. You are informed about what data will be shared with the third party and you need to consent to sharingEmail address
  • Civil registration number (only countries that have one)
  • Country
  • Date of birth
  • Name and surname
  • ID photo taken with Freja eID
  • Address
  • Gender
About the Covid Certificate
This is only applicable if you choose to add your Covid Certificate in order to manage it in Freja eID.

The Covid Certificate is a digital service that you can use to store information about your Covid-19 status (on vaccines, tests, recovery) from the vaccinationsregistret (NVR) at Folkhälsomyndigheten (The Swedish Public Health Agency).

You can manage your Covid Certificate in Freja eID and share your Covid-19 status with an online service (e.g. airline booking) or by physically showing the certificate that can be read manually or as a QR code.

To use the Covid Certificate some personal
data needs to be shared with a third party that is the recipient of the information.

  • Explicit consent from you as a user when you add the Covid Certificate to Frej