Skip to main content

Privacy Policy for BankID app

Version 1.8 – 29.02.2024

The BankID app is downloaded to your iOS phone from the App Store or Android phone from Google Play, and you can use services available in the app more quickly and easily.

See also www.bankid.no for help using the BankID app.

Services in BankID app

With the BankID app you can:

A prerequisite for activating BankID services and ID Card in the BankID app is that you have already been issued a BankID by your bank. You can also see which bank issued your BankID in the web client when you log in, or view certificate details in your online bank.

Data controller

It is the bank that issued your BankID that is the data controller when you use the BankID app for BankID services and ID Check. BankID BankAxept AS, org.nr. 927 611 929, act as a data processor.

BankID BankAxept AS is the data controller when you use the ID Card service in the BankID app.

Purposes

The Bank and BankID BankAxept AS ("we") process personal data in order for you to use the app for BankID services, ID Check and ID Card in the BankID app. In addition, we use your personal data for billing, error correction, transaction monitoring, fraud prevention, detection and handling of security incidents, for reporting, for statistics and for improvement of the services.

The facial images processed in the service ID Check are also used for machine learning to improve the security of the service.

What personal data do we process?

When using BankID services:

When using the service ID Check:

When using the service ID Card in the BankID app:

Digital behavioral information:

Legal basis for processing

The processing of your personal data in the BankID app takes place on the legal basis of

Use of sub-contractors and disclosure to others

We may use sub-contractors (such as IT service providers) to collect, store or otherwise process personal data on our behalf. In such cases, we will enter into agreements with the sub-contractor to ensure that the processing of the information is in accordance with the privacy regulations and our requirements for the processing of personal data. This applies regardless of whether we use sub-contractors in Norway or in other countries within the EEA/EU area or outside the EEA/EU. The use of sub-contractors is not to be regarded as a disclosure of personal data.

For transfers to countries outside the EU/EEA, a valid transfer basis is required, and the following conditions must be met:

In addition, personal data may be disclosed to law enforcement authorities or other authorities if there is a legal basis for doing so.

Retention

Personal data will not be stored longer than is necessary to fulfill the purpose of the processing. After this, the information will be deleted or anonymized, unless the information should or can be stored beyond this as a result of law or another legal basis.

Information about your BankID transactions will be stored in accordance to retention routines for BankID services, maximum 14 years.

Personal data processed in ID Check is automatically deleted after 30 days.

Personal data processed in ID Card in the BankID app is automatically deleted if the service has not been used for one year or when the ID document expires.

Use of cookies

A cookie is a small text file that is downloaded and stored on your phone when you open the application.

For the BankID app, only necessary cookies are used for basic functionality and security purposes and cannot be opted out.

Your rights

You have the right to demand restriction of processing and may, under certain conditions, object to further processing of personal data or demand that your personal data be transferred to yourself or another controller (data portability).

If the information we have about you is incorrect, you can send a request to have the information corrected, supplemented or deleted. For questions related to the processing of personal data, please contact the bank by telephone to customer service or via the contact form on the bank's website.

Personal data processed on the basis of your consent will be deleted when you withdraw your consent, unless there is a legal basis for further storage.

If you wish to exercise your rights of access, you can contact the bank with which you have entered into an agreement for BankID or see the bank's website for ordering access to your own personal data.

You are not entitled to access the information registered about you in order to fulfil investigation and reporting obligations for suspicious transactions pursuant to the Money Laundering Act, and for security work in the solution.

Once your request has been received, the bank will respond as soon as possible and no later than 30 days after the bank has received your request. If special circumstances do not enable the bank to respond within 30 days, the bank will send a preliminary reply justifying the delay, including information about the likely time for a response.

Data Protection Officer

The bank has a data protection officer. You can always contact the data protection officer if you have questions about the processing of your personal data.

Information about the bank's data protection officer can be found on the bank's website.

Complaints

If you believe that your personal data has been processed in violation of data protection laws, you can contact the bank or complain to the Norwegian Data Protection Authority (“Datatilsynet”). You will find contact information here: www.datatilsynet.no.

Other

This privacy statement may be updated. The latest version is always available via BankID app.